Upload
dr-singh
View
218
Download
0
Embed Size (px)
Citation preview
8/3/2019 Information Systems Controls for System Reliability
1/138
CHAPTER 8
Information Systems Controls forSystem Reliability
Part 2: Confidentiality, Privacy,
Processing Integrity, and Availability
8/3/2019 Information Systems Controls for System Reliability
2/138
INTRODUCTION
Questions to be addressed in this chapter
include:
What controls are used to protect theconfidentiality of sensitive information?
What controls are designed to protect privacy of
customers personal information?
What controls ensure processing integrity?
What controls ensure that the system is available
when needed?
8/3/2019 Information Systems Controls for System Reliability
3/138
INTRODUCTION
According to the Trust
Services framework, reliable
systems satisfy five principles:
Security (discussed in Chapter
7)
Confidentiality
Privacy
Processing integrity
Availability
SECURITY
CONF
IDENTIALITY
PRIVACY
PROCES
SINGI
NTEGRIT
Y
AVAILABILITY
SYSTEMSRELIABILITY
8/3/2019 Information Systems Controls for System Reliability
4/138
CONFIDENTIALITY
y Reliable systems protect
confidential information
from unauthorized
disclosure.
SECURITY
CONF
IDENTIALITY
PRIVACY
PROCES
SINGI
NTEGRIT
Y
AVAILABILITY
SYSTEMSRELIABILITY
8/3/2019 Information Systems Controls for System Reliability
5/138
CONFIDENTIALITY
Maintaining confidentiality requires that managementidentify which information is confidential.
Confidential information includes sensitive data producedinternally as well as that shared by business partners.
Each organization will develop its own definitions.
Most definitions will include:
Business plans
Pricing strategies
Client and customer lists Legal documents
8/3/2019 Information Systems Controls for System Reliability
6/138
CONFIDENTIALITY
y Table 8-1 in your textbook summaries key controls to
protect confidentiality of information:
Situation Controls
Storage Encryption and access controls
Transmission Encryption
Disposal Shredding, thorough erasure, physical
destruction
Overall Categorization to reflect value and training
in proper work practices
8/3/2019 Information Systems Controls for System Reliability
7/138
CONFIDENTIALITY
Encryption is a fundamental control procedure for
protecting the confidentiality of sensitive
information.
Confidential information should be encrypted:
While stored
During transmission to trusted parties
8/3/2019 Information Systems Controls for System Reliability
8/138
CONFIDENTIALITY
The internet provides inexpensive transmission, but
data is easily intercepted.
Encryption solves the interception issue.
If data is encrypted before sending it, a virtual
private network (VPN) is created.
Provides the functionality of a privately owned network
But uses the Internet
8/3/2019 Information Systems Controls for System Reliability
9/138
CONFIDENTIALITY
Use of VPN software creates private communication
channels, often referred to as tunnels.
The tunnels are accessible only to parties who have the
appropriate encryption and decryption keys.
Cost of the VPN software is much less than costs of leasing
or buying a privately-owned, secure communications
network.
Also, makes it much easier to add or remove sites from thenetwork.
8/3/2019 Information Systems Controls for System Reliability
10/138
CONFIDENTIALITY
It is critical to encrypt any sensitive information
stored in devices that are easily lost or stolen, such
as laptops, PDAs, cell phones, and other portable
devices. Many organizations have policies against storing sensitive
information on these devices.
81% of users admit they do so anyway.
8/3/2019 Information Systems Controls for System Reliability
11/138
CONFIDENTIALITY
Encryption alone is not sufficient to protect confidentiality.Given enough time, many encryption schemes can be broken.
Access controls are also needed:
To prevent unauthorized parties from obtaining the encrypted data;
and
Because not all confidential information can be encrypted in storage.
Strong authentication techniques are necessary.
Strong authorization controls should be used to limit theactions (read, write, change, delete, copy, etc.) thatauthorized users can perform when accessing confidentialinformation.
8/3/2019 Information Systems Controls for System Reliability
12/138
CONFIDENTIALITY
Access to system outputs should also be controlled:
Do not allow visitors to roam through buildings unsupervised.
Require employees to log out of any application before leaving theirworkstation unattended, so other employees do not have
unauthorized access. Workstations should use password-protected screen savers that
automatically engage when there is no activity for a specified period.
Access should be restricted to rooms housing printers and faxmachines.
Reports should be coded to reflect the importance of the information
therein, and employees should be trained not to leave reports withsensitive information laying in plain view.
8/3/2019 Information Systems Controls for System Reliability
13/138
CONFIDENTIALITY
It is especially important to control disposal of
information resources.
Printed reports and microfilm with sensitiveinformation should be shredded.
8/3/2019 Information Systems Controls for System Reliability
14/138
CONFIDENTIALITY
Special procedures are needed for information stored onmagnet and optical media.
Using built-in operating system commands to delete the informationdoes not truly delete it, and utility programs will often be able to
recover these files. De-fragmenting a disk may actually create multiple copies of a
deleted document.
Consequently, special software should be used to wipe the mediaclean by repeatedly overwriting the disk with random patterns of data(sometimes referred to as shredding a disk).
Magnetic disks and tapes can be run through devices to demagnetizethem.
The safest alternative may be to physically destroy disks with highlysensitive data.
8/3/2019 Information Systems Controls for System Reliability
15/138
CONFIDENTIALITY
Controls to protect confidentiality must becontinuously reviewed and modified to respond tonew threats created by technological advances.
Many organizations now prohibit visitors from usingcell phones while touring their facilities because ofthe threat caused by cameras in these phones.
Because these devices are easy to hide, someorganizations use jamming devices to deactivate
their imaging systems while on company premises.
8/3/2019 Information Systems Controls for System Reliability
16/138
CONFIDENTIALITY
Phone conversations have also been affected by
technology.
The use of voice-over-the-Internet (VoIP) technology
means that phone conversations are routed in
packets over the Internet.
Because this technology makes wiretapping much easier,
these packets should be encrypted.
8/3/2019 Information Systems Controls for System Reliability
17/138
CONFIDENTIALITY
Employee use of email and instant messaging (IM)probably represents two of the greatest threats tothe confidentiality of sensitive information.
Once sent, there is no way to retrieve or control itsdistribution.
Organizations need to develop comprehensive policiesgoverning the appropriate and allowable use of thesetechnologies for business purposes.
Employees need to be trained on what type of informationthey can and cannot share, especially with IM.
8/3/2019 Information Systems Controls for System Reliability
18/138
CONFIDENTIALITY
Many organizations are taking steps to address theconfidentiality threats created by email and IM.
One response is to mandate encryption of all email withsensitive information.
Some organizations prohibit use of freeware IM productsand purchase commercial products with security features,including encryption.
Users sending emails must be trained to be very careful
about the identity of their addressee. EXAMPLE: The organization may have two employees named
Allen Smith. Its critical that sensitive information go to the correctAllen Smith.
8/3/2019 Information Systems Controls for System Reliability
19/138
PRIVACY
In the Trust Servicesframework, the privacyprinciple is closely related tothe confidentiality principle.
Primary difference is thatprivacy focuses on protectingpersonal information aboutcustomers rather thanorganizational data.
Key controls for privacy are thesame that were previouslylisted for confidentiality.
SECURITY
CONFIDENTIALITY
PRIVACY
PROCES
SINGI
NTEGRIT
Y
AV
AILABILITY
SYSTEMSRELIABILITY
8/3/2019 Information Systems Controls for System Reliability
20/138
PRIVACY
A number of regulations, including the Health
Insurance Portability and Accountability Act (HIPAA)
and the Financial Services Modernization Act (aka,
Gramm-Leach-Billey Act) require organizations toprotect the privacy of customer information.
8/3/2019 Information Systems Controls for System Reliability
21/138
PRIVACY
The Trust Services privacy framework of the AICPA and CICA
lists ten internationally recognized best practices for
protecting the privacy of customers personal information:
Management
The organization establishes a set of proceduresand policies for protecting privacy of personalinformation it collects.
Assigns responsibility and accountability forthose policies to a specific person or group.
8/3/2019 Information Systems Controls for System Reliability
22/138
PRIVACY
The Trust Services privacy framework of the AICPA and CICA
lists ten internationally recognized best practices for
protecting the privacy of customers personal information:
Management
Notice
Provides notice about its policies and practiceswhen it collects the information or as soon as
practicable thereafter.
8/3/2019 Information Systems Controls for System Reliability
23/138
PRIVACY
The Trust Services privacy framework of the AICPA and CICA
lists ten internationally recognized best practices for
protecting the privacy of customers personal information:
Management
Notice
Choice and consent
Describes the choices available toindividuals and obtains their consentto the collection and use of their
personal information. Choices may differ across countries.
U.S.The default is opt out, i.e.,organizations can collect personalinformation about customers
unless the customer explicitlyobjects.
EuropeThe default is opt in,i.e., they cant collect theinformation unless customersexplicitly give them permission.
Collection
The organization collects only thatinformation needed to fulfill thepurposes stated in its privacypolicies.
8/3/2019 Information Systems Controls for System Reliability
24/138
PRIVACY
The Trust Services privacy framework of the AICPA and CICA
lists ten internationally recognized best practices for
protecting the privacy of customers personal information:
Management
Notice
Choice and consent
Collection
The organization collects only thatinformation needed to fulfill thepurposes stated in its privacy policies.
8/3/2019 Information Systems Controls for System Reliability
25/138
PRIVACY
The Trust Services privacy framework of the AICPA and CICA
lists ten internationally recognized best practices for
protecting the privacy of customers personal information:
Management
Notice
Choice and consent
Collection
Use and retention
The organization uses its customerspersonal information only accordingto stated policy and retains thatinformation only as long as needed.
8/3/2019 Information Systems Controls for System Reliability
26/138
PRIVACY
The Trust Services privacy framework of the AICPA and CICA
lists ten internationally recognized best practices for
protecting the privacy of customers personal information:
Management
Notice
Choice and consent
Collection
Use and retention
Access The organization provides individuals
with the ability to access, review,correct, and delete the personalinformation stored about them.
8/3/2019 Information Systems Controls for System Reliability
27/138
PRIVACY
The Trust Services privacy framework of the AICPA and CICA
lists ten internationally recognized best practices for
protecting the privacy of customers personal information:
Management
Notice
Choice and consent
Collection
Use and retention
Access
Disclosure to Third Parties
The organization discloses customerspersonal information to third partiesonly per stated policy and only to thirdparties who provide equivalent
protection.
8/3/2019 Information Systems Controls for System Reliability
28/138
PRIVACY
The Trust Services privacy framework of the AICPA and CICA
lists ten internationally recognized best practices for
protecting the privacy of customers personal information:
Management
Notice
Choice and consent
Collection
Use and retention
Access
Disclosure to Third Parties
Security
The organization takes reasonable steps to protect customerspersonal information from loss or unauthorized disclosure.
Issues that are sometimes overlooked:
Disposal of computer equipment
Should follow the suggestions presented on section regardingprotection of confidentiality.
If you send emails to a list of recipients, each recipienttypically knows who the other recipients are.
If the email regards a private issue, e.g., perhaps it pertains totheir AIDS treatment, then the privacy of all recipients hasbeen violated.
One remedy might be to address the recipients on the bccline of the email, rather than as original addresses.
Release of electronic documents.
When physical documents are exchanged, sometimesportions are blacked out (redacted) to protect privacy.
Similar procedures are needed for the exchange of electronicdocuments.
8/3/2019 Information Systems Controls for System Reliability
29/138
PRIVACY
The Trust Services privacy framework of the AICPA and CICA lists ten
internationally recognized best practices for protecting the privacy
of customers personal information:
Management
Notice
Choice and consent
Collection
Use and retention
Access
Disclosure to Third Parties
Security
Quality
The organization maintains theintegrity of its customers personalinformation.
8/3/2019 Information Systems Controls for System Reliability
30/138
PRIVACY
The Trust Services privacy framework of the AICPA and CICA lists ten
internationally recognized best practices for protecting the privacy
of customers personal information:
Management
Notice
Choice and consent
Collection
Use and retention
Access
Disclosure to Third Parties
Security
Quality
Monitoring and enforcement
The organization assigns one or moreemployees to be responsible forassuring and verifying compliancewith its stated policies.
Also provides for procedures torespond to customer complaints,including third-party dispute-resolution processes.
8/3/2019 Information Systems Controls for System Reliability
31/138
PRIVACY
As with confidentiality, encryption and access
controls are the two basic mechanisms for protecting
consumers personal information.
It is common practice to use SSL to encrypt all personalinformation transmitted between individuals and the
organizations website.
However, SSL only protects the information in transit.
Consequently, strong authentication controls are neededto restrict website visitors access to individual accounts.
8/3/2019 Information Systems Controls for System Reliability
32/138
PRIVACY
Organizations should consider encrypting
customers personal information in storage.
May be economically justified, because some state
laws require companies to notify all customers of
security incidents.
The notification process is costly but may be
waived if the information was encrypted while instorage.
8/3/2019 Information Systems Controls for System Reliability
33/138
PRIVACY
Concerns about privacy appear to be increasing. Onetopic of concern is cookies.
A cookie is a text file created by a website and stored on avisitors hard drive. It records what the visitor has done onthe site.
Most websites create multiple cookies per visit to make iteasier for visitors to navigate the site.
Browsers can be configured to refuse cookies, but it may
make the website inaccessible. Cookies are text files and cannot do anything other store
information, but many people worry that they violateprivacy rights.
8/3/2019 Information Systems Controls for System Reliability
34/138
PRIVACY
A related concern involves the overwhelming
volume of spam.
Spam is unsolicited email that contains either
advertising or offensive content.
Reduces the efficiency benefits of email.
