Welcome to Scribd!

Skip carousel

Romney Ais13 PPT 08

Uploaded by

Tamara Saraswati

0% found this document useful (0 votes)

117 views14 pages

Accounting Management

Original Title

romney_ais13_ppt_08

Copyright

Available Formats

PPTX, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Accounting Management

Copyright:

Available Formats

Download as PPTX, PDF, TXT or read online from Scribd

Flag for inappropriate content

Download as pptx, pdf, or txt

0% found this document useful (0 votes)

117 views14 pages

Romney Ais13 PPT 08

Uploaded by

Tamara Saraswati

Accounting Management

Copyright:

Available Formats

Download as PPTX, PDF, TXT or read online from Scribd

Flag for inappropriate content

Download as pptx, pdf, or txt

Jump to Page

You are on page 1of 14

Search inside document

Controls for Information

Security
Chapter 8

Copyright 2015 Pearson Education, Inc.

8-1

Learning Objectives
Explain how information security affects
information systems reliability.
Discuss how a combination of preventive,
detective, and corrective controls can be
employed to provide reasonable assurance about
the security of an organizations information
system.
Copyright 2015 Pearson Education, Inc.

8-2

Trust Services Framework

Security
Access to the system and data is controlled and restricted to
legitimate users.

Confidentiality
Sensitive organizational data is protected.

Privacy
Personal information about trading partners, investors, and
employees are protected.

Processing integrity
Data are processed accurately, completely, in a timely
manner, and only with proper authorization.

Availability
System and information are available.

Copyright 2015 Pearson Education, Inc.

8-3

Copyright 2015 Pearson Education, Inc.

8-4

Security Life Cycle

Security is a management issue

Copyright 2015 Pearson Education, Inc.

8-5

Security Approaches
Defense-in-depth
Multiple layers of control (preventive and
detective) to avoid a single point of failure

Time-based model, security is effective if:

P > D + C where
P is time it takes an attacker to break through
preventive controls
D is time it takes to detect an attack is in progress
C is time it takes to respond to the attack and take
corrective action
Copyright 2015 Pearson Education, Inc.

8-6

How to Mitigate Risk of Attack

Preventive Controls
People
Process
IT Solutions
Physical security
Change controls and
change management

Copyright 2015 Pearson Education, Inc.

Detective Controls

Log analysis
Intrusion detection
systems
Penetration testing
Continuous
monitoring

8-7

Preventive: People
Culture of security
Tone set at the top with management

Training
Follow safe computing practices

Never open unsolicited e-mail attachments

Use only approved software
Do not share passwords
Physically protect laptops/cellphones

Protect against social engineering

8-8

Preventive: Process
Authenticationverifies the person
1. Something person knows
2. Something person has
3. Some biometric characteristic
4. Combination of all three

Authorizationdetermines what a person can

access

8-9

Preventive: IT Solutions

Antimalware controls
Network access controls
Device and software hardening controls
Encryption

8-10

Preventive: Other
Physical security access controls
Limit entry to building
Restrict access to network and data

Change controls and change management

Formal processes in place regarding changes
made to hardware, software, or processes

8-11

Corrective
Computer Incident Response Team (CIRT)
Chief Information Security Officer (CISO)
Patch management

8-12

Key Terms

Defense-in-depth
Time-based model of security
Social engineering
Authentication
Biometric identifier
Multifactor authentication
Multimodal authentication
Authorization
Access control matrix
Compatibility test
Border router
Firewall
Demilitarized zone (DMZ)
Routers

Access control list (ACL)

Packet filtering
Deep packet inspection
Intrusion prevention system
Remote Authentication Dial-in
User Service (RADIUS)
War dialing
Endpoints
Vulnerabilities
Vulnerability scanners
Hardening
Change control and change
management
Log analysis
Intrusion detection system
(IDS)
8-13

Key Terms (continued)

Penetration test
Computer incident response
team (CIRT)
Exploit
Patch
Patch management
Virtualization
Cloud computing

