controls in information system
TRANSCRIPT
IS security objective
Confidentialit
y
integrity
availability
Sensitive information
Sensitive information
Strategic plan – m & a pending, crucial decisions, major expension
Business operation – client lists, process and procedures (proprietary)
Finances - cost sheet, ratios(GP, NP), salaries wages, precise salary information, loans, dividends
Need for control in IS
Increase the ability to capture, store, analyze and process data
Safeguard assets to maintain data integrityCovering access safeguards over computer
programs, data and any related equipmentSystem effectiveness and efficiency Control built in well designed system
Impact of tech. on IC
Categories of control
1. PREVENTIVE 1. ADMIN 1. PHYSICAL 1. MGMT.
2. DETECTIVE 2. OPERATION 2. LOGICAL 2. APP.3. CORRECTIVE 3. ACCOUNTS 3. ENVIORNMENTAL4. COMPENSATORY
OBJECTIVE FUNCTION AUDIT FUNCTION
IS RESOURCES
FUNCTION
Admin – lawful, compliance of mgmt and other statutory requirements
Operation – effectiveness, efficiency, objective achieve, day to day business
Accounts – balance sheet, true & fair view, reliability of financial control
OBJECTIVE
Preventive – designed to prevent and control error and any malicious activity
anti virus, passwords, firewall, smart cards, skilled personnel, segregation of duties,
Detective – designed to detect errors or malicious activitycctv, log, anti virus, audit, reconciliation Corrective – designed to reduce the impact of error or
malicious activityanti virus, back up, insurance, fire extinguisher, recovery plan Compensatory - reduce the probability of threats, many
devices are used in, cost of the lock should not be more than assets, organization may not be able to implement control in that cast compensatory control are used to such appropriateness
OTP, Buying something from reliance industries,
IS RESOURCES
Environmental
IssuesPrimarily due to elements of natureNatural resources, AC failure, electrical
shock
Issues and revelations
Power supply to compiler equipment remains in specifications
AC system properly workingBack up media protected from damage,
magnet effect etc.Equipment kept free from dust and smokeFood, beverage and tobaco product are
prohibited
controls
Water/smoke detectorsHand held fire extinguisherFire suppression systema)Dry pipe b) water based c) halogen• Regular inspection• Electrical surge protectors• Two substations• Emergency power off switches• wires in conduit and panels• Documented and tested emergency evacuation plans