CH8 ReliabilityControls2

CH8 ReliabilityControls2 - CHAPTER 8 COMPUTER CONTROLS...

Info iconThis preview shows pages 1–12. Sign up to view the full content.

View Full Document Right Arrow Icon
1 CHAPTER 8 CHAPTER 8 COMPUTER CONTROLS COMPUTER CONTROLS FOR SYSTEMS FOR SYSTEMS RELIABILITY RELIABILITY Part 2 – Principles of Part 2 – Principles of Confidentiality, Privacy, Confidentiality, Privacy, Processing Integrity, and Processing Integrity, and Availability and Change Availability and Change
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 2. CONFIDENTIALITY 2. CONFIDENTIALITY PRINCIPLE PRINCIPLE Management must identify what company data is sensitive and protect it from unauthorized disclosure Client and Customer lists, legal documents, business plans, pricing strategies
Background image of page 2
3 2. CONFIDENTIALITY CONT’D 2. CONFIDENTIALITY CONT’D ENCRYPTION Of transmissions before sending them over the Internet Can use Virtual Private Network (VPN) software that is accessible to parties possessing the encryption and decryption keys Authenticates the parties to the exchange Creates an audit trail
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
4 2. CONFIDENTIALITY CONT’D 2. CONFIDENTIALITY CONT’D ENCRYPTION Of all stored data Of data stored in laptops, cell phones, and personal digital assistants (PDAs)
Background image of page 4
5 2. CONFIDENTIALITY CONT’D 2. CONFIDENTIALITY CONT’D ACCESS or AUTHENTICATION CONTROLS Controls over stored data allow only the authorized users to access the information AUTHORIZATION CONTROLS Limit the actions users can have with data (read, write, delete, copy, change)
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
6 2. CONFIDENTIALITY CONT’D 2. CONFIDENTIALITY CONT’D PHYSICAL ACCESS CONTROLS Restrictions on visitors roaming throughout the organization without supervision Restrict employees to specific areas of the organization Require employees to log-off programs when leaving their desk or office Secure sensitive printed reports from physical view
Background image of page 6
7 2. CONFIDENTIALITY CONT’D 2. CONFIDENTIALITY CONT’D DISPOSAL OF INFORMATION OR DATA Hard copies of data, microfilm, and optical computer media should be shredded Magnetic computer media should be demagnetized (degaussed) or use special software to “wipe” the media clear with an overwrite
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
8 2. CONFIDENTIALITY CONT’D 2. CONFIDENTIALITY CONT’D MONITOR TRENDS IN TECHNOLOGY Adjust controls for new threats New concerns: Cell phone text messaging Cell phone cameras Employee e-mail Instant messaging Voice over the Internet (VoIP)
Background image of page 8
9 3. 3. PRIVACY PRIVACY PRINCIPLE PRINCIPLE Focuses on the protection of Customers’ and Employees’ personal information It is a legal requirement under the Health Insurance Portability and Accountability Act (HIPAA) and the Financial Services Modernization Act
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
10 3. PRIVACY CONT’D 3. PRIVACY CONT’D AICPA/CICA TRUST SERVICES recommends: Management establish procedures for protecting privacy and assign accountability for the policies to a specific individual or group in the company
Background image of page 10
11 TRUST SERVICES CONT’D TRUST SERVICES CONT’D Collect only the information needed for the transaction and use the information only as prescribed in the established procedures Information retention and disposal policies are enforced The company uses security controls to protect the data from loss or unauthorized disclosure
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 12
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 07/30/2011 for the course ACCT 302 taught by Professor Brown during the Spring '11 term at Maryland.

Page1 / 72

CH8 ReliabilityControls2 - CHAPTER 8 COMPUTER CONTROLS...

This preview shows document pages 1 - 12. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online