Documente Academic
Documente Profesional
Documente Cultură
USER
• Accidental Disclosure
– A failure of components, equipment, software, or subsystems,
resulting in an exposure of information or violation of any element
of the system. .
• Deliberate Penetration
– A deliberate and covert attempt to (1) obtain information contained
in the system, (2) cause the system to operate to the advantage of
the threatening party, or (3) manipulate the system so as to render
it unreliable or unusable to the legitimate operator.
• Physical Attack
– Overt assault against or attack upon the physical environment
Where Does The Information Systems Control
implemented?
• Physical Protection
Security controls applied to safeguard the physical equipment apply not only to the computer
equipment itself and to its terminals, but also to such removable items.
• Hardware Leakage Points
Hardware portions of the system are subject to malfunctions that can result directly in a leak or
cause a failure of security protection mechanism else where in the system, including inducing a
software malfunction.
• Software Leakage Points
all vulnerabilities directly related to the software in the computer system.
• Communication Leakage Points
The communications linking the central processor, the switching center and the remote terminals
present a potential vulnerability.
• Organizational Leakage Points
There are two prime organizational leakage points, personnel security clearances and institutional
operating procedures.
How The Mechanism of Information System Control?
Internal Control
- Effective and efficiency operational organization.
- Provide accurate and reliable information
- The organization complies with applicable laws and regulation.
• The system reliability can built by good internal control. And the supporter
to do internal control are framework of COSO, COBIT 5 or COSO-ERM.