Beruflich Dokumente
Kultur Dokumente
VULNERABILITIES
RADIATION: Allows recorders, bugs to tap system CROSSTALK: Can garble data HARDWARE: Improper connections, failure of protection circuits SOFTWARE: Failure of protection features, access control, bounds control FILES: Subject to theft, copying, unauthorized access
5
VULNERABILITIES
USER: Identification, authentication, subtle software modification PROGRAMMER: Disables protective features; reveals protective measures MAINTENANCE STAFF: Disables hardware devices; uses stand-alone utilities OPERATOR: Doesnt notify supervisor, reveals protective 6 measures
COMPUTER VIRUS:
Rogue program; difficult to detect; spreads rapidly; destroys data; disrupts processing & memory
Antivirus software
Software to detect Eliminate viruses Advanced versions run in memory to protect processing, guard against viruses on disks, and on incoming network files
10
Disaster
Loss of hardware, software, data by fire, power failure, flood or other calamity Fault-tolerant computer systems:
Backup systems to prevent system failure
(particularly on-line transaction processing)
11
12
14
Maintenance:
Modifying a system in production use; can take up to 50% of analysts time
16
General controls
Implementation:
Audit system development to assure proper control, management
Software:
Ensure security, reliability of software
Physical hardware:
Ensure physical security, performance of computer hardware
17
General controls
Computer operations:
Ensure procedures consistently, correctly applied to data storage, processing
Data security:
Ensure data disks, tapes protected from wrongful access, change, destruction
Administrative:
Ensure controls properly executed, enforced
Segregation of functions:
Divide responsibility from tasks
18
APPLICATION CONTROLS
INPUT PROCESSING OUTPUT
19
Input controls
Input authorization:
Record, monitor source documents
Data conversion:
Transcribe data properly from one form to another
Edit checks:
Verify input data, correct errors
20
Processing controls
Establish that data is complete, accurate during processing RUN CONTROL TOTALS: Generate control totals before & after processing COMPUTER MATCHING: Match input data to master files
21
Output controls
Establish that results are accurate, complete, properly distributed Balance input, processing, output totals Review processing logs Ensure only authorized recipients get results
22
23
SENDER
SCRAMBLED MESSAGE
RECIPIENT
24
25
ELECTRONIC CASH
Digital currency
ELECTRONIC CHECK
Encrypted digital signature
SMART CARD
Chip stores e-cash
BENEFITS
Reduces expensive errors, loss of time, resources, good will
RISK ASSESSMENT
Determine frequency of occurrence of problem, cost, damage if it were to occur
27
MIS AUDIT
IDENTIFIES CONTROLS OF INFORMATION SYSTEMS, ASSESSES THEIR EFFECTIVENESS
SOFTWARE METRICS:
Objective measurements to assess system
TESTING:
Early, regular controlled efforts to detect, reduce errors WALKTHROUGH DEBUGGING
30
Contd.
High-availability computing:
Tools and technologies enabling system to recover quickly from a crash
Load balancing:
Distributes large number of requests for access among multiple servers
31
Contd.
Mirroring:
Duplicating all processes and transactions of server on backup server to prevent any interruption in service
Clustering:
Linking two computers together so that a second computer can act as a backup to the primary computer or speed up processing
32
33
34
Authentication:
Ability of each party in a transaction to ascertain identity of other party
Message integrity:
Ability to ascertain that transmitted message has not been copied or altered
35
Contd.
Digital signature:
Digital code attached to electronically transmitted message to uniquely identify contents and sender
Digital certificate:
Attachment to electronic message to verify the sender and to provide receiver with means to encode reply
36
Encryption
Fire Walls
Virus Defenses
Monitor E-mail
37
Security Monitors
Fire walls
Software Hardware Checkpoints Security Codes Encryption Error Signals Storage Controls Security Codes Encryption Control Totals User Feedback Security Codes Encryption Backup Files
39
Threat
Environmental, HW and SW Faults Outages
Systems
Databases
Data errors
Networks
Transmission errors
Processes
HW and SW faults
Files
Media Errors
Replication of data
40
Processors
HW Faults
Instruction retry
Disaster Recovery
Who will participate? What will be their duties? What hardware and software will be used? Priority of applications to be run? What alternative facilities will be used? Where will databases be stored?
41