Is a source of many viruses, worms, spyware, and other
malicious content.
8/3/2019 Information Systems Controls for System Reliability
35/138
PRIVACY
In 2003, the U.S. Congress passed the Controlling the
Assault of Non-Solicited Pornography and
Marketing (CAN-SPAM) Act.
Provides criminal and civil penalties for violation of thelaw.
Applies to commercial email, which is any email with a
primary purpose of advertising or promotion.
Covers most legitimate email sent by organizations tocustomers, suppliers, or donors to non-profits.
8/3/2019 Information Systems Controls for System Reliability
36/138
PRIVACY
Consequently, organizations must carefully follow the CAN-
SPAM guidelines, which include:
The senders identity must be clearly displayed in the message
header.
8/3/2019 Information Systems Controls for System Reliability
37/138
PRIVACY
Consequently, organizations must carefully follow the CAN-
SPAM guidelines, which include:
The senders identity must be clearly displayed in the message header.
The subject field in the header must clearly identify the message as
an advertisement or solicitation.
8/3/2019 Information Systems Controls for System Reliability
38/138
PRIVACY
Consequently, organizations must carefully follow the CAN-
SPAM guidelines, which include:
The senders identity must be clearly displayed in the message header.
The subject field in the header must clearly identify the message as an
advertisement or solicitation.
The body must provide recipients with a working link that can be
used to opt out of future email.
Organizations have 10 days after receipt of an opt outrequest to ensure they do not send additionalunsolicited email to that address.
Means someone must be assigned responsibility forprocessing these requests.
8/3/2019 Information Systems Controls for System Reliability
39/138
PRIVACY
Consequently, organizations must carefully follow the CAN-
SPAM guidelines, which include:
The senders identity must be clearly displayed in the message header.
The subject field in the header must clearly identify the message as an
advertisement or solicitation.
The body must provide recipients with a working link that can be used
to opt out of future email.
The body must include the senders valid postal address.
Best practice (not required) would be to provide fullstreet address, telephone, and fax numbers.
8/3/2019 Information Systems Controls for System Reliability
40/138
PRIVACY
Consequently, organizations must carefully follow the CAN-
SPAM guidelines, which include:
The senders identity must be clearly displayed in the message header.
The subject field in the header must clearly identify the message as an
advertisement or solicitation.
The body must provide recipients with a working link that can be used
to opt out of future email.
The body must include the senders valid postal address.
Organizations should not:
Send email to randomly generated addresses.
Set up websites designed toharvest email addresses of potential
customers.
8/3/2019 Information Systems Controls for System Reliability
41/138
PRIVACY
Experts recommend that organizations redesign their
own websites to include a visible means for visitors
to opt in to receive email.
The AICPA and CICA have developed a privacyframework that provides detailed information on
how organizations can comply with CAN-SPAM and
other domestic and international regulations.
8/3/2019 Information Systems Controls for System Reliability
42/138
PRIVACY
Organizations need to train employees on how to
manage personal information collected from
customers.
Especially important for medical and financial information.
Intentional misuse or unauthorized disclosure can have
serious economic consequences, including:
Drop in stock price
Significant lawsuits Government suspension of the organizations business activity
8/3/2019 Information Systems Controls for System Reliability
43/138
PRIVACY
Another privacy-related issue that is of growing
concern is identity theft.
Organizations have an ethical and moral obligation to
implement controls to protect databases that contain theircustomers personal information.
8/3/2019 Information Systems Controls for System Reliability
44/138
PRIVACY
Steps that individuals can take to minimize the risk of
becoming a victim of identity theft include:
Shred all documents that contain personal information, especially
unsolicited credit card offers. Cross-cut shredders are more effective.
Never send personally identifying information in unencrypted email.
Beware of email, phone, and print requests to verify personal
information that the requesting party should already possess.
Credit card companies wont ask for your security code.
The IRS wont email you for identifying information in response to
an audit.
8/3/2019 Information Systems Controls for System Reliability
45/138
PRIVACY
Do not carry your social security card with you or comply with
requests to reveal the last 4 digits.
Limit the amount of identifying information preprinted on
checks and consider eliminating it.
Do not place outgoing mail with checks or personal information
in your mailbox for pickup.
Dont carry more than a few blank checks with you.
Use special software to thoroughly clean any digital media
before disposal, or physically destroy the media. It is especiallyimportant to thoroughly erase or destroy hard drives before
donating or disposing of equipment.
8/3/2019 Information Systems Controls for System Reliability
46/138
PRIVACY
Monitor your credit reports regularly.
File a police report as soon as you discover that your purse or
wallet was stolen.
Make photocopies of drivers licenses, passports, and credit
cards. Store them with phone numbers for all the credit cards in
a safe location to facilitate notifying authorities if they are
stolen.
Immediately cancel any lost or stolen credit cards.
8/3/2019 Information Systems Controls for System Reliability
47/138
PROCESSING INTEGRITY
A reliable system producesinformation that is accurate,timely, reflects results of onlyauthorized transactions, and
includes outcomes of allactivities engaged in by theorganization during a givenperiod of time.
Requires controls over both
data input quality and theprocessing of the data.
SECURITY
CON
FIDENTIALITY
PRIVACY
PROCESSINGI
NTEGRITY
AV
AILABILITY
SYSTEMSRELIABILITY
8/3/2019 Information Systems Controls for System Reliability
48/138
PROCESSING INTEGRITY
Five categories of integrity controls are
designed to meet the preceding objectives:
Source data controls
Data entry controls
Processing controls
Data transmission controls
Output controls
8/3/2019 Information Systems Controls for System Reliability
49/138
PROCESSING INTEGRITY
Five categories of integrity controls are
designed to meet the preceding objectives:
Source data controls
Data entry controls
Processing controls
Data transmission controls
Output controls
8/3/2019 Information Systems Controls for System Reliability
50/138
PROCESSING INTEGRITY
Source Data Controls
If the data entered into a system is inaccurate or
incomplete, the output will be, too. (Garbage in garbage
out.) Companies must establish control procedures to ensure
that all source documents are authorized, accurate,
complete, properly accounted for, and entered into the
system or sent to their intended destination in a timely
manner.
8/3/2019 Information Systems Controls for System Reliability
51/138
PROCESSING INTEGRITY
The following source data controls regulate integrity
of input:
Forms design
Source documents and other forms should bedesigned to help ensure that errors and omissionsare minimized (Chapter 18).
8/3/2019 Information Systems Controls for System Reliability
52/138
PROCESSING INTEGRITY
The following source data controls regulate integrity
of input:
Forms design
Pre-numbered forms sequence test Pre-numbering helps verify that no items are
missing.
When sequentially pre-numbered source datadocuments are used, the system should be
programmed to identify and report missing orduplicate form numbers.
8/3/2019 Information Systems Controls for System Reliability
53/138
PROCESSING INTEGRITY
The following source data controls regulate integrity
of input:
Forms design
Pre-numbered forms sequence test Turnaround documents
Documents sent to external parties that are preparedin machine-readable form to facilitate theirsubsequent processing as input records.
