Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter Eight CBIS and Checklists. General Controls 12 controls Planning, controls, standards, security Continuous updating –e.g., C&L 66% of firms inadequate.

PublishOliver May Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter Eight CBIS and Checklists. General Controls 12 controls Planning, controls, standards, security Continuous updating –e.g., C&L 66% of firms inadequate."— Presentation transcript:

1 Chapter Eight CBIS and Checklists

2 General Controls 12 controls Planning, controls, standards, security Continuous updating –e.g., C&L 66% of firms inadequate monitoring Plans made -- not implemented

3 Security Plans Who What When Which

4 Project Development Controls Long-range, 3-5 year, master plan –and, what happens next year? Project Development Plan - use milestones DP Schedule - comp resources as “scarce” Define responsibility / method of evaluation Postimplementation Review / Measure

5 IA DHS Revisited $12 million project development Failed (at point of success?) Funding ended Project development failure? Or, communication failure?

6 Mission Impossible Limit physical access Limit access to computer logic Problem - insiders –where are my tennis shoes? Security breaches –the Net?

7 Logic Controls Passwords –random assignment, ID cards –use your PIN number for CC purchases? –Active badges (as opposed to inactive?) Biometric Identification –permit or limit access –cocaine residue on a four year old –“sniffer” at the airport

8 More Logic Access Control Compatibility Tests –multiple layers of passwords for access to records –screen passwords, e.g., payroll –print passwords, e.g., contracts –e-mail attachment controls?

9 Paranoia or Security? Outside workers with access –Webco customer list theft CIA director - national security on home PC Mattel stolen laptops

10 Simple Measures Property listing in files –resume example Floppy read/write limits File passwords Volume names External labels

11 Encryption Private key only –threat? Public key only –threat? Public and Private Keys –threat?

12 Routing Verification Great for phone callers –Too busy now, can I call you back? –Verify the caller’s identity and authorization Automated - as discussed in your text

13 Documentation Administrative –overall uses and change authorization System –flowcharts, narrative, libraries Operating –hardware & software program considerations

14 IC as Prevention UPS Preventive maintenance –RAM test –Microprocessor test –Hard and Removable Disk interfaces

15 “Every Day is Y2K” Disaster Recovery Plans –e.g., your grades –WTC bombing 43% of firms failed Electronic vaulting –“my computer” default and mail on a server –backup nightly Backup –Master Vs. Transaction files

16 When do you press the “save” key? When should you complete a system backup?

17 Disaster Recovery Plan Press release: who, what, when, where, why Prioritize the process (what) Backup data and program files (when, where) Have specific assignments (who) Complete recovery documentation (why) Alternative (backup) telecommunication sites (where II)

18 Alternative Sites Alliances Hot site –fully configured –current copies of most recent backups –access guaranteed, ready to run Cold site –no equipment in-place –contracts provided to provide service on- demand

19 Internet Controls (a different “IC”) NWS - six Denmark hackers –NWS goes down, airlines stop flying –Anyone see a business opportunity here? Firewalls, tunneling, Separate systems –external (in-coming) internet site –internal intranet

20 Application Controls Data entry and reporting controls Source Data Controls Input Validation Routines On-Line Data Entry Controls DP and File Maintenance Controls Output Controls

21 Auditor Usage Page 263 and 264

Download ppt "Chapter Eight CBIS and Checklists. General Controls 12 controls Planning, controls, standards, security Continuous updating –e.g., C&L 66% of firms inadequate."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
9 - 1 Computer-Based Information Systems Control.

9 - 1 Computer-Based Information Systems Control.
Security: Playing in Safe By: Matt Hill Identification and Access Identification and Access | When Disaster Strikes | Disaster Recovery Plan | Software.

Security: Playing in Safe By: Matt Hill Identification and Access Identification and Access | When Disaster Strikes | Disaster Recovery Plan | Software.
Ensuring Continuing Operations and Disaster Recovery By: Alyssa Gatrell Mike Harker Amy Shumway.

Ensuring Continuing Operations and Disaster Recovery By: Alyssa Gatrell Mike Harker Amy Shumway.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Risks, Controls and Security Measures

Risks, Controls and Security Measures
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Auditing 81.3550 Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.

Auditing Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.
©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 8-1 Accounting Information Systems 9 th Edition Marshall.

©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 8-1 Accounting Information Systems 9 th Edition Marshall.
PMI Inventory Tracker™

PMI Inventory Tracker™
Introduction to Computers Essential Understanding of Computers and Computer Operations.

Introduction to Computers Essential Understanding of Computers and Computer Operations.
Overview SAP Basis Functions. SAP Technical Overview Learning Objectives What the Basis system is How does SAP handle a transaction request Differentiating.

Overview SAP Basis Functions. SAP Technical Overview Learning Objectives What the Basis system is How does SAP handle a transaction request Differentiating.
Copyright © 2015 Pearson Education, Inc. Processing Integrity and Availability Controls Chapter 10 10-1.

Copyright © 2015 Pearson Education, Inc. Processing Integrity and Availability Controls Chapter

Similar presentations

Ads by Google