threats, the security threats often originate inside an organization. Under software vulnerability, the commercial software contains flaws that create security vulnerabilities. Failed computer systems can lead to significant or total loss of business function. Legal and regulatory requirements for electronic records management federal laws are HIPAA, Gramm-Leach-Bliley act, and Sarbanes-Oxley act. Under electronic evidence, the courts are allowing all forms of communication to be held as evidence. Under computer forensics, scientific collection, examination, authentication, preservation, and analysis of data from computer storage media for use as evidence in court of law. The two types of IS controls are general controls and application
controls. Risk assessment is a methodology to determine the level of risk to a firm if specific activity or process is not properly controlled. Security policy ranks information risks, identifies security goals and mechanisms for achieving these goals. Disaster recovery planning and business continuity planning both are types of plans needed to identify the firm's most critical systems. Tools and technologies for safeguarding information systems involve identity management software, authentication, and firewall. Encryption and public key infrastructure requires encryption and two methods of encryption of messages. Ensuring software quality involves software metrics, early and regular testing, a walkthrough, and debugging.
You've reached the end of your free preview.
Want to read both pages?
- Fall '09
- Computer network