Accounting Information Systems: Essential Concepts and Applications Fourth Edition by Wilkinson, Cerullo, Raval, and Wong-On-Wing Chapter 9: Security for Transaction/Information Processing Support Systems Slides Authored by Somnath Bhattacharya, Ph.D. Florida Atlantic University Security for Transaction Processing Systems Every firm must define, identify, and isolate frequently occurring hazards that threaten its hardware, software, data, and human resources Security measures provide day-to-day protection of computer facilities and other physical facilities, maintain the integrity and privacy of data files, and avoid serious damage or losses Security measures include those that protect physical non-computer resources, computer hardware facilities, and data/information Key Issues for Security Protection from unauthorized access Protection from disasters Protection from breakdowns and interruptions Protection from undetected access Protection from loss or improper alteration Recovery and reconstruction of lost data Establish a system to monitor the above Resources in Need of Security Measures Terminal Transmission Line Central Computer Facilities On-line Data Storage Figure 9-1 Terminal ------ = Places Needing Security Physical Assets Cash Inventory Data in File Cabinets Security for Physical NonComputer Resources - I Access controls, which restrict entry by unauthorized persons, generally to circumvent theft or vandalism, include security guards, fenced-in areas, reception areas, grounds lighting, burglar and fire exit alarms, motion detector alarms, locked doors, closed-circuit TV monitors, safes, locked cash registers, locked file cabinets, lock boxes, nonremovable property labels, close supervision of employees, etc Security for Physical NonComputer Resources - II Sprinkler systems and fireproof vaults can protect against natural disasters Preventive maintenance can protect against breakdowns and business interruptions Maintaining a corporate-wide security program and developing a written security policy, appointing a security administrator, and making security a part of the internal audit function can accomplish control objectives in an efficient and effective manner Security for Computer Hardware Facilities - I Physical access should be restricted by the use of security guards, receptionists, electronic ID cards, surveillance cameras, motion detectors, locked doors, alarms, log-in, log-out, and escorts of all visitors To protect against natural disasters, the computer facilities should be environmentally controlled, fireproofed (non-Halon-based fire extinguishers), and should include an uninterruptible power supply Other precautions include constructing water-proof floors, walls, and ceilings, water drainage facilities, under-floor water detectors, water pumps, and terrain considerations Security for Computer Hardware Facilities - II To protect against human violence such as vandalism, rioting, sabotage, etc., computers should be placed in inconspicuous locations, equipped with antimagnetic tape storage, and guarded with strict employee conduct policies A Disaster Contingency and Recovery Plan: identifies all potential threats to the computer system specifies the needed preventive security measures outlines the steps to be taken if each type of disaster actually strikes Security over Data and Information Data/Information resource includes (1) data stored in online or off-line files and databases, (2) application programs, and (3) information, both in hard-copy reports or in computer format Security measures provide protection against (1) unauthorized accesses to data and information (2) undetected accesses of data and information (3) losses or improper alterations of data and information The measures providing these protections are generally preventive and detective in nature Protection from Unauthorized Access to Data and Information - I Unauthorized access issues encompass questions of all access, and perhaps more importantly, questions regarding the degree of access for persons with some level of existing or allowable access Data and information that are confidential or critical to a firm’s operations should be physically isolated to discourage unauthorized access. Isolation includes: secured off-line and online program documentation secured storage of hard copies separate user partitions of direct-access storage media database data dictionary always under the control of the DBA live program isolation in memory through multiprogramming test program isolation from live programs and databases Protection from Unauthorized Access to Data and Information - II All attempts to access the computer system and all authorized access should be monitored so that unwarranted activity can be investigated and halted The principle of Least Privilege Access through Access Control Logs, Console Logs and Access Control Software (Passwords) facilitate the monitoring process Passwords are often tiered and coupled with other identifiers for