Controlling Computer-Based Information Systems, Part II Chapter 16 Controlling Computer-Based Information Systems, Part II 1
General Control Framework for CBIS Risks Organizational Structure Internet & Intranet Data Management Internet & Intranet Operating System Systems Development Systems Maintenance Personal Computers EDI Trading Partners Applications Computer Center Security General Control Framework for CBIS Risks
Internet and Intranet Risks from Subversive Threats These acts include: unauthorized interception of a message gaining unauthorized access to an organization’s network a denial-of-service attack from a remote location 2
Dual-Homed Firewall
Controlling Risks from Subversive Threats Denial-of-service (DOS) attacks Security software searches for connections which have been half-open for a period of time. Encryption Computer program transforms a clear message into a coded (cipher) text form using an algorithm. 4
Controlling Risks from Subversive Threats Encryption A computer program transforms a clear message into a coded (ciphertext) form using an algorithm. Encryption can be used for transmitted data and for stored data. 7
Data Encryption Standard Technique Key Ciphertext Encryption Program Communication System Cleartext Message Cleartext Message Encryption Program Ciphertext Communication System Key 7
Public and Private Key Encryption Message A Message B Message C Message D Multiple people may have the public key (e.g., subordinates). Public Key is used for encoding messages. Ciphertext Ciphertext Ciphertext Ciphertext Typically one person or a small number of people have the private key (e.g., a supervisor). Private Key is used for decoding messages. Message D Message A Message B Message C 8
Controlling Risks from Subversive Threats Digital signature: electronic authentication technique that ensures that the transmitted message originated with the authorized sender and that it was not tampered with after the signature was applied Digital certificate: like an electronic identification card that is used in conjunction with a public key encryption system to verify the authenticity of the message sender
Electronic Data Interchange (EDI) Risks Authorization automated and absence of human intervention Access need to access EDI partner’s files Audit trail paperless and transparent (automatic) transactions 9
Electronic Data Interchange (EDI) Controls Authorization use of passwords and VANs to ensure valid partner Access software to specify what can be accessed and at what level Audit trail control log records the transaction’s flow through each phase of the transaction processing 9
EDI System without Controls Company B (Vendor) Company A Sales Order System Application Software Application Software Purchases System EDI Translation Software EDI Translation Software Direct Connection Communications Software Communications Software 14
EDI System with Controls Company A Company B (Vendor) Application Software Audit trail of transactions between trading partners Sales Order System Application Software Purchases System EDI Translation Software EDI Translation Software Transaction Log Transaction Log Communications Software Communications Software Other Mailbox Software limits vendor’s (Company B) access to company A’s database Use of VAN to enforce use of passwords and valid partners Company A’s mailbox VAN Company B’s mailbox Other Mailbox 15
Personal Computer (PC) Controls PCs… are relatively simple to use are frequently controlled and used by end users usually employ interactive (v. batch) data processing typically run commercial software applications allow users to develop their own applications PCs, in contrast to servers and mainframes, have weak operating systems. makes them easy to use but results in minimal security and weak controls 16
Access Risks in the PC Environment PCs typically weak in controlling access data files Techniques to prevent theft or tampering of data: data encryption - must decode even if stolen disk locks - software or physical locks to prevent booting from A:\ 17
Inadequate Segregation of Duties In PC environments, employees often have access to multiple applications that process incompatible transactions. Controls: increased supervision detailed management reports more frequent independent verification 18
PC Backup Controls PC end-users often fail to appreciate the importance of backup procedures until it is too late. Back up mechanisms: tape--high capacity (3.2gb, inexpensive) CD--about 650mb (>450 floppies) dual internal hard drives (high capacity) dual external hard drives (>12 gb) USB memory attachments (portable, >64 mb) 19 19
Application Controls Narrowly focused exposures within a specific system, for example: accounts payable cash disbursements fixed asset accounting payroll sales order processing cash receipts general ledger 9 9
Application Controls Risks within specific applications Can affect manual procedures (e.g., entering data) or embedded procedures Convenient to look at in terms of: input stage processing stage output stage PROCESSING INPUT OUTPUT 21 21
Application Controls Input Goal of input controls - inputted data are valid, accurate, and complete Source document controls use prenumbered source documents auditing missing source documents Data coding controls transcription errors check digits GIGO 21 21
Application Controls Input Batch controls - used to reconcile the output produced by the system with the input originally entered into the system Based on different types of batch totals: total number of records total dollar value hash totals - sum of non-financial numbers 22 22
Application Controls Input Validation controls - intended to detect errors in transaction data before the data are processed field interrogation - data in individual fields; for example, missing data, data type, range record interrogation - interrelationship of data in fields of a record file interrogation - the correct file; for example, internal and external labels compared, version, dates 23 23
Transaction Log to Preserve the Audit Trail 32
Application Controls Output Goal of output controls is to ensure that system output is not lost, misdirected, or corrupted, and that privacy is not violated. In the following flowchart, there are exposures at every stage. 33