ACCT4060-06-information_security-2012-student

ACCT4060-06-information_security-2012-student -...

Info iconThis preview shows pages 1–12. Sign up to view the full content.

View Full Document Right Arrow Icon
Accounting Information  Systems
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Information Security
Background image of page 2
Learning Objectives Discuss how the COBIT framework can be used to develop sound internal control over an organization’s information systems. Explain the factors that influence information systems reliability. Describe how a combination of preventive, detective, and corrective controls can be employed to provide reasonable assurance about information security.
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
INTRODUCTION One basic function of an AIS is to provide information useful for decision making. In order to be useful, the information must be reliable, which means: It provides an accurate, complete, and timely picture of the organization’s activities. It is available when needed. The information and the system that produces it is protected from loss, compromise, and theft.
Background image of page 4
INTRODUCTION SECURITY CONFIDENTIALITY PRIVACY PROCESSING INTEGRITY AVAILABILITY SYSTEMS RELIABILITY The five basic principles that contribute to systems reliability: 1. Security: control access, the foundation 2. Confidentiality: no unauthorized disclosure 3. Online privacy: personal data protected 4. Processing integrity: accurate, complete, timely manner, proper authorization 5. Availability
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
INTRODUCTION Sarbanes-Oxley requires management to include an internal control assessment using a suitable framework in the company’s annual report.
Background image of page 6
INTRODUCTION Suitable framework include: 1. COSO 2. COBIT and 3. Trust Services Framework
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Information Criteria (COBIT objectives) Effectiveness Information must be relevant and timely. Efficiency Information must be produced in a cost-effective manner. Confidentiality Sensitive information must be protected from unauthorized disclosure. Integrity Information must be accurate, complete, and valid. Availability Information must be available whenever needed. Compliance Controls must ensure compliance with internal policies and with external legal and regulatory requirements. Reliability Management must have access to appropriate information needed to conduct daily activities and to exercise its fiduciary and governance responsibilities.
Background image of page 8
COBIT Process Framework Information Criteria
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
COBIT Process Cycle Management develops plans to organize information resources to provide the information it needs. Management authorizes and oversees efforts to acquire (or build internally) the desired functionality. Management ensures that the resulting system actually delivers the desired information. Management monitors and evaluates system performance against the established criteria. Cycle constantly repeats, as management modifies existing plans and procedures or develops new ones to respond to changes in business objectives and new developments in information technology.
Background image of page 10
Trust Services Framework Trust Services are a set of professional attestation and advisory services based on a core set of principles and criteria that addresses
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 12
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 70

ACCT4060-06-information_security-2012-student -...

This preview shows document pages 1 - 12. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online