8-14

IRAM - Business Impact Assessment
Document52 pages
IRAM - Business Impact Assessment
Julio Armando Fabaz
100% (2)
NIST Third Party Compliance Checklist
Document26 pages
NIST Third Party Compliance Checklist
Muchamad Solihin
No ratings yet
PECB Certified ISO/IEC 27001: Lead Implementer
Document4 pages
PECB Certified ISO/IEC 27001: Lead Implementer
Higo Jefferson
No ratings yet
Chap 3 AIS
Document14 pages
Chap 3 AIS
Christine Joy Original
100% (1)
CS CSPS Guidelines Aviation Sector English V1.5
Document60 pages
CS CSPS Guidelines Aviation Sector English V1.5
manojghorpade
100% (1)
Iso27001 2013 Clause4 Context of Organization
Document11 pages
Iso27001 2013 Clause4 Context of Organization
Arfi Maulana
No ratings yet
CISSP Practice Tests Sample
Document20 pages
CISSP Practice Tests Sample
afzaal ahmed
No ratings yet
Chapter 13 Test Bank Romney Ais
Document35 pages
Chapter 13 Test Bank Romney Ais
Man Tran Y Nhi
No ratings yet
Accounting Information Systems: Fourteenth Edition
Document9 pages
Accounting Information Systems: Fourteenth Edition
Elshafa Kirana
No ratings yet
Accounting Information Systems: Fourteenth Edition
Document18 pages
Accounting Information Systems: Fourteenth Edition
Putri Dyah Wijayanti
No ratings yet
Audit of Inv Property, NCA HFS and Disc Op
Document32 pages
Audit of Inv Property, NCA HFS and Disc Op
Paula Bitor
No ratings yet
3 - IAS 40 - Investment Property - SV PDF
Document16 pages
3 - IAS 40 - Investment Property - SV PDF
Hồ Đan Thục
No ratings yet
Operations Auditing: Audi26
Document19 pages
Operations Auditing: Audi26
Pricia Abella
No ratings yet
Solution Manual Accounting Information Systems 12th Edition by Romney and Steinbart Ch17
Document24 pages
Solution Manual Accounting Information Systems 12th Edition by Romney and Steinbart Ch17
Man Tran Y Nhi
No ratings yet
Accounting Information Systems: Fourteenth Edition
Document11 pages
Accounting Information Systems: Fourteenth Edition
Elshafa Kirana
No ratings yet
Tax Semis
Document50 pages
Tax Semis
Team Mindanao
No ratings yet
Accounting Information Systems: Fourteenth Edition
Document11 pages
Accounting Information Systems: Fourteenth Edition
Elshafa Kirana
No ratings yet
The Revenue Cycle
Document27 pages
The Revenue Cycle
MARIA VERONICA
No ratings yet
Accounting Information Systems: Fourteenth Edition
Document18 pages
Accounting Information Systems: Fourteenth Edition
Elshafa Kirana
No ratings yet
Chapter 4 Information Technology It
Document63 pages
Chapter 4 Information Technology It
黄勇添
No ratings yet
Study Notes 4 PAPS 1013
Document6 pages
Study Notes 4 PAPS 1013
Francis Ysabella Balagtas
No ratings yet
Midterm Audcis Reviewer
Document29 pages
Midterm Audcis Reviewer
intacc recordings
No ratings yet
Lecture 1 - 2-Basics of Accounting
Document29 pages
Lecture 1 - 2-Basics of Accounting
Ravi Kumar
No ratings yet
Revenue Cycle
Document18 pages
Revenue Cycle
Nurrin Dar
No ratings yet
Gelinas-Dull 8e Chapter 11 Billing & Receivable
Document30 pages
Gelinas-Dull 8e Chapter 11 Billing & Receivable
leen mercado
100% (1)
AIS - Chapter 3 Reviewer
Document10 pages
AIS - Chapter 3 Reviewer
Ella
No ratings yet
AP04 05 Audit of Intangibles
Document8 pages
AP04 05 Audit of Intangibles
eildee
No ratings yet
Chapter 1 Basic Accounting
Document39 pages
Chapter 1 Basic Accounting
kakao
No ratings yet
Isae 3400
Document9 pages
Isae 3400
baabasaam
No ratings yet
AFAR-18 (JIT, ABC, FOH - Service Cost Allocation)
Document7 pages
