Procedural Controls
Download as PPTX, PDF102 likes2,687 views
The document discusses methods for ensuring maximum security within information systems through standard procedures and documentation that promote uniformity and reduce errors. It emphasizes the importance of maintaining up-to-date procedures for activities like accessing confidential information and disaster recovery, aligning with ISO 9001's documentation standards. Additionally, it highlights the role of access policies and end-user computing in integrating non-programmers into system development.
Procedural Controls
- 4. These methods provide maximum security to operation of the information system. Standard procedures are developed and maintained manually and built in software help display so that every one knows what to do.
- 5. It promotes uniformity and minimize the chance of error and fraud. It should be kept up-to-date so that correct processing of each activity is made possible.
- 6. Standard procedures and documentation Authorization requirements Disaster recovery Controls for end-user computing
- 7. refer to mandatory activities, actions, rules, or regulations. can give a policy its support and reinforcement in direction. could be internal, or externally mandated (government laws and regulations).
- 8. detailed step-by-step tasks that should be performed to achieve a certain goal. Example: procedures on how to install operating systems
- 9. spell out how the policy, standards, and guidelines will actually be implemented in an operating environment. If a policy states that all individuals who access confidential information must be properly authenticated.
- 10. ISO 9001 Documented Information the terms “documents” and “records” were formally used to refer to the important information and data that exists within a company.
- 11. DOCUMENT - information that is discussed in ISO 9001 is also defined as the vital information that must be kept and evaluated periodically.
- 12. RECORDS are usually retained for long periods of time, while DOCUMENTS hold data that is maintained and frequently updated or added to.
- 13. an access policy. function of specifying access rights/privileges to resources, which is related to information security and computer security in general and to access control in particular
- 14. security mechanism used to determine user/client privileges or access levels related to system resources,including computer programs, files, services, data and application features.
- 15. normally preceded by authentication for user identity verification. System administrators (SA) are typically assigned permission levels covering all system and user resources.
- 16. involves a set of policies, tools and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster.
- 17. CLASSIFICATION PREVENTIVE MEASURES CORRECTIVE MEASURES DETECTIVE MEASURES aim at preventing an event from occurring. for correcting a system in case of a negative event or disaster focus on detecting and discovering negative events.
- 18. EUC refers to computer systems and platforms that are meant to allow non- programmers to create working computer applications.
- 19. EUC compilation of approaches meant to better involve and integrate end users and other non- programmers into the world of computing systems development.
Editor's Notes
- #4: APPLICATION CONTROLS IPOS FACILITY CONTROL 1. Network Security 2. Physical Protection Controls 3. Biometric Controls 4. Computer-Failure Controls NETWORK SECURITY Encryption Authentication Message integrity Digital signatures Digital certificates Public key infrastructure (PKI) Security for wireless internet access 1. Service set identifiers (SSID) 2. Wired Equivalent Privacy (WEP): 3. Wi-Fi Protected Access (WPA)