Presentation is loading. Please wait.

Presentation is loading. Please wait.

Viewing Information Systems Security. The basic objectives of Information Security are the same as the basic objectives of EDP auditing. They are: 1.To.

Published byAubrie Manning Modified over 8 years ago

Similar presentations

Presentation on theme: "Viewing Information Systems Security. The basic objectives of Information Security are the same as the basic objectives of EDP auditing. They are: 1.To."— Presentation transcript:

1 Viewing Information Systems Security

2 The basic objectives of Information Security are the same as the basic objectives of EDP auditing. They are: 1.To Control the loss of assets. 2.To ensure the integrity and reliability of data. 3.To improve the efficiency / effectiveness of Information Systems Applications To accomplish these objectives, the manager must make certain that the risks to information systems are identified and that appropriate security controls are used to eliminate or reduce the risks.

3 Risks The dangers to information systems are the people, hardware, software, data and other assets with which they are associated necessitate security controls. These dangers include onatural disasters, othieves, oindustrial spies, odisgruntled employees, ocomputer viruses, oaccidents, and oeven poorly trained or naive employees.

4 Risks Threats and Vulnerabilities Risks By Risk they mean potential loss to the firm. Potential risk refers to, potential monetary losses whether those losses are direct or indirect.. The monetary losses may result from total loss, partial damage, or even the temporary loss of an information systems asset. Threats When EDP auditors use the term Threat, they refer to people actions, events or other situations that could trigger losses. Eg. For a website hacking is regarded as a threat aided by Internet Viruses and worms.

5 Vulnerabilities When auditors use the term Vulnerability, they mean flaws, problems or other conditions that make a system open to threats. A firm’s potential risk of losing all of its microcomputers occurs when the threat of a thief stealing the microcomputers becomes possible, eg. Example, when inadequate lock and alarm systems are used in the building in the building in which the PCs are housed.

6 Controls Controls are countermeasures to threats. Controls are the tools that are used to counter risks from people, actions, events or situations that can threaten an information system. Types of Controls Physical Controls – are controls that use physical protection measures. It might include door locks, keyboard locks, fire doors and sump pumps, controls over the access and use of computer facilities and equipment and controls for prevention of theft. Electronic Controls – are controls that use electronic measures to identify or prevent threats. Electronic controls might include motion sensors. It also includes intruder detection and biological access controls – biometric systems, such as log-in IDs, passwords, badges, hand and voice retina print access controls.

7 Software Controls – are program code control used in IS Applications to identify, prevent or recover from errors, unauthorised access and other threats. Management Controls – often result from setting, implementing, and enforcing policies and procedures. Employees may be required to back up or archive their data at regular intervals and to take back up or copies of data files to secure, off-site locations for storage. Management may enforce policies that require employees to take their vacation time or ensure separation of duties to reduce the threat of embezzlement. Required employee training may be used to reduce data entry errors, or background checks may be required for employees who have certain levels of access to information systems.

Download ppt "Viewing Information Systems Security. The basic objectives of Information Security are the same as the basic objectives of EDP auditing. They are: 1.To."

Similar presentations

Chapter 1 - 1 ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.

Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
Information Technology Control Day IV Afternoon Sessions.

Information Technology Control Day IV Afternoon Sessions.
Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
Auditing Computer Systems

Auditing Computer Systems
Managing Information Systems Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
Lecture 11 Data Security. Manager’s View Issues regarding information security and ethics regarding information systems are critical to all managers in.

Lecture 11 Data Security. Manager’s View Issues regarding information security and ethics regarding information systems are critical to all managers in.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.

Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Auditing 81.3550 Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.

Auditing Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.
Chapter 3.  Security Framework  Operational Security Lifecycle  Security Perimeter  Access Control  Social Engineering  Environmental Issues.

Chapter 3.  Security Framework  Operational Security Lifecycle  Security Perimeter  Access Control  Social Engineering  Environmental Issues.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
11.1 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality,

11.1 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality,
UNIT 3C Security of Information. SECURITY OF INFORMATION Firms use passwords to prevent unauthorised access to computer files. They should be made up.

UNIT 3C Security of Information. SECURITY OF INFORMATION Firms use passwords to prevent unauthorised access to computer files. They should be made up.

Similar presentations

Ads by Google