Preview

Chapter 8 Controls For System Reliability Part I Information Security

Satisfactory Essays
Open Document
Open Document
1090 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Chapter 8 Controls For System Reliability Part I Information Security
ACCT 404
Chapter 8
Controls for Information Security

Timothy L. Baker, CPA, CITP, CMA
Lecturer
Certain materials used with permission of
Pearson Education, Inc. publishing as Prentice Hall and ISACA

Chapters 8 through 10
Security (Chapter 8)
Access to system and its data is controlled and restricted to legitimate users.

Confidentiality (Chapter 9)

Sensitive organizational information (e.g., marketing plans, trade secrets) is protected from unauthorized disclosure.

Privacy (Chapter 9)

Personal information about stakeholders is collected, used, disclosed, and maintained only in compliance with internal policies and external regulatory requirements and is protected from unauthorized disclosure.
Processing Integrity (Chapter 10)
Data are processed accurately, completely, in a timely manner, and only with proper authorization.

Availability (Chapter 10)

The system and its information are available to meet operational and contractual obligations.

Learning Objectives
• Explain how information security affects information systems reliability.
• Discuss how a combination of preventive, detective, and corrective controls can be employed to provide reasonable assurance about the security of an organization’s information system.

Trust Services Framework

• Security

– Access to the system and data is controlled and restricted to legitimate users. • Confidentiality
– Sensitive organizational data is protected.

• Privacy
– Personal information about trading partners, investors, and employees are protected.

• Processing integrity
– Data are processed accurately, completely, in a timely manner, and only with proper authorization.

• Availability
– System and information are available.

Trust Services Framework

Steps in an IS System Attack
Conduct
Reconnaissance

Cover Tracks

Attempt Social
Engineering

Execute Attack

Scan & Map
Target

Research

Security Life Cycle
Security is a management issue

Security Approaches
• Defense-in-depth
– Multiple layers of

You May Also Find These Documents Helpful

  • Better Essays

    To properly secure an information system means protecting its files and other confidential information from misuse. The current speed of technological growth requires ever evolving security measures to follow these developments. As the members of Team “A” set out to address this need, it was necessary to discuss the requirements. The foundation of all concrete security plans require a detailed knowledge of all current systems, the tools needed to accomplish security needs and employee training. The implementation of these requirements will be outlined within a final Security Presentation.…

    • 2101 Words
    • 8 Pages
    Better Essays
  • Satisfactory Essays

    7) Which of the tenets of information security most directly serves the needs of authorized users? A) Availability…

    • 284 Words
    • 1 Page
    Satisfactory Essays
  • Powerful Essays

    If the user can access the file server using an IP address but not a name, then the most likely reason for failure to connect is a name resolution problem. Name resolution can fail for NetBIOS or DNS host names. If the client operating system is NetBIOS dependent, the VPN clients should be assigned a WINS server address by the VPN server. If the client operating system uses DNS preferentially, VPN clients should be assigned an internal DNS server that can resolve internal network host names.…

    • 1528 Words
    • 7 Pages
    Powerful Essays
  • Good Essays

    This report gives a brief description the general security solutions planned for the safety of data and information that belongs to the organization. The outline will provide elements of a multi-layered security plan, and will indicate a general security solution for each of the seven domains of a typical IT infrastructure. Also I will describe a layer of security for each of the seven domains.…

    • 801 Words
    • 4 Pages
    Good Essays
  • Satisfactory Essays

    • Your summary should be written in a concise and clear manner that summarizes your policy for readers.…

    • 470 Words
    • 3 Pages
    Satisfactory Essays
  • Good Essays

    NT2580 Project part 1

    • 606 Words
    • 3 Pages

    Safety of data and information is a real important aspect of a company. Before we can create an outline for general security solutions we must first define what is needed. I recommend that we use a multi-layered security plan. There are a total of seven domains of an IT infrastructure including user domain, workstation domain, LAN domain, LAN-to-WAN domain, WAN domain, remote access domain, and system/application domain.…

    • 606 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    5. [3] Ten processes share a critical section implemented by using a semaphore x. Nine…

    • 299 Words
    • 2 Pages
    Satisfactory Essays
  • Better Essays

    Kudler Fine Foods located in San Diego, California is a specialty food store that is continuing to grow. Due to the company’s growth, it is necessary for Kudler to make a better use of technology for all aspects of the business. Currently Kudler process a large amount of data through computer programs which is used between all three locations, but with upcoming expansions, Kudler needs the ability to track all of that information and also be confident that the information is reliable. With that being said, Kudler would benefit greatly from Computer Assisted Auditing Techniques (CAATs).…

    • 1049 Words
    • 5 Pages
    Better Essays
  • Good Essays

    In addition to the audit plan for the analyzed processes, of Kudler Fine Foods, encouragement of ways to improve audit documentation and process, by using computer technology was addressed to Kudler’s management team. As a result, Kudler Fine Foods management team is considering incorporating proposed computer assisted auditing techniques (CAATs) within its systems. CAATs will increase efficiency levels of an auditor’s personal productivity during analysis and data extraction of the audit which is beneficial to the performance of Kudler. CAAT will also service as a validation agent providing assurance of data integrity and reliability to the operations of Kudler Fine Foods for its users. CAAT surfaces inconsistencies that can be verified timely.…

    • 1007 Words
    • 5 Pages
    Good Essays
  • Better Essays

    Kudler Finer Foods has a very strong accounting information system in place but there is room for improvement. Kudler’s has taken the steps in the correct direction by implementing an industry specific system. Computer technology only makes auditing Kudler Finer Foods easier and more accurate. Computer assisted auditing tools and techniques CAATs is highly recommend for Kudler finer Foods. The ability to share information with clients and auditor’s is one of the selling points. The main selling point of using CAATs is that every avenue of Kudler’s accounting information system will be reviewed and will ensure Kudler Finer Foods that their system integrity is intacted as well as the validation of the system. In the brief to follow will explain why using computer technology and CAATs makes the best business sense.…

    • 1042 Words
    • 5 Pages
    Better Essays
  • Good Essays

    In accordance with our IT audit plan, the Foods Fantastic Company (FFC) Audit Team has performed an ITGC review of the 5 critical ITGC areas and in-scope applications so as to enable the audit team to follow a controls-based audit approach and be able to rely on the IT controls in place at FFC. FFC is a publicly traded, regional grocery store located in the mid-Atlantic region which relies on many state-of-the-art IT systems and software and which are all managed in-house.…

    • 1520 Words
    • 7 Pages
    Good Essays
  • Good Essays

    We live and conduct business in an active asymmetric threat environment. An individual, business or organization must adapt and protect its vital information assets and critical digital infrastructure. Failure to do so is reckless and may be considered as an obvious lack of due diligence for people who have fiduciary and custodial responsibilities.…

    • 532 Words
    • 3 Pages
    Good Essays
  • Good Essays

    * Scalable: It can operate correctly even as some aspect of the system is scaled to a larger size. For example, we might increase the size of the network on which the system is running. This increases the frequency of network outages and could degrade a "non-scalable" system. Similarly, we might increase the number of users or servers, or overall load on the system. In a scalable system, this should not have a significant effect.…

    • 833 Words
    • 4 Pages
    Good Essays
  • Good Essays

    Network baselining is the process of interpreting and understanding of data called baseline analysis. It allows you to discover the true performance and operation of the network. To determine whether a network could deliver a particular policy you need to measure the network’s current performance. By obtaining a baseline of system or network behavior I would need NBAD or Network Behavior Anomaly Detection. NBAD is an integral part of Network Behavior Analysis which offers security and it continuously monitoring the network for any unusual events or trends. A malicious abuse is the number one cause of today’s internet traffic. Anomalies such as worms, port scans, denial of service attacks, etc., these we could found at any time in the network traffic. These anomalies are waste network resources which can cause performance ruin of network devices and end hosts. It may lead to security issues concerning all internet users. Suppose an attacker intrudes on one of the servers. The first place to check is the Log Files for administrative issues and security activity. Log Files contains complete records of all security events, e.g. log one events, resource access, attempted violations of policy and changes in system configuration or policies. And also, Critical System events that can follow admin to quickly discover the root that causes the issue. We can also identify bad system or network activities by observing anomalies from baseline behavior or identifying certain suspicious actions. Monitoring the individual network subscribers by having NBAD or Network Behavior Anomaly Detection, this can tracks also the critical network characteristics in real time and it generates an alarm if a strange event or trend is detected that could indicate the presence of a threat. Need to consider that even legitimate…

    • 607 Words
    • 2 Pages
    Good Essays
  • Satisfactory Essays

    The fundamental aim of this project is to emphasize how a system of information network aids the government and police administration in decision taking through a range of statistical data as collected and analyzed in an existing information system.…

    • 5714 Words
    • 23 Pages
    Satisfactory Essays