AFAR-18 (JIT, ABC, FOH - Service Cost Allocation)
Flores Renato Jr. S.
No ratings yet
The Expenditure Cycle Part 1: Purchases and Cash Disbursements Procedures
Document41 pages
The Expenditure Cycle Part 1: Purchases and Cash Disbursements Procedures
Fathan Mubina
No ratings yet
Handouts 56
Document11 pages
Handouts 56
Omar Cabayag
No ratings yet
Income Tax Schemes, Accounting Periods, Accounting Methods, and Reporting
Document4 pages
Income Tax Schemes, Accounting Periods, Accounting Methods, and Reporting
Coleen Biocales
No ratings yet
Investment Property Owner Occupied: Theory of Accounts Practical Accounting 1
Document4 pages
Investment Property Owner Occupied: Theory of Accounts Practical Accounting 1
hanie lala
No ratings yet
AIS Development Strategies
Document11 pages
AIS Development Strategies
Firdaus Yahya
No ratings yet
Prospective Financial Information-ACCA P7 - PFI
Document14 pages
Prospective Financial Information-ACCA P7 - PFI
mike1711
No ratings yet
Analysis & Interpretation of Financial Statements
Document44 pages
Analysis & Interpretation of Financial Statements
Secret Deity
No ratings yet
Audit Sampling For Tests of Details of Balances
Document43 pages
Audit Sampling For Tests of Details of Balances
Endah Hamidah Aini
No ratings yet
PP 15 New
Document49 pages
PP 15 New
Stevan Pkn
No ratings yet
Chapter 18 Test Bank
Document67 pages
Chapter 18 Test Bank
Ezatullah Siddiqi
No ratings yet
TX10 Other Percentage Tax
Document16 pages
TX10 Other Percentage Tax
Anna Aldave
No ratings yet
The Expenditure Cycle Part 1: Purchases and Cash Disbursements Procedures
Document38 pages
The Expenditure Cycle Part 1: Purchases and Cash Disbursements Procedures
ontykerls
No ratings yet
Chapter 5 Expenditure Cycle Part 1
Document33 pages
Chapter 5 Expenditure Cycle Part 1
KRIS ANNE SAMUDIO
100% (1)
Activity Based Costing Ch05 Horngren
Document32 pages
Activity Based Costing Ch05 Horngren
Syahrani Juhermi
No ratings yet
Ethics, Fraud, and Internal Control
Document49 pages
Ethics, Fraud, and Internal Control
Azizah Syarif
100% (3)
Internal Control in Action
Document26 pages
Internal Control in Action
Angel Pascuhin
No ratings yet
Romney Ais13 PPT 13
Document11 pages
Romney Ais13 PPT 13
Aj PotXzs Ü
No ratings yet
Mas
Document27 pages
Mas
kevinlim186
No ratings yet
Accounting For Special Transactions (Corporate Liquidation) : Lecture Aid
Document7 pages
Accounting For Special Transactions (Corporate Liquidation) : Lecture Aid
mo
No ratings yet
Quiz SIA - Solved
Document5 pages
Quiz SIA - Solved
Shinta Ayu
No ratings yet
Chapter 25 - Production and Growth
Document22 pages
Chapter 25 - Production and Growth
vanvobboy
No ratings yet
Chapter 2 Wiley
Document29 pages
Chapter 2 Wiley
p876468
No ratings yet
Chapter 9 Audit of Investing Cycle
Document11 pages
Chapter 9 Audit of Investing Cycle
consulivy
No ratings yet
Accounting Information System
Document14 pages
Accounting Information System
Hajira_Harmain
No ratings yet
Chapter 5 Market Value Valuation Activities
Document3 pages
Chapter 5 Market Value Valuation Activities
Alliyah Kaye
No ratings yet
Accounting Information System - Chapter 2
Document88 pages
Accounting Information System - Chapter 2
Melisa May Ocampo Ampiloquio
100% (1)
c2 Introduction To Transaction Processing
Document14 pages
c2 Introduction To Transaction Processing
Lee Suarez
No ratings yet
Ais Chapter 1
Document3 pages
Ais Chapter 1
Alfred Lopez
No ratings yet
Income Based Valuation
Document25 pages
Income Based Valuation
April Joy Obedoza