Example: the stub that is returned by a customerwhen paying a utility bill.
Are more accurate than manually-prepared inputrecords.
8/3/2019 Information Systems Controls for System Reliability
54/138
PROCESSING INTEGRITY
The following source data controls regulate integrity
of input:
Forms design
Pre-numbered forms sequence test Turnaround documents
Cancellation and storage of documents
Documents that have been entered should becanceled
Paper documents are stamped paid orotherwise defaced
A flag field is set on electronic documents.
Canceling documents does not mean destroyingdocuments.
They should be retained as long as needed to satisfylegal and regulatory requirements.
8/3/2019 Information Systems Controls for System Reliability
55/138
PROCESSING INTEGRITY
The following source data controls regulate integrity
of input:
Forms design
Pre-numbered forms sequence test Turnaround documents
Cancellation and storage of documents
Authorization and segregation of duties
Source documents should be prepared only byauthorized personnel acting within their authority.
Employees who authorize documents should not beassigned incompatible functions.
8/3/2019 Information Systems Controls for System Reliability
56/138
PROCESSING INTEGRITY
The following source data controls regulate integrity
of input:
Forms design
Pre-numbered forms sequence test Turnaround documents
Cancellation and storage of documents
Authorization and segregation of duties
Visual scanning
Documents should be scanned for reasonablenessand propriety.
8/3/2019 Information Systems Controls for System Reliability
57/138
PROCESSING INTEGRITY
The following source data controls regulate integrity
of input:
Forms design
Pre-numbered forms sequence test Turnaround documents
Cancellation and storage of documents
Authorization and segregation of duties
Visual scanning
Check digit verification
An additional digit called a check digit can beappended to account numbers, policy numbers, IDnumbers, etc.
Data entry devices then perform check digitverification by using the original digits in the numberto recalculate the check digit.
If the recalculated check digit does not match thedigit recorded on the source document, that resultsuggests that an error was made in recording or
entering the number.
8/3/2019 Information Systems Controls for System Reliability
58/138
PROCESSING INTEGRITY
The following source data controls regulate integrity
of input:
Forms design
Pre-numbered forms sequence test Turnaround documents
Cancellation and storage of documents
Authorization and segregation of duties
Visual scanning
Check digit verification
RFID security
Many businesses are replacing bar codes and manualtags with radio frequency identification (RFID) tagsthat can store up to 128 bytes of data.
These tags should be write-protected so thatunscrupulous customers cannot change priceinformation on merchandise.
8/3/2019 Information Systems Controls for System Reliability
59/138
PROCESSING INTEGRITY
Five categories of integrity controls are
designed to meet the preceding objectives:
Source data controls
Data entry controls
Processing controls
Data transmission controls
Output controls
8/3/2019 Information Systems Controls for System Reliability
60/138
PROCESSING INTEGRITY
Once data is collected, data entry control procedures are
needed to ensure that its entered correctly. Common tests to
validate input include:
Field check
Determines if the characters in a field are of theproper type.
Example: The characters in a social security fieldshould all be numeric.
8/3/2019 Information Systems Controls for System Reliability
61/138
PROCESSING INTEGRITY
Once data is collected, data entry control procedures are
needed to ensure that its entered correctly. Common tests to
validate input include:
Field check
Sign check
Determines if the data in a field have the appropriatearithmetic sign.
Example: The number of hours a student is enrolled
in during a semester could not be a negative number.
8/3/2019 Information Systems Controls for System Reliability
62/138
PROCESSING INTEGRITY
Once data is collected, data entry control procedures are
needed to ensure that its entered correctly. Common tests to
validate input include:
Field check
Sign check
Limit check
Tests whether an amount exceeds a predeterminedvalue.
Example: A university might use a limit check tomake sure that the hours a student is enrolled in donot exceed 21.
8/3/2019 Information Systems Controls for System Reliability
63/138
PROCESSING INTEGRITY
Once data is collected, data entry control procedures are
needed to ensure that its entered correctly. Common tests to
validate input include:
Field check
Sign check
Limit check
Range check
Similar to a field check, but it checks both ends of a
range. Example: Perhaps a wage rate is checked to ensure
that it does not exceed $15 and is not lower than theminimum wage rate.
8/3/2019 Information Systems Controls for System Reliability
64/138
8/3/2019 Information Systems Controls for System Reliability
65/138
PROCESSING INTEGRITY
Once data is collected, data entry control procedures are
needed to ensure that its entered correctly. Common tests to
validate input include:
Field check
Sign check
Limit check
Range check
Size (or capacity) check
Comp
leteness c
heck
Determines if all required items have been entered.
Example: Has the students billing address beenentered along with enrollment details?
8/3/2019 Information Systems Controls for System Reliability
66/138
PROCESSING INTEGRITY
Once data is collected, data entry control procedures are
needed to ensure that its entered correctly. Common tests to
validate input include:
Field check
Sign check
Limit check
Range check
Size (or capacity) check
Completeness check Validity check
Compares the value entered to a file of acceptablevalues.
Example: Does the state code entered for an address
match one of the 50 valid state codes?
8/3/2019 Information Systems Controls for System Reliability
67/138
PROCESSING INTEGRITY
Once data is collected, data entry control procedures are
needed to ensure that its entered correctly. Common tests to
validate input include:
Field check
Sign check
Limit check
Range check
Size (or capacity) check
Completeness check Validity check
Reasonableness test
Determines whether a logical relationship seems tobe correct.
Example: A freshman with annual financial aid of$60,000 is probably not reasonable.
8/3/2019 Information Systems Controls for System Reliability
68/138
PROCESSING INTEGRITY
The preceding tests are used for batch
processing and online real-time processing.
Both processing approaches also have some
additional controls that are unique to each
approach.
8/3/2019 Information Systems Controls for System Reliability
69/138
PROCESSING INTEGRITY
Additional Batch Processing Data Entry
Controls
In addition to the preceding controls, when using
batch processing, the following data entry controls
should be incorporated.
Sequence check
Tests whether the data is in the proper numerical or
alphabetical sequence.
8/3/2019 Information Systems Controls for System Reliability
70/138
PROCESSING INTEGRITY
Additional Batch Processing Data Entry
Controls
In addition to the preceding controls, when using
batch processing, the following data entry controls
should be incorporated.
Sequence check
Error log
Records information about data input or processing
errors (when they occurred, cause, when they werecorrected and resubmitted).
Errors should be investigated, corrected, andresubmitted on a timely basis (usually with the nextbatch) and subjected to the same input validationroutines.
The log should be reviewed periodically to ensurethat all errors have been corrected and then used toprepare an error report, summarizing errors by recordtype, error type, cause, and disposition.
8/3/2019 Information Systems Controls for System Reliability
71/138
PROCESSING INTEGRITY
Additional Batch Processing Data Entry
Controls
In addition to the preceding controls, when using
batch processing, the following data entry controls
should be incorporated.
