Ch08-IM7ed - _ Chapter Eight Controlling Information...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
__________________________________________ Chapter Eight Controlling Information Systems: Introduction to Pervasive and General Controls LEARNING OBJECTIVES Describe the major pervasive and general controls organizations employ as part of IT governance initiatives. Appreciate how organizations must plan and organize all resources, including IT resources to ensure achievement of its strategic vision. Overview the major controls used to manage the design and implementation of new processes, especially new IT processes. Explain controls that help ensure continuous, reliable business and IT processes. Appreciate the integral part played by the monitoring function in ensuring the overall effectiveness of a system of internal controls. KEY TERMS INTRODUCED IN CHAPTER EIGHT IT governance segregation of duties security officer IT steering committee rotation of duties forced vacations fidelity bond systems development life cycle (SDLC) program change controls business continuity planning disaster recovery planning contingency planning business interruption planning backup recovery Continuous Data Protection (CDP) mirror site electronic vaulting hot site cold site denial of service attack distributed denial of service attack biometric identification systems firewall intrusion detection systems (IDS) intrusion prevention systems (IPS) library controls computer hacking and cracking preventive maintenance CHAPTER SYNOPSIS
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This chapter describes several important pervasive controls and general controls (also known as IT general controls) that comprise a major element in organizational governance and IT governance initiatives. These controls protect an organization’s resources, ensure that business processes operate as planned, and assist in the achievement of an organization’s objectives. We begin by defining IT governance and describing management concerns about IT and the security threats posed by running organizations that are so highly dependent on IT for fulfilling their mission and achieving their objectives. Then, we introduce a hypothetical computer system and the information systems organization that operates that system. This system has multiple connections among the IT resources within and outside of the organization. Internal interconnectedness of this nature is typical of organizations employing enterprise systems . The external interfaces are typical of organizations engaged in e-Business . The use of IT resources for enterprise systems and e-Business magnifies the importance of protecting such resources from various risks. The interlinking of IT resources makes it much more difficult to provide protection, as compared to similar IT resources used in isolation. We also will present four broad IT control process domains. These domains reflect
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 9

Ch08-IM7ed - _ Chapter Eight Controlling Information...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online