C HAPTER 8
advertisement
C HAPTER 8 Information Systems Controls for System Reliability Part 2: Confidentiality, Privacy, Processing Integrity, and Availability © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 1 of 138 INTRODUCTION • Questions to be addressed in this chapter include: – What controls are used to protect the confidentiality of sensitive information? – What controls are designed to protect privacy of customers’ personal information? – What controls ensure processing integrity? – What controls ensure that the system is available when needed? © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 2 of 138 INTRODUCTION • According to the Trust Services framework, reliable systems satisfy five principles: AVAILABILITY PROCESSING INTEGRITY PRIVACY CONFIDENTIALITY SYSTEMS RELIABILITY – Security (discussed in Chapter 7) – Confidentiality – Privacy – Processing integrity – Availability SECURITY © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 3 of 138 CONFIDENTIALITY AVAILABILITY PROCESSING INTEGRITY PRIVACY CONFIDENTIALITY SYSTEMS RELIABILITY Reliable systems protect confidential information from unauthorized disclosure. SECURITY © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 4 of 138 CONFIDENTIALITY • Maintaining confidentiality requires that management identify which information is confidential. • Confidential information includes sensitive data produced internally as well as that shared by business partners. • Each organization will develop its own definitions. • Most definitions will include: – – – – Business plans Pricing strategies Client and customer lists Legal documents © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 5 of 138 CONFIDENTIALITY Table 8-1 in your textbook summaries key controls to protect confidentiality of information: Situation Storage Controls Encryption and access controls Transmission Disposal Encryption Shredding, thorough erasure, physical destruction Overall Categorization to reflect value and training in proper work practices © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 6 of 138 CONFIDENTIALITY • Encryption is a fundamental control procedure for protecting the confidentiality of sensitive information. • Confidential information should be encrypted: – While stored – During transmission to trusted parties © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 7 of 138 CONFIDENTIALITY • The internet provides inexpensive transmission, but data is easily intercepted. • Encryption solves the interception issue. • If data is encrypted before sending it, a virtual private network (VPN) is created. – Provides the functionality of a privately owned network – But uses the Internet © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 8 of 138 CONFIDENTIALITY • Use of VPN software creates private communication channels, often referred to as tunnels. – The tunnels are accessible only to parties who have the appropriate encryption and decryption keys. – Cost of the VPN software is much less than costs of leasing or buying a privately-owned, secure communications network. – Also, makes it much easier to add or remove sites from the “network.” © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 9 of 138 CONFIDENTIALITY • It is critical to encrypt any sensitive information stored in devices that are easily lost or stolen, such as laptops, PDAs, cell phones, and other portable devices. – Many organizations have policies against storing sensitive information on these devices. – 81% of users admit they do so anyway. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 10 of 138 CONFIDENTIALITY • Encryption alone is not sufficient to protect confidentiality. Given enough time, many encryption schemes can be broken. • Access controls are also needed: – To prevent unauthorized parties from obtaining the encrypted data; and – Because not all confidential information can be encrypted in storage. • Strong authentication techniques are necessary. • Strong authorization controls should be used to limit the actions (read, write, change, delete, copy, etc.) that authorized users can perform when accessing confidential information. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 11 of 138 CONFIDENTIALITY • Access to system outputs should also be controlled: – Do not allow visitors to roam through buildings unsupervised. – Require employees to log out of any application before leaving their workstation unattended, so other employees do not have unauthorized access. – Workstations should use password-protected screen savers that automatically engage when there is no activity for a specified period. – Access should be restricted to rooms housing printers and fax machines. – Reports should be coded to reflect the importance of the information therein, and employees should be trained not to leave reports with sensitive information laying in plain view. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 12 of 138 CONFIDENTIALITY • It is especially important to control disposal of information resources. • Printed reports and microfilm with sensitive information should be shredded. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 13 of 138 CONFIDENTIALITY • Special procedures are needed for information stored on magnet and optical media. – Using built-in operating system commands to delete the information does not truly delete it, and utility programs will often be able to recover these files. – De-fragmenting a disk may actually create multiple copies of a “deleted” document. – Consequently, special software should be used to “wipe” the media clean by repeatedly overwriting the disk with random patterns of data (sometimes referred to as “shredding” a disk). – Magnetic disks and tapes can be run through devices to demagnetize them. – The safest alternative may be to physically destroy disks with highly sensitive data. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 14 of 138 CONFIDENTIALITY • Controls to protect confidentiality must be continuously reviewed and modified to respond to new threats created by technological advances. • Many organizations now prohibit visitors from using cell phones while touring their facilities because of the threat caused by cameras in these phones. • Because these devices are easy to hide, some organizations use jamming devices to deactivate their imaging systems while on company premises. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 15 of 138 CONFIDENTIALITY • Phone conversations have also been affected by technology. • The use of voice-over-the-Internet (VoIP) technology means that phone conversations are routed in packets over the Internet. – Because this technology makes wiretapping much easier, these packets should be encrypted. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 16 of 138 CONFIDENTIALITY • Employee use of email and instant messaging (IM) probably represents two of the greatest threats to the confidentiality of sensitive information. – Once sent, there is no way to retrieve or control its distribution. – Organizations need to develop comprehensive policies governing the appropriate and allowable use of these technologies for business purposes. – Employees need to be trained on what type of information they can and cannot share, especially with IM. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 17 of 138 CONFIDENTIALITY • Many organizations are taking steps to address the confidentiality threats created by email and IM. – One response is to mandate encryption of all email with sensitive information. – Some organizations prohibit use of freeware IM products and purchase commercial products with security features, including encryption. – Users sending emails must be trained to be very careful about the identity of their addressee. • EXAMPLE: The organization may have two employees named Allen Smith. It’s critical that sensitive information go to the correct Allen Smith. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 18 of 138 PRIVACY AVAILABILITY PROCESSING INTEGRITY PRIVACY CONFIDENTIALITY SYSTEMS RELIABILITY • In the Trust Services framework, the privacy principle is closely related to the confidentiality principle. • Primary difference is that privacy focuses on protecting personal information about customers rather than organizational data. • Key controls for privacy are the same that were previously listed for confidentiality. SECURITY © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 19 of 138 PRIVACY • A number of regulations, including the Health Insurance Portability and Accountability Act (HIPAA) and the Financial Services Modernization Act (aka, Gramm-Leach-Billey Act) require organizations to protect the privacy of customer information. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 20 of 138 PRIVACY • The Trust Services privacy framework of the AICPA and CICA lists ten internationally recognized best practices for protecting the privacy of customers’ personal information: – Management • The organization establishes a set of procedures and policies for protecting privacy of personal information it collects. • Assigns responsibility and accountability for those policies to a specific person or group. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 21 of 138 PRIVACY • The Trust Services privacy framework of the AICPA and CICA lists ten internationally recognized best practices for protecting the privacy of customers’ personal information: – Management – Notice • Provides notice about its policies and practices when it collects the information or as soon as practicable thereafter. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 22 of 138 • Describes the choices available to individuals and obtains their consent to the collection and use of their personal information. • Choices may differ across countries. • The Trust Services privacy framework of the AICPA and – U.S.—The default is “opt out,” i.e., CICA lists ten internationally recognized best practices organizations can collect personal for protecting the privacy of customers’ information personal about customers information: unless the customer explicitly objects. – Management – Europe—The default is “opt in,” – Notice i.e., they can’t collect the – Choice and consent information unless customers explicitly give them permission. • Collection – The organization collects only that information needed to fulfill the purposes stated in its privacy policies. PRIVACY © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 23 of 138 PRIVACY • The Trust Services privacy framework of the AICPA and CICA lists ten internationally recognized best practices for protecting the privacy of customers’ personal information: – – – – Management Notice Choice and consent Collection • The organization collects only that information needed to fulfill the purposes stated in its privacy policies. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 24 of 138 PRIVACY • The Trust Services privacy framework of the AICPA and CICA lists ten internationally recognized best practices for protecting the privacy of customers’ personal information: – – – – – Management Notice Choice and consent Collection Use and retention • The organization uses its customers’ personal information only according to stated policy and retains that information only as long as needed. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 25 of 138 PRIVACY • The Trust Services privacy framework of the AICPA and CICA lists ten internationally recognized best practices for protecting the privacy of customers’ personal information: – – – – – – Management Notice Choice and consent Collection Use and retention • The organization provides individuals Access with the ability to access, review, correct, and delete the personal information stored about them. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 26 of 138 PRIVACY • The Trust Services privacy framework of the AICPA and CICA lists ten internationally recognized best practices for protecting the privacy of customers’ personal information: – – – – – – – Management Notice • The organization discloses customers’ personal information to third parties Choice and consent only per stated policy and only to third Collection parties who provide equivalent Use and retention protection. Access Disclosure to Third Parties © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 27 of 138 • The organization takes reasonable steps to protect customers’ personal information from loss or unauthorized disclosure. • Issues that are sometimes overlooked: – Disposal of computer equipment • Should follow the suggestions presented on section regarding • The protection Trust Services privacy framework of the AICPA and of confidentiality. –CICA Emaillists ten internationally recognized best practices for•protecting privacy of customers’ If you sendthe emails to a list of recipients,personal each recipient information: typically knows who the other recipients are. – •Management If the email regards a private issue, e.g., perhaps it pertains to their AIDS treatment, then the privacy of all recipients has – Notice been violated. – Choice and consent One remedy might be to address the recipients on the “bcc” – •Collection line of the email, rather than as original addresses. – Use and retention – Release of electronic documents. – Access • When physical documents are exchanged, sometimes – Disclosure to Third Parties portions are blacked out (redacted) to protect privacy. – Security • Similar procedures are needed for the exchange of electronic documents. PRIVACY © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 28 of 138 PRIVACY • The Trust Services privacy framework of the AICPA and CICA lists ten internationally recognized best practices for protecting the privacy of customers’ personal information: – – – – – – – – – Management Notice Choice and consent Collection Use and retention Access Disclosure to Third Parties Security • The organization maintains the integrity of its customers’ personal Quality information. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 29 of 138 PRIVACY • The Trust Services privacy framework of the AICPA and CICA lists ten internationally recognized best practices for protecting the privacy of customers’ personal information: – – – – – – – – – – Management Notice • The organization assigns one or more Choice and consent employees to be responsible for Collection assuring and verifying compliance Use and retention with its stated policies. Access • Also provides for procedures to respond to customer complaints, Disclosure to Third Parties including third-party disputeSecurity resolution processes. Quality Monitoring and enforcement © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 30 of 138 PRIVACY • As with confidentiality, encryption and access controls are the two basic mechanisms for protecting consumers’ personal information. – It is common practice to use SSL to encrypt all personal information transmitted between individuals and the organization’s website. – However, SSL only protects the information in transit. – Consequently, strong authentication controls are needed to restrict website visitors’ access to individual accounts. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 31 of 138 PRIVACY • Organizations should consider encrypting customers’ personal information in storage. – May be economically justified, because some state laws require companies to notify all customers of security incidents. – The notification process is costly but may be waived if the information was encrypted while in storage. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 32 of 138 PRIVACY • Concerns about privacy appear to be increasing. One topic of concern is cookies. – A cookie is a text file created by a website and stored on a visitor’s hard drive. It records what the visitor has done on the site. – Most websites create multiple cookies per visit to make it easier for visitors to navigate the site. – Browsers can be configured to refuse cookies, but it may make the website inaccessible. – Cookies are text files and cannot “do” anything other store information, but many people worry that they violate privacy rights. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 33 of 138 PRIVACY • A related concern involves the overwhelming volume of spam. – Spam is unsolicited email that contains either advertising or offensive content. • Reduces the efficiency benefits of email. • Is a source of many viruses, worms, spyware, and other malicious content. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 34 of 138 PRIVACY • In 2003, the U.S. Congress passed the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act. – Provides criminal and civil penalties for violation of the law. – Applies to commercial email, which is any email with a primary purpose of advertising or promotion. – Covers most legitimate email sent by organizations to customers, suppliers, or donors to non-profits. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 35 of 138 PRIVACY • Consequently, organizations must carefully follow the CAN-SPAM guidelines, which include: – The sender’s identity must be clearly displayed in the message header. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 36 of 138 PRIVACY • Consequently, organizations must carefully follow the CAN-SPAM guidelines, which include: – The sender’s identity must be clearly displayed in the message header. – The subject field in the header must clearly identify the message as an advertisement or solicitation. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 37 of 138 PRIVACY • Consequently, organizations must carefully follow the CAN-SPAM guidelines, which include: – The sender’s identity must be clearly displayed in the message header. – The subject field in the header must clearly identify the message as an advertisement or solicitation. – The body must provide recipients with a working link that can be used to “opt out” of future email. • Organizations have 10 days after receipt of an “opt out” request to ensure they do not send additional unsolicited email to that address. • Means someone must be assigned responsibility for processing these requests. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 38 of 138 PRIVACY • Consequently, organizations must carefully follow the CAN-SPAM guidelines, which include: – The sender’s identity must be clearly displayed in the message header. – The subject field in the header must clearly identify the message as an advertisement or solicitation. – The body must provide recipients with a working link that can be used to “opt out” of future email. – The body must include the sender’s valid postal address. • Best practice (not required) would be to provide full street address, telephone, and fax numbers. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 39 of 138 PRIVACY • Consequently, organizations must carefully follow the CAN-SPAM guidelines, which include: – The sender’s identity must be clearly displayed in the message header. – The subject field in the header must clearly identify the message as an advertisement or solicitation. – The body must provide recipients with a working link that can be used to “opt out” of future email. – The body must include the sender’s valid postal address. – Organizations should not: • Send email to randomly generated addresses. • Set up websites designed to harvest email addresses of potential customers. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 40 of 138 PRIVACY • Experts recommend that organizations redesign their own websites to include a visible means for visitors to “opt in” to receive email. • The AICPA and CICA have developed a privacy framework that provides detailed information on how organizations can comply with CAN-SPAM and other domestic and international regulations. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 41 of 138 PRIVACY • Organizations need to train employees on how to manage personal information collected from customers. – Especially important for medical and financial information. – Intentional misuse or unauthorized disclosure can have serious economic consequences, including: • Drop in stock price • Significant lawsuits • Government suspension of the organization’s business activity © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 42 of 138 PRIVACY • Another privacy-related issue that is of growing concern is identity theft. – Organizations have an ethical and moral obligation to implement controls to protect databases that contain their customers’ personal information. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 43 of 138 PRIVACY • Steps that individuals can take to minimize the risk of becoming a victim of identity theft include: – Shred all documents that contain personal information, especially unsolicited credit card offers. Cross-cut shredders are more effective. – Never send personally identifying information in unencrypted email. – Beware of email, phone, and print requests to “verify” personal information that the requesting party should already possess. • Credit card companies won’t ask for your security code. • The IRS won’t email you for identifying information in response to an audit. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 44 of 138 PRIVACY – Do not carry your social security card with you or comply with requests to reveal the last 4 digits. – Limit the amount of identifying information preprinted on checks and consider eliminating it. – Do not place outgoing mail with checks or personal information in your mailbox for pickup. – Don’t carry more than a few blank checks with you. – Use special software to thoroughly clean any digital media before disposal, or physically destroy the media. It is especially important to thoroughly erase or destroy hard drives before donating or disposing of equipment. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 45 of 138 PRIVACY – Monitor your credit reports regularly. – File a police report as soon as you discover that your purse or wallet was stolen. – Make photocopies of driver’s licenses, passports, and credit cards. Store them with phone numbers for all the credit cards in a safe location to facilitate notifying authorities if they are stolen. – Immediately cancel any lost or stolen credit cards. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 46 of 138 PROCESSING INTEGRITY AVAILABILITY PROCESSING INTEGRITY PRIVACY CONFIDENTIALITY SYSTEMS RELIABILITY • A reliable system produces information that is accurate, timely, reflects results of only authorized transactions, and includes outcomes of all activities engaged in by the organization during a given period of time. • Requires controls over both data input quality and the processing of the data. SECURITY © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 47 of 138 PROCESSING INTEGRITY • Five categories of integrity controls are designed to meet the preceding objectives: – Source data controls – Data entry controls – Processing controls – Data transmission controls – Output controls © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 48 of 138 PROCESSING INTEGRITY • Five categories of integrity controls are designed to meet the preceding objectives: – Source data controls – Data entry controls – Processing controls – Data transmission controls – Output controls © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 49 of 138 PROCESSING INTEGRITY • Source Data Controls – If the data entered into a system is inaccurate or incomplete, the output will be, too. (Garbage in garbage out.) – Companies must establish control procedures to ensure that all source documents are authorized, accurate, complete, properly accounted for, and entered into the system or sent to their intended destination in a timely manner. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 50 of 138 PROCESSING INTEGRITY • The following source data controls regulate integrity of input: – Forms design • Source documents and other forms should be designed to help ensure that errors and omissions are minimized (Chapter 18). © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 51 of 138 PROCESSING INTEGRITY • The following source data controls regulate integrity of input: – Forms design – Pre-numbered forms sequence test • Pre-numbering helps verify that no items are missing. • When sequentially pre-numbered source data documents are used, the system should be programmed to identify and report missing or duplicate form numbers. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 52 of 138 PROCESSING INTEGRITY • The following source data controls regulate integrity of input: – Forms design – Pre-numbered forms sequence test – Turnaround documents • Documents sent to external parties that are prepared in machine-readable form to facilitate their subsequent processing as input records. • Example: the stub that is returned by a customer when paying a utility bill. • Are more accurate than manually-prepared input records. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 53 of 138 PROCESSING INTEGRITY • Documents that have been entered should be • canceled – Paper documents are stamped “paid” or The following source data controls regulate otherwise defaced – Ainput: flag field is set on electronic documents. integrity of • Canceling – Forms design documents does not mean destroying documents. – Pre-numbered forms sequence test • They should be retained as long as needed to satisfy – Turnaround documents legal and regulatory requirements. – Cancellation and storage of documents © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 54 of 138 PROCESSING INTEGRITY • The following source data controls regulate integrity of input: – – – – – Forms design Pre-numbered forms sequence test Turnaround documents Cancellation and storage of documents Authorization and segregation of duties • Source documents should be prepared only by authorized personnel acting within their authority. • Employees who authorize documents should not be assigned incompatible functions. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 55 of 138 PROCESSING INTEGRITY • The following source data controls regulate integrity of input: – – – – – – Forms design Pre-numbered forms sequence test Turnaround documents Cancellation and storage of documents Authorization and segregation of duties Visual scanning • Documents should be scanned for reasonableness and propriety. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 56 of 138 PROCESSING INTEGRITY • The following source data controls regulate • An additional digit called a check digit can be integrity appended of input:to account numbers, policy numbers, ID – – – – – – – Forms numbers, design etc. • Data entry devices then perform check digit Pre-numbered forms sequence test digits in the number verification by using the original to recalculate the check digit. Turnaround documents • If the recalculated check digit does not match the Cancellation and storage of documents digit recorded on the source document, that result Authorization and duties suggests thatsegregation an error wasof made in recording or the number. Visual entering scanning Check digit verification © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 57 of 138 PROCESSING INTEGRITY • The following source data controls regulate integrity of input: – – – – – – – – Forms design Pre-numbered forms sequence test Turnaround • Many documents businesses are replacing bar codes and manual tags with radio frequency identification (RFID) tags Cancellation and storage of documents that can store up to 128 bytes of data. Authorization and segregation of duties • These tags should be write-protected so that Visual scanning unscrupulous customers cannot change price on merchandise. Check information digit verification RFID security © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 58 of 138 PROCESSING INTEGRITY • Five categories of integrity controls are designed to meet the preceding objectives: – Source data controls – Data entry controls – Processing controls – Data transmission controls – Output controls © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 59 of 138 PROCESSING INTEGRITY • Once data is collected, data entry control procedures are needed to ensure that it’s entered correctly. Common tests to validate input include: – Field check • Determines if the characters in a field are of the proper type. • Example: The characters in a social security field should all be numeric. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 60 of 138 PROCESSING INTEGRITY • Once data is collected, data entry control procedures are needed to ensure that it’s entered correctly. Common tests to validate input include: – Field check – Sign check • Determines if the data in a field have the appropriate arithmetic sign. • Example: The number of hours a student is enrolled in during a semester could not be a negative number. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 61 of 138 PROCESSING INTEGRITY • Once data is collected, data entry control procedures are needed to ensure that it’s entered correctly. Common tests to validate input include: – Field check – Sign check – Limit check • Tests whether an amount exceeds a predetermined value. • Example: A university might use a limit check to make sure that the hours a student is enrolled in do not exceed 21. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 62 of 138 PROCESSING INTEGRITY • Once data is collected, data entry control procedures are needed to ensure that it’s entered correctly. Common tests to validate input include: – – – – Field check Sign check Limit check Range check • Similar to a field check, but it checks both ends of a range. • Example: Perhaps a wage rate is checked to ensure that it does not exceed $15 and is not lower than the minimum wage rate. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 63 of 138 PROCESSING INTEGRITY • Once data is collected, data entry control procedures are needed to ensure that it’s entered correctly. Common tests to validate input include: – – – – – Field check Sign check Limit check Range check Size (or capacity) check • Ensures that the data will fit into the assigned field. • Example: A social security number of 10 digits would not fit in the 9-digit social security field. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 64 of 138 PROCESSING INTEGRITY • Once data is collected, data entry control procedures are needed to ensure that it’s entered correctly. Common tests to validate input include: – – – – – – Field check Sign check Limit check Range check Size (or capacity) check Completeness check • Determines if all required items have been entered. • Example: Has the student’s billing address been entered along with enrollment details? © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 65 of 138 PROCESSING INTEGRITY • Once data is collected, data entry control procedures are needed to ensure that it’s entered correctly. Common tests to validate input include: – – – – – – – Field check Sign check Limit check Range check Size (or capacity) check Completeness check Validity check • Compares the value entered to a file of acceptable values. • Example: Does the state code entered for an address match one of the 50 valid state codes? © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 66 of 138 PROCESSING INTEGRITY • Once data is collected, data entry control procedures are needed to ensure that it’s entered correctly. Common tests to validate input include: – – – – – – – – Field check Sign check Limit check Range • check Determines whether a logical relationship seems to Size (or be capacity) check correct. Completeness check • Example: A freshman with annual financial aid of $60,000 is probably not reasonable. Validity check Reasonableness test © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 67 of 138 PROCESSING INTEGRITY • The preceding tests are used for batch processing and online real-time processing. • Both processing approaches also have some additional controls that are unique to each approach. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 68 of 138 PROCESSING INTEGRITY • Additional Batch Processing Data Entry Controls – In addition to the preceding controls, when using batch processing, the following data entry controls should be incorporated. • Sequence check • Tests whether the data is in the proper numerical or alphabetical sequence. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 69 of 138 PROCESSING INTEGRITY • Records information about data input or processing errors (when they occurred, cause, when they were corrected and resubmitted). • Errors should be investigated, corrected, and resubmitted on a timely basis (usually with the next Controls batch) and subjected to the same input validation – In addition to the preceding controls, when routines. • batch The log processing, should be reviewed ensure using the periodically following to data that all errors have been corrected and then used to entry controls should be incorporated. prepare an error report, summarizing errors by record • Sequence check type, error type, cause, and disposition. • Additional Batch Processing Data Entry • Error log © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 70 of 138 PROCESSING INTEGRITY • Summarize key values for a batch of input records. Commonly used batch totals include: – Financial totals—sums of fields that contain dollar values, such as total sales. Controls– Hash totals—sums of nonfinancial fields, such as the sum of all social security numbers of – In addition to the preceding employees being paid. controls, when using batch processing, the following data – Record count—count of the number of records in a batch. entry controls should be incorporated. • These batch totals are calculated and recorded when • Sequence check data is entered and used later to verify that all input • Errorwas log processed correctly. • Additional Batch Processing Data Entry • Batch totals © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 71 of 138 PROCESSING INTEGRITY • Additional online data entry controls – Online processing data entry controls include: • Automatic entry of data • Whenever possible, the system should automatically enter transaction data, such as next available document number or new ID number. • Saves keying time and reduces errors. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 72 of 138 PROCESSING INTEGRITY • Additional online data entry controls – Online processing data entry controls include: • Automatic entry of data • Prompting • System requests each input item and waits for an acceptable response. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 73 of 138 PROCESSING INTEGRITY • Additional online data entry controls – Online processing data entry controls include: • Automatic entry of data • Prompting • Pre-formatting • Fields that need to be completed are highlighted. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 74 of 138 PROCESSING INTEGRITY • Additional online data entry controls – Online processing data entry controls include: • • • • Automatic entry of data Prompting Pre-formatting Closed-loop verification • Checks accuracy of input data by retrieving related information. • Example: When a customer’s account number is entered, the associated customer’s name is displayed on the screen so the user can verify that entries are being made for the correct account. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 75 of 138 • Maintains a detailed record of all transaction data, including: – A unique transaction identifier – Date and time of entry – Terminal from which entry is made – Transmission line Online processing data entry controls include: – Operator identification • Automatic entry of in data – Sequence which transaction is entered • The log can be used to reconstruct a file that is • Prompting damaged or can be used to ensure transactions are • Pre-formatting not lost or entered twice if a malfunction shuts down the system. • Closed-loop verification PROCESSING INTEGRITY • Additional online data entry controls – • Transaction logs © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 76 of 138 PROCESSING INTEGRITY • Additional online data entry controls – Online processing data entry controls include: • • • • • • Automatic entry of data Prompting Pre-formatting Closed-loop verification Transaction logs Error messages • Should indicate when an error occurred, which item, and how it should be corrected. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 77 of 138 PROCESSING INTEGRITY • Five categories of integrity controls are designed to meet the preceding objectives: – Source data controls – Data entry controls – Processing controls – Data transmission controls – Output controls © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 78 of 138 PROCESSING INTEGRITY • Processing Controls – Processing controls to ensure that data is processed correctly include: • Data matching • Two or more items must match before processing can proceed. • Example: The quantity billed on the vendor invoice must match the quantity ordered on the purchase order and the quantity received on the receiving report. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 79 of 138 PROCESSING INTEGRITY • Processing Controls – Processing controls to ensure that data is processed correctly include: • Data matching • File labels • External labels should be checked visually to ensure the correct and most current files are being updated. • There are also two important types of internal labels to be checked. – The header record, located at the beginning of each file, contains the file name, expiration date, and other identification data. – The trailer record at the end of the file contains the batch totals calculated during input. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 80 of 138 • Batch totals should be recomputed as processing takes place. • These totals should be compared to the totals in the trailer record. • Discrepancies indicate processing errors, such as: – If the recomputed record count is smaller than the original count, one or more records were not processed. – If the recomputed record count is larger than the original, then unauthorized transactions were processed –additional Processing controls to ensure that data isor some authorized transactions were processed twice. processed correctly include: – If the discrepancy between totals is evenly divisible by 9, there • Data matching was probably a transposition error (two adjacent digits were reversed). • File labels PROCESSING INTEGRITY • Processing Controls • Recalculation of batch totals © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 81 of 138 PROCESSING INTEGRITY • Processing Controls – Processing controls to ensure that data is processed correctly include: • • • • Data matching File labels Recalculation of batch totals Cross-footing balance test • Compares arithmetic results produced by two different methods to verify accuracy. • EXAMPLE: Compute the sum of column totals in a spreadsheet and compare it to a sum of the row totals. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 82 of 138 PROCESSING INTEGRITY • Processing Controls – Processing controls to ensure that data is processed correctly include: • • • • • Data matching File labels Recalculation of batch totals Cross-footing balance test Write-protection mechanisms • Protect against accidental writing over or erasing of data files but are not foolproof. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 83 of 138 PROCESSING INTEGRITY • Database systems use database administrators, data dictionaries, and concurrent update controls to ensure controls processingto integrity. Processing ensure that data is • The administrator establishes and enforces processed correctly include: procedures for accessing and updating the database. • Data matching • The data dictionary ensures that data items are defined and used consistently. • File labels • Concurrent update controls protect records from • Recalculation of batch totals being updated by two users simultaneously. • Cross-footing balance testuntil the other has finished – Locks one user out processing. • Write-protection mechanisms • Processing Controls – • Database processing integrity procedures © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 84 of 138 PROCESSING INTEGRITY • Processing Controls – Processing controls to ensure that data is • Whencorrectly changing systems, data from old files and processed include: • • • • • • • databases are entered into new data structures. Data matching • Conversion controls help ensure that the new data File labels storage media are free of errors. • Old and new should be run in parallel at Recalculation of systems batch totals least once and results compared to identify Cross-footing balance test discrepancies. Write-protection mechanisms • Internal auditors should review data conversion processes for accuracy. Database processing integrity procedures Data conversion controls © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 85 of 138 PROCESSING INTEGRITY • Five categories of integrity controls are designed to meet the preceding objectives: – Source data controls – Data entry controls – Processing controls – Data transmission controls – Output controls © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 86 of 138 PROCESSING INTEGRITY • Data Transmission Controls – In addition to using encryption to protect the confidentiality of information being transmitted, organizations need controls to minimize the risk of data transmission errors. – When the receiving unit detects a data transmission error, it asks the sending unit to re-send. Usually done automatically. – Sometimes, the system may not be able to accomplish automatic resubmission and will ask the sender to re-transmit the data. – Two basic types of data transmission controls: • Parity checking • Message acknowledgment techniques © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 87 of 138 PROCESSING INTEGRITY • Data Transmission Controls – In addition to using encryption to protect the confidentiality of information being transmitted, organizations need controls to minimize the risk of data transmission errors. – When the receiving unit detects a data transmission error, it asks the sending unit to re-send. Usually done automatically. – Sometimes, the system may not be able to accomplish automatic resubmission and will ask the sender to re-transmit the data. – Two basic types of data transmission controls: • Parity checking • Message acknowledgment techniques © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 88 of 138 PROCESSING INTEGRITY • Parity checking – Computers represent characters as a set of binary digits (bits). – For example, “5” is represented by the seven-bit pattern 0000101. – When data are transmitted some bits may be lost or received incorrectly. – Two basic schemes to detect these events are referred to as even parity and odd parity. – In either case, an additional bit is added to the digit being transmitted. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 89 of 138 PROCESSING INTEGRITY – In even parity, the parity bit is set so that each character has an even number of bits with the value 1. – In odd parity, the objective is that an odd number of bits should have the value 1. – The pattern for 5 is 0000101. This pattern has two bits (an even number) with a value of 1. Therefore, the parity bit that is added would be zero if we were using even parity and 1 if we were using odd parity. – The receiving device performs parity checking to verify that the proper number of bits set to one in each character received. – Additional accuracy can be achieved with more complex parity schemes. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 90 of 138 PROCESSING INTEGRITY • Data Transmission Controls – In addition to using encryption to protect the confidentiality of information being transmitted, organizations need controls to minimize the risk of data transmission errors. – When the receiving unit detects a data transmission error, it asks the sending unit to re-send. Usually done automatically. – Sometimes, the system may not be able to accomplish automatic resubmission and will ask the sender to re-transmit the data. – Two basic types of data transmission controls: • Parity checking • Message acknowledgment techniques © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 91 of 138 PROCESSING INTEGRITY • When data are transmitted, the system calculates a summary statistic such as the number of bits in the message. A number of message acknowledgment • The receiving unit performs the same calculation (an techniques can and be sends usedthe to result let the sender ofunit. “echo check”) to the sending an• electronic know that isapresumed message If the countsmessage match, the transmission wasaccurate. received: • Message Acknowledgment Techniques – • Echo check © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 92 of 138 PROCESSING INTEGRITY • Message Acknowledgment Techniques – A number of message acknowledgment techniques can be used to let the sender of an electronic message know that a message was received: • Echo check • Trailer record • The sending unit stores control totals in a trailer record. • The receiving unit uses the information in those totals to verify the entire message was received. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 93 of 138 PROCESSING INTEGRITY • Message Acknowledgment Techniques – A number of message acknowledgment techniques can be used to let the sender of an electronic message know that a message was received: • Echo check • Trailer record • Numbered batches • If a large message is transmitted in segments, each can be numbered sequentially. • The receiving unit uses those