The document outlines the establishment of security policies and procedures for protecting organizational information assets, detailing specific controls such as input, processing, output, and storage controls to ensure data accuracy and integrity. It emphasizes the significance of automated and manual procedures for authorizing data access and highlights various security standards for both wired and wireless networks. Additionally, it addresses risks to computer systems from various hazards and suggests measures for protection against failures.

2. WRAP UP:
The function whose mission is to establish
security policies and the associated
procedures and control elements over the
information assets
Methods, policies, and organizational procedures
that ensure safety of organization’s assets, accuracy
and reliability of its records, and operational
adherence to management standards

3. Allows trustful
operations by
guaranteeing that
the handler of
information is
whoever she or he
claims to be.

6. Controls for design,
security and use of
Information
Systems in
organization
Specific
controls for
each
application.

9. Automated and manual procedures that
ensure only authorized data are processed
by application
Unique to each computerized application
Classified as (1) input controls, (2) processing
controls, (3) output controls and (4) storage
controls

10. Control totals: Input, processing, Storage
Edit checks: Input, Storage
Computer matching: Input, processing,
Storage
Run control totals: Processing, output,
Storage
Report distribution logs: Output, storage

11. • Input controls
– Data is accurate and consistent
on entry
– Direct keying of data, double
entry or automated input
– Data conversion, editing and
error handling
– Field validation on entry
– Input authorization and auditing
– Checks on totals to catch
errors

12. • Input controls
-Data input controls ensure
the accuracy, completeness,
and timeliness of data
during its conversion from
its original source into
computer data, or entry into
a computer application.

13. • Processing controls
– Data is accurate and complete on processing
– Checks on totals to catch errors
– Compare to master records to catch errors
– Field validation on update
– -Data processing controls are used to ensure the
accuracy, completeness, and timeliness of data
during either batch or real-time processing by the
computer application.

14. • Output controls
– Data is accurate, complete and
properly distributed on output
– Checks on totals to catch errors
– Review processing logs
– Track recipients of data
– - Data output controls are used
to ensure the integrity of output
and the correct and timely
distribution of any output
produced.

15. • Processing controls
– Data is accurate and complete on processing
– Checks on totals to catch errors
– Compare to master records to catch errors
– Field validation on update
– -Data processing controls are used to ensure the
accuracy, completeness, and timeliness of data
during either batch or real-time processing by the
computer application.

16. • Storage controls
–Stored data may be called
upon when new data is
being processed
– the combination of data
forming new outputs.
- Data is often kept on a
storage medium such as a
hard drive.

18. • Public, accessible network
• Abuses have widespread effect
• Fixed Internet addresses
• Corporate systems extended
outside organization

20. Encryption
Authentication
Message integrity
Digital signatures
Digital certificates
Public key infrastructure (PKI)

21. Public Key Encryption

22. Authentication, message integrity, digital signature, digital
certificates

23. Security for wireless internet access
1. Service set identifiers (SSID)
-Identify access points in network
-Form of password for user’s radio network
interface card
-Broadcast multiple time per second
-Easily picked up by sniffer programs, war
driving

24. Security for wireless internet access
2. Wired Equivalent Privacy (WEP):
-Initial security standard
-Call for access point and all users to
share the same 40-bit encrypted
password

25. Security for wireless internet access
3. Wi-Fi Protected Access (WPA)
specification
-128-bit, non-static encryption key
-Data-packet checking

26. Methods that protect
physical facilities and their
contents from loss and
destruction. Computer
centers are prone to many
hazards such as accidents,
thefts, fire, natural
disasters, destructions etc.

27. system that holds the door
for intruders and prevents
them from accessing the
resources by verifying them
as unauthorized persons on
the basis of biometrics
authentication

28. Computers can fail for several
reasons like power failures,
electronic circuitry malfunctions,
mechanical malfunctions of
peripheral equipment and hidden
programming errors. To protect
from these failure precaution, any
measure with automatic and
remote maintenance capabilities
may be required.