MODULE 12 CONTROL AUDIT AND SECURITY OF INFORMATION SYSTEM 12.1 Controls in Information systems 12.2 Need and methods of auditing Information systems 12.3.

Slides:



Advertisements
Similar presentations
1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.
Advertisements

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
Auditing Computer-Based Information Systems
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Auditing Computer Systems
Database Integrity, Security and Recovery Database integrity Database integrity Database security Database security Database recovery Database recovery.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
1 Output Controls Ensure that system output is not lost, misdirected, or corrupted and that privacy is not violated. Exposures of this sort can cause serious.
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Processing Integrity and Availability Controls
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Factors to be taken into account when designing ICT Security Policies
Auditing Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.
General Ledger and Reporting System
 Mechanism for restoring a database quickly and accurately after loss or damage  RESPONSIBILITY OF ?????  Recovery facilities: Backup Facilities Backup.
Copyright © 2015 Pearson Education, Inc. Processing Integrity and Availability Controls Chapter
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.
Software Development Unit 2 Databases What is a database? A collection of data organised in a manner that allows access, retrieval and use of that data.
Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.
Today’s Lecture application controls audit methodology.
Chapter 10: Computer Controls for Organizations and Accounting Information Systems
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the.
© 2013 Pearson Education, Inc. Publishing as Prentice Hall 1 CHAPTER 11: DATA AND DATABASE ADMINISTRATION Modern Database Management 11 th Edition Jeffrey.
The Islamic University of Gaza
Chapter 13 Processing Controls. Operating System Integrity Operating system -- the set of programs implemented in software/hardware that permits sharing.
Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
The Beneficent the MERCIFUL In the NAME of. “ASSURING RELIABLE AND SECURE IT SERVICES”
System Testing Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman OBJECTIVES  To ensure the entire system will perform as per specification.
Information Systems Security Operational Control for Information Security.
System Security Chapter no 16. Computer Security Computer security is concerned with taking care of hardware, Software and data The cost of creating data.
MODULE 12 Control Audit And Security Of Information System 12.1 Controls in Information systems 12.2 Need and methods of auditing Information systems 12.3.
S4: Understanding the IT environment of the entity.
D ATABASE A DMINISTRATION L ECTURE N O 3 Muhammad Abrar.
1 Chpt. 12: INFORMATION SYSTEM QUALITY, SECURITY, AND CONTROL.
SESSION 14 INFORMATION SYSTEMS SECURITY AND CONTROL.
Data protection This means ensuring that stored data does not get changed, removed or accessed accidentally or by unauthorised people. Data can be corrupted,
14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,
SECURITY OF DATA By: ADRIAN PERHAM. Issues of privacy; Threats to IT systems; Data integrity; Standard clerical procedures; Security measures taken to.
CPS ® and CAP ® Examination Review OFFICE SYTEMS AND TECHNOLOGY, Fifth Edition By Schroeder and Graf ©2005 Pearson Education, Inc. Pearson Prentice Hall.
Today’s Lecture Covers
Data Security.
Viewing Information Systems Security. The basic objectives of Information Security are the same as the basic objectives of EDP auditing. They are: 1.To.
Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,
MBA 664 Database Management Dave Salisbury ( )
CONTROLLING INFORMATION SYSTEMS
Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly.
CPT 123 Internet Skills Class Notes Internet Security Session B.
Auditing Of Information Systems Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman OBJECTIVES  Ensure computer based financial and.
SYSTEMS IMPLEMENTATION TECHNIQUES TRANSACTION PROCESSING DATABASE RECOVERY DATABASE SECURITY CONCURRENCY CONTROL.
Welcome to the ICT Department Unit 3_5 Security Policies.
LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.
ANS File Security Chapter # 29 ( Prepared by : Mazhar Javed ) 1 Data Security “Protection against loss, corruption of, or unauthorized access of data”
Copyright © 2016 Pearson Education, Inc. CHAPTER 12: DATA AND DATABASE ADMINISTRATION Modern Database Management 12 th Edition Jeff Hoffer, Ramesh Venkataraman,
Information Security and Privacy in HRIS
INFORMATION SYSTEMS SECURITY AND CONTROL.
Security Of Information Systems
Controlling Computer-Based Information Systems, Part II
Processing Integrity and Availability Controls
Managing the IT Function
The Impact of Information Technology on the Audit Process
The Impact of Information Technology on the Audit Process
INFORMATION SYSTEMS SECURITY and CONTROL
Security of Data  
Database Security &Threats
Presentation transcript:

