{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

CH8 ReliabilityControls2

CH8 ReliabilityControls2 - CHAPTER 8 COMPUTER CONTROLS...

Info icon This preview shows pages 1–12. Sign up to view the full content.

View Full Document Right Arrow Icon
1 CHAPTER 8 CHAPTER 8 COMPUTER CONTROLS COMPUTER CONTROLS FOR SYSTEMS FOR SYSTEMS RELIABILITY RELIABILITY Part 2 – Principles of Part 2 – Principles of Confidentiality, Privacy, Confidentiality, Privacy, Processing Integrity, and Processing Integrity, and Availability and Change Availability and Change
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
2 2. CONFIDENTIALITY 2. CONFIDENTIALITY PRINCIPLE PRINCIPLE Management must identify what company data is sensitive and protect it from unauthorized disclosure Client and Customer lists, legal documents, business plans, pricing strategies
Image of page 2
3 2. CONFIDENTIALITY CONT’D 2. CONFIDENTIALITY CONT’D ENCRYPTION Of transmissions before sending them over the Internet Can use Virtual Private Network (VPN) software that is accessible to parties possessing the encryption and decryption keys Authenticates the parties to the exchange Creates an audit trail
Image of page 3

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
4 2. CONFIDENTIALITY CONT’D 2. CONFIDENTIALITY CONT’D ENCRYPTION Of all stored data Of data stored in laptops, cell phones, and personal digital assistants (PDAs)
Image of page 4
5 2. CONFIDENTIALITY CONT’D 2. CONFIDENTIALITY CONT’D ACCESS or AUTHENTICATION CONTROLS Controls over stored data allow only the authorized users to access the information AUTHORIZATION CONTROLS Limit the actions users can have with data (read, write, delete, copy, change)
Image of page 5

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
6 2. CONFIDENTIALITY CONT’D 2. CONFIDENTIALITY CONT’D PHYSICAL ACCESS CONTROLS Restrictions on visitors roaming throughout the organization without supervision Restrict employees to specific areas of the organization Require employees to log-off programs when leaving their desk or office Secure sensitive printed reports from physical view
Image of page 6
7 2. CONFIDENTIALITY CONT’D 2. CONFIDENTIALITY CONT’D DISPOSAL OF INFORMATION OR DATA Hard copies of data, microfilm, and optical computer media should be shredded Magnetic computer media should be demagnetized (degaussed) or use special software to “wipe” the media clear with an overwrite
Image of page 7

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
8 2. CONFIDENTIALITY CONT’D 2. CONFIDENTIALITY CONT’D MONITOR TRENDS IN TECHNOLOGY Adjust controls for new threats New concerns: Cell phone text messaging Cell phone cameras Employee e-mail Instant messaging Voice over the Internet (VoIP)
Image of page 8
9 3. 3. PRIVACY PRIVACY PRINCIPLE PRINCIPLE Focuses on the protection of Customers’ and Employees’ personal information It is a legal requirement under the Health Insurance Portability and Accountability Act (HIPAA) and the Financial Services Modernization Act
Image of page 9

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
10 3. PRIVACY CONT’D 3. PRIVACY CONT’D AICPA/CICA TRUST SERVICES recommends: Management establish procedures for protecting privacy and assign accountability for the policies to a specific individual or group in the company
Image of page 10
11 TRUST SERVICES CONT’D TRUST SERVICES CONT’D Collect only the information needed for the transaction and use the information only as prescribed in the established procedures Information retention and disposal policies are enforced The company uses security controls to protect the data from loss or unauthorized disclosure
Image of page 11

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 12
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern