Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Introduction
Enterprise Level Controls
General Controls for Information Technology
Application Controls for Transaction
Processing
Chapter
10-1
Enterprise Level Controls
Chapter
10-2
Enterprise Level Controls
Chapter
10-4
Integrated Security for
the Organization
Physical Security
Measures used to protect its facilities, resources,
or proprietary data stored on physical media
Logical Security
Limitaccess to system and information to
authorized individuals
Integrated Security
Combines physical and logical elements
Supported by comprehensive security policy Chapter
10-5
Physical and Logical
Security
Chapter
10-6
General Controls for
Information Technology
Biometric identification
Distinctive user physical characteristics
Voice patterns, fingerprints, facial patterns,
retina prints
Chapter
10-9
Security for Wireless
Technology
Data Encryption
Data converted into a scrambled format
Converted back to meaningful format following
transmission
Chapter
10-10
Data Encryption
Chapter
10-11
Controls for Networks
Control Problems
Electronic eavesdropping
Hardware or software malfunctions
Errors in data transmission
Control Procedures
Checkpoint control procedure
Routing verification procedures
Message acknowledgment procedures
Chapter
10-12
Controls for Personal
Computers
Chapter
10-14
Personnel Policies
Separation of Duties
Separate Accounting and Information Processing
from Other Subsystems
Separate Responsibilities within IT Environment
Chapter
10-15
Separation of Duties
Chapter
10-16
Division of Responsibility
in IT Environment
Chapter
10-17
Division of Responsibility
in IT Environment
Chapter
10-18
Personnel Policies
Chapter
10-19
Safeguarding Computer
Files
Chapter
10-20
File Security Controls
Chapter
10-21
Business Continuity
Planning
Definition
Comprehensive approach to ensuring normal
operations despite interruptions
Components
Disaster Recovery
FaultTolerant Systems
Backup
Chapter
10-22
Disaster Recovery
Definition
Process and procedures
Following disruptive event
Definition
Usedto deal with computer errors
Ensure functional system with accurate and
complete data (redundancy)
Major Approaches
Consensus-based protocols
Watchdog processor
Utilize disk mirroring or rollback processing
Chapter
10-24
Backup
Batch processing
Risk of losing data before, during, and after
processing
Grandfather-parent-child procedure
Types of Backups
Hot backup
Cold Backup
Electronic Vaulting
Chapter
10-25
Batch Processing
Chapter
10-26
Computer Facility
Controls
Buy Insurance
Chapter
10-27
Study Break #1
A. Firewall
B. Security policy
C. Risk assessment
D. VPN
Chapter
10-28
Study Break #1 - Answer
A. Firewall
B. Security policy
C. Risk assessment
D. VPN
Chapter
10-29
Study Break #2
A. Hot
B. Cold
C. Flying start
D. Backup
Chapter
10-30
Study Break #2 - Answer
A. Hot
B. Cold
C. Flying start
D. Backup
Chapter
10-31
Study Break #3
A. Redundancy
B. COBIT
C. COSO
D. Integrated security
Chapter
10-32
Study Break #3 - Answer
A. Redundancy
B. COBIT
C. COSO
D. Integrated security
Chapter
10-33
Application Controls
for Transaction
Processing
Purpose
Embedded in business process applications
Prevent, detect, and correct errors and
irregularities
Application Controls
Input Controls
Processing Controls
Output Controls
Chapter
10-34
Application Controls
for Transaction
Processing
Chapter
10-35
Input Controls
Purpose
Ensure validity
Ensure accuracy
Ensure completeness
Categories
Observation, recording, and transcription of data
Edittests
Additional input controls
Chapter
10-36
Observation, Recording,
and Transcription of Data
Confirmation mechanism
Dual observation
Point-of-sale devices (POS)
Preprinted recording forms
Chapter
10-37
Preprinted Recording
Form
Chapter
10-38
Edit Tests
Edit Tests
Examine selected fields of input data
Rejects data not meeting preestablished standards
of quality
Chapter
10-39
Edit Tests
Chapter
10-40
Edit Tests
Chapter
10-41
Additional Input Controls
Validity Test
Transactions matched with master data files
Transactions lacking a match are rejected
Chapter
10-42
Processing Controls
Purpose
Focus on manipulation of accounting data
Contribute to a good audit trail
Two Types
Control totals
Data manipulation controls
Chapter
10-43
Audit Trail
Chapter
10-44
Control Totals
Chapter
10-45
Data Manipulation
Controls
Data Processing
Following validation of input data
Data manipulated to produce decision-useful
information
Purpose
Ensure validity
Ensure accuracy
Ensure completeness
Major Types
ValidatingProcessing Results
Regulating Distribution and Use of Printed Output
Chapter
10-47
Output Controls
A. Data encryption
B. WAN
C. Checkpoint
D. VPN
Chapter
10-49
Study Break #4 - Answer
A. Data encryption
B. WAN
C. Checkpoint
D. VPN
Chapter
10-50
Study Break #5
A. Specific
B. General
C. Application
D. Input
Chapter
10-51
Study Break #5 - Answer
A. Specific
B. General
C. Application
D. Input
Chapter
10-52
Copyright
Copyright 2012 John Wiley & Sons, Inc. All rights reserved.
Reproduction or translation of this work beyond that permitted in
Section 117 of the 1976 United States Copyright Act without the
express written permission of the copyright owner is unlawful.
Request for further information should be addressed to the
Permissions Department, John Wiley & Sons, Inc. The purchaser
may make backup copies for his/her own use only and not for
distribution or resale. The Publisher assumes no responsibility for errors,
omissions, or damages, caused by the use of these programs or from the
use of the information contained herein.
Chapter
10-53
Chapter 10
Chapter
10-54