Академический Документы
Профессиональный Документы
Культура Документы
Lecture 9
Learning Objectives
• Explain the factors that influence information
systems reliability.
• Security
• Confidentiality
• Privacy
• Processing Integrity
• Availability
Trust Services Framework
• Security
• Access to the system and its data is controlled and restricted to
legitimate users.
• Confidentiality
• Sensitive organizational information (e.g., marketing plans, trade
secrets) is protected from unauthorized disclosure.
• Privacy
• Personal information about customers is collected, used,
disclosed, and maintained only in compliance with internal policies
and external regulatory requirements and is protected from
unauthorized disclosure.
Trust Services Framework
• Processing Integrity
• Data are processed accurately, completely, in a timely manner, and
only with proper authorization.
• Availability
• System and its information are available to meet operational and
contractual obligations.
Security
• Foundation of the Trust Services Framework
• Intrusion Detection
• Managerial Reports
• Security Testing
Confidentiality
• Intellectual Property
• Strategic plans
• Trade secrets
• Cost information
• Legal documents
• Process improvements
Confidentiality
• Steps in Securing Intellectual Property
• Types of Encryption
• Symmetric
• Asymmetric
• Hybrid Solution
Confidentiality & Privacy - Controls
• Virtual Private Networks
• Private communication channels, often referred to as tunnels,
which are accessible only to those parties possessing the
appropriate encryption and decryption keys.
Processing Integrity
• Controls Ensuring Processing Integrity
• Input controls
• Processing controls
• Output controls
Processing Integrity – Input Control
• “Garbage-in Garbage-out”
• Form Design
• All forms should be sequentially numbered
• Use of turnaround documents
Processing Integrity – Input Control
• Data Entry Checks
• Field check • Validity check
• Characters proper type? Text, • Input compared with master
integer, date, and so on data to confirm existence
• Sign check • Reasonableness check
• Proper arithmetic sign? • Logical comparisons
• Limit check • Check digit verification
• Input checked against fixed • Computed from input value
value? to catch typo errors
• Range check • Prompting
• Input within low and high range • Input requested by system
value? • Close-loop verification
• Size check • Uses input data to retrieve
• Input fit within field? and display related data
• Completeness check
• Have all required data been
entered?
Processing Integrity – Processing
Controls
• Data Matching
• Multiple data values must match before processing occurs.
• File Labels
• Ensure correct and most current file is being updated.
• Write Protection
• Eliminate possibility of overwriting or erasing existing data.
• Concurrent Update
• Locking records or fields when they are being updated so multiple
users are not updating at the same time.
Processing Integrity – Output Controls
• User Review
• Verify reasonableness, completeness, and routed to intended
individual
• Reconciliation
• Data Transmission Controls
• Check sums
• Hash of file transmitted, comparison made of hash before and after
transmission
• Parity checking
• Bit added to each character transmitted, the characters can then be
verified for accuracy
Availability
• Systems or information need to be available 24/7
• It is not possible to ensure this so:
Availability - Minimize Risks
• Preventive Maintenance
• Cleaning, proper storage
• Fault Tolerance
• Ability of a system to continue if a part fails
• Training
• Less likely to make mistakes and will know how to recover, with
minimal damage, from errors they do commit
• Patch Management
• Install, run, and keep current antivirus and anti-spyware programs
Availability - Quick Recovery
• Back-up
• Incremental
• Copy only data that changed from last partial back-up
• Differential
• Copy only data that changed from last full back-up