Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Information Systems Controls for System ReliabilityPart 3: Processing Integrity and Availability
10-1
Learning Objectives
Identify and explain controls designed to ensure processing integrity.
Identify and explain controls designed to ensure systems availability.
10-2
Confidentiality (Chapter 8)
Sensitive organizational information (e.g., marketing plans, trade secrets) is protected from unauthorized disclosure.
Privacy (Chapter 9)
Personal information about customers is collected, used, disclosed, and maintained only in compliance with internal policies and external regulatory requirements and is protected from unauthorized disclosure.
Processing Integrity
Data are processed accurately, completely, in a timely manner, and only with proper authorization.
Availability
System and its information are available to meet operational and contractual obligations.
10-3
10-4
Input Controls
Garbage-in Garbage-out
Form Design
All forms should be sequentially numbered
Verify missing documents
10-5
Input Controls
Data Entry Checks
Field check
Characters proper type? Text, integer, date, and so on
Sign check
Proper arithmetic sign?
Limit check
Input checked against fixed value?
Range check
Input within low and high range value?
Size check
Input fit within field?
Completeness check
Have all required data been entered?
10-6
Input Controls
Data Entry Checks (continued)
Validity check
Input compared with master data to confirm existence
Reasonableness check
Logical comparisons
Prompting
Input requested by system
Close-loop verification
Uses input data to retrieve and display related data
10-7
Batch Totals
Compare input totals to output totals
Financial Sums a field that contains monetary values Hash
10-8
Processing Controls
Data Matching
Multiple data values must match before processing occurs.
File Labels
Ensure correct and most current file is being updated.
10-9
Processing Controls
Write Protection
Eliminate possibility of overwriting or erasing existing data.
Concurrent Update
Locking records or fields when they are being updated so multiple users are not updating at the same time.
10-10
Output Controls
User Review
Verify reasonableness, completeness, and routed to intended individual
Parity checking
Bit added to each character transmitted, the characters can then be verified for accuracy
Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall
10-11
10-12
Minimize Risks
Preventive Maintenance
Cleaning, proper storage
Fault Tolerance
Ability of a system to continue if a part fails
Training
Less likely to make mistakes and will know how to recover, with minimal damage, from errors they do commit
Patch Management
Install, run, and keep current antivirus and antispyware programs
10-13
Quick Recovery
Back-up
Incremental
Copy only data that changed from last partial back-up
Differential
Copy only data that changed from last full back-up
10-14
Change Control
Formal process used to ensure that modifications to hardware, software, or processes do not reduce systems reliability
Changes need to be documented. Changes need to be approved by appropriate manager. Changes need to be tested before implementations. All documentation needs to be updated for changes. Back-out plans need to be adopted. User rights and privileges need to be monitored during change.
10-15
Hot Site
A facility that is not only prewired for telephone and Internet access but also contains all the computing and office equipment the organization needs to perform its essential business activities
Second Data-Center
Used for back-up and site mirroring
10-16