ACCT INFO SYSTEM
ACCT INFO SYSTEM ACCT 322
Popular in Course
Jarvis Reilly DDS
verified elite notetaker
Popular in Accounting
This 4 page Class Notes was uploaded by Jarvis Reilly DDS on Saturday September 26, 2015. The Class Notes belongs to ACCT 322 at Clemson University taught by Richard Dull in Fall. Since its upload, it has received 20 views. For similar materials see /class/214237/acct-322-clemson-university in Accounting at Clemson University.
Reviews for ACCT INFO SYSTEM
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 09/26/15
IT governance the responsibility of executives and boards of directors and consists of the leadership organizational structures and processes that ensure that the enterprise s IT sustains and extends the organization s strategies and objectives It is about processes employed by organizations to select and attain goals and objectives COBIT designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected provides guidance on the best practices for the management of IT IT resources must be managed by IT control processes to ensure that an organization has the information it needs to achieve its objectives Provide framework to ensure that 0 IT is aligned with the business 0 IT enables the business and maximizes benefits 0 IT resources are used responsibly 0 IT risks are managed appropriately Information systems organization department or function that develops and operates an organization s information system the function is composed of people procedures and equipment called the information systems department IT control process domains 0 Plan and organize develop strategy and tactics for realizing an organization s IT strategy 0 Establish strategic vision for IT ensure that organization s strategic plan is supported and that IT is used to the best advantage of the organization s short term goals 0 Develop tactics to plan communicate and manage realization of the strategic vision segregation of duties security officer IT steering committee rotation of duties forced vacations fidelity bond Segregation ofduties consists of separating the 4 basic functions of event processing 1 authorizing events 2 executing orders 3 recording events 4 safeguarding resources resulting from consummating events Basically no single employee should be in a position both to perpetrate and conceal frauds errors or other kinds of system failures Rotation ofduties a policy that requires an employee to alternate jobs periodically It prevents the organization s own personnel from committing acts of computer abuse fraud or theft of assets A personal security control plan 0 Acquire and implement domain identify develop acquire and implement IT solutions and integrate them into the business process 0 Identify automated solutions consistent with IT plan and technology infrastructure and information contained therein 0 Develop and acquire IT solutions application software technology infrastructure service level requirements 0 Integrate IT solutions into operational processes ensure that system is suitable 0 Manage changes to existing IT systems ensure processing integrity between versions of systems and consistency of results from period to period 0 Deliver and support domain processes to deliver required IT services efficiently and effectively 0 Deliver required IT services includes activities related to first 2 IT control processes 0 Ensure security and continuous service continue to be provided at the levels expected by users with secure operating environment 0 Provide support services training needs and sessions 0 Monitor and evaluate domain assess services for quality and ensure compliance with control requirements 0 Monitor and evaluate the processes management should establish system for defining performance indicators gathering data about processes and generating performance reports Continuous Data Protection CDP all data changes are data stamped and saved to secondary systems as the changes are happening on the primary The process is not the periodic backup of files but is a process for continuous and immediate replication of any data changes Each site must contain identical equipment and identical copies of all programs data and documentation Hot site a fully equipped data center often housed in bunkerlike facilities that can accommodate many businesses and that is made available to client companies for a monthly subscriber fee Cold site a facility usually comprised of airconditioned space with a raised floor telephone connections and computer ports into which a subscriber can move equipment It is less costly and less responsive than a hot site Mirror site the site that maintains copies of the primary site s programs and data used for CDP Electronic vaulting a service whereby data changes are automatically transmitted over the internet on a continuous basis to an offsite server maintained by the 3rd party These are for organizations who are unwilling to maintain duplicate computer facilities but still needs CDP and contract with these 3r parties The backup data can be retrieved when needed from the electronic vault to recover from a data loss at the primary computer facility Biometric identification system although not foolproof the technology has improved dramatically in recent years leading to the widening use of such systems in practice The most common biometric devices are those that read fingerprints Biometric fingerprint identification is used to secure physical access to many types of facilities and devices such as laptops and PDAs Other Terms 0 Security officer the officer might perform a multitude of controlrelated activities such as monitoring employees network access granting security clearance for sensitive projects and working with human resources