General and Application Control - Security and Control Issues in Information Systems Part 2
Download as PPTX, PDF97 likes1,716 views
The document outlines the establishment of security policies and procedures for protecting organizational information assets, detailing specific controls such as input, processing, output, and storage controls to ensure data accuracy and integrity. It emphasizes the significance of automated and manual procedures for authorizing data access and highlights various security standards for both wired and wireless networks. Additionally, it addresses risks to computer systems from various hazards and suggests measures for protection against failures.
General and Application Control - Security and Control Issues in Information Systems Part 2
- 2. WRAP UP: The function whose mission is to establish security policies and the associated procedures and control elements over the information assets Methods, policies, and organizational procedures that ensure safety of organization’s assets, accuracy and reliability of its records, and operational adherence to management standards
- 3. Allows trustful operations by guaranteeing that the handler of information is whoever she or he claims to be.
- 6. Controls for design, security and use of Information Systems in organization Specific controls for each application.
- 9. Automated and manual procedures that ensure only authorized data are processed by application Unique to each computerized application Classified as (1) input controls, (2) processing controls, (3) output controls and (4) storage controls
- 10. Control totals: Input, processing, Storage Edit checks: Input, Storage Computer matching: Input, processing, Storage Run control totals: Processing, output, Storage Report distribution logs: Output, storage
- 11. • Input controls – Data is accurate and consistent on entry – Direct keying of data, double entry or automated input – Data conversion, editing and error handling – Field validation on entry – Input authorization and auditing – Checks on totals to catch errors
- 12. • Input controls -Data input controls ensure the accuracy, completeness, and timeliness of data during its conversion from its original source into computer data, or entry into a computer application.
- 13. • Processing controls – Data is accurate and complete on processing – Checks on totals to catch errors – Compare to master records to catch errors – Field validation on update – -Data processing controls are used to ensure the accuracy, completeness, and timeliness of data during either batch or real-time processing by the computer application.
- 14. • Output controls – Data is accurate, complete and properly distributed on output – Checks on totals to catch errors – Review processing logs – Track recipients of data – - Data output controls are used to ensure the integrity of output and the correct and timely distribution of any output produced.
- 15. • Processing controls – Data is accurate and complete on processing – Checks on totals to catch errors – Compare to master records to catch errors – Field validation on update – -Data processing controls are used to ensure the accuracy, completeness, and timeliness of data during either batch or real-time processing by the computer application.
- 16. • Storage controls –Stored data may be called upon when new data is being processed – the combination of data forming new outputs. - Data is often kept on a storage medium such as a hard drive.
- 18. • Public, accessible network • Abuses have widespread effect • Fixed Internet addresses • Corporate systems extended outside organization
- 20. Encryption Authentication Message integrity Digital signatures Digital certificates Public key infrastructure (PKI)
- 22. Authentication, message integrity, digital signature, digital certificates
- 23. Security for wireless internet access 1. Service set identifiers (SSID) -Identify access points in network -Form of password for user’s radio network interface card -Broadcast multiple time per second -Easily picked up by sniffer programs, war driving
- 24. Security for wireless internet access 2. Wired Equivalent Privacy (WEP): -Initial security standard -Call for access point and all users to share the same 40-bit encrypted password
- 25. Security for wireless internet access 3. Wi-Fi Protected Access (WPA) specification -128-bit, non-static encryption key -Data-packet checking
- 26. Methods that protect physical facilities and their contents from loss and destruction. Computer centers are prone to many hazards such as accidents, thefts, fire, natural disasters, destructions etc.
- 27. system that holds the door for intruders and prevents them from accessing the resources by verifying them as unauthorized persons on the basis of biometrics authentication
- 28. Computers can fail for several reasons like power failures, electronic circuitry malfunctions, mechanical malfunctions of peripheral equipment and hidden programming errors. To protect from these failure precaution, any measure with automatic and remote maintenance capabilities may be required.
Editor's Notes
- #6: Recall there are numerous threats to Information Systems
- #12: To minimise likelihood of threats, must control the environment in which Information Systems are developed and deployed
- #13: To minimise likelihood of threats, must control the environment in which Information Systems are developed and deployed
- #15: To minimise likelihood of threats, must control the environment in which Information Systems are developed and deployed
- #17: To minimise likelihood of threats, must control the environment in which Information Systems are developed and deployed
- #19: Physical facility control is methods that protect physical facilities and their contents from loss and destruction. Computer centers are prone to many hazards such as accidents, thefts, fire, natural disasters, destructions etc. Therefore physical safeguards and various control procedures are required to protect the hardware, software and vital data resources of computer using organizations.
- #20: Physical facility control is methods that protect physical facilities and their contents from loss and destruction. Computer centers are prone to many hazards such as accidents, thefts, fire, natural disasters, destructions etc. Therefore physical safeguards and various control procedures are required to protect the hardware, software and vital data resources of computer using organizations.
- #28: Biometric Access Control is a system that holds the door for intruders and prevents them from accessing the resources by verifying them as unauthorized persons on the basis of biometrics authentication. In Biometric Access Control system, biometric authentication refers to the recognition of human beings by their physical uniqueness. Biometric Access Control system works on substantiation. Biometric Access Control system scans the person and matches his/her biometric data with the previously stored information in the database before he/she can access the secured zone or resources. If the compared information matches, the Biometric Access Control system allows the person to access the resources. Today, Biometric Access Control system is considered to be the best and one of the most secured authentication systems amongst the other access control devices.