This document discusses various controls for computer systems, including general controls and application controls. General controls include systems development, system software, hardware, operations, data security, and administration. Application controls focus on input, edit, format, dependency, processing, updating, matching, and output of data. The document also defines key terms related to control models, such as implementation, prototype, request for permission, project management, deliverables, walkthrough, outsourcing, and metrics. Finally, it discusses the concept of survivability for mission-critical systems and defines attacks, failures, and accidents.

1. USABILITY
VS
SAFETY

2. Control of Computer Systems
• General controls
• Application controls

3. General controls
• Systems development – before implementing or
converting a system, the security manager should
have input, along with users as to
feasibility, cost, benefit, testing and quality
assurance procedures
• system software – all system software should
come with security software that ensures
unauthorized changes cannot be made to system
software
• hardware – besides physical security, validity and
echo checks should be run to detect equipment
malfunctions

4. General controls (contd)
• operations – storage and processing equipment
should be consistent and work properly. IT
employees as well as users should know their
roles, follow back up and recovery instructions in
the manual
• data security – check terminal entry points, on
line access,. Inputs and outputs, set user
privileges, via password assignment
• administration – segregate IT job functions so no
overlap will happen. Supervise employees, write
policies and procedures

5. Application Controls
• input – check data for accuracy before
entering
• edit – check data for reasonableness before
entering it to the system
• format – check data for alphanumeric
consistency before entering it to the system
• dependency – check for logical relationships
of session data

6. Application Controls (contd)
• processing – session runtimes for accessing
data are convenient and short
• updating – newly entered data refreshes
conveniently and totals match what would be
obtained manually
• matching – computer files match what is
recorded on master or suspense files
• output – sensitive printout is shredded

7. EXHAUSTION BECAUSE OF
IMPORTANCE OF DATA
MIS – Management Information
Systems

8. CONTROL MODEL TERMINOLOGIES
• implementation – any activity that
adopts, manages and routinizes a new
technology
• prototype – any experimental part, version, or
build of a system or software
• request for permission (RFP) – the list of
questions you ask to find a software maker who
can make something for you, its cost, user
friendliness, maintenance, documentation, and
requirements
• project management – working with a software
representative on requirements and deliverables

9. CONTROL MODEL TERMINOLOGIES
(contd)
• deliverables – when the software company
actually gives you a working product
• walkthrough – the testing/debugging process of
going back over specifications after a computer
run
• outsourcing – turning over your computer center
operations to an external organization
• metrics – preset quantitative indicators (like the
number of calls to help desk) to measure system
quality

10. SURVIVABILITY AND THE CONCEPT OF
MISSION-CRITICAL
• Survivability is the capability of a system to
fulfill its mission in the presence of
attacks, failures and accidents.
• TIMELINESS AND REASONABLENESS

11. SURVIVABILITY
• ATTACK – is defined as any damaging or potentially
damaging event orchestrated by an intelligent adversary
• FAILURE – is any damaging or potentially damaging events
caused by deficiencies in the system or deficiencies in an
external element on which the system depends. It may be
caused by software design errors, hardware
degradation, human errors, or corrupted data.
• ACCIDENT – is a randomly occurring event which is
damaging or potentially damaging. Something beyond
control of the system administrator.