No ratings yet
Romney Steinbart ch4
Document14 pages
Romney Steinbart ch4
Anggie Octavia
No ratings yet
Controls For Information Security
Document14 pages
Controls For Information Security
muhammad f laitupa
No ratings yet
Chapter 5 Security and Privacy
Document13 pages
Chapter 5 Security and Privacy
b.kyoot.90
No ratings yet
AIS Chap 8
Document23 pages
AIS Chap 8
PhupungPrasiwi
No ratings yet
SANS MGT414 10 Course Book
Document100 pages
SANS MGT414 10 Course Book
rmriazur.ca
No ratings yet
Information Security Chapter 1
Document44 pages
Information Security Chapter 1
bscitsemv
No ratings yet
Information Security
Document18 pages
Information Security
abhishek2531
No ratings yet
Sic Notes Vicky
Document73 pages
Sic Notes Vicky
speedyrohan8
No ratings yet
2016S IP Question PDF
Document43 pages
2016S IP Question PDF
Nazmus Sakib Saurov
No ratings yet
Information Security Transformation-Nahil Mahmood-Lecture 6
Document6 pages
Information Security Transformation-Nahil Mahmood-Lecture 6
Muhammad Asim Mubarik
No ratings yet
Ethics MCQ
Document2 pages
Ethics MCQ
Badal Kumar
No ratings yet
Ee Draindumps 2024-Jan-25 by Elijah 198q Vce
Document15 pages
Ee Draindumps 2024-Jan-25 by Elijah 198q Vce
sagarjob2016
No ratings yet
Introduction To Cyber Security Handbook PDF
Document104 pages
Introduction To Cyber Security Handbook PDF
Vjay Madham
No ratings yet
Oracle Learning Management
Document33 pages
Oracle Learning Management
Shaju Shana
No ratings yet
Department of Computer Science & Applications Chaudhary Devi Lal University, Sirsa-125055 (India) 2017-18
Document18 pages
Department of Computer Science & Applications Chaudhary Devi Lal University, Sirsa-125055 (India) 2017-18
Gaba Studio
No ratings yet
Security Assignment
Document127 pages
Security Assignment
Shrawan Shraw
100% (1)
Abiy 000652632 Busi 1359 Mba Thesis Isc-Bse
Document63 pages
Abiy 000652632 Busi 1359 Mba Thesis Isc-Bse
jonashi
0% (1)
ISO 27K Self Assessment Checklist
Document14 pages
ISO 27K Self Assessment Checklist
Homero Resendiz
100% (1)
An Approach To Revamp The Data Security Using Cryptographic Techniques
Document5 pages
An Approach To Revamp The Data Security Using Cryptographic Techniques
jyoshna
No ratings yet
McRee-Security Response Plan Policy
Document3 pages
McRee-Security Response Plan Policy
Kanti Sunuwar
No ratings yet
Data Loss Prevention Policy
Document3 pages
Data Loss Prevention Policy
shiv kumar
No ratings yet
DPDHL Group Supplier Code of Conduct 2020 5
Document4 pages
DPDHL Group Supplier Code of Conduct 2020 5
HARMAN sandhu
No ratings yet
Case Studies On Cryptography and Security
Document26 pages
Case Studies On Cryptography and Security
Abhishek
100% (1)
Part A-Theoretical Questions: Cybersecurity
Document42 pages
Part A-Theoretical Questions: Cybersecurity
adikesa
100% (1)
Auditor Training Module 2 - Audit Management
Document28 pages
Auditor Training Module 2 - Audit Management
Thant Aung
No ratings yet
CEH Cagy
Document16 pages
CEH Cagy
geyali9450
No ratings yet
BCP Gudilines
Document172 pages
BCP Gudilines
Thakur99
No ratings yet
Israel Edereka
Document2 pages
Israel Edereka
sandeep k
No ratings yet
Concept Note On IntelliEXAMS
Document8 pages
Concept Note On IntelliEXAMS
Prashanta Kumar
No ratings yet
2 Clause-Wise Requirements of ISMS Management System
Document25 pages
2 Clause-Wise Requirements of ISMS Management System
mseraji
100% (1)
CIS MySQL Benchmark v1.0.2
Document36 pages
CIS MySQL Benchmark v1.0.2
waldo9999
No ratings yet