Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
SCT221-C004-0323/2015
ASSIGNEMENT
INFORMATION SYSTEMS AUDIT
1)describe the term risk in information systems assurance and audit (2marks)
Audit risk refers to the risk that an auditor may issue an unqualified report due to the auditor's
failure to detect material misstatement either due to error or fraud. This risk is composed of
inherent risk (IR), control risk (CR) and detection risk (DR)
2)describe the various threats which exist in organization due to cybercrimes (6marks)
internal attacks
Internal attacks are one of the largest cyber security threats facing organisations today. Rogue
employees, especially those with access to networks, sensitive data or admin accounts, are
capable of causing real damage.
phishing
Despite constant warnings from the cyber security industry, organisations still fall victim to
phishing every day. As cyber crime has become well-funded and increasingly sophisticated,
phishing remains one of the most effective methods used by criminals to introduce malware into
organisations.
spear phishing
Spear phishing is a targeted form of phishing in which phishing emails are designed to appear to
originate from someone the recipient knows and trusts – like senior management or a valued
client.
DDOS attack
If a small businesses relies on a website or other online service to function, the outages caused by
DDoS attacks will be catastrophic. Most DDoS attacks last between 6-24 hours
malware
Malware is a blanket term that encompasses any software that gets installed on a machine to
perform unwanted tasks for the benefit of a third party. Ransomware is a type of malware, but
others exist, including spyware, adware, bots and Trojans.To prevent malware from taking hold,
businesses should invest in solid anti-virus technology
SQL injection
SQL injection refers to vulnerabilities that allow hackers to steal or tamper with the database
sitting behind a web application. This is achieved by sending malicious SQL commands to the
database server, typically by inputting code into forms – like login or registration pages.
WIFi eavesdropping
WiFi eavesdropping is another method used by cyber criminals to capture personal information.
Virtual “listening in” on information that's shared over an unsecure (not encrypted) WiFi
network.
3)outline the concepts of risk assessment and the process followed in risk assessment/
management (8marks)
Once you have identified a number of hazards you need to understand who might be harmed and
how, such as ‘people working in the warehouse’, or members of the public.
Step 3: Evaluate the risks and decide on control measures
After ‘identifying the hazards’ and ‘deciding who might be harmed and how’ you are then
required to protect the people from harm. The hazards can either be removed completely or the
risks controlled so that the injury is unlikely.
Your findings should be written down it’s a legal requirement where there are 5 or more
employees; and by recording the findings it shows that you have identified the hazards, decided
who could be harmed and how, and also shows how you plan to eliminate the risks and hazards.
You should never forget that few workplaces stay the same and as a result this risk assessment
should be reviewed and updated when required.
Scoring approach
Many methods for risk assessment involve the use of scoringmethods in which the severity of
each risk factor is rated on an ordinal scale. The resulting values are then combined by additive
weighting or by multiplication to compute an aggregate measure of overall risk.On an ordinal
scale, factors such as likelihoods are assigned numbers in such a way that the order of the
numbers reflects the order of the factors on an underlying attribute scale.
5)Describe the concept of business continuity planning and the area it covers (8marks)
Business continuity planning (BCP) is the creation of a strategy through the recognition of
threats and risks facing a company, with an eye to ensure that personnel and assets are protected
and able to function in the event of a disaster. Business continuity planning involves defining
potential risks, determining how those risks will affect operations, implementing safeguards and
procedures designed to mitigate those risks, testing those procedures to ensure that they work,
and periodically reviewing the process to make sure that it is up to date.