to ensure that interview practices such as thorough background checks are conducted during the hiring process 0 IT steering committee coordinates the organizational and IT strategic planning processes and reviews and approves the strategic lT plan The steering committee can provide significant help to the organization in establishing and meeting user information requirements and in ensuring the effective and efficient use of the organization s IT resources It should consist of about 7 executive from major functional area of the organization including the CIO report to senior management and meet regularly o Forced vacations a policy that requires an employee to take leave from the job and substitutes another employee in his or her place It prevents the organization s own personnel from committing acts of computer abuse fraud or theft of assets A personal security control plan It is believed that this will deter to act of fraud 0 Fidelity bond lndemnifles a company in case it suffers losses from defalcatlons committed by its employees Employees have access to cash and other negotiable assets are usually bonded Systems development life cycle SDLC the progression of information systems through the systems development process from birth through implementation to ongoing use Steps on page 261 Program change controls provide assurance that all modifications to programs are authorized and that the changes are completed tested and properly implemented Changes in documentation should mirror the changes made to the related programs Business continuity planning a process that identifies events that may threaten an organization and provides a framework to ensure that the organization will continue to operate when the threatened event occurs or will resume operations with a minimum of disruption 6 stages are on page 265 Also called disaster recovery planning contingency planning and business interruption planning Backups Periodically make a copy of important stored data programs and documentation They typically would be stored in a secure location not located near the primary facility They are often backed up to tapes or disks and may be picked up by and stored at 3rd party facilities such as those operated by SunGard After a disaster the backups are moved to sites where the organization can again resume processing Recovery the process whereby we restore the lost data and resume operations Recovery does not need to be at an alternative site Data might be lost or destroyed at a primary site that remains available for use Here we would use the backup data to restore the lost data and to resume operations Such processes are called llbackup and recovery Denialofservice attack a web site is overwhelmed by an intentional onslaught of thousands of simultaneous messages making it impossible for the attacked site to engage in its normal activities Distributed denialofservice attack uses many computers that unwittingly cooperate in a denial ofservice attack by sending messages to the target web sites Unfortunately the distributed version is more effective bc the number of computers responding multiples the number of attack messages Security module in an online environment access control software called the security module will ensure that only authorized users gains access to a system through a process of identification and authentication associate with authorized users the computing resources they are permitted to access and the action privileges they have with respect to those resources and report violation attempts Firewall to prevent unauthorized access to computer networks organizations use a firewall to block all traffic except that which is explicitly authorized Intrusiondetection system IDS After a user has accessed a network the threatmonitoring portion of the security module may employ an lDS to monitor system and network resources and activities and learn how users typically behave on the system The typical behavior is accumulated in user profiles lDSs can be used to detect attacks from outside the organization such as denialof service attacks or from inside the organization as when authorized users attempt to undertake unauthorized actions Intrusionprevention system IPS Organizations not wanting to wait until an authorized activity has occurred might employ an IPS to actively block unauthorized traffic using rules specified by the organization Library controls restrict access to data programs and documentation Library controls are provided by a librarian function a combination of people procedures and computer software that serves 2 major purposes First library controls limit the use of stored data programs and documentation to authenticated users with authorized requests Second they maintain the storage media ie disks and tapes Computer hacking and cracking reflects the intentional unauthorized access to an organization s computer system accomplished by bypassing the system s access security controls Think of these acts as illegal breaking and entering Usually a person outside the organization does the hacking or cracking Hackers are someone who gets a kick out of knowing the data of a computer system They usually do not have malicious intentions to destroy or steal rather they feel powerful and clever Crackers employ many of the same penetration techniques as hackers they do so with sinister motives that are bent on crime theft and destruction Preventive maintenance in addition to relying on the controls contained within the computer hardware organizations should perform regular preventive maintenance periodic cleaning testing and adjusting of computer equipment to ensure its continued efficient and correct operation
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'