IT ELECT 4 NETWORK SECURITY LECTURE 6-5-13
0 likes396 views
This document discusses various controls for computer systems, including general controls and application controls. General controls include systems development, system software, hardware, operations, data security, and administration. Application controls focus on input, edit, format, dependency, processing, updating, matching, and output of data. The document also defines key terms related to control models, such as implementation, prototype, request for permission, project management, deliverables, walkthrough, outsourcing, and metrics. Finally, it discusses the concept of survivability for mission-critical systems and defines attacks, failures, and accidents.
IT ELECT 4 NETWORK SECURITY LECTURE 6-5-13
- 2. Control of Computer Systems • General controls • Application controls
- 3. General controls • Systems development – before implementing or converting a system, the security manager should have input, along with users as to feasibility, cost, benefit, testing and quality assurance procedures • system software – all system software should come with security software that ensures unauthorized changes cannot be made to system software • hardware – besides physical security, validity and echo checks should be run to detect equipment malfunctions
- 4. General controls (contd) • operations – storage and processing equipment should be consistent and work properly. IT employees as well as users should know their roles, follow back up and recovery instructions in the manual • data security – check terminal entry points, on line access,. Inputs and outputs, set user privileges, via password assignment • administration – segregate IT job functions so no overlap will happen. Supervise employees, write policies and procedures
- 5. Application Controls • input – check data for accuracy before entering • edit – check data for reasonableness before entering it to the system • format – check data for alphanumeric consistency before entering it to the system • dependency – check for logical relationships of session data
- 6. Application Controls (contd) • processing – session runtimes for accessing data are convenient and short • updating – newly entered data refreshes conveniently and totals match what would be obtained manually • matching – computer files match what is recorded on master or suspense files • output – sensitive printout is shredded
- 7. EXHAUSTION BECAUSE OF IMPORTANCE OF DATA MIS – Management Information Systems
- 8. CONTROL MODEL TERMINOLOGIES • implementation – any activity that adopts, manages and routinizes a new technology • prototype – any experimental part, version, or build of a system or software • request for permission (RFP) – the list of questions you ask to find a software maker who can make something for you, its cost, user friendliness, maintenance, documentation, and requirements • project management – working with a software representative on requirements and deliverables
- 9. CONTROL MODEL TERMINOLOGIES (contd) • deliverables – when the software company actually gives you a working product • walkthrough – the testing/debugging process of going back over specifications after a computer run • outsourcing – turning over your computer center operations to an external organization • metrics – preset quantitative indicators (like the number of calls to help desk) to measure system quality
- 10. SURVIVABILITY AND THE CONCEPT OF MISSION-CRITICAL • Survivability is the capability of a system to fulfill its mission in the presence of attacks, failures and accidents. • TIMELINESS AND REASONABLENESS
- 11. SURVIVABILITY • ATTACK – is defined as any damaging or potentially damaging event orchestrated by an intelligent adversary • FAILURE – is any damaging or potentially damaging events caused by deficiencies in the system or deficiencies in an external element on which the system depends. It may be caused by software design errors, hardware degradation, human errors, or corrupted data. • ACCIDENT – is a randomly occurring event which is damaging or potentially damaging. Something beyond control of the system administrator.