DOC PREVIEW
Cal Poly Pomona ACC 305 - GENERAL AND APPLICATION CONTROLS

This preview shows page 1-2-3-4-5-6 out of 19 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 19 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 19 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 19 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 19 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 19 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 19 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 19 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

GENERAL AND APPLICATION CONTROLS PLACEMENT OF CONTROLSCONTROLS CAN RESIDE IN:# MANAGEMENT POLICIES AND PROCEDURES# JOB DESCRIPTIONS# OPERATING PROCEDURES# COMPUTER SOFTWARE# COMPUTER HARDWARE# PHYSICAL SECURITY MEASURESCONTROLS OFTEN WORK BEST WHEN COMBINED WITH OTHER CONTROLS.GENERAL CONTROLS1. ORGANIZATIONAL CONTROLSSEGREGATION OF DUTIES!authorization of transactions vs. recording of transactions!custody of assets vs. maintenance of relatedaccounting records! information services dept. vs. other depts.!data base administrator vs. programmers!systems development vs. computer operations!program development vs. program testingOTHER ORGANIZATIONAL CONTROLS!rotation of assignments within an operational group!enforced vacations!bonding insurance for employees that handle cash2. SYSTEMS DEVELOPMENT AND MAINTENANCE CONTROLS! AUTHORIZATION OF NEW SYSTEMS AND CHANGES! SYSTEMS DEVELOPMENT LIFE CYCLE METHODOLOGY! WRITTEN SPECIFICATIONS! USER, INTERNAL AUDITOR, EXTERNAL AUDITOR PARTICIPATION! FORMAL TESTING AND APPROVAL! USE OF A STEERING COMMITTEE3. SYSTEMS DOCUMENTATION CONTROLSMANUALS, NARRATIVES, FLOWCHARTS! PROVIDE A BASIS FOR RECONSTRUCTION OFTHE SYSTEM IN CASE OF DAMAGE OR DESTRUCTION! SYSTEM SHOULD BE DOCUMENTED TO PROVIDE BASIS FOR EFFECTIVE OPERATION, USE, AUDIT, AND FUTURE SYSTEM ENHANCEMENT! CONTROLS MITIGATE THE RISK THAT PERSONNEL ARE NOT PROPERLY TRAINEDDOCUMENTATION SHOULD BE PREPARED, APPROVED, MAINTAINED, AND DISSEMINATEDIN ACCORDANCE WITH FORMAL ESTABLISHED DOCUMENTATION STANDARDS! PREPARATION STANDARDS! APPROVAL STANDARDS! MAINTENANCE STANDARDS--HOW OFTENUPDATE OR REVIEW! DISSEMINATION STANDARDS--DISTRIBUTED ON NEED TO KNOW BASIS4. PHYSICAL SECURITY MEASURES FOR HARDWARE, SOFTWARE, AND DOCUMENTATION HARDWARE SECURITY MEASURES! SECURED COMPUTER AREA! SMOKE AND WATER DETECTORS! FIRE SUPPRESSION DEVICES! BURGLAR ALARMS! SURVEILLANCE CAMERAS! INDIVIDUAL LOCKS! SECURITY PERSONNEL! IDENTIFICATION OF PERSONNELBIOMETRIC HARDWARE AUTHENTICATIONSOFTWARE AND DOCUMENTATION SECURITY MEASURES! INFORMATION SERVICES LIBRARY! AUTHORIZED USE! LOGGING PROCEDURES FOR CHECKOUT5. RECOVERY CONTROLS PREMATURE TERMINATION CONTROLS! FATHER -SON VERSIONS OF MASTER FILES ! BEFORE-AND-AFTER IMAGES OF DATA BASE RECORDS! PROCEDURES FOR REINSTATING FILES! PROCEDURES FOR RERUNNING PROGRAMS! PROCEDURES FOR RECALLING CONTAMINATED OUTPUT! ROLLBACK PROCESSING! DISK SHADOWING, DISK MIRRORINGPOWER FAILURE CONTROLS! UNINTERRUPTIBLE POWER SOURCES! ALTERNATIVE PROCESSING FACILITIES1. COLD SITE2. HOT SITE3. FLYING START SITE! EMERGENCY REPAIRS TEAMNATURAL DISASTER, ACCIDENTS, SABOTAGE! CONTINGENCY PLANNING! SPECIAL TRAINING TEAM! SIMULATION EXERCISES! ALTERNATIVE PROCESSING FACILITIES! OFF-SITE STORAGE OF COPIES OF PROGRAMS, FILES, AND SYSTEMS DOCUMENTATION6. SOFTWARE BASED PROGRAM AND DATA ACCESS CONTROLS USER AUTHENTICATION! IDENTIFICATION CODES! PASSWORD SYSTEM - LEVELS OF ACCESS! LOG OUT, LOG OFFALLOWABLE USER FUNCTIONSCONTROL UNAUTHORIZED ACCESS! LIMITED FUNCTIONS BY USERS! ASSIGNED SCOPE OF ACCESS TO DATA! RESTRICTED ACCESS TO DATA FILES! LIMITED USE OF TERMINALS-- DUMB TERMINALS, DESIGNATED TERMINALS, DISKLESS WORKSTATIONS, USE OF CENTRAL FILE SERVERSCREATION OF AUDIT TRAIL! UNALTERABLE LOG OF ACTUAL AND ATTEMPTED ACCESSES! ASSIGNED RESPONSIBILITY TO REVIEW LOG! LOG IS CREATED BY THE OPERATING SYSTEM OF THE COMPUTER7. DATA BASE CONTROLS! USER AUTHENTICATION! ALLOWABLE USER FUNCTIONS! CREATION OF AUDIT TRAIL! USE OF LOGICAL VIEWS OF DATA! DATA ENCRYPTION8. TELECOMMUNICATION CONTROLS DATA ACCESS CONTROLS! MESSAGE SECURITY CONTROLS-- # MESSAGE, USE PASSWORD, KEEP TRACK OF # OF BITS, PACKETS IN THE MESSAGE! AUTOMATIC DIAL BACK OR CALL BACK! USE OF A HARD WIRED NETWORK! VERIFICATION OF AUTHORIZATION OF RECEIVING STATION! DATA ENCRYPTION! SECURITY MODEM--REQUIRES USE OF PASSWORDS FOR ACCESS TO THE NETWORK! NETWORK DATA BASE--DETERMINES WHICH WORKSTATIONS ARE AUTHORIZED TO CONNECT TO OTHERS AND WHICH CAN ACCESS CERTAIN SOFTWARE! AUTOMATIC LOG OFFDATA ACCURACY AND COMPLETENESS CONTROLS=MESSAGE INTEGRITY CONTROLSPROTECT COMMUNICATION CHANNELS ANDNETWORKS FROM LOSS OR DISTORTION OF DATA OR ROUTING DATA TO WRONG DESTINATIONS ! PARITY BIT --9TH BIT, EVEN OR ODD! ERROR DETECTION CODES IN TRAILER (HEADER)! ACKNOWLEDGMENT SIGNALSDOWNTIME CONTROLS! ALTERNATIVE COMMUNICATION CHANNELS- DIAL UP TELEPHONE LINES VS. LEASED LINES9. COMPUTER OPERATIONS CONTROLS MAINTENANCE CONTROLS! SCHEDULED MAINTENANCEOPERATIONS CONTROLS! AUTHORIZED OPERATIONS! SCHEDULED OPERATIONS! ACTIVITY LOG! ASSIGNED RESPONSIBILITY TO REVIEW LOG! WORKSTATION OPERATING PROCEDURES10. COMPUTER HARDWARE CONTROLS! DUAL READ CHECK - data are read twice during input and compared ! FIRMWARE-sequence of instructions (software) is substituted for hardware circuits and cannot be altered by the applications programmer! DUPLICATE CIRCUITRY-double wiring of key hardware elements ensures no malfunctioning! ECHO CHECK-data received by output device is transmitted back to the source unit for comparison with the original data! PARITY CHECK-bit of information is added to the data beingprocessed in order to help ensure that no bits are lost in data transfers between input-process-output functions! INTERLOCK-hardware device that prevents more than 1 peripheral unit from communicating with the CPU at the same time! BOUNDARY PROTECTION-protection against unauthorized entry (read or write) to a tape,disk, or other storage device! VALIDITY CHECK -bit pattern is checked to determine that the combination of the "on" and "off" bits is validwithin the character set of the computer! FILE PROTECTION RING-removable plastic or metal ring prevents improper use of a magnetic tape file! REVERSE MULTIPLICATION -roles of the original multiplicand and multiplier are reversed and the new product is compared with the original product! UNINTERRUPTIBLE POWER SYSTEMS-battery and generator systems are provided for temporary backup in the event of power failure until normal electricity is restored! GRACEFUL DEGRADATION-when certain hardware components malfunction others can be programmed to continue processing but on less efficient basis! OVERFLOW CHECK-data are checked and a signal is activated when data are lost through arithmetic operations that exceed the planned capacity of receiving fields or registersCOMPUTER APPLICATION CONTROLSBASIC OBJECTIVES OF APPLICATION CONTROLS ARE:1. ALL AUTHORIZED TRANSACTIONS


View Full Document

Cal Poly Pomona ACC 305 - GENERAL AND APPLICATION CONTROLS

Download GENERAL AND APPLICATION CONTROLS
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view GENERAL AND APPLICATION CONTROLS and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view GENERAL AND APPLICATION CONTROLS 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?