Deck 10 Accounting Information Systems Romney and Steinbart Linda Batch March 2012.

Slides:



Advertisements
Similar presentations
Chapter 3 Public Key Cryptography and Message authentication.
Advertisements

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Confidentiality and Privacy Controls
Digital Signatures and Hash Functions. Digital Signatures.
Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.
9 - 1 Computer-Based Information Systems Control.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
Principles of Information Security, 2nd edition1 Cryptography.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Chapter 5 Cryptography Protecting principals communication in systems.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Cryptographic Technologies
Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Processing Integrity and Availability Controls
Chapter 19 Security.
E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.
Copyright © 2015 Pearson Education, Inc. Confidentiality and Privacy Controls Chapter
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.
Copyright © 2015 Pearson Education, Inc. Processing Integrity and Availability Controls Chapter
Processing Integrity and Availability Controls
Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
Lecture 3: Cryptographic Tools modified from slides of Lawrie Brown.
Chapter 31 Network Security
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.
Cryptology Digital Signatures and Digital Certificates Prof. David Singer Dept. of Mathematics Case Western Reserve University.
Electronic Mail Security
Computer Based Information Systems Control UAA – ACCT 316 – Fall 2003 Accounting Information Systems Dr. Fred Barbee.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.
Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.
Cryptography, Authentication and Digital Signatures
CSCD 218 : DATA COMMUNICATIONS AND NETWORKING 1
Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
Encryption. What is Encryption? Encryption is the process of converting plain text into cipher text, with the goal of making the text unreadable.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
1 Integrating digital signatures with relational database: Issues and organizational implications By Randal Reid, Gurpreet Dhillon. Journal of Database.
Lifecycle Metadata for Digital Objects October 18, 2004 Transfer / Authenticity Metadata.
What is Digital Signature Building confidentiality and trust into networked transactions. Kishankant Yadav
Database Security Tampere University of Technology, Introduction to Databases. Oleg Esin.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
BZUPAGES.COM Cryptography Cryptography is the technique of converting a message into unintelligible or non-understandable form such that even if some unauthorized.
Chapter 40 Network Security (Access Control, Encryption, Firewalls)
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
IMAGE AUTHENTICATION TECHNIQUES Based on Automatic video surveillance (AVS) systems Guided by: K ASTURI MISHRA PRESENTED BY: MUKESH KUMAR THAKUR REG NO:
e-Health Platform End 2 End encryption
Chapter 5: The Art of Ensuring Integrity
Processing Integrity and Availability Controls
Instructor Materials Chapter 5: The Art of Ensuring Integrity
IS3230 Access Security Unit 9 PKI and Encryption
Confidentiality and Privacy Controls
Instructor Materials Chapter 5: The Art of Ensuring Integrity
Electronic Payment Security Technologies
Instructor Materials Chapter 5: Ensuring Integrity
National Trust Platform
Presentation transcript:

Deck 10 Accounting Information Systems Romney and Steinbart Linda Batch March 2012

Learning Objectives IS Controls for System Reliability Confidentiality and Availability – Encryption – Process Controls – Input, Processing, Output – Availability Work on Assignment 4 Quiz (Chapter 7 and Chapter 8)

Chapter 9 – Preserving Confidentiality Intellectual property often is crucial to the to the organization’s long run competitive advantage Actions must be taken to preserve confidentiality: – Identification and classification of information to be protected – Encryption of sensitive information – Controlling access to sensitive information – Training

Chapter 9 – Encryption Encryption is a preventive control that can be used to protect both the confidentiality and privacy Encryption is the process of transforming normal content called plain text to unreadable gibberish, call ciphertext. Decryption reverses this process

Chapter 9 – Encryption Three factors determine the strength of the encryption – key length – longer keys provide stronger encryption by reducing the number of repeating blocks – encryption algorithm – are designed to resist brute-force guessing techniques – policies for managing the cryptographic keys – the most vulnerable aspect of the encryption system hence cryptographic keys must be stored very securely

Chapter 9 – Encryption Cryptographic keys must be stored securely and protected with strong access controls. Best practices include not storing cryptographic keys in a browser or any other file that others users of that system can readily access and using a strong and long passphrase to protect the keys Organizations must have a way to decrypt data in the event the employee who encrypted it is no longer with the organization – Use software with a built in master key – Use key escrow – make copies of all encryption keys and used by employees and store these copies securely

Chapter 9 – Encryption Types of Encryption Systems – Symmetric Encryption – use the same code to encrypt and decrypt (DES and AES are examples) – Asymmetric Encryption – different system to encrypt an decrypt – public key and private key (RSA and PGP) – Symmetric encryption is faster but it is less secure – Hashing takes plain text of any length and splits it into a short code called a hash hashing algorithms will not recreate the document in the original plain text format Good for verifying that the contents of a message have not been altered

Chapter 9 – Encryption Types of Encryption Systems Continued – Digital signatures Nonrepudiation – how to create legally binding agreements that cannot be unilaterally repudiated by either party Use hashing and asymmetric encryption simultaneously Proof that a document has not been altered and proof of who created the file – Digital Certificates Electronic document that contains and entities public key and certifies the integrity of the owner of that particular public key – Public Key Infrastructure Issuing pairs of public and private keys and corresponding digital certificates

Chapter 9 – Encryption Types of Encryption Systems Continued – Virtual Private Networks (VPN) Information must be encrypted within a system but also when it transmits over the internet Encrypted information, when it traverses the internet, creates a virtual private network (VPN) The VPN software that encrypts information while it transmits over the internet effectively creates private tunnels for those that have the keys

Chapter 10 – Processing Integrity Input Data integrity – Source documents should be prepared by authorized personnel – Forms Design – Cancellation and storage of source documents – Data entry controls Field check, sign check, limit check, range check, size check, completeness check, validity check, reasonableness check – Additional batch processing and data entry controls Sequence check, error log, batch totals

Chapter 10 – Processing Integrity Processing Controls – Data matching – two or more items of data must be matched prior to processing – File labels – ensure the most current files are being updated – Recalculation of batch totals – Cross-footing and zero balance test – Write protection mechanisms that stop overwriting of data – Concurrent update controls – only one user update records at a time

Chapter 10 – Processing Integrity Output Controls – User review of output – Reconciliation procedures – External data reconciliation – Data transmission controls (check sums and parity bits)

Chapter 10 – System Availability Minimize downtime and ensure efficient return to normal operations Ensure there is a contingency plan to get the system running

Chapter 10 – System Availability Lost data needs to be considered plus the data that is not being collected while the system is down Recovery point objective (RPO) – how much data is the organization willing to lose Recovery time objective (RTO) – the length of time the organization is willing to operate without the AIS These feed into the data recovery plan and the business continuity plan

Week 9 – Summary We are still talking about controls for system reliability This week’s specific topics are confidentiality and availability – Encryption - what is it – What makes encryption strong – Various types of encryption systems Data input integrity Data processing integrity Information output integrity System uptime (downtime) – Recovery point objective, Recovery time objective Quiz Next Week on Chapter 9 and 10

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.