Sequence check
Error log
Batch totals
Summarize key values for a batch of input records.
Commonly used batch totals include: Financial totalssums of fields that contain dollar
values, such as total sales.
Hash totalssums of nonfinancial fields, such asthe sum of all social security numbers ofemployees being paid.
Record countcount of the number of records ina batch.
These batch totals are calculated and recorded whendata is entered and used later to verify that all inputwas processed correctly.
8/3/2019 Information Systems Controls for System Reliability
72/138
PROCESSING INTEGRITY
Additionalonline data entry controls
Online processing data entry controls include:
Automatic entry of data
Whenever possible, the system should automaticallyenter transaction data, such as next availabledocument number or new ID number.
Saves keying time and reduces errors.
8/3/2019 Information Systems Controls for System Reliability
73/138
PROCESSING INTEGRITY
Additionalonline data entry controls
Online processing data entry controls include:
Automatic entry of data
Prompting
System requests each input item and waits for anacceptable response.
8/3/2019 Information Systems Controls for System Reliability
74/138
PROCESSING INTEGRITY
Additionalonline data entry controls
Online processing data entry controls include:
Automatic entry of data
Prompting
Pre-formatting
Fields that need to be completed are highlighted.
8/3/2019 Information Systems Controls for System Reliability
75/138
PROCESSING INTEGRITY
Additionalonline data entry controls
Online processing data entry controls include:
Automatic entry of data
Prompting
Pre-formatting
Closed-loop verification
Checks accuracy of input data by retrieving related
information. Example: When a customers account number is
entered, the associated customers name is displayedon the screen so the user can verify that entries arebeing made for the correct account.
Maintains a detailed record of all transaction data
8/3/2019 Information Systems Controls for System Reliability
76/138
PROCESSING INTEGRITY
Additionalonline data entry controls
Online processing data entry controls include:
Automatic entry of data
Prompting
Pre-formatting
Closed-loop verification
Transaction logs
Maintains a detailed record of all transaction data,including:
A unique transaction identifier
Date and time of entry Terminal from which entry is made
Transmission line
Operator identification
Sequence in which transaction is entered
The log can be used to reconstruct a file that isdamaged or can be used to ensure transactions arenot lost or entered twice if a malfunction shuts downthe system.
8/3/2019 Information Systems Controls for System Reliability
77/138
PROCESSING INTEGRITY
Additionalonline data entry controls
Online processing data entry controls include:
Automatic entry of data
Prompting
Pre-formatting
Closed-loop verification
Transaction logs
Error messages
Should indicate when an error occurred, which item,and how it should be corrected.
8/3/2019 Information Systems Controls for System Reliability
78/138
PROCESSING INTEGRITY
Five categories of integrity controls are
designed to meet the preceding objectives:
Source data controls
Data entry controls
Processing controls
Data transmission controls
Output controls
8/3/2019 Information Systems Controls for System Reliability
79/138
PROCESSING INTEGRITY
Processing Controls
Processing controls to ensure that data is
processed correctly include:
Data matching
Two or more items must match before processingcan proceed.
Example: The quantity billed on the vendor invoicemust match the quantity ordered on the purchaseorder and the quantity received on the receivingreport.
8/3/2019 Information Systems Controls for System Reliability
80/138
PROCESSING INTEGRITY
Processing Controls
Processing controls to ensure that data is
processed correctly include:
Data matching
File labels
External labels should be checked visually to ensure the correct andmost current files are being updated.
There are also two important types of internal labels to be checked. The header record, located at the beginning of each file, contains
the file name, expiration date, and other identification data.
The trailer record at the end of the file contains the batch totalscalculated during input.
Batch totals should be recomputed as processing takes place.
8/3/2019 Information Systems Controls for System Reliability
81/138
PROCESSING INTEGRITY
Processing Controls
Processing controls to ensure that data is
processed correctly include:
Data matching
File labels
Recalculation of batch totals
Batch totals should be recomputed as processing takes place.
These totals should be compared to the totals in the trailer record.
Discrepancies indicate processing errors, such as:
If the recomputed record count is smaller than the original count,one or more records were not processed.
If the recomputed record count is larger than the original, thenadditional unauthorized transactions were processed or someauthorized transactions were processed twice.
If the discrepancy between totals is evenly divisible by 9, therewas probably a transposition error (two adjacent digits werereversed).
8/3/2019 Information Systems Controls for System Reliability
82/138
PROCESSING INTEGRITY
Processing Controls
Processing controls to ensure that data is
processed correctly include:
Data matching
File labels
Recalculation of batch totals
Cross-footing balance test
Compares arithmetic results produced by two differentmethods to verify accuracy.
EXAMPLE: Compute the sum of column totals in aspreadsheet and compare it to a sum of the row totals.
8/3/2019 Information Systems Controls for System Reliability
83/138
PROCESSING INTEGRITY
Processing Controls
Processing controls to ensure that data is
processed correctly include:
Data matching
File labels
Recalculation of batch totals
Cross-footing balance test
Write-protection mechanisms
Protect against accidental writing over or erasing ofdata files but are not foolproof.
8/3/2019 Information Systems Controls for System Reliability
84/138
PROCESSING INTEGRITY
Processing Controls
Processing controls to ensure that data is
processed correctly include:
Data matching
File labels
Recalculation of batch totals
Cross-footing balance test
Write-protection mechanisms
Database processing integrity procedures
Database systems use database administrators, datadictionaries, and concurrent update controls toensure processing integrity.
The administrator establishes and enforcesprocedures for accessing and updating the database.
The data dictionary ensures that data items aredefined and used consistently.
Concurrent update controls protect records frombeing updated by two users simultaneously.
Locks one user out until the other has finishedprocessing.
8/3/2019 Information Systems Controls for System Reliability
85/138
PROCESSING INTEGRITY
Processing Controls
Processing controls to ensure that data is
processed correctly include:
Data matching
File labels
Recalculation of batch totals
Cross-footing balance test
Write-protection mechanisms
Database processing integrity procedures
Data conversion controls
When changing systems, data from old files and
databases are entered into new data structures. Conversion controls help ensure that the new data
storage media are free of errors.
Old and new systems should be run in parallel atleast once and results compared to identify
discrepancies. Internal auditors should review data conversion
processes for accuracy.
8/3/2019 Information Systems Controls for System Reliability
86/138
PROCESSING INTEGRITY
Five categories of integrity controls are
designed to meet the preceding objectives:
Source data controls
Data entry controls
Processing controls
Data transmission controls
Output controls
8/3/2019 Information Systems Controls for System Reliability
87/138
PROCESSING INTEGRITY
Data Transmission Controls
In addition to using encryption to protect the confidentiality of
information being transmitted, organizations need controls to
minimize the risk of data transmission errors.
When the receiving unit detects a data transmission error, it asks thesending unit to re-send. Usually done automatically.
Sometimes, the system may not be able to accomplish automatic
resubmission and will ask the sender to re-transmit the data.
