AIS+ch08 - CHAPTER 8 Information Systems Controls for...

Info iconThis preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon
CHAPTER 8 Information Systems Controls for System Reliability Part 2: Confidentiality, Privacy, Processing Integrity, and Availability 1
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
LECTURE OUTLINE What controls are used to protect the confidentiality of sensitive info? What controls are designed to protect privacy of customers’ personal info? What controls ensure processing integrity ? What controls ensure that the system is available when needed?
Background image of page 2
CONFIDENTIALITY Reliable systems protect confidential info from unauthorized disclosure. identify which information is confidential. internally as well as that shared by business partners. Each organization will develop its own definitions. Most definitions will include: business plans, pricing strategies, client and customer lists, legal documents Situation Controls Storage Encryption and access controls Transmission Encryption Disposal Shredding, thorough erasure, physical destruction Overall Categorization to reflect value and training in proper work practices SYSTEMS RELIABILITY CO NFI DEN TIA LITY PR OC ES SIN G INT EG RIT Y PRI VA CY A V A I L A B I L I T Y SECURITY
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CONFIDENTIALITY The internet provides inexpensive transmission, but data is easily intercepted. Encryption solves the interception issue. If data is encrypted before sending it, a virtual private network (VPN) is created. Provides the functionality of a privately owned network But uses the Internet Use of VPN software creates private communication channels ( tunnels) . Tunnels are accessible only to parties who have the appropriate encryption and decryption keys. Cost of the VPN software is much less than costs of leasing or buying a privately-owned, secure communications network. Much easier to add or remove sites from the “network.”
Background image of page 4
CONFIDENTIALITY Encryption alone is not sufficient to protect confidentiality. Given enough time, many encryption schemes can be broken. Access controls are also needed to prevent unauthorized parties from obtaining the encrypted data; and Strong authentication techniques are necessary. Strong authorization controls should be used to limit the actions (read, write, change, delete, copy, etc.) that authorized users can perform when accessing confidential information.
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CONFIDENTIALITY Access to system outputs should also be controlled: Do not allow visitors to roam through buildings unsupervised. Require employees to log out unattended workstation. Workstations should use password-protected screen savers. Restrict Access to rooms housing printers and fax machines. Reports should be coded to reflect the importance of the information therein, and employees should be trained not to leave reports with sensitive information laying in plain view.
Background image of page 6
CONFIDENTIALITY Control disposal of information resources.
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 8
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 35

AIS+ch08 - CHAPTER 8 Information Systems Controls for...

This preview shows document pages 1 - 8. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online