Presentation is loading. Please wait.

Presentation is loading. Please wait.

Deck 10 Accounting Information Systems Romney and Steinbart Linda Batch March 2012.

Similar presentations


Presentation on theme: "Deck 10 Accounting Information Systems Romney and Steinbart Linda Batch March 2012."— Presentation transcript:

1 Deck 10 Accounting Information Systems Romney and Steinbart Linda Batch March 2012

2 Learning Objectives IS Controls for System Reliability Confidentiality and Availability – Encryption – Process Controls – Input, Processing, Output – Availability Work on Assignment 4 Quiz (Chapter 7 and Chapter 8)

3 Chapter 9 – Preserving Confidentiality Intellectual property often is crucial to the to the organization’s long run competitive advantage Actions must be taken to preserve confidentiality: – Identification and classification of information to be protected – Encryption of sensitive information – Controlling access to sensitive information – Training

4 Chapter 9 – Encryption Encryption is a preventive control that can be used to protect both the confidentiality and privacy Encryption is the process of transforming normal content called plain text to unreadable gibberish, call ciphertext. Decryption reverses this process

5 Chapter 9 – Encryption Three factors determine the strength of the encryption – key length – longer keys provide stronger encryption by reducing the number of repeating blocks – encryption algorithm – are designed to resist brute-force guessing techniques – policies for managing the cryptographic keys – the most vulnerable aspect of the encryption system hence cryptographic keys must be stored very securely

6 Chapter 9 – Encryption Cryptographic keys must be stored securely and protected with strong access controls. Best practices include not storing cryptographic keys in a browser or any other file that others users of that system can readily access and using a strong and long passphrase to protect the keys Organizations must have a way to decrypt data in the event the employee who encrypted it is no longer with the organization – Use software with a built in master key – Use key escrow – make copies of all encryption keys and used by employees and store these copies securely

7 Chapter 9 – Encryption Types of Encryption Systems – Symmetric Encryption – use the same code to encrypt and decrypt (DES and AES are examples) – Asymmetric Encryption – different system to encrypt an decrypt – public key and private key (RSA and PGP) – Symmetric encryption is faster but it is less secure – Hashing takes plain text of any length and splits it into a short code called a hash hashing algorithms will not recreate the document in the original plain text format Good for verifying that the contents of a message have not been altered

8 Chapter 9 – Encryption Types of Encryption Systems Continued – Digital signatures Nonrepudiation – how to create legally binding agreements that cannot be unilaterally repudiated by either party Use hashing and asymmetric encryption simultaneously Proof that a document has not been altered and proof of who created the file – Digital Certificates Electronic document that contains and entities public key and certifies the integrity of the owner of that particular public key – Public Key Infrastructure Issuing pairs of public and private keys and corresponding digital certificates

9 Chapter 9 – Encryption Types of Encryption Systems Continued – Virtual Private Networks (VPN) Information must be encrypted within a system but also when it transmits over the internet Encrypted information, when it traverses the internet, creates a virtual private network (VPN) The VPN software that encrypts information while it transmits over the internet effectively creates private tunnels for those that have the keys

10 Chapter 10 – Processing Integrity Input Data integrity – Source documents should be prepared by authorized personnel – Forms Design – Cancellation and storage of source documents – Data entry controls Field check, sign check, limit check, range check, size check, completeness check, validity check, reasonableness check – Additional batch processing and data entry controls Sequence check, error log, batch totals

11 Chapter 10 – Processing Integrity Processing Controls – Data matching – two or more items of data must be matched prior to processing – File labels – ensure the most current files are being updated – Recalculation of batch totals – Cross-footing and zero balance test – Write protection mechanisms that stop overwriting of data – Concurrent update controls – only one user update records at a time

12 Chapter 10 – Processing Integrity Output Controls – User review of output – Reconciliation procedures – External data reconciliation – Data transmission controls (check sums and parity bits)

13 Chapter 10 – System Availability Minimize downtime and ensure efficient return to normal operations Ensure there is a contingency plan to get the system running

14 Chapter 10 – System Availability Lost data needs to be considered plus the data that is not being collected while the system is down Recovery point objective (RPO) – how much data is the organization willing to lose Recovery time objective (RTO) – the length of time the organization is willing to operate without the AIS These feed into the data recovery plan and the business continuity plan

15 Week 9 – Summary We are still talking about controls for system reliability This week’s specific topics are confidentiality and availability – Encryption - what is it – What makes encryption strong – Various types of encryption systems Data input integrity Data processing integrity Information output integrity System uptime (downtime) – Recovery point objective, Recovery time objective Quiz Next Week on Chapter 9 and 10


Download ppt "Deck 10 Accounting Information Systems Romney and Steinbart Linda Batch March 2012."

Similar presentations


Ads by Google