1
Security and Legal
Compliance
(1)
Lecture 19
Abdisalam Issa-Salwe
Thames Valley University
Abdisalam Issa-Salwe, Thames Valley University
2
Topic list
 Security
 Physical threats
 Physical access control
 Buil...
Abdisalam Issa-Salwe, Thames Valley University
3
Security
 Security in information management
context means the protectio...
Abdisalam Issa-Salwe, Thames Valley University
4
Physical threats
 Fire
 Water
 Weather
 Lighting
 Terrorist activity...
Abdisalam Issa-Salwe, Thames Valley University
5
Physical access control
 Personal identification numbers (PINs)
 Door l...
Abdisalam Issa-Salwe, Thames Valley University
6
Building control into an information system
 Control can be classified i...
Abdisalam Issa-Salwe, Thames Valley University
7
Building control into an information system (cont)…
 Data will maintain ...
Abdisalam Issa-Salwe, Thames Valley University
8
Building control into an information system (cont)…
 Input control shoul...
Abdisalam Issa-Salwe, Thames Valley University
9
Privacy and data protection
 Privacy:
 The right of the individual to c...
Abdisalam Issa-Salwe, Thames Valley University
10
Data protection principles
 Personal data is information about a
living...
Abdisalam Issa-Salwe, Thames Valley University
11
Internet security issue
 Establishing organisation links to the
Interne...
Abdisalam Issa-Salwe, Thames Valley University
12
Type of virus/program
 File virus: Files viruses infect program files
...
Abdisalam Issa-Salwe, Thames Valley University
13
Type of virus/program (cont…)
 Time bomb: a time bomb is a program
that...
Abdisalam Issa-Salwe, Thames Valley University
14
Type of virus/program (cont…)
 Macro virus: it is a piece of self-
repl...
Abdisalam Issa-Salwe, Thames Valley University
15
Information systems and accountants
 Accountants track companies’
expen...
Abdisalam Issa-Salwe, Thames Valley University
16
Information systems and accountants (cont…)
 Management accountants are...
Abdisalam Issa-Salwe, Thames Valley University
17
Abdisalam Issa-Salwe, Thames Valley University
18
Abdisalam Issa-Salwe, Thames Valley University
19
Abdisalam Issa-Salwe, Thames Valley University
20
Abdisalam Issa-Salwe, Thames Valley University
21
Upcoming SlideShare
Loading in …5
×

Is acca19(security and legal compliance)

323 views

Published on

Security
Physical threats
Physical access control
Building controls into an information system

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
323
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Is acca19(security and legal compliance)

