Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Hardware and Software Controls

    Încărcat de

    Marie Lou
    20 vizualizări16 pagini
    Auditing in EDM Environment

    Titlu original

    HARDWARE AND SOFTWARE CONTROLS

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    PPTX, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    Auditing in EDM Environment

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PPTX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    20 vizualizări16 pagini

    Hardware and Software Controls

    Încărcat de

    Marie Lou
    Auditing in EDM Environment

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PPTX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 16

    HARDWARE AND SOFTWARE

    CONTROLS
    PROGRAM PROTECTION
    PREVENT APPLICATION PROGRAMS FROM INTERFERING WITH EACH OTHER
    PROGRAM PROTECTION

    CONTROL OVER EXTERNAL


    BOUNDARY PROTECTION REFERENCES
    • OPERATING SYSTEM CAN PARTITION THE • REFERENCE OTHER PROGRAMS THAT MAY BE
    MEMORY INTO SECTIONS AVAILABLE IN THE PROGRAM LIBRARY
    • LINKAGE EDITING
    • RISKS
    • FRAUDULENT USE OF SUBROUTINES
    • FRAUDULENT SUPPRESSION OF
    SUBROUTINES THAT SHOULD BE USED
    • DISPLAY OF ERROR MESSAGE OR TAKING OF OTHER
    ACTION
    • LOG OF LIBRARY PROGRAM OF THE OPERATING
    WAYS TO CONTROL SYSTEM
    RISKS • MAINTAINING PROCESSING HISTORY OF PROGRAMS
    BY THE LINKAGE EDITOR
    PROGRAM PROTECTION

    CONTROL OVER SYSTEM


    LIBRARY PROGRAM SOFTWARE MODIFICATION PROGRAMS
    • PROVIDES ADDITIONAL CONTROLS OVER • CONTROL OF UTILITY PROGRAMS THAT
    THE USE AND CHANGE OF PROGRAMS SUPPRESS OR MODIFY APPLICATION
    • RESTRICTION OF ACCESS TO USE AND PROGRAM CODING
    CHANGE OF PROGRAMS
    FILE PROTECTION
    PREVENT UNAUTHORIZED USE OR MODIFICATION OF DATA
    • CHECKING INTERNAL FILE LABELS
    • PREVENT PROCESSING OF A WRONG FILE, PREMATURE
    DATA DESTRUCTION, UNAUTHORIZED ACCESS
    • ENSURE ALL DATA ARE PROCESSED

    FILE PROTECTION • STORAGE PROTECTION


    • DATA MOVED INTO MEMORY ARE PROTECTED FROM
    INADVERTENT OVERWRITING
    • MEMORY CLEAR
    • REMOVES THE RISK OF SENSITIVE DATA BEING
    AVAILABLE FOR SUBSEQUENT ACCESS BY OTHER
    PROGRAMS
    • ADDRESS COMPARE
    • COMPARE DATA ADDRESS IN MEMORY AND THAT
    REFERENCED BY A PERIPHERAL DEVICE
    SECURITY PROTECTION
    CONTROL USE OF UNAUTHORIZED PARTY BY PREVENTING OR DETECTING UNAUTHORIZED
    SYSTEM PENETRATION
    • MAINTENANCE OF LOGS AND ACTIVITY INFORMATION
    • PERMITS VERIFICATION THAT ALL USE OF FILES AND
    PROGRAMS IS AUTHORIZED
    SECURITY • PERMITS DETECTION OF ATTEMPTS AT UNAUTHORIZED
    PROTECTION ACCESS OF THE SYSTEM, FILES, OR PROGRAMS

    • LOG AND ACTIVITY ANALYSIS UTILITIES


    • ANALYZE LOG AND ACTIVITY DATA TO DETECT
    UNAUTHORIZED USAGE OR CHANGES TO FILES OR
    PROGRAMS

    • PASSWORD MONITORING
    • ENSURE THAT ACCESS TO THE COMPUTER SYSTEM,
    PROGRAMS, AND FILES IS AUTHORIZED
    SELF-PROTECTION
    • CONTROL OVER INSTALLATION AND CHANGES
    • SEGREGATION OF DUTIES
    • LOG OF SYSTEMS SOFTWARE CHANGES

    SELF-PROTECTION • UTILITY SCAN


    • CONTROL OVER SYSTEM MODIFICATION PROGRAM
    • PRIVILEGED MODE
    • HARDWIRING
    CONTROLS AND SYSTEM COMPLEXITY
    CROSS-REFERENCE
    System Additional (Cumulative) System Software Controls
    Complexity Control Objective
    Handling Self- File Program Security
    Errors Protection Protection Protection Protection
    Batch input and Detection and correction
    processing, off-line files of input/output and X
    processing errors
    Batch input and Operating system must
    processing, on-line files protect itself and files X X X
    from programs
    Batch input and Keeps programs from
    processing, on-line files, interfering with each other X X X X
    multi-programming
    Online input, batch Protect against
    processing, on-line files, unauthorized terminal use X X X X X
    multiprogramming
    On-line input, online files, None
    X X X X X
    real-time processing
    UNDERSTANDING AND TEST OF CONTROLS
    PROCEDURES TO OBTAIN UNDERSTANDING

    1. INQUIRE OF MANAGEMENT REGARDING THE EXTENT AND SOURCE OF SYSTEMS SOFTWARE,


    2. REVIEW LITERATURE ON VENDOR SOFTWARE, AND IN-HOUSE DOCUMENTATION
    3. INQUIRE OF MANAGEMENT REGARDING SOFTWARE CONTROLS ACTUALLY USED
    4. IF CERTAIN CONTROLS ARE NOT USED, DISCUSS WITH MANAGEMENT THE IMPACT OF
    NONUSE OF INTERNAL CONTROLS
    5. REVIEW THE LIST OF CONTROLS THAT ARE UTILIZED
    6. INQUIRE REGARDING THE ADEQUACY OF AUTHORIZATION AND CONTROL OVER
    IMPLEMENTATION OF, AND CHANGES TO, SYSTEMS SOFTWARE.
    PROCEDURES TO OBTAIN UNDERSTANDING

    7. INQUIRE REGARDING THE SEGREGATION OF DUTIES OF SYSTEM SOFTWARE DEVELOPMENT AND


    MAINTENANCE PERSONNEL
    8. REVIEW DOCUMENTATION TO ENSURE THAT PROCEDURES FOR CONTROL OVER CHANGES TO
    SYSTEMS SOFTWARE, INCLUDING SEGREGATION OF DUTIES, ARE BEING FOLLOWED
    9. REVIEW THE RESULTS OF PREIMPLEMENTATION TESTING OF SYSTEMS SOFTWARE
    10. INQUIRE REGARDING CONTROLS OVER THE USE OF SYSTEM MODIFICATION UTILITIES
    11. REVIEW COMPUTER UTILIZATION LOGS AND ACTIVITY REPORTS FOR UNAUTHORIZED USAGE AND
    CHANGES TO SYSTEMS SOFTWARE
    12. UTILIZE TECHNICAL HELP TO EVALUATE THE EFFECTIVENESS OF SYSTEMS SOFTWARE CONTROLS

    S-ar putea să vă placă și