Assignment II of Information System II

ICP Class Group II

“Information System Control for Systems Reliability (Part I)”

(Marshall Romney, CH 7 + CH 8)

- ADRIAN CAESAR PRABOWO ( 1411000267 )

- DEVY TIUR NAOMI ( 1411000412 )
- PRYANKA ICHSAN HADI ( 1411000283 )
- SARAH SAUSAN SUYONOPUTRI ( 1411000262 )
- YETI NURZAIROH ( 1411000184 )
 Why the Information Systems Control is needed?

The threats of information system are increasing and many companies

failed to control security and integrity of computer system, so the
information system control is needed.

Following the reasons :

1. There are computers and servers everywhere.
2. Distributed computer networks to many users, and these networks are harder
to control than centralized mainframe systems.
3. Wide area networks are giving customers and suppliers access to each other’s
systems and data.

To make the information system is reliable

 Who implement the information system control?

USER

Internal environment : External environment :

1.Vendors,
1.directors, 2.Customers
2.manager, 3. Auditor
3.those under their direction 4. Consultant
5. etc
 When the information system control is needed ?

• Accidental Disclosure
– A failure of components, equipment, software, or subsystems,
resulting in an exposure of information or violation of any element
of the system. .
• Deliberate Penetration
– A deliberate and covert attempt to (1) obtain information contained
in the system, (2) cause the system to operate to the advantage of
the threatening party, or (3) manipulate the system so as to render
it unreliable or unusable to the legitimate operator. 
• Physical Attack
– Overt assault against or attack upon the physical environment
 Where Does The Information Systems Control
implemented?

• Physical Protection
Security controls applied to safeguard the physical equipment apply not only to the computer
equipment itself and to its terminals, but also to such removable items.
• Hardware Leakage Points
Hardware portions of the system are subject to malfunctions that can result directly in a leak or
cause a failure of security protection mechanism else where in the system, including inducing a
software malfunction.
• Software Leakage Points
all vulnerabilities directly related to the software in the computer system.
• Communication Leakage Points
The communications linking the central processor, the switching center and the remote terminals
present a potential vulnerability. 
• Organizational Leakage Points
There are two prime organizational leakage points, personnel security clearances and institutional
operating procedures.
 How The Mechanism of Information System Control?

Security ; is the foundation of systems

SYSTEMS
reliability. limited access to protect against
RELIABILITY
a variety of attacks
Confidentiality ; is protected of corporate
PROCESSING INTEGRITY

secrets from unauthorized disclosure.

CONFIDENTIALITY

Privacy ; is personal information (about

AVAILABILITY
PRIVACY

customers, labor, vendor, etc)

Processing integrity ; is that the processed
data is accurate, complete, timely, and
authorized
Availability ; is system and information are
available to meet the operational and
contractual.
SECURITY
 How Does Security affect the systems reliability?

Internal Control
- Effective and efficiency operational organization.
- Provide accurate and reliable information
- The organization complies with applicable laws and regulation.

Three functions of Internal control

• Preventive controls ; Limit actions to those in accord with the organization’s security policy and disallow all
others.
• Deter problems before they arise.
• Detective controls ; Identify when preventive controls have been breached.
• Discover problems that are not prevented
• Corrective controls ; Repair damage from problems that have occurred, Improve preventive and detective
controls to reduce likelihood of similar incidents.
• Identify and correct problems (correct and recover from the problems)
COSO Frameworks
 What Lesson We Can Learn From IS Control?

• Control of information system implemented by company who want have

the system reliability.

• The system reliability can built by good internal control. And the supporter
to do internal control are framework of COSO, COBIT 5 or COSO-ERM.

• Five basic principles for system reliability are security, confidentiality,

privacy, processing integrity and availability.

• Security is foundation for system reliability.

• information system is a secret, so the company should have controls for

their information system.
 Sources

• Romney, Marshall B., Steinbart, Paul John.

(2015). Accounting Information Systems
(Global Edition) (13th). Harlow, England:
Pearson Education Limited.
• http://www.rand.org/pubs/reports/R609-
1/index2.html