Two basic types of data transmission controls:
Parity checking
Message acknowledgment techniques
8/3/2019 Information Systems Controls for System Reliability
88/138
PROCESSING INTEGRITY
Data Transmission Controls
In addition to using encryption to protect the confidentiality of
information being transmitted, organizations need controls to
minimize the risk of data transmission errors.
When the receiving unit detects a data transmission error, it asks thesending unit to re-send. Usually done automatically.
Sometimes, the system may not be able to accomplish automatic
resubmission and will ask the sender to re-transmit the data.
Two basic types of data transmission controls:
Parity checking
Message acknowledgment techniques
8/3/2019 Information Systems Controls for System Reliability
89/138
PROCESSING INTEGRITY
Parity checking
Computers represent characters as a set of binary digits
(bits).
For example, 5 is represented by the seven-bit pattern0000101.
When data are transmitted some bits may be lost or
received incorrectly.
Two basic schemes to detect these events are referred to
as even parity and odd parity.
In either case, an additional bit is added to the digit being
transmitted.
8/3/2019 Information Systems Controls for System Reliability
90/138
PROCESSING INTEGRITY
In even parity, the parity bit is set so that each character has an even
number of bits with the value 1.
In odd parity, the objective is that an odd number of bits should have
the value 1.
The pattern for 5 is 0000101. This pattern has two bits (an even
number) with a value of 1. Therefore, the parity bit that is added
would be zero if we were using even parity and 1 if we were using odd
parity.
The receiving device performs parity checking to verify that the proper
number of bits set to one in each character received.
Additional accuracy can be achieved with more complex parity
schemes.
8/3/2019 Information Systems Controls for System Reliability
91/138
PROCESSING INTEGRITY
Data Transmission Controls
In addition to using encryption to protect the confidentiality of
information being transmitted, organizations need controls to
minimize the risk of data transmission errors.
When the receiving unit detects a data transmission error, it asks thesending unit to re-send. Usually done automatically.
Sometimes, the system may not be able to accomplish automatic
resubmission and will ask the sender to re-transmit the data.
Two basic types of data transmission controls:
Parity checking
Message acknowledgment techniques
8/3/2019 Information Systems Controls for System Reliability
92/138
PROCESSING INTEGRITY
Message Acknowledgment Techniques
A number of message acknowledgment
techniques can be used to let the sender of an
electronic message know that a message wasreceived:
Echo check
When data are transmitted, the system calculates asummary statistic such as the number of bits in themessage.
The receiving unit performs the same calculation (anecho check) and sends the result to the sending unit.
If the counts match, the transmission is presumedaccurate.
8/3/2019 Information Systems Controls for System Reliability
93/138
PROCESSING INTEGRITY
Message Acknowledgment Techniques
A number of message acknowledgment
techniques can be used to let the sender of an
electronic message know that a message wasreceived:
Echo check
Trailer record
The sending unit stores control totals in a trailer record.
The receiving unit uses the information in those totals toverify the entire message was received.
8/3/2019 Information Systems Controls for System Reliability
94/138
PROCESSING INTEGRITY
Message Acknowledgment Techniques
A number of message acknowledgment
techniques can be used to let the sender of an
electronic message know that a message wasreceived:
Echo check
Trailer record
Numbered batches
If a large message is transmitted in segments, each canbe numbered sequentially.
The receiving unit uses those numbers to properlyassemble the segments.
8/3/2019 Information Systems Controls for System Reliability
95/138
PROCESSING INTEGRITY
Five categories of integrity controls are
designed to meet the preceding objectives:
Source data controls
Data entry controls
Processing controls
Data transmission controls
Output controls
8/3/2019 Information Systems Controls for System Reliability
96/138
PROCESSING INTEGRITY
Output Controls
Careful checking of system output provides
additional control over processing integrity.
Output controls include:
User review ofoutput
Users carefully examine output for reasonableness,completeness, and to assure they are the intendedrecipient.
8/3/2019 Information Systems Controls for System Reliability
97/138
PROCESSING INTEGRITY
Output Controls
Careful checking of system output provides
additional control over processing integrity.
Output controls include:
User review of output
Reconciliation procedures
Periodically, all transactions and other system updatesshould be reconciled to control reports, filestatus/update reports, or other control mechanisms.
Control accounts should also be reconciled tosubsidiary account totals.
8/3/2019 Information Systems Controls for System Reliability
98/138
PROCESSING INTEGRITY
Output Controls
Careful checking of system output provides
additional control over processing integrity.
Output controls include:
User review of output
Reconciliation procedures
External data reconciliation
Database totals should periodically be reconciled with datamaintained outside the system.
EXAMPLE: Compare number of employee records in thepayroll file to number in the human resources file. (Excess
records in payroll suggests a ghost employee.)
8/3/2019 Information Systems Controls for System Reliability
99/138
AVAILABILITY
Reliable systems are available for
use whenever needed.
Threats to system availability
originate from many sources,
including:
Hardware and software failures
Natural and man-made disasters
Human error
Worms and viruses Denial-of-service attacks and other
sabotage
SECURITY
CONFIDENTIALITY
PRIVACY
PROCE
SSINGI
NTEGR
ITY
A
VAILABILITY
SYSTEMSRELIABILITY
8/3/2019 Information Systems Controls for System Reliability
100/138
AVAILABILITY
Proper controls can minimize the risk ofsignificant system downtime caused by thepreceding threats.
It is impossible to totally eliminate all threats. Consequently, organizations must develop
disaster recovery and business continuityplans to enable them to quickly resume
normal operations after such an event.
8/3/2019 Information Systems Controls for System Reliability
101/138
AVAILABILITY
Minimizing Risk ofSystem Downtime
Loss of system availability can cause significantfinancial losses, especially if the system affected isessential to e-commerce.
Organizations can take a variety of steps tominimize the risk of system downtime.
Physical and logical access controls (Chapter 7) canreduce the risk of successful denial-of-service attacks.
Good computer security reduces risk of theft orsabotage of IS resources.
8/3/2019 Information Systems Controls for System Reliability
102/138
AVAILABILITY
Preventive maintenance can reduce risk ofhardware and software failure. Examples:
Cleaning disk drivers
Properly storing magnetic and optical media
Use of redundant components can providefaulttolerance, which enables the system to continuefunctioning despite failure of a component.Examples of redundant components:
Dual processors
Arrays of multiple hard drives.
8/3/2019 Information Systems Controls for System Reliability
103/138
AVAILABILITY
Surge protection devices provide protection
against temporary power fluctuations.
An uninterruptible power supply (UPS) provides
protection from a prolonged power outage andbuys the system enough time to back up critical
data and shut down safely.
8/3/2019 Information Systems Controls for System Reliability
104/138
AVAILABILITY
Risks associated with natural and man-madedisasters can be reduced with proper location anddesign of rooms housing mission-critical servers anddatabases.
Raised floors protect from flood damage.
Fire protection and suppression devices reduce likelihoodof fire damage.
