New version page

CBIS and Checklists

Upgrade to remove ads

This preview shows page 1-2-20-21 out of 21 pages.

Save
View Full Document
Premium Document
Do you want full access? Go Premium and unlock all 21 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 21 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 21 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 21 pages.
Access to all documents
Download any document
Ad free experience

Upgrade to remove ads
Unformatted text preview:

Chapter EightGeneral ControlsSecurity PlansProject Development ControlsIA DHS RevisitedMission ImpossibleLogic ControlsMore Logic Access ControlParanoia or Security?Simple MeasuresEncryptionRouting VerificationDocumentationIC as Prevention“Every Day is Y2K”When do you press the “save” key?Disaster Recovery PlanAlternative SitesInternet Controls (a different “IC”)Application ControlsAuditor UsageChapter EightCBIS and ChecklistsGeneral Controls•12 controls•Planning, controls, standards, security•Continuous updating–e.g., C&L 66% of firms inadequate monitoring•Plans made -- not implementedSecurity Plans•Who•What•When•WhichProject Development Controls•Long-range, 3-5 year, master plan–and, what happens next year?•Project Development Plan - use milestones•DP Schedule - comp resources as “scarce”•Define responsibility / method of evaluation•Postimplementation Review / MeasureIA DHS Revisited•$12 million project development•Failed (at point of success?)•Funding ended•Project development failure?•Or, communication failure?Mission Impossible•Limit physical access•Limit access to computer logic•Problem - insiders–where are my tennis shoes?•Security breaches–the Net?Logic Controls•Passwords–random assignment,•ID cards–use your PIN number for CC purchases?–Active badges (as opposed to inactive?)•Biometric Identification–permit or limit access–cocaine residue on a four year old–“sniffer” at the airportMore Logic Access Control•Compatibility Tests–multiple layers of passwords for access to records–screen passwords, e.g., payroll–print passwords, e.g., contracts–e-mail attachment controls?Paranoia or Security?•Outside workers with access–Webco customer list theft•CIA director - national security on home PC•Mattel stolen laptopsSimple Measures•Property listing in files–resume example•Floppy read/write limits•File passwords•Volume names•External labelsEncryption•Private key only–threat?•Public key only–threat?•Public and Private Keys–threat?Routing Verification•Great for phone callers–Too busy now, can I call you back?–Verify the caller’s identity and authorization•Automated - as discussed in your textDocumentation•Administrative–overall uses and change authorization•System–flowcharts, narrative, libraries•Operating–hardware & software program considerationsIC as Prevention•UPS•Preventive maintenance–RAM test–Microprocessor test–Hard and Removable Disk interfaces“Every Day is Y2K”•Disaster Recovery Plans–e.g., your grades–WTC bombing 43% of firms failed•Electronic vaulting–“my computer” default and mail on a server–backup nightly•Backup–Master Vs. Transaction filesWhen do you press the “save” key?When should you complete a system backup?Disaster Recovery PlanPress release: who, what, when, where, why•Prioritize the process (what)•Backup data and program files (when, where)•Have specific assignments (who)•Complete recovery documentation (why)•Alternative (backup) telecommunication sites (where II)Alternative Sites•Alliances•Hot site–fully configured–current copies of most recent backups–access guaranteed, ready to run•Cold site–no equipment in-place–contracts provided to provide service on-demandInternet Controls(a different “IC”)•NWS - six Denmark hackers–NWS goes down, airlines stop flying–Anyone see a business opportunity here?•Firewalls, tunneling, •Separate systems–external (in-coming) internet site–internal intranetApplication ControlsData entry and reporting controls•Source Data Controls•Input Validation Routines•On-Line Data Entry Controls•DP and File Maintenance Controls•Output ControlsAuditor Usage•Page 263 and


Download CBIS and Checklists
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view CBIS and Checklists and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view CBIS and Checklists 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?