access to critical applications These other identifiers include the hand-shaking method, and the math method Three-Level Password Security User Codes File Access Data Item Access Data Base Figure 9-4 Protection from Unauthorized Access to Data and Information - III Automatic log-outs and lockups Callback procedures Keyboard & Floppy-disk drive locks Employing automatic boot and start-up procedures Usage limitations through device authorization tables Use of encryption Private key (including PGP) Public key (RSA Public key encryption scheme) Protection from Undetected Access to Data and Information Access logs Console logs Access control software Access Control Facility 2 Resource Access Control Facility System and Program change logs monitor changes to programs, files, and controls Protection from Loss or Improper Alteration of Data and Information A Library Log will track the movement of files, programs and documentation, while a Transaction Log records individual transactions as they are entered into on-line systems Tape File Protection Rings for magnetic tape, Write-Protect Rings for diskettes, and File Labels (both internal and external) for tape (including internal header labels and internal trailer labels) or disk can prevent the loss or alteration of data and information. ROM-based program instructions Enforced serialized processing Recovery and Reconstruction of Lost Data - I All companies should backup their vital documents, files and programs and establish a recovery procedure to recreate lost data or programs These include: The GPC (the process formerly known as GFS) method for large tape-based systems A periodic dump procedure for disk-based systems (disk-based systems engage in destructive updates, and hence do not lend themselves to the GPC process) Activity logs showing data element values before and after changes Recovery and Reconstruction of Lost Data - II Reconstruction involves The Roll-Forward procedure (inclusive of the last dump and images from the activity log and transaction log) The Roll-Back procedure Use of Checkpoints Building-in Fault Tolerance through methods such as Disk Mirroring and Disk Duplexing Disaster Contingency and Recovery Planning - I A DCRP is comprised of: The Emergency Plan Prepare organization chart Determine disasters that trigger the entire DCRP or just parts of it. Conduct a risk analysis Determine responsibilities for contacting police, fire, and other agencies Determine personnel to remain at headquarters to perform vital duties Prepare maps of primary and secondary evacuation routes and post these throughout the organization Develop a method for communicating the “all clear” signal Disaster Contingency and Recovery Planning - II The Backup Plan Store duplicates of vital software, data, and records in offpremise (and if possible geographically distant) locations Identify key critical and non-critical full-time and part-time employees and temporary hires Cross-train employees Select the most appropriate type of backup system • • • • • • • manual backup system reciprocal arrangements with other firms third-party agreements with data-processing service bureaus cold sites hot sites co-operative hot sites flying hot sites Disaster Contingency and Recovery Planning - III The Recovery Plan Appoint a recovery manager and second-in-command Select and off-site facility to store backups and periodically inspect the facility Maintain liaison with insurance firms to facilitate early assessment of damage Maintain communication with customers and vendors Establish a time-table for recovery Establish a strategy to ensure the strict control of applications processed at the backup site The Test Plan The Maintenance Plan Disaster Contingency and Recovery Planning - IV Strengthening the DCRP process requires attention to the following issues: Broaden recovery plan beyond just computer operations to ensure business continuity Involve the internal audit function in all phases of contingency planning Factor-in the human element Contingency plan should address customer and vendor relations Managers and employees should be made aware of their responsibilities in the event that a disaster strikes Contingency plan should incorporate telecommunications backup Accounting Information Systems: Essential Concepts and Applications Fourth Edition by Wilkinson, Cerullo, Raval, and Wong-On-Wing Copyright © 2000 John Wiley & Sons, Inc. All rights reserved. Reproduction or translation of this work beyond that permitted in Section 117 of the 1976 United States Copyright Act without the express written permission of the copyright owner is unlawful. Request for further information should be addressed to the Permissions Department, John Wiley & Sons, Inc. The purchaser may make back-up copies for his/her own use only and not for distribution or resale. The publisher assumes no responsibility for errors, omissions, or damages, caused by the use of these programs or from the use of the information contained herein.