Adequate air conditioning reduces likelihood of damage
from over-heating or humidity. Cables with special plugs that cannot be easily removed
reduce risk of damage due to accidentally unplugging.
AVAILABILITY
8/3/2019 Information Systems Controls for System Reliability
105/138
AVAILABILITY
Training is especially important. Well-trained operators are less likely to make mistakes and
more able to recover if they do.
Security awareness training, particularly concerning safeemail and web-browsing practices, can reduce risk of virusand worm infection.
Anti-virus software should be installed, run, and keptcurrent.
Email should be scanned for viruses at both the
server and desktop levels. Newly acquired software and disks, CDs, or DVDs
should be scanned and tested first on a machine thatis isolated from the main network.
AVAILABILITY
8/3/2019 Information Systems Controls for System Reliability
106/138
AVAILABILITY
Disaster Recovery and Business ContinuityPlanning
Disaster recovery and business continuity plans
are essential if an organization hopes to survive amajor catastrophe.
Being without an IS for even a short period of timecan be quite costlysome report as high as half amillion dollars per hour.
Yet many large U.S. companies do not haveadequate disaster recovery and businesscontinuity plans.
AVAILABILITY
8/3/2019 Information Systems Controls for System Reliability
107/138
AVAILABILITY
The objectives of a disaster recovery andbusiness continuity plan are to:
Minimize the extent of the disruption, damage,
and loss Temporarily establish an alternative means of
processing information
Resume normal operations as soon as possible
Train and familiarize personnel with emergencyoperations
AVAILABILITY
8/3/2019 Information Systems Controls for System Reliability
108/138
AVAILABILITY
Key components of effective disaster recoveryand business continuity plans include:
Data backup procedures
Provisions for access to replacementinfrastructure (equipment, facilities, phone lines,etc.)
Thorough documentation
Periodic testing
Adequate insurance
AVAILABILITY
8/3/2019 Information Systems Controls for System Reliability
109/138
AVAILABILITY
Key components of effective disaster recoveryand business continuity plans include:
Data backup procedures
Provisions for access to replacementinfrastructure (equipment, facilities, phone lines,etc.)
Thorough documentation
Periodic testing
Adequate insurance
AVAILABILITY
8/3/2019 Information Systems Controls for System Reliability
110/138
AVAILABILITY
Data Backup Procedures
Data need to be backed up regularly and
frequently.
A backup is an exact copy of the most currentversion of a database, file, or software program. It
is intended for use in the event of a hardware or
software failure.
The process of installing the backup copy for use is
called restoration.
AVAILABILITY
8/3/2019 Information Systems Controls for System Reliability
111/138
AVAILABILITY
Several different backup procedures exist.
Afull backup is an exact copy of the data recordedon another physical media (tape, magnetic disk,CD, DVD, etc.)
Restoration involves bringing the backup copyonline.
Full backups are time consuming, so mostorganizations:
Do full backups weekly
Supplement with daily partial backups.
AVAILABILITY
8/3/2019 Information Systems Controls for System Reliability
112/138
AVAILABILITY
Two types ofpartial backups are possible:
Incremental backup
Involves copying only the data items that havechanged since the last backup.
Produces a set of incremental backup files, eachcontaining the results of one days transactions.
Restoration:
First load the last full backup.
Then install each subsequent incrementalbackup in the proper sequence.
AVAILABILITY
8/3/2019 Information Systems Controls for System Reliability
113/138
AVAILABILITY
Two types ofpartial backups are possible:
Incremental backup
Differential backup
All changes made since the last full backup are copied.
Each new differential backup file contains the cumulativeeffects of all activity since the last full backup.
Will normally take longer to do the backup than whenincremental backup is used.
Restoration:
First load the last full backup.
Then install the most recent differential backup file.
AVAILABILITY
8/3/2019 Information Systems Controls for System Reliability
114/138
AVAILABILITY
Incremental and differential backups are both made
daily.
Additional intra-day backups are often made for mission-
critical databases.
Periodically, the system makes a copy of the database at
that point in time, called a checkpoint, and stores the copy
on backup media.
If a hardware or software fault interrupts processing, the
checkpoint is used to restart the system.
The only transactions that need to be reprocessed are
those that occurred since the last checkpoint.
AVAILABILITY
8/3/2019 Information Systems Controls for System Reliability
115/138
AVAILABILITY
Whichever backup procedure is used, multiple
backup copies should be created:
One can be stored on-site for use in minor
incidents.
At least one additional copy should be stored off-
site to be safe should a disaster occur
AVAILABILITY
8/3/2019 Information Systems Controls for System Reliability
116/138
AVAILABILITY
The offsite copies can be transported to
remote storage physically or electronically.
The same security controls should apply as to
original copies. Sensitive data should be encrypted in storage and
during transmission.
Access to the backup files should be carefully controlled
and monitored.
AVAILABILITY
8/3/2019 Information Systems Controls for System Reliability
117/138
AVAILABILITY
Backups are retained for only a fixed period of time.
An archive is a copy of a database, master file, or
software that will be retained indefinitely as an
historical record, usually to satisfy legal andregulatory requirements.
Multiple copies of archives should be made and
stored in different locations.
Appropriate security controls should also be appliedto these files.
AVAILABILITY
8/3/2019 Information Systems Controls for System Reliability
118/138
AVAILABILITY
Special attention should be paid to email, because ithas become an important archive of organizationalbehavior and information.
Access to email is often important when companies
are embroiled in lawsuits.
Organizations may be tempted to adopt a policy ofperiodically deleting all email to prevent a plaintiffsattorney from finding a smoking gun.
AVAILABILITY
8/3/2019 Information Systems Controls for System Reliability
119/138
AVAILABILITY
Most experts advise against such policies and
recommend that organizations include email in their
backup and archive procedures because:
There are likely to be copies of the email stored in
locations outside the organization.
Such a policy would mean that the organization would not
be able to tell its side of the story.
Also, courts have sanctioned companies for failing to
provide timely access to email.
AVAILABILITY
8/3/2019 Information Systems Controls for System Reliability
120/138
AVAILABILITY
Key components of effective disaster recoveryand business continuity plans include:
Data backup procedures
Provisions for access to replacementinfrastructure (equipment, facilities, phone lines,etc.)
Thorough documentation
Periodic testing
Adequate insurance
AVAILABILITY
8/3/2019 Information Systems Controls for System Reliability
121/138
AVAILABILITY
Infrastructure Replacement
Major disasters can totally destroy an organizationsinformation processing center or make it inaccessible.
A key component of disaster recovery and business
continuity plans incorporates provisions for replacing thenecessary computing infrastructure, including:
Computers
Network equipment and access
Telephone lines
Office equipment Supplies
It may even be necessary to hire temporary staff.
AVAILABILITY
The least expensive approach.
The organization enters into an agreement with another organizationthat uses similar equipment to have temporary access to and use of
8/3/2019 Information Systems Controls for System Reliability
122/138
AVAILABILITY
Organizations have three basic options
for replacing computer and networking
equipment.
