Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Security and Control Issues in Information System

    Hochgeladen von

    sresearcher7
    7 Ansichten19 Seiten
    Sec & Cont in infosec

    Originaltitel

    Securityandcontrolissuesininformationsystem 141026053844 Conversion Gate02

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PPTX, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    Sec & Cont in infosec

    Copyright:

    © All Rights Reserved
    Als PPTX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    7 Ansichten19 Seiten

    Security and Control Issues in Information System

    Hochgeladen von

    sresearcher7
    Sec & Cont in infosec

    Copyright:

    © All Rights Reserved
    Als PPTX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 19

    Security and Control

    Issues in Information
    System

    Information System: An Overview


    Information system is an integrated set of components
    for collecting, storing, and processing data and for
    delivering information, knowledge, and digital
    products.
    Information Systems therefore undoubtedly play an
    important role in today's society and are everincreasingly at the heart of critical infrastructures, and
    this is widely accepted in security research literature

    Concerning Security
    The potential losses that are confronted by businesses
    and organizations that rely on all these hardware and
    software systems have therefore led to a situation in
    which it is crucial for information systems to be
    properly secured from the outset.

    Information System:
    Security and Control
    Information

    Systems Security is a
    function whose mission is to establish
    security policies and their associated
    procedures and control elements over
    their information assets, with the goal
    of guaranteeing their authenticity,
    confidentiality, availability and
    integrity.

    Goals:
    Authenticity

    allows
    trustful
    operations by guaranteeing that the
    handler of information is whoever
    she or he claims to be.

    Confidentiality

    is understood in the
    sense that only authorized users can
    access
    the
    information,
    thus
    avoiding this information being
    spread among users who do not

    Availability

    refers to being able to


    access
    information
    whenever
    necessary, thus guaranteeing that
    the services offered can be used
    when needed.

    Integrity

    is the quality which shows


    that the information has not been
    modified by third parties, and
    ensures
    its
    correctness
    and

    Security and Control


    Security
    Policies,

    procedures and technical


    measures
    used
    to
    prevent
    unauthorized
    access,
    alteration,
    theft, or physical damage to
    information systems

    Security and Control


    Control
    Methods,

    policies, and organizational


    procedures that ensure safety of
    organizations assets, accuracy and
    reliability
    of
    its
    records,
    and
    operational
    adherence
    to
    management standards

    Importance of Controls
    Effective

    controls
    provide
    information system security, that is,
    the accuracy, integrity, and safety of
    information system activities and
    resources.

    Controls

    can minimize errors, fraud,


    and
    destruction
    in
    the
    internetworked information systems
    that interconnect todays end users

    Importance of Controls

    Effective

    quality
    systems.

    controls
    also
    provide
    assurance for information

    Information System
    Controls
    Information

    system controls are


    methods and devices that attempt to
    ensure the accuracy, validity, and
    propriety of information system
    activities.

    Controls

    must be developed to
    ensure proper data entry, processing
    techniques, storage methods, and
    information output.

    Use of Control in Information


    System
    To

    ensure secure and efficient


    operation of information systems, an
    organization institutes a set of
    procedures
    and
    technological
    measures called controls.

    Information

    systems are safeguarded


    through a combination of general
    and application controls.

    General Controls
    General

    controls apply to information


    system activities throughout an
    organization.

    The

    most important general controls


    are the measures that control access
    to computer systems and the
    information
    stored
    there
    or
    transmitted
    over
    telecommunications networks.

    Application Controls
    Application

    controls are specific to a


    given application and include such
    measures as validating input data,
    logging the accesses to the system,
    regularly archiving copies of various
    databases,
    and
    ensuring
    that
    information is disseminated only to
    authorized users.

    Three Application
    Controls
    Input Control
    Data

    input controls ensure the


    accuracy,
    completeness,
    and
    timeliness
    of
    data
    during
    its
    conversion from its original source
    into computer data, or entry into a
    computer application.

    Three Application
    Controls
    Process Control
    Data

    processing controls are used to


    ensure the accuracy, completeness,
    and timeliness of data during either
    batch or real-time processing by the
    computer application.

    Three Application
    Controls
    Output Control
    Data

    output controls are used to


    ensure the integrity of output and
    the correct and timely distribution of
    any output produced.

    Storage Controls
    Stored

    data may be called upon


    when new data is being processed
    the combination of data forming new
    outputs.

    Data

    is often kept on a storage


    medium such as a hard drive.

    Das könnte Ihnen auch gefallen