• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Is acca19(security and legal compliance)
 

Is acca19(security and legal compliance)

on

  • 249 views

Security

Security
Physical threats
Physical access control
Building controls into an information system

Statistics

Views

Total Views
249
Views on SlideShare
249
Embed Views
0

Actions

Likes
0
Downloads
3
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Is acca19(security and legal compliance) Is acca19(security and legal compliance) Presentation Transcript

    • 1 Security and Legal Compliance (1) Lecture 19 Abdisalam Issa-Salwe Thames Valley University
    • Abdisalam Issa-Salwe, Thames Valley University 2 Topic list  Security  Physical threats  Physical access control  Building controls into an information system
    • Abdisalam Issa-Salwe, Thames Valley University 3 Security  Security in information management context means the protection of data from accidental or deliberate threats which might cause unauthorised modification, disclosure or destruction of data, and the protection of the information system from the degradation or non-availability of services
    • Abdisalam Issa-Salwe, Thames Valley University 4 Physical threats  Fire  Water  Weather  Lighting  Terrorist activity  Accidental damage
    • Abdisalam Issa-Salwe, Thames Valley University 5 Physical access control  Personal identification numbers (PINs)  Door locks  Card entry systems  Computer theft
    • Abdisalam Issa-Salwe, Thames Valley University 6 Building control into an information system  Control can be classified into:  Security control:  about protection of data from accidental or deliberate threats  Integrity control:  in the context of security is preserved when data is the same as in source documents and has not been accidentally or intentionally altered, destroyed or disclosed  System integrity: operating conforming to the design specification despite attempts (deliberate or accidental) to make it have incorrectly.  Contingency controls:  It is an unscheduled interruption of computing services that requires measures outside the day- to-day routing operating procedures
    • Abdisalam Issa-Salwe, Thames Valley University 7 Building control into an information system (cont)…  Data will maintain its integrity if it is complete and not corrupt. This means that:  The original input of the data must be controlled  Any processing and storage should be set up so that they are complete and correct
    • Abdisalam Issa-Salwe, Thames Valley University 8 Building control into an information system (cont)…  Input control should ensure the accuracy, completeness and validity:  Data verification involves ensuring data entered matches source documents  Data validating involves ensuring that data entered is not incomplete or unreasonable. Various checks:  Check digits  Control totals  Hash totals  Range checks  Limit checks
    • Abdisalam Issa-Salwe, Thames Valley University 9 Privacy and data protection  Privacy:  The right of the individual to control the use of information about him or her, including information on financial status, health and lifestyle (I.e. prevent unauthorised disclosure).
    • Abdisalam Issa-Salwe, Thames Valley University 10 Data protection principles  Personal data is information about a living individual, including expression of opinion about him or her. Data about organisation is not personal data  Data users are organisation or individuals who control personal data and the use of personal data  A data subject is an individual who is the subject of personal data
    • Abdisalam Issa-Salwe, Thames Valley University 11 Internet security issue  Establishing organisation links to the Internet brings numerous security dangers  Corruptions such as viruses on a single computer can spread through the network to all the organisation's computer  Hacking: involves attempting to gain unauthorised access to a computer system
    • Abdisalam Issa-Salwe, Thames Valley University 12 Type of virus/program  File virus: Files viruses infect program files  Boot sector or ‘stealth’ virus: the book sector is the part of every hard disk and diskette. The stealth virus hides from virus detection programs by hiding themselves in boot records or files.  Trojan: it is a small program that performs unexpected function. It hides itself inside a ‘valid’ program.  Logic bomb: a logic bomb is a program that is executed when a specific act is performed.
    • Abdisalam Issa-Salwe, Thames Valley University 13 Type of virus/program (cont…)  Time bomb: a time bomb is a program that is activated at a certain time or data, such as Friday the 13th or April 1st  Worm: it is a type of virus that can replicate (copy) itself and use memory, but cannot attach itself to other programs  Droppers: it is a program that installs a virus while performing another function
    • Abdisalam Issa-Salwe, Thames Valley University 14 Type of virus/program (cont…)  Macro virus: it is a piece of self- replicating cod written in an application’s ‘macro’ language. Example, Melissa was a well publicised macro virus
    • Abdisalam Issa-Salwe, Thames Valley University 15 Information systems and accountants  Accountants track companies’ expenses, as well as prepare, analyze and verify financial documents. They look for ways to run businesses more efficiently, keep public records and make sure taxes are paid properly.  Public accountants perform audits and prepare taxes for corporations, government agencies, nonprofits and individuals.
    • Abdisalam Issa-Salwe, Thames Valley University 16 Information systems and accountants (cont…)  Management accountants are members of the executive team who record and analyze information about budgets, costs and assets. Their work may support strategic planning or product development. They may also write financial reports for stockholders, creditors or government agencies.  Government accountants and auditors maintain and examine government records, or they audit private businesses or individuals on the government's behalf.  Internal auditors are fiscal police officers. They verify the accuracy of an organization's financial records and look for waste, mismanagement and fraud.
    • Abdisalam Issa-Salwe, Thames Valley University 17
    • Abdisalam Issa-Salwe, Thames Valley University 18
    • Abdisalam Issa-Salwe, Thames Valley University 19
    • Abdisalam Issa-Salwe, Thames Valley University 20
    • Abdisalam Issa-Salwe, Thames Valley University 21