Reciprocal agreements
that uses similar equipment to have temporary access to and use oftheir information system resources in the event of a disaster.
Effective solutions for disasters of limited duration and magnitude,especially for small organizations.
Not optimal in major disasters as:
The host organization may also be affected.
The host also needs the resources.
AVAILABILITY
8/3/2019 Information Systems Controls for System Reliability
123/138
AVAILABILITY
Organizations have three basic options
for replacing computer and networking
equipment.
Reciprocal agreements
Cold sites An empty building is purchased or leased and pre-wired for
necessary telephone and Internet access. Contracts are created with vendors to provide all necessary
computer and office equipment within a specified period of time.
Still leaves the organization without use of the IS for a period of time.
AVAILABILITY
8/3/2019 Information Systems Controls for System Reliability
124/138
AVAILABILITY
Organizations have three basic options
for replacing computer and networking
equipment.
Reciprocal agreements
Cold sites
Hot sites
Most expensive solution but used by organizations like financialinstitutions and airlines which cannot survive any appreciable timewithout there IS.
The hot site is a facility that is pre-wired for phone and Internet (like
the cold site) but also contains the essential computing and officeequipment.
It is a backup infrastructure designed to provide fault tolerance inthe event of a major disaster.
AVAILABILITY
8/3/2019 Information Systems Controls for System Reliability
125/138
AVAILABILITY
Key components of effective disaster recoveryand business continuity plans include:
Data backup procedures
Provisions for access to replacementinfrastructure (equipment, facilities, phone lines,etc.)
Thorough documentation
Periodic testing
Adequate insurance
AVAILABILITY
8/3/2019 Information Systems Controls for System Reliability
126/138
AVAILABILITY
Documentation An important and often overlooked component. Should
include: The disaster recovery plan itself, including instructions for
notifying appropriate staff and the steps to resume operation,
needs to be well documented. Assignment of responsibility for the various activities.
Vendor documentation of hardware and software.
Documentation of modifications made to the default configuration(so replacement will have the same functionality).
Detailed operating instructions.
Copies of all documentation should be stored both on-siteand off-site.
AVAILABILITY
8/3/2019 Information Systems Controls for System Reliability
127/138
AVAILABILITY
Key components of effective disaster recoveryand business continuity plans include:
Data backup procedures
Provisions for access to replacementinfrastructure (equipment, facilities, phone lines,etc.)
Thorough documentation
Periodic testing
Adequate insurance
AVAILABILITY
8/3/2019 Information Systems Controls for System Reliability
128/138
AVAILABILITY
Testing
Periodic testing and revision is probably the mostimportant component of effective disasterrecovery and business continuity plans.
Most plans fail their initial test, because its impossibleto anticipate everything that could go wrong.
The time to discover these problems is before theactual emergency and in a setting where the
weaknesses can be carefully analyzed and appropriatechanges made.
AVAILABILITY
8/3/2019 Information Systems Controls for System Reliability
129/138
AVAILABILITY
Plans should be tested on at least an annual
basis to ensure they reflect recent changes in
equipment and procedures.
Important to test procedures involved in executingreciprocal agreements or hot or cold sites.
Backup restoration procedures also require
practice.
AVAILABILITY
8/3/2019 Information Systems Controls for System Reliability
130/138
AVAILABILITY
Brainstorming sessions involving mock scenarios canbe effective in identifying gaps and shortcomings. More realistic and detailed simulations or drills should also
be performed, although not to the expense of completelyperforming every activity.
Experts recommend testing individual components of theplans separately, because it is too difficult and costly tosimulate and analyze every aspect simultaneously.
The plan documentation needs to be updated toreflect any changes in procedure made in responseto problems identified during testing.
AVAILABILITY
8/3/2019 Information Systems Controls for System Reliability
131/138
AVAILABILITY
Key components of effective disaster recoveryand business continuity plans include:
Data backup procedures
Provisions for access to replacementinfrastructure (equipment, facilities, phone lines,etc.)
Thorough documentation
Periodic testing Adequate insurance
AVAILABILITY
8/3/2019 Information Systems Controls for System Reliability
132/138
AVAILABILITY
Insurance
Organizations should acquire adequate insurance
coverage to defray part or all of the expenses
associated with implementing their disasterrecovery and business continuity plans.
CHANGE MANAGEMENT CONTROLS
8/3/2019 Information Systems Controls for System Reliability
133/138
CHANGE MANAGEMENT CONTROLS
Organizations constantly modify their information systems toreflect new business practices and to take advantage ofadvances in IT.
Controls are needed to ensure such changes dont negativelyimpact reliability.
Existing controls related to security, confidentiality, privacy,processing integrity, and availability should be modified tomaintain their effectiveness after the change.
Change management controls need to ensure adequate
segregation of duties is maintained in light of themodifications to the organizational structure and adoption ofnew software.
CHANGE MANAGEMENT CONTROLS
8/3/2019 Information Systems Controls for System Reliability
134/138
CHANGE MANAGEMENT CONTROLS
Important change management controls include:
All change requests should be documented in a standard
format that identifies:
Nature of the change
Reason for the change
Date of the request
All changes should be approved by appropriate levels of
management.
Approvals should be clearly documented to provide an audit trail.
Management should consult with the CSO and other IT managers
about impact of the change on reliability.
CHANGE MANAGEMENT CONTROLS
8/3/2019 Information Systems Controls for System Reliability
135/138
CHANGE MANAGEMENT CONTROLS
Changes should be thoroughly tested prior toimplementation.
Includes assessing effect of change on all five principles of systemsreliability.
Should occur in a separate, non-production environment.
All documentation (program instructions, systemdescriptions, backup and disaster recovery plans) shouldbe updated to reflect authorized changes to the system.
Emergency changes or deviations from policy must bedocumented and subjected to a formal review andapproval process as soon after implementation as
practicable. All such actions should be logged to providean audit trail.
CHANGE MANAGEMENT CONTROLS
8/3/2019 Information Systems Controls for System Reliability
136/138
CHANGE MANAGEMENT CONTROLS
Backout plans should be developed for reverting
to the previous configuration if the approved
changes need to be interrupted or aborted.
User rights and privileges should be carefullymonitored during the change process to ensure
proper segregation of duties.
CHANGE MANAGEMENT CONTROLS
8/3/2019 Information Systems Controls for System Reliability
137/138
C G G CO O S
The most important change management control isadequate monitoring and review by topmanagement to ensure that the changes areconsistent with the entitys multiyear strategic plan.
Objective: Be sure the system continues toeffectively support the organizations strategy.
Steering committees are often created to performthis function.
SUMMARY
8/3/2019 Information Systems Controls for System Reliability
138/138
SUMMARY
In this chapter, youve learned about thecontrols used to protect the confidentiality ofsensitive information and the controls used toprotect the privacy of customer information.
Youve also learned about controls that helpensure processing integrity.
Finally, youve learned about controls to
ensure that the system is available whenneeded.