Security (Chapter 8)
Access to the system and its data is controlled and restricted to legitimate users.
Confidentiality (Chapter 8)
Sensitive organizational information (e.g., marketing plans, trade secrets) is protected from unauthorized disclosure.
Privacy (Chapter 9)
Personal information about customers is collected, used, disclosed, and maintained only in compliance with internal policies and external regulatory requirements and is protected from unauthorized disclosure.
Processing Integrity
Data are processed accurately, completely, in a timely manner, and only with proper authorization.
Availability
System and its information are available to meet operational and contractual obligations.
14 trang |
Chia sẻ: nguyenlinh90 | Lượt xem: 773 | Lượt tải: 0
Bạn đang xem nội dung tài liệu Chapter 10: Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability, để tải tài liệu về máy bạn click vào nút DOWNLOAD ở trên
Chapter 10Information Systems Controls for System Reliability—Part 3: Processing Integrity and AvailabilityCopyright © 2012 Pearson Education10-1Learning ObjectivesIdentify and explain controls designed to ensure processing integrity.Identify and explain controls designed to ensure systems availability.Copyright © 2012 Pearson Education10-2Trust Services FrameworkSecurity (Chapter 8)Access to the system and its data is controlled and restricted to legitimate users.Confidentiality (Chapter 8)Sensitive organizational information (e.g., marketing plans, trade secrets) is protected from unauthorized disclosure.Privacy (Chapter 9)Personal information about customers is collected, used, disclosed, and maintained only in compliance with internal policies and external regulatory requirements and is protected from unauthorized disclosure. Processing IntegrityData are processed accurately, completely, in a timely manner, and only with proper authorization.AvailabilitySystem and its information are available to meet operational and contractual obligations.Copyright © 2012 Pearson Education10-3Controls Ensuring Processing IntegrityInputProcessOutputCopyright © 2012 Pearson Education10-4Input Controls“Garbage-in Garbage-out”Form DesignAll forms should be sequentially numberedVerify missing documentsUse of turnaround documentsEliminate input errorsCopyright © 2012 Pearson Education10-5Input ControlsData Entry ChecksField checkCharacters proper type? Text, integer, date, and so onSign checkProper arithmetic sign?Limit checkInput checked against fixed value?Range checkInput within low and high range value?Size checkInput fit within field?Completeness checkHave all required data been entered?Validity checkInput compared with master data to confirm existenceReasonableness checkLogical comparisonsCheck digit verificationComputed from input value to catch typo errorsPromptingInput requested by systemClose-loop verificationUses input data to retrieve and display related dataCopyright © 2012 Pearson Education10-6Batch Input ControlsBatch ProcessingInput multiple source documents at once in a groupBatch TotalsCompare input totals to output totalsFinancialSums a field that contains monetary valuesHashSums a nonfinancial numeric fieldRecord countSums a nonfinancial numeric fieldCopyright © 2012 Pearson Education10-7Processing ControlsData MatchingMultiple data values must match before processing occurs.File LabelsEnsure correct and most current file is being updated.Batch Total RecalculationCompare calculated batch total after processing to input totals.Cross-Footing and Zero Balance TestsCompute totals using multiple methods to ensure the same results.Write ProtectionEliminate possibility of overwriting or erasing existing data.Concurrent UpdateLocking records or fields when they are being updated so multiple users are not updating at the same time.Copyright © 2012 Pearson Education10-8Output ControlsUser ReviewVerify reasonableness, completeness, and routed to intended individualReconciliationData Transmission ControlsCheck sumsHash of file transmitted, comparison made of hash before and after transmissionParity checkingBit added to each character transmitted, the characters can then be verified for accuracyCopyright © 2012 Pearson Education10-9Controls Ensuring AvailabilitySystems or information need to be available 24/7It is not possible to ensure this so:Copyright © 2012 Pearson Education10-10Minimize RisksPreventive MaintenanceCleaning, proper storageFault ToleranceAbility of a system to continue if a part failsData Center LocationMinimize risk of natural and human created disasters.TrainingLess likely to make mistakes and will know how to recover, with minimal damage, from errors they do commitPatch ManagementInstall, run, and keep current antivirus and anti-spyware programsCopyright © 2012 Pearson Education10-11Quick RecoveryBack-upIncrementalCopy only data that changed from last partial back-upDifferentialCopy only data that changed from last full back-upBusiness Continuity Plan (BCP)How to resume not only IT operations, but all business processesRelocating to new officesHiring temporary replacementsCopyright © 2012 Pearson Education10-12Change ControlFormal process used to ensure that modifications to hardware, software, or processes do not reduce systems reliabilityChanges need to be documented.Changes need to be approved by appropriate manager.Changes need to be tested before implementations.All documentation needs to be updated for changes.Back-out plans need to be adopted.User rights and privileges need to be monitored during change.Copyright © 2012 Pearson Education10-13Disaster Recovery Plan (DRP)Procedures to restore an organization’s IT function in the event that its data center is destroyedCold SiteAn empty building that is prewired for necessary telephone and Internet access, plus a contract with one or more vendors to provide all necessary equipment within a specified period of timeHot SiteA facility that is not only prewired for telephone and Internet access but also contains all the computing and office equipment the organization needs to perform its essential business activitiesSecond Data-CenterUsed for back-up and site mirroringCopyright © 2012 Pearson Education10-14