Tải bản đầy đủ (.ppt) (222 trang)

Accounting information systems 11e romney steinbart chapter 07

Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (4.23 MB, 222 trang )

C

HAPTER 7

Information Systems Controls
for Systems Reliability
Part 1: Information Security

© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

1 of 222


INTRODUCTION
• Questions to be addressed in this chapter:
– How does security affect systems reliability?
– What are the four criteria that can be used to evaluate
the effectiveness of an organization’s information
security?
– What is the time-based model of security and the
concept of defense-in-depth?
– What types of preventive, detective, and corrective
controls are used to provide information security?
– How does encryption contribute to security and how
do the two basic types of encryption systems work?
© 2008 Prentice Hall Business Publishing


Accounting Information Systems, 11/e

Romney/Steinbart

2 of 222


INTRODUCTION
• One basic function of an AIS is to provide
information useful for decision making. In
order to be useful, the information must be
reliable, which means:
– It provides an accurate, complete, and timely
picture of the organization’s activities.
– It is available when needed.
– The information and the system that produces
it is protected from loss, compromise, and
theft.
© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

3 of 222


INTRODUCTION
SYSTEMS
RELIABILITY


© 2008 Prentice Hall Business Publishing

• The five basic principles that
contribute to systems reliability:

Accounting Information Systems, 11/e

Romney/Steinbart

4 of 222


INTRODUCTION
SYSTEMS
RELIABILITY

• The five basic principles that
contribute to systems reliability:
– Security



Access to the system and its data
is controlled.

SECURITY
© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e


Romney/Steinbart

5 of 222


INTRODUCTION

CONFIDENTIALITY

SYSTEMS
RELIABILITY

• The five basic principles that
contribute to systems reliability:
– Security
– Confidentiality



Sensitive information is protected
from unauthorized disclosure.

SECURITY
© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart


6 of 222


INTRODUCTION

PRIVACY

CONFIDENTIALITY

SYSTEMS
RELIABILITY

• The five basic principles that
contribute to systems reliability:





Security
Confidentiality
Privacy
Personal information about
customers collected through
e-commerce is collected, used,
disclosed, and maintained in an
appropriate manner.

SECURITY
© 2008 Prentice Hall Business Publishing


Accounting Information Systems, 11/e

Romney/Steinbart

7 of 222


INTRODUCTION

PROCESSING INTEGRITY

PRIVACY

CONFIDENTIALITY

SYSTEMS
RELIABILITY

• The five basic
principles that
contribute to systems
reliability:
• Data is processed:
– –Security
Accurately
Completely
– –Confidentiality
– In a timely manner
– –Privacy

With proper authorization
– Processing integrity

SECURITY
© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

8 of 222


INTRODUCTION

SECURITY
© 2008 Prentice Hall Business Publishing

AVAILABILITY

PROCESSING INTEGRITY

PRIVACY

CONFIDENTIALITY

SYSTEMS
RELIABILITY

• The five basic

principles that
contribute to systems
reliability:
– Security
– Confidentiality
The system
is available to meet
–• Online
privacy
operational and contractual
– Processing
obligations. integrity
– Availability

Accounting Information Systems, 11/e

Romney/Steinbart

9 of 222


INTRODUCTION

SECURITY
© 2008 Prentice Hall Business Publishing

AVAILABILITY

PROCESSING INTEGRITY


PRIVACY

CONFIDENTIALITY

SYSTEMS
RELIABILITY

• Note the importance of
security in this picture. It is
the foundation of systems
reliability. Security
procedures:
– Restrict system access to
only authorized users and
protect:
• The confidentiality of sensitive
organizational data.
• The privacy of personal
identifying information
collected from customers.

Accounting Information Systems, 11/e

Romney/Steinbart

10 of 222


INTRODUCTION
• Security procedures also:


SECURITY
© 2008 Prentice Hall Business Publishing

– Provide for processing
integrity by preventing:
AVAILABILITY

PROCESSING INTEGRITY

PRIVACY

CONFIDENTIALITY

SYSTEMS
RELIABILITY

• Submission of unauthorized or
fictitious transactions.
• Unauthorized changes to
stored data or programs.

– Protect against a variety of
attacks, including viruses
and worms, thereby
ensuring the system is
available when needed.

Accounting Information Systems, 11/e


Romney/Steinbart

11 of 222


INTRODUCTION
• This chapter provides a broad introduction
to the topic of information systems
security.
• Anyone interested in a career in
information systems security would need
to undertake additional detailed study.
• Chapter 8 will discuss controls relevant to
the other four reliability principles.
© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

12 of 222


INTRODUCTION
• The press carries many stories about
information security incidents including:






Denial of service attacks
Fraud
Loss of trade secrets
Identity theft

• Accountants and IS professionals need to
understand basic principles of information
security in order to protect their organizations
and themselves.
© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

13 of 222


COBIT and Trust Services
• Control Objectives for
Information
Technology (COBIT)
• Information systems
controls required for
achieving business
and governance
objectives

© 2008 Prentice Hall Business Publishing


Adequate Controls

Accounting Information Systems, 11/e

Romney/Steinbart

14 of 222


COBIT and Trust Services
• COBIT IT resources:





Applications
Information
Infrastructures
People

© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

15 of 222



COBIT and Trust Services
• COBIT information
criteria:








Effectiveness
Efficiency
Confidentiality
Integrity
Availability
Compliance
Reliability

© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

16 of 222


COBIT and Trust Services

• COBIT domains:
– Basic management
activities for IT
– Help organize 34
generic IT controls

© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

17 of 222


COBIT and Trust Services

© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

18 of 222


COBIT and Trust Services

© 2008 Prentice Hall Business Publishing


Accounting Information Systems, 11/e

Romney/Steinbart

19 of 222


COBIT and Trust Services

© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

20 of 222


COBIT and Trust Services

© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

21 of 222


COBIT and Trust Services


© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

22 of 222


COBIT and Trust Services

© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

23 of 222


COBIT and Trust Services

© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

24 of 222



COBIT and Trust Services

© 2008 Prentice Hall Business Publishing

Accounting Information Systems, 11/e

Romney/Steinbart

25 of 222


×