The change management process involves three parts: preparing for change through assessment and strategy development, managing change with detailed planning and implementation, and reinforcing change with data gathering, corrective action, and recognition. To secure and efficiently operate information systems, an organization implements controls through policies, procedures, and standards. Controls are considered at all stages of systems development, implementation, and maintenance. Controls include physical, technical, administrative, general, and application controls.

1. CHANGE MANAGEMENT PROCESS
⚫ The change management process is the sequence of steps or
activities that a change management team or project leader
would follow to apply change management to a project or
change. a change management process that contains the
following three parts.:
⚫ Preparing for change (Preparation, assessment and
strategy development)
⚫ Managing change (Detailed planning and change
management implementation)
⚫ Reinforcing change (Data gathering, corrective action and
recognition)

3. CONTROL IN INFORMATION
SYSTEM

4. CONTROL IN INFORMATION SYSTEM
⚫ To ensure secure and efficient operation of information systems, an
organization institutes a set of procedures and technological measures
called controls.
⚫ Implemented through: -
 Policies
 Procedures
 Standards
⚫ Control must be thought about through all stages of information
systems analysis, construction and maintenance.

5. TYPES OF CONTROL
 Physical Controls: -
 It refer to the protection of computer facilities and other IS
resources. This includes protecting computer hardware,
computer software, database, computer networks.etc
 Technical Controls: -
 controls which are implemented in the application of IS itself.
These types of controls include access controls, data security
controls, communication controls etc.
 Administrative Controls: -
 controls which include clear guidelines, policies of the
organisations with regards to the use and deployment of IS
resources are very important in protecting ISs.
 For example: - email policy, internet use policy, access
privileges of employees,

6.  General Controls: -
 These controls are implemented so as to ensure that
ISs are protected from Various potential threats.
 For example: - system development controls like
budgeting, schedule, quality etc.
 Application Controls: -
 the application controls, as the name implies, are
embedded within the application itself. These controls
are usually written as validation rules. These controls
are popularly known as input controls, processing
controls, and output controls.

7. IS SECURITY THREATS
1. Human errors/failures: - unintentional errors made by
authorised user.
2. Manipulation of data/systems: - deliberate acts of some
persons or organisations, designed to harm the data or
information systems of an organisation.
3. Theft of data/systems: - deliberate attempt of some person to
steal the important data of an organisation.
4. Destruction from virus: - A Virus is computer code that has
been inserted into a piece of software. Upon execution of the
software the virus is also executed.
5. Natural disasters: - forces of nature that cannot be prevented
or controlled. Such as fire, flood, earthquake, Lightning etc.

8. IS SECURITY THREATS
1. Human errors/failures: - unintentional errors made by
authorised user.
2. Manipulation of data/systems: - deliberate acts of some
persons or organisations, designed to harm the data or
information systems of an organisation.
3. Theft of data/systems: - deliberate attempt of some person to
steal the important data of an organisation.
4. Destruction from virus: - A Virus is computer code that has
been inserted into a piece of software. Upon execution of the
software the virus is also executed.
5. Natural disasters: - forces of nature that cannot be prevented
or controlled. Such as fire, flood, earthquake, Lightning etc.