Chpt_8_outline_-_security_controls

Chpt_8_outline_-_security_controls - Passwords ID cards...

Info iconThis preview shows pages 1–5. Sign up to view the full content.

View Full Document Right Arrow Icon
CHAPTER 8 – SECURITY CONTROLS Segregation of duties – no single employee should be in a position to perpetrate and conceal fraud, errors, or other kinds of systems failures. Segregation of Accounting Duties Four functions should be separated 1. 2. 3. 4. Segregation of System Duties Essentially, you can apply the four accounting segregation concepts to information systems. The book talks about 10 different duties, but we can summarize them into three general areas: 1. Systems development – 2. Technical services – 3. Computer operations – Here’s how it maps onto an IT department (a.k.a., an information systems function, or ISF): Source:  Gelinas, Sutton, and Hunton (2004)
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Security is an essential component of systems reliability There are three main types of security controls: Preventive Detective Corrective Type of Control Preventive Authentication controls
Background image of page 2
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Background image of page 4
Background image of page 5
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Passwords ID cards Biometrics Authorization controls Subschema Training Physical barriers (locks, guards, etc.) Remote access controls Firewalls Wireless access controls Host and application hardening procedures Encryption Detective Log analysis Intrusion detection systems Managerial reports Security testing Corrective Computer emergency response teams CSO Patch management Examples Preventive Controls Authentication controls used to verify the identify of the system user Authorization controls Physical access Remote access controls Border router DMZ Firewall Host and application hardening Encryption Detective Controls Log analysis Intrusion detection systems Managerial reports Security testing . Corrective Controls Computer emergency response team Chief Security Officer Patch management...
View Full Document

Page1 / 5

Chpt_8_outline_-_security_controls - Passwords ID cards...

This preview shows document pages 1 - 5. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online