MODULE 12 CONTROL AUDIT AND SECURITY OF INFORMATION SYSTEM 12.1 Controls in Information systems 12.2 Need and methods of auditing Information systems 12.3 Testing Information systems 12.4 Security of Information systems Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman Learning Units

LEARNING GOALS Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman 1 of 27  Why controls are necessary in Information systems  Methods of controlling Information systems  How controls are introduced in Information systems  Why Information systems need auditing  How are systems audited  The methods used to test Information systems  How the security of an Information system is ensured

MOTIVATION FOR CONTROLS Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman 2 of 27  It is very important to ensure the reliability of reports produced by an information system  If unreliability is seen by users the entire credibility of the system is lost  Ensuring reliability is not difficult for small systems but when a system has to handle massive data it is a challenge  Systematic controls are thus essential when a system is designed

MOTIVATION FOR AUDITS Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman 3 of 27  Many organizations are now entirely dependent on computer based information system  These information systems contain financial data and other critical procedures  It is essential to protect the systems against frauds and ensure that sound accounting practices are followed  It is necessary to trace the origin and fix responsibilities when frauds occur  Audit methods primary purpose is to ensure this.

MOTIVATION FOR TESTING Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman 4 of 27  Systems contain many individual subsystems  Usually sub-systems and programs are individually tested  However when a whole system is integrated unforeseen errors may be seen  Thus before releasing a system the entire operational system should be tested for correctness and completeness

MOTIVATION FOR SECURITY Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman 5 of 27  Systems contain sensitive data about the organization and also about persons working in the organization  Sensitive data should be protected from spies, thieves or disgruntled employees.  Thus access should be carefully controlled and provided only on a need to know basis  When computers are networked corruption/erasure may take place due to viruses  Services may be disrupted due to denial of service attacks  Thus systems should be designed with appropriate security measures.

MOTIVATION FOR DISASTER RECOVERY Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman 6 of 27  Organizations depend on Information systems for their entire operations  It is thus essential to ensure continuity of service when unforeseen situations such as disk crashes,fires,floods and such disasters take place.  Thus it is essential to ensure quick recovery from disasters and ensure continuity of service.

Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman CONTROL AUDIT AND SECURITY OF INFORMATION SYSTEM CONTROL- Method to ensure that a system processes data as per design and that all data is included and are correct AUDIT AND TESTING - Ensure that the system is built as per specifications and that processed results are correct. Protect systems from frauds. SECURITY- Protection of data resources,programs,and equipment from illegal use,theft,vandalism,accidents, disasters etc. 7 of

NEED OF CONTROLS Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman Information systems handle massive amounts of data – accidents such as not including some data can cause serious damage Incorrect data entry can lead to high monetary losses Credibility in the information system may be lost if errors are found in operational systems 8 of

OBJECTIVES OF CONTROLS Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman To make sure data entering the computer are correct Check clerical handling of data before it is input to a computer Provide means of detecting and tracing errors which occur due to bad data or bad program Ensure legal requirements are met To guard against frauds 9 of

CONTROL TECHNIQUES Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman ORGANIZATIONAL MEASURES Well defined responsibility for input preparation, delivery output use, operation and maintenance - Changes in program and data (if any) should be documented - Performance of task and recording must be by different persons to prevent frauds 10 of

Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman CONTROL TECHNIQUES INPUT PREPARATOIN CONTROL -Sequence numbering -Batch controls -Data entry and verification -Record totals -Self checking digits, (Covered in Module 7) 11 of

PROCESSING CONTROLS Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman  PROOF FIGURES –An additional data element introduced to detect data entry/processing error Example:item code,qty supplied,cost/unit,proof cost(proof cost is additional data introduced. Proof cost=(H-cost/unit)where H is a constant > maxcost Check if H  qty =  qty *proof cost +  qty * cost/unit If two sides are not equal, there is an error. 12 of

PROCESSING CONTROLS Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman  TWO WAY CHECK – Calculate same qty in two different ways and they should be equal Example :  gross pay -  deductions =  net pay  RELATIONSHIP CHECK –We know relation between variable. Example : Rebate total =  Sales * discount percent  CHECKPOINT RESTART – Periodical storing of process state. If there is a failure roll back to saved state and restart computation.  CHECK POINTS also useful to check intermediate results in long and complex calculations.Region where an error occurred can thus be isolated 13 of

AUDITING OF INFORMATION SYSTEMS Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman OBJECTIVES  Ensure computer based financial and other information reliable  Ensure all records included while processing  Ensure protection from frauds 14 of

AUDIT METHODS Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman  AUDITING AROUND COMPUTER Take sample inputs and manually apply processing rules and compare outputs with computer outputs  AUDITING THROUGH THE COMPUTER -Establish audit trail which allows examining selected intermediate results -Control totals provide intermediate checks 15 of

AUDITING THROUGH THE COMPUTER Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman  Facility to trace transaction value and print intermediate results  Selective printing of records meeting criteria specified by the auditor For example :Inactive accounts,overactive accounts, accounts with high balance  Comparing credit and debit balances  Ensure logs are kept of who did what in critical data entry and processing to fix responsibility.Called an Audit trail.  Auditor’s own check inputs and expected outputs. 16 of

AUDITING WITH THE COMPUTER Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman Use special audit packages to check system Audit package allows  Extracting data based on the specified criterion for inspection(e.g. Students with wide disparity in marks in two subjects)  Totaling specified subset of data for check  Procedure to check sale discounts  Process with independent data file created by auditor and verify to see if system is as per specification 17 of

SYSTEM TESTING Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman OBJECTIVES  To ensure the entire system will perform as per specification  Ensure system meets users requirements  Verify if controls function as intended  To make sure incorrect inputs,incorrect processing and incorrect outputs (if any) will be detected during operation  Should include both computer based and manual processes Remember that system testing is done before a system is released as ready for operation 18 of

CLASIFICATION OF SYSTEM TESTS Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman PROGRAM TESTS - Program tests with test data - Normally individual modules tested then integration test done - Test boundary conditions - Test using loop counts SYSTEM TESTS -Results from a program fed as input to a succeeding program - a string of programs run one after another 19 of

SYSTEM TESTING (CONTD) Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman SYSTEM TESTS -All programs in a complete system are tested together as a whole.Tested using unreasonable data and non key data besides normal test data for whole system PILOT TESTS - Use data from manual system to test system when it is first implemented. If it is modification of earlier computer based system use data and output from that system 20 of

SYSTEM TESTING (CONTD) Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman PARALLEL RUNS -Run both manual and computer based systems with same live data and see if both give identical results -If it is re-engineered (i.e.,Modified) system run both old and new systems and compare results 21 of

SECURITY OF INFORMATION SYSTEMS Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman  Security means protection of data from accidental or intentional modification, destruction or disclosure to unauthorised persons POTENTIAL THREATS TO SECURITY  Natural disasters such as fire, floods, earthquakes  Accidents such as disk crashes, file erasure by inexperienced operators  Theft/erasure of data by disgruntled employees 22 of

SECURITY OF INFORMATION SYSTEMS Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman  Frauds by changing programs, data by employees  Industrial espionage  Viruses/Worms  Hackers who break into systems connected to the internet  Denial of service attacks by flooding with mail POTENTIAL THREATS TO SECURITY (CONTD) 23 of

HOW TO PROTECT DATA/PROGRAMS Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman  Regular back up of data bases every day/or week depending on the time criticality and size  Incremental back up at shorter intervals  Backup copies kept in safe remote location -particularly necessary for disaster recovery  Duplicate systems run and all transactions mirrored if it is a very critical system and cannot tolerate any disruption before storing in disk.  Physical locks  Password system  Biometric authentication (Eg: Finger print) 24 of

HOW TO PROTECT DATA/PROGRAMS Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman  Encrypting sensitive data/programs  Identification of all persons who read or modify data and logging it in a file  Training employees on data care/handling and security  Antivirus software  Firewall protection when connected to internet 25 of

DATA SECURITY, PRIVACY AND INTEGRITY Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman  Data security is concerned with protecting data from erasure,theft,unauthorized access and unauthorized modifications  Data privacy is concerned with protecting data regarding individuals from being accessed and used without the permission/knowledge of concerned individuals  Data integrity is concerned with the quality and reliability of raw as well as processed data 26 of

DATA SECURITY, PRIVACY AND INTEGRITY Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman  Security does not imply privacy or integrity  Privacy controls need specific law against disclosure of personal data  Ultimately data and system integrity most important 27 of

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.