Presentation is loading. Please wait.

Presentation is loading. Please wait.

Deck 10 Accounting Information Systems Romney and Steinbart Linda Batch March 2012.

Published byCory McDaniel Modified over 8 years ago

Similar presentations

Presentation on theme: "Deck 10 Accounting Information Systems Romney and Steinbart Linda Batch March 2012."— Presentation transcript:

1 Deck 10 Accounting Information Systems Romney and Steinbart Linda Batch March 2012

2 Learning Objectives IS Controls for System Reliability Confidentiality and Availability – Encryption – Process Controls – Input, Processing, Output – Availability Work on Assignment 4 Quiz (Chapter 7 and Chapter 8)

3 Chapter 9 – Preserving Confidentiality Intellectual property often is crucial to the to the organization’s long run competitive advantage Actions must be taken to preserve confidentiality: – Identification and classification of information to be protected – Encryption of sensitive information – Controlling access to sensitive information – Training

4 Chapter 9 – Encryption Encryption is a preventive control that can be used to protect both the confidentiality and privacy Encryption is the process of transforming normal content called plain text to unreadable gibberish, call ciphertext. Decryption reverses this process

5 Chapter 9 – Encryption Three factors determine the strength of the encryption – key length – longer keys provide stronger encryption by reducing the number of repeating blocks – encryption algorithm – are designed to resist brute-force guessing techniques – policies for managing the cryptographic keys – the most vulnerable aspect of the encryption system hence cryptographic keys must be stored very securely

6 Chapter 9 – Encryption Cryptographic keys must be stored securely and protected with strong access controls. Best practices include not storing cryptographic keys in a browser or any other file that others users of that system can readily access and using a strong and long passphrase to protect the keys Organizations must have a way to decrypt data in the event the employee who encrypted it is no longer with the organization – Use software with a built in master key – Use key escrow – make copies of all encryption keys and used by employees and store these copies securely

7 Chapter 9 – Encryption Types of Encryption Systems – Symmetric Encryption – use the same code to encrypt and decrypt (DES and AES are examples) – Asymmetric Encryption – different system to encrypt an decrypt – public key and private key (RSA and PGP) – Symmetric encryption is faster but it is less secure – Hashing takes plain text of any length and splits it into a short code called a hash hashing algorithms will not recreate the document in the original plain text format Good for verifying that the contents of a message have not been altered

8 Chapter 9 – Encryption Types of Encryption Systems Continued – Digital signatures Nonrepudiation – how to create legally binding agreements that cannot be unilaterally repudiated by either party Use hashing and asymmetric encryption simultaneously Proof that a document has not been altered and proof of who created the file – Digital Certificates Electronic document that contains and entities public key and certifies the integrity of the owner of that particular public key – Public Key Infrastructure Issuing pairs of public and private keys and corresponding digital certificates

9 Chapter 9 – Encryption Types of Encryption Systems Continued – Virtual Private Networks (VPN) Information must be encrypted within a system but also when it transmits over the internet Encrypted information, when it traverses the internet, creates a virtual private network (VPN) The VPN software that encrypts information while it transmits over the internet effectively creates private tunnels for those that have the keys

10 Chapter 10 – Processing Integrity Input Data integrity – Source documents should be prepared by authorized personnel – Forms Design – Cancellation and storage of source documents – Data entry controls Field check, sign check, limit check, range check, size check, completeness check, validity check, reasonableness check – Additional batch processing and data entry controls Sequence check, error log, batch totals

11 Chapter 10 – Processing Integrity Processing Controls – Data matching – two or more items of data must be matched prior to processing – File labels – ensure the most current files are being updated – Recalculation of batch totals – Cross-footing and zero balance test – Write protection mechanisms that stop overwriting of data – Concurrent update controls – only one user update records at a time

12 Chapter 10 – Processing Integrity Output Controls – User review of output – Reconciliation procedures – External data reconciliation – Data transmission controls (check sums and parity bits)

13 Chapter 10 – System Availability Minimize downtime and ensure efficient return to normal operations Ensure there is a contingency plan to get the system running

14 Chapter 10 – System Availability Lost data needs to be considered plus the data that is not being collected while the system is down Recovery point objective (RPO) – how much data is the organization willing to lose Recovery time objective (RTO) – the length of time the organization is willing to operate without the AIS These feed into the data recovery plan and the business continuity plan

15 Week 9 – Summary We are still talking about controls for system reliability This week’s specific topics are confidentiality and availability – Encryption - what is it – What makes encryption strong – Various types of encryption systems Data input integrity Data processing integrity Information output integrity System uptime (downtime) – Recovery point objective, Recovery time objective Quiz Next Week on Chapter 9 and 10

Download ppt "Deck 10 Accounting Information Systems Romney and Steinbart Linda Batch March 2012."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Confidentiality and Privacy Controls

Confidentiality and Privacy Controls
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.

Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.
9 - 1 Computer-Based Information Systems Control.

9 - 1 Computer-Based Information Systems Control.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Cryptographic Technologies

Cryptographic Technologies
Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.

Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Processing Integrity and Availability Controls

Processing Integrity and Availability Controls
Chapter 19 Security.

Chapter 19 Security.

Similar presentations

Ads by Google