  1. 1. 1 Security and Legal Compliance (1) Lecture 19 Abdisalam Issa-Salwe Thames Valley University
  2. 2. Abdisalam Issa-Salwe, Thames Valley University 2 Topic list  Security  Physical threats  Physical access control  Building controls into an information system
  3. 3. Abdisalam Issa-Salwe, Thames Valley University 3 Security  Security in information management context means the protection of data from accidental or deliberate threats which might cause unauthorised modification, disclosure or destruction of data, and the protection of the information system from the degradation or non-availability of services
  4. 4. Abdisalam Issa-Salwe, Thames Valley University 4 Physical threats  Fire  Water  Weather  Lighting  Terrorist activity  Accidental damage
  5. 5. Abdisalam Issa-Salwe, Thames Valley University 5 Physical access control  Personal identification numbers (PINs)  Door locks  Card entry systems  Computer theft
  6. 6. Abdisalam Issa-Salwe, Thames Valley University 6 Building control into an information system  Control can be classified into:  Security control:  about protection of data from accidental or deliberate threats  Integrity control:  in the context of security is preserved when data is the same as in source documents and has not been accidentally or intentionally altered, destroyed or disclosed  System integrity: operating conforming to the design specification despite attempts (deliberate or accidental) to make it have incorrectly.  Contingency controls:  It is an unscheduled interruption of computing services that requires measures outside the day- to-day routing operating procedures
  7. 7. Abdisalam Issa-Salwe, Thames Valley University 7 Building control into an information system (cont)…  Data will maintain its integrity if it is complete and not corrupt. This means that:  The original input of the data must be controlled  Any processing and storage should be set up so that they are complete and correct
  8. 8. Abdisalam Issa-Salwe, Thames Valley University 8 Building control into an information system (cont)…  Input control should ensure the accuracy, completeness and validity:  Data verification involves ensuring data entered matches source documents  Data validating involves ensuring that data entered is not incomplete or unreasonable. Various checks:  Check digits  Control totals  Hash totals  Range checks  Limit checks
  9. 9. Abdisalam Issa-Salwe, Thames Valley University 9 Privacy and data protection  Privacy:  The right of the individual to control the use of information about him or her, including information on financial status, health and lifestyle (I.e. prevent unauthorised disclosure).
  10. 10. Abdisalam Issa-Salwe, Thames Valley University 10 Data protection principles  Personal data is information about a living individual, including expression of opinion about him or her. Data about organisation is not personal data  Data users are organisation or individuals who control personal data and the use of personal data  A data subject is an individual who is the subject of personal data
  11. 11. Abdisalam Issa-Salwe, Thames Valley University 11 Internet security issue  Establishing organisation links to the Internet brings numerous security dangers  Corruptions such as viruses on a single computer can spread through the network to all the organisation's computer  Hacking: involves attempting to gain unauthorised access to a computer system
  12. 12. Abdisalam Issa-Salwe, Thames Valley University 12 Type of virus/program  File virus: Files viruses infect program files  Boot sector or ‘stealth’ virus: the book sector is the part of every hard disk and diskette. The stealth virus hides from virus detection programs by hiding themselves in boot records or files.  Trojan: it is a small program that performs unexpected function. It hides itself inside a ‘valid’ program.  Logic bomb: a logic bomb is a program that is executed when a specific act is performed.
  13. 13. Abdisalam Issa-Salwe, Thames Valley University 13 Type of virus/program (cont…)  Time bomb: a time bomb is a program that is activated at a certain time or data, such as Friday the 13th or April 1st  Worm: it is a type of virus that can replicate (copy) itself and use memory, but cannot attach itself to other programs  Droppers: it is a program that installs a virus while performing another function
  14. 14. Abdisalam Issa-Salwe, Thames Valley University 14 Type of virus/program (cont…)  Macro virus: it is a piece of self- replicating cod written in an application’s ‘macro’ language. Example, Melissa was a well publicised macro virus
  15. 15. Abdisalam Issa-Salwe, Thames Valley University 15 Information systems and accountants  Accountants track companies’ expenses, as well as prepare, analyze and verify financial documents. They look for ways to run businesses more efficiently, keep public records and make sure taxes are paid properly.  Public accountants perform audits and prepare taxes for corporations, government agencies, nonprofits and individuals.
  16. 16. Abdisalam Issa-Salwe, Thames Valley University 16 Information systems and accountants (cont…)  Management accountants are members of the executive team who record and analyze information about budgets, costs and assets. Their work may support strategic planning or product development. They may also write financial reports for stockholders, creditors or government agencies.  Government accountants and auditors maintain and examine government records, or they audit private businesses or individuals on the government's behalf.  Internal auditors are fiscal police officers. They verify the accuracy of an organization's financial records and look for waste, mismanagement and fraud.
  17. 17. Abdisalam Issa-Salwe, Thames Valley University 17
  18. 18. Abdisalam Issa-Salwe, Thames Valley University 18
  19. 19. Abdisalam Issa-Salwe, Thames Valley University 19
  20. 20. Abdisalam Issa-Salwe, Thames Valley University 20
  21. 21. Abdisalam Issa-Salwe, Thames Valley University 21

×