Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

Control, Audit, and Security of Information Systems, Cheat Sheet of Systems Design

Dharmsinh Desai UniversitySystems Design

The importance of ensuring the reliability and credibility of information systems, particularly when dealing with massive amounts of data. It covers the key concepts of controls, audits, testing, and security measures to protect data, programs, and equipment from various threats. The objectives and techniques of controls, the purpose and methods of auditing information systems, the classification and objectives of system testing, and the potential threats to information system security along with the measures to protect against them. It emphasizes the need for controls, audits, and security to maintain data security, privacy, and integrity, which are crucial for the effective and reliable operation of information systems.

Typology: Cheat Sheet

2011/2012

Uploaded on 12/30/2022

davedhruti
davedhruti 🇮🇳

3 documents

1 / 6

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Prof. Ekta Parikh DDU SEM 3 System Analysis and Design
Chapter 8
Control, audit and security of
Information system
CONTROLS
It is very important to ensure the reliability of reports produced by an information system If
unreliability is seen by users the entire credibility of the system is lost Ensuring reliability is not difficult
for small systems but when a system has to handle massive data it is a challenge Systematic controls
are thus essential when a system is designed.
AUDITS
Many organizations are now entirely dependent on computer based information system. These
information systems contain financial data and other critical procedures. It is essential to protect the
systems against frauds and ensure that sound accounting practices are followed. It is necessary to trace
the origin and fix responsibilities when frauds occur. Audit methods primary purpose is to ensure this.
TESTING
Systems contain many individual subsystems. Usually sub-systems and programs are individually tested
However when a whole system is integrated unforeseen errors may be seen. Thus before releasing a
system the entire operational system should be tested for correctness and completeness.
SECURITY
Systems contain sensitive data about the organization and also about persons working in the
organization. Sensitive data should be protected from spies, thieves or disgruntled employees. Thus
access should be carefully controlled and provided only on a need to know basis. When computers are
networked corruption/erasure may take place due to viruses. Services may be disrupted due to denial of
service attacks thus systems should be designed with appropriate security measures.
CONTROL- Method to ensure that a system processes data as per design and that all data is
included and are correct
AUDIT AND TESTING - Ensure that the system is built as per specifications and that processed
results are correct. Protect systems from frauds.
pf3
pf4
pf5

Partial preview of the text

Download Control, Audit, and Security of Information Systems and more Cheat Sheet Systems Design in PDF only on Docsity!

Chapter 8

Control, audit and security of

Information system

CONTROLS

It is very important to ensure the reliability of reports produced by an information system If unreliability is seen by users the entire credibility of the system is lost Ensuring reliability is not difficult for small systems but when a system has to handle massive data it is a challenge Systematic controls are thus essential when a system is designed. AUDITS Many organizations are now entirely dependent on computer based information system. These information systems contain financial data and other critical procedures. It is essential to protect the systems against frauds and ensure that sound accounting practices are followed. It is necessary to trace the origin and fix responsibilities when frauds occur. Audit methods primary purpose is to ensure this. TESTING Systems contain many individual subsystems. Usually sub-systems and programs are individually tested However when a whole system is integrated unforeseen errors may be seen. Thus before releasing a system the entire operational system should be tested for correctness and completeness. SECURITY Systems contain sensitive data about the organization and also about persons working in the organization. Sensitive data should be protected from spies, thieves or disgruntled employees. Thus access should be carefully controlled and provided only on a need to know basis. When computers are networked corruption/erasure may take place due to viruses. Services may be disrupted due to denial of service attacks thus systems should be designed with appropriate security measures.  CONTROL- Method to ensure that a system processes data as per design and that all data is included and are correct  AUDIT AND TESTING - Ensure that the system is built as per specifications and that processed results are correct. Protect systems from frauds.

Chapter 8  SECURITY- Protection of data resources,programs,and equipment from illegal use,theft,vandalism,accidents, disasters etc. NEED OF CONTROLS

  • Information systems handle massive amounts of data – accidents such as not including some data can cause serious damage
  • Incorrect data entry can lead to high monetary losses
  • Credibility in the information system may be lost if errors are found in operational systems OBJECTIVES OF CONTROLS
  • To make sure data entering the computer are correct
  • Check clerical handling of data before it is input to a computer
  • Provide means of detecting and tracing errors which occur due to bad data or bad program
  • Ensure legal requirements are met
  • To guard against frauds

CONTROL TECHNIQUES

ORGANIZATIONAL MEASURES:

Well defined responsibility for input preparation, delivery output use, operation and maintenance

  • Changes in program and data (if any) should be documented
  • Performance of task and recording must be by different persons to prevent frauds INPUT PREPARATOIN CONTROL
  • Sequence numbering
  • Batch controls
  • Data entry and verification
  • Record totals -Self checking digits

Chapter 8 o Take sample inputs and manually apply processing rules and compare outputs with computer outputs

  • AUDITING THROUGH THE COMPUTER o Establish audit trail which allows examining selected intermediate results o Control totals provide intermediate checks

AUDITING THROUGH THE COMPUTER

  • Facility to trace transaction value and print intermediate results
  • Selective printing of records meeting criteria specified by the auditor For example :Inactive accounts,overactive accounts, accounts with high balance
  • Comparing credit and debit balance
  • Ensure logs are kept of who did what in critical data entry and processing to fix responsibility.Called an Audit trail.
  • Auditor’s own checked input and expected output.

AUDITING WITH THE COMPUTER

Use special audit packages to check system Audit package allows

  • Extracting data based on the specified criterion for inspection(e.g. Students with wide disparity in marks in two subjects)
  • Totaling specified subset of data for check
  • Procedure to check sale discounts
  • Process with independent data file created by auditor and verify to see if system is as per specification SYSTEM TESTING OBJECTIVES
  • To ensure the entire system will perform as per specification
  • Ensure system meets users requirements
  • Verify if controls function as intended
  • To make sure incorrect inputs, incorrect processing and incorrect outputs (if any) will be detected during operation
  • Should include both computer based and manual processes
  • Remember that system testing is done before a system is released as ready for operation

Chapter 8 CLASIFICATION OF SYSTEM TESTS PROGRAM TESTS

  • Program tests with test data
    • Normally individual modules tested then integration test done
    • Test boundary conditions
    • Test using loop counts SYSTEM TESTS
  • Results from a program fed as input to a succeeding program
  • a string of programs run one after another
  • All programs in a complete system are tested together as a whole.
  • Tested using unreasonable data and non key data besides normal test data for whole system PILOT TESTS
  • Use data from manual system to test system when it is first implemented. If it is modification of earlier computer based system use data and output from that system PARALLEL RUNS
  • Run both manual and computer based systems with same live data and see if both give identical results
  • If it is re-engineered (i.e.,Modified) system run both old and new systems and compare results SECURITY OF INFORMATION SYSTEMS Security means protection of data from accidental or intentional modification, destruction or disclosure to unauthorised persons POTENTIAL THREATS TO SECURITY
  • Natural disasters such as fire, floods, earthquakes
  • Accidents such as disk crashes, file erasure by inexperienced operators
  • Theft/erasure of data by disgruntled employees
  • Frauds by changing programs, data by employees
  • Industrial espionage
  • Viruses/Worms
  • Hackers who break into systems connected to the internet
  • Denial of service attacks by flooding with mail