Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter Three Objectives

Published byGloria Mason Modified over 6 years ago

Similar presentations

Presentation on theme: "Chapter Three Objectives"— Presentation transcript:

1 Chapter Three Objectives
Understand risks faced by information assets. Comprehend the relationship between risk and asset vulnerabilities, and comprehend the nature and types of threats faced by the asset. Understand the objectives of control and security of information assets and how these objectives are interrelated. Understand the building blocks of control and security frameworks for information systems. Apply a controls framework to a financial accounting system.

2

3 Protecting Information Assets
It is necessary to protect information assets There is a potential for compromises of such assets. There may be attacks on the information assets. There may be unintentional compromises of information assets. Systems are subject to regulatory protection requirements.

4 Vulnerabilities and Threats
Vulnerability: A weakness in the information assets that leads to risk. Threat: The probability of an attack on the information asset. Attack: A series of steps taken by an attacker to achieve an unauthorized result. Threat agent: An entity, typically a person, who triggers a threat. Countermeasure: An antidote or an action that dilutes the potential impact of a known vulnerability.

5

6 Framework for Control and Security
ISO 17799 Is a standard focused on the protection of information assets. It is broadly applicable across industries, therefore it is a high-level standard. It is a general model that follows from Part I of British Standard 7799 (BS 7799). The standard is organized into ten categories (sections). Each section is divided into subcategories, each of which includes a broad implementation approach (method).

7 Internal Control and Information Security Objectives
Internal control objectives Efficiency of operations Effectiveness of operations Reliability of information Compliance with applicable laws and regulations Information security objectives Information integrity Message integrity Confidentiality User authentication Nonrepudiation Systems availability

8 A Comparison of Internal Control and Information Security Objectives
Objectives of internal controls Objectives of information security Effectiveness of operations Efficiency of operations Reliability of information Compliance with regulations Information integrity X Confidentiality User authentication Non-repudiation Availability

9 Implementing a Framework

10 Assurance Considerations
Without a framework, no objectives can be achieved with a high degree of assurance. A first step toward assurance is to adopt a holistic framework. Elements of more than one framework can be combined into the framework adopted by an entity, to provide necessary granularity. The framework allows for a systematic approach to the design, implementation, and audit of control and security systems. The business may seek assurance regarding proper implementation of a chosen framework.

11

Download ppt "Chapter Three Objectives"

Similar presentations

Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Module 1 Evaluation Overview © Crown Copyright (2000)

Module 1 Evaluation Overview © Crown Copyright (2000)
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Internal Control.

Internal Control.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS

IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS
Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.

Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Learning Objectives LO1 Distinguish between management and auditor’s responsibilities regarding an auditee organization’s internal controls. LO2 Explain.

Learning Objectives LO1 Distinguish between management and auditor’s responsibilities regarding an auditee organization’s internal controls. LO2 Explain.
Information Assurance and Security: Overview. Information Assurance “Measures that protect and defend information and information systems by ensuring.

Information Assurance and Security: Overview. Information Assurance “Measures that protect and defend information and information systems by ensuring.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Storage Security and Management: Security Framework

Storage Security and Management: Security Framework
Evolving IT Framework Standards (Compliance and IT)

Evolving IT Framework Standards (Compliance and IT)
Chapter 3 Internal Controls.

Chapter 3 Internal Controls.
Discussing “Risk Analysis in Software Design” 1 FEB 2006 - Joe Combs.

Discussing “Risk Analysis in Software Design” 1 FEB Joe Combs.
Slide 1 Using Models Introduced in ISA-d99.00.01 Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.

Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.

Similar presentations

Ads by Google