ICAB - ITA Chapter 5 class 9-10 - Controls and Standards
Download as PPTX, PDF3 likes673 views
This document discusses controls and standards for information systems. It covers various types of security controls, including physical, logical, and those related to information integrity, access control, auditing, system implementation phases, and system maintenance/evaluation. It describes controls that should be implemented during system installation, testing, training, file conversion, and post-implementation review. Risks to IT systems like viruses and hackers are also discussed. The document emphasizes controls needed for personal systems that contain sensitive HR, salary, and personal information.
ICAB - ITA Chapter 5 class 9-10 - Controls and Standards
- 1. IT APPLICATIONS Professional Stage Application Level, ICAB Teacher: Mohammad Abdul Matin Chapter 5 Controls and Standards
- 2. Chapter Outline Information System Security Controls Physical Security Controls Logical Security Controls Control and Standard for Information Integrity Control and Standard for Information Access Control Control and Standard for Computer Audit Control and Standard for System Implementation Phase Control and Standard for System Maint. and Evaluation Risks of IT Systems Controls for Personal Systems
- 3. Syllabus In the examination, candidates may be required to a. explain the controls and standards which are applied during the system implementation phases of installation, testing, training, documentation, file conversion and changeover, and post-implementation review b. explain the controls and standards which are applied to system maintenance and evaluation (system maintenance, evaluation, computer based monitoring, system performance) c. describe the controls that are applied to personal systems to ensure processing integrity, security and safeguarding of IT resources, and availability/continuity provisions (backup and recovery) for IT resources
- 4. Systems’ Purpose & Components • Capital management • Foundation of doing business • Productivity • Strategic opportunity and advantage
- 6. Control & Standards for System Implementation Phases System Installation System Testing Documentation Training Conversion & Change Over
- 7. Control in ERP Implementation Training & Practice System Tests Develop To- Be Phase 2: Business Blueprint Go Live Phase 3: Realization Project Close Phase 1: Project Preparation Project Kickoff Understand As-Is Overview Training Phase 4: Final Preparation Configure System Training Materials User Support Phase 5: Go Live & Support March April May June W1 W2 W3 W4 W5 W6 W7 W8 W9 W10 W11 W12 W13 W14 W15 W16 W15 W16 Cutover
- 9. Implementation Readiness Business Readiness: business PROCESSES are seen through and documented competent PEOPLE are in right places process CHAMPIONS are identified Technology Readiness: robust IT INFRASTRUCTURE is in place right HARDWARE is selected, ordered and delivered right SOFTWARE is selected and licenses are ordered competent SYSTEM INTEGRATOR is selected and engaged An agreed PROJECT PLAN is finalized
- 10. Planning (High Level) Broad Activities Sep Oct Nov Dec Jan Feb Apr Jun Jul BUSINESS READINESS TECHNOLOGY READINESS : - Infra. & ERP resources recruitment - Secured Data Center preparation - Project Office & Training Facility set up - Network Review & Redundancy set up - ERP solution finalization - Hardware sizing, ordering & delivery - System Integrator selection - Scope of Work finalization - Project Plan finalization PROJECT KICK OFF (Start) ERP IMPLEMENTATION (As per Project Plan) GO LIVE 1st August 2012 1st February 2012
- 11. Project Team
- 12. System Development Lifecycle System Implementation Prepare for System Implementation Deploy System System Initiation Requirement Analysis System Design System Construction System Acceptance System Preparation Transition to Performing Organization Transition
- 13. Control & Standards for System Implementation Phases (cont.) System Installation – Implementation plan, milestones, stakeholder engagement, communication, approval, issue handling and back out plan System Testing – Scheduled, planned testing with defined criteria, scope, expectation, scenarios and records – User Acceptance Testing (UAT) Documentation – System / Process Description – System Documentation – System File Layout / Architecture Documentation
- 14. Control & Standards for System Implementation Phases (cont.) Training – Administration / MDM training – User Training – TOT Approach File Conversion and Change-over – New System Implementation • Data preparation, go-live – Manual System to Automation • Data preparation, parallel run, cut-over – Old System to New System • Data conversion & transfer, cut-over
- 16. Expectation & Experience Curve
- 17. Risks to IT Systems Computer Viruses – Protection and Updating – Checking and Cleaning – Awareness of Risks (Internet, removable disks) – Recovery from Losses Computer Hackers (Intrusion) – Implement Firewall – Develop and Apply Policy – Antivirus, Antispyware and Intrusion Prevention Software – Address vulnerabilities – Conduct Tests
- 18. Controls for Personal Systems Sensitivity of information is much higher than any other systems in an organization – HRIS – Personal information – Salary information Needs to be protected from both external and internal users Sometimes needs separating HRIS and Payroll at Admin levels
- 19. Controls for Personal Systems (cont.) General Controls – Access, data, program, physical security – Software development and change control – Data center operation – Disaster recovery Application Controls – Input controls – Authorization – Validation – Error notification and correction – Processing controls – Output controls
- 20. Questions How the security requirements can be implemented in developing a new accounting system?
- 21. Thank You