The resources of information systems like hardware, software, and data, need to be protected preferably by build in control to assure their quality and security.
General and Application Control - Security and Control Issues in Information Systems Part 2
1.
2. WRAP UP:
The function whose mission is to establish
security policies and the associated
procedures and control elements over the
information assets
Methods, policies, and organizational procedures
that ensure safety of organization’s assets, accuracy
and reliability of its records, and operational
adherence to management standards
9. Automated and manual procedures that
ensure only authorized data are processed
by application
Unique to each computerized application
Classified as (1) input controls, (2) processing
controls, (3) output controls and (4) storage
controls
10. Control totals: Input, processing, Storage
Edit checks: Input, Storage
Computer matching: Input, processing,
Storage
Run control totals: Processing, output,
Storage
Report distribution logs: Output, storage
11. • Input controls
– Data is accurate and consistent
on entry
– Direct keying of data, double
entry or automated input
– Data conversion, editing and
error handling
– Field validation on entry
– Input authorization and auditing
– Checks on totals to catch
errors
12. • Input controls
-Data input controls ensure
the accuracy, completeness,
and timeliness of data
during its conversion from
its original source into
computer data, or entry into
a computer application.
13. • Processing controls
– Data is accurate and complete on processing
– Checks on totals to catch errors
– Compare to master records to catch errors
– Field validation on update
– -Data processing controls are used to ensure the
accuracy, completeness, and timeliness of data
during either batch or real-time processing by the
computer application.
14. • Output controls
– Data is accurate, complete and
properly distributed on output
– Checks on totals to catch errors
– Review processing logs
– Track recipients of data
– - Data output controls are used
to ensure the integrity of output
and the correct and timely
distribution of any output
produced.
15. • Processing controls
– Data is accurate and complete on processing
– Checks on totals to catch errors
– Compare to master records to catch errors
– Field validation on update
– -Data processing controls are used to ensure the
accuracy, completeness, and timeliness of data
during either batch or real-time processing by the
computer application.
16. • Storage controls
–Stored data may be called
upon when new data is
being processed
– the combination of data
forming new outputs.
- Data is often kept on a
storage medium such as a
hard drive.
17.
18. • Public, accessible network
• Abuses have widespread effect
• Fixed Internet addresses
• Corporate systems extended
outside organization
23. Security for wireless internet access
1. Service set identifiers (SSID)
-Identify access points in network
-Form of password for user’s radio network
interface card
-Broadcast multiple time per second
-Easily picked up by sniffer programs, war
driving
24. Security for wireless internet access
2. Wired Equivalent Privacy (WEP):
-Initial security standard
-Call for access point and all users to
share the same 40-bit encrypted
password
25. Security for wireless internet access
3. Wi-Fi Protected Access (WPA)
specification
-128-bit, non-static encryption key
-Data-packet checking
26. Methods that protect
physical facilities and their
contents from loss and
destruction. Computer
centers are prone to many
hazards such as accidents,
thefts, fire, natural
disasters, destructions etc.
27. system that holds the door
for intruders and prevents
them from accessing the
resources by verifying them
as unauthorized persons on
the basis of biometrics
authentication
28. Computers can fail for several
reasons like power failures,
electronic circuitry malfunctions,
mechanical malfunctions of
peripheral equipment and hidden
programming errors. To protect
from these failure precaution, any
measure with automatic and
remote maintenance capabilities
may be required.
Editor's Notes
Recall there are numerous threats to Information Systems
To minimise likelihood of threats, must control the environment in which Information Systems are developed and deployed
To minimise likelihood of threats, must control the environment in which Information Systems are developed and deployed
To minimise likelihood of threats, must control the environment in which Information Systems are developed and deployed
To minimise likelihood of threats, must control the environment in which Information Systems are developed and deployed
Physical facility control is methods that protect physical facilities and their contents from loss and destruction. Computer centers are prone to many hazards such as accidents, thefts, fire, natural disasters, destructions etc. Therefore physical safeguards and various control procedures are required to protect the hardware, software and vital data resources of computer using organizations.
Physical facility control is methods that protect physical facilities and their contents from loss and destruction. Computer centers are prone to many hazards such as accidents, thefts, fire, natural disasters, destructions etc. Therefore physical safeguards and various control procedures are required to protect the hardware, software and vital data resources of computer using organizations.
Biometric Access Control is a system that holds the door for intruders and prevents them from accessing the resources by verifying them as unauthorized persons on the basis of biometrics authentication. In Biometric Access Control system, biometric authentication refers to the recognition of human beings by their physical uniqueness.
Biometric Access Control system works on substantiation. Biometric Access Control system scans the person and matches his/her biometric data with the previously stored information in the database before he/she can access the secured zone or resources. If the compared information matches, the Biometric Access Control system allows the person to access the resources. Today, Biometric Access Control system is considered to be the best and one of the most secured authentication systems amongst the other access control devices.