hapter 10
Download
Skip this Video
Download Presentation
HAPTER 10

Loading in 2 Seconds...

play fullscreen
1 / 31

HAPTER 10 - PowerPoint PPT Presentation


  • 125 Views
  • Uploaded on

HAPTER 10. Information Systems Controls for System Reliability Part 3: Processing Integrity and Availability. INTRODUCTION. Questions to be addressed in this chapter include: What controls ensure processing integrity? What controls ensure that the system is available when needed?.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' HAPTER 10' - lucia


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
hapter 10

HAPTER 10

Information Systems Controls for System Reliability

Part 3: Processing Integrity and Availability

introduction
INTRODUCTION
  • Questions to be addressed in this chapter include:
    • What controls ensure processing integrity?
    • What controls ensure that the system is available when needed?
processing integrity
PROCESSING INTEGRITY
  • A reliable system produces information that is accurate, timely, reflects results of only authorized transactions, and includes outcomes of all activities engaged in by the organization during a given period of time.
  • Requires controls over both data input quality and the processing of the data.

SYSTEMS

RELIABILITY

CONFIDENTIALITY

PROCESSING INTEGRITY

PRIVACY

AVAILABILITY

SECURITY

input controls
Input Controls
  • Forms Design
    • Pre-numbered forms/ sequence test
    • Turnaround documents
  • Authorization and segregation of duties
  • Cancellation and storage of documents
  • Visual scanning
input controls1
Input Controls
  • Data Entry Controls (Edit checks)
    • Field check
    • Sign check
    • Limit check
    • Range check
    • Size (or capacity) check
    • Completeness check
    • Validity check
    • Reasonableness test
    • Check digit verification
    • Key verification
input controls2
Input Controls
  • The preceding tests are used for batch processing and online real-time processing.
  • Both processing approaches also have some additional controls that are unique to each approach.
batch input controls
Batch Input Controls
  • Batch Processing
    • Input multiple source documents at once in a group
  • In addition to the preceding controls, when using batch processing, the following data entry controls should be incorporated.
      • Sequence check
      • Error log
      • Batch totals
batch input controls1
Batch Input Controls
  • Batch Totals
    • Compare input totals to output totals
      • Financial
        • Sums a field that contains monetary values
      • Hash
        • Sums a nonfinancial numeric field
      • Record count
        • The number of records in a batch
online data entry controls
Online Data Entry Controls
  • Additional online data entry controls
    • Online processing data entry controls include:
      • Automatic entry of data
      • Prompting
      • Closed-loop verification
      • Transaction logs
      • Error messages
processing controls
Processing Controls
  • Processing controls to ensure that data is processed correctly include:
      • Data matching
      • File labels
      • Recalculation of batch totals
      • Cross-footing balance test
      • Write-protection mechanisms
      • Concurrent update controls
output controls
Output Controls
  • Careful checking of system output provides additional control over processing integrity.
  • Output controls include:
    • User review of output
    • Reconciliation procedures
    • External data reconciliation
    • Data transmission controls
output controls1
Output Controls
  • Data Transmission Controls
    • Two basic types of data transmission controls:
      • Checksums – hash of file transmitted, comparison made of hash before and after transmission
      • Parity checking
output controls2
Output Controls
  • Parity checking
    • Computers represent characters as a set of binary digits (bits).
    • For example, “5” is represented by the seven-bit pattern 0000101.
    • When data are transmitted some bits may be lost or received incorrectly.
    • Two basic schemes to detect these events are referred to as even parity and odd parity.
    • In either case, an additional bit is added to the digit being transmitted.
availability
AVAILABILITY
  • Reliable systems are available for use whenever needed.
  • Threats to system availability originate from many sources, including:
    • Hardware and software failures
    • Natural and man-made disasters
    • Human error
    • Worms and viruses
    • Denial-of-service attacks and other sabotage

SYSTEMS

RELIABILITY

CONFIDENTIALITY

PROCESSING INTEGRITY

PRIVACY

AVAILABILITY

SECURITY

controls ensuring availability
Controls Ensuring Availability
  • Systems or information need to be available 24/7
    • It is not possible to ensure this so:
availability1
AVAILABILITY
  • Minimizing Risk of System Downtime
    • Loss of system availability can cause significant financial losses, especially if the system affected is essential to e-commerce.
    • Organizations can take a variety of steps to minimize the risk of system downtime.
availability2
AVAILABILITY
  • Preventive maintenance can reduce risk of hardware and software failure. Examples:
    • Cleaning disk drivers
    • Properly storing magnetic and optical media
  • Use of redundant components can provide fault tolerance, which enables the system to continue functioning despite failure of a component. Examples:
    • Dual processors
    • Arrays of multiple hard drives.
availability3
AVAILABILITY
  • Risks associated with natural and man-made disasters can be reduced with proper location and design of rooms housing mission-critical servers and databases.
    • Raised floors protect from flood damage.
    • Fire protection and suppression devices reduce likelihood of fire damage.
    • Adequate air conditioning reduces likelihood of damage from over-heating or humidity.
    • Cables with special plugs that cannot be easily removed reduce risk of damage due to accidentally unplugging.
availability4
AVAILABILITY
  • Surge protection devices provide protection against temporary power fluctuations.
    • An uninterruptible power supply (UPS) provides protection from a prolonged power outage and buys the system enough time to back up critical data and shut down safely.
availability5
AVAILABILITY
  • Training
    • Well-trained operators are less likely to make mistakes and more able to recover if they do.
    • Security awareness training, particularly concerning safe email and web-browsing practices, can reduce risk of virus and worm infection.
  • Patch management and antivirus software
    • Anti-virus software should be installed, run, and kept current.
    • Email should be scanned for viruses at both the server and desktop levels.
    • Newly acquired software and disks, CDs, or DVDs should be scanned and tested first on a machine that is isolated from the main network.
availability6
AVAILABILITY
  • Recovery and Resumption of Normal Operations
    • Data backup procedures
    • Disaster recovery plan (DRP)
    • Business continuity plan (BCP)
availability7
AVAILABILITY
  • Data Backup Procedures
    • Data need to be backed up regularly and frequently.
    • A backup is an exact copy of the most current version of a database, file, or software program. It is intended for use in the event of a hardware or software failure.
    • The process of installing the backup copy for use is called restoration.
availability8
AVAILABILITY
  • A full backup is an exact copy of the data recorded on another physical media (tape, magnetic disk, CD, DVD, etc.)
  • Full backups are time consuming, so most organizations:
    • Do full backups weekly
    • Supplement with daily partial backups.
      • incremental backup- copy only data that changed since the last partial backup
      • differential backup – copy only data that changed from last full back-up
availability9
AVAILABILITY
  • Whichever backup procedure is used, multiple backup copies should be created:
    • One can be stored on-site for use in minor incidents.
    • At least one additional copy should be stored off-site to be safe should a disaster occur
availability10
AVAILABILITY
  • Disaster Recovery and Business Continuity PlanningObjectives:
    • Minimize the extent of the disruption, damage, and loss
    • Temporarily establish an alternative means of processing information
    • Resume normal operations as soon as possible
    • Train and familiarize personnel with emergency operations
  • Recovery point objective (RPO)
  • Recovery time objective (RTO)
availability11
AVAILABILITY
  • Infrastructure Replacement
    • Major disasters can totally destroy an organization’s information processing center or make it inaccessible.
    • A key component of disaster recovery and business continuity plans incorporates provisions for replacing the necessary computing infrastructure, including:
      • Computers
      • Network equipment and access
      • Telephone lines
      • Office equipment
      • Supplies
    • It may even be necessary to hire temporary staff.
availability12
AVAILABILITY
  • Organizations have three basic options for replacing computer and networking equipment.
    • Reciprocal agreements
    • Cold sites
    • Hot sites
availability13
AVAILABILITY
  • Documentation
    • An important and often overlooked component. Should include:
      • The disaster recovery plan itself, including instructions for notifying appropriate staff and the steps to resume operation, needs to be well documented.
      • Assignment of responsibility for the various activities.
      • Vendor documentation of hardware and software.
      • Documentation of modifications made to the default configuration (so replacement will have the same functionality).
      • Detailed operating instructions.
    • Copies of all documentation should be stored both on-site and off-site.
availability14
AVAILABILITY
  • Testing
    • Periodic testing and revision is probably the most important component of effective disaster recovery and business continuity plans.
      • Most plans fail their initial test, because it’s impossible to anticipate everything that could go wrong.
      • The time to discover these problems is before the actual emergency and in a setting where the weaknesses can be carefully analyzed and appropriate changes made.
availability15
AVAILABILITY
  • Insurance
    • Organizations should acquire adequate insurance coverage to defray part or all of the expenses associated with implementing their disaster recovery and business continuity plans.
ad