3. Sensitive information
Strategic plan – m & a pending, crucial decisions,
major expension
Business operation – client lists, process and
procedures (proprietary)
Finances - cost sheet, ratios(GP, NP), salaries wages,
precise salary information, loans, dividends
4. Need for control in IS
Increase the ability to capture, store, analyze and
process data
Safeguard assets to maintain data integrity
Covering access safeguards over computer programs,
data and any related equipment
System effectiveness and efficiency
Control built in well designed system
6. Categories of control
1. PREVENTIVE 1. ADMIN 1. PHYSICAL 1. MGMT.
2. DETECTIVE 2. OPERATION 2. LOGICAL 2. APP.
3. CORRECTIVE 3. ACCOUNTS 3. ENVIORNMENTAL
4. COMPENSATORY
OBJECTIVE FUNCTION
AUDIT
FUNCTION
IS RESOURCES
7. FUNCTION
Admin – lawful, compliance of mgmt and other
statutory requirements
Operation – effectiveness, efficiency, objective
achieve, day to day business
Accounts – balance sheet, true & fair view, reliability
of financial control
8. OBJECTIVE
Preventive – designed to prevent and control error and any malicious
activity
anti virus, passwords, firewall, smart cards, skilled personnel, segregation
of duties,
Detective – designed to detect errors or malicious activity
cctv, log, anti virus, audit, reconciliation
Corrective – designed to reduce the impact of error or malicious
activity
anti virus, back up, insurance, fire extinguisher, recovery plan
Compensatory - reduce the probability of threats, many devices are
used in, cost of the lock should not be more than assets, organization
may not be able to implement control in that cast compensatory control
are used to such appropriateness
OTP, Buying something from reliance industries,
11. Issues and revelations
Power supply to compiler equipment remains in
specifications
AC system properly working
Back up media protected from damage, magnet
effect etc.
Equipment kept free from dust and smoke
Food, beverage and tobaco product are prohibited
12. controls
Water/smoke detectors
Hand held fire extinguisher
Fire suppression system
a) Dry pipe b) water based c) halogen
• Regular inspection
• Electrical surge protectors
• Two substations
• Emergency power off switches
• wires in conduit and panels
• Documented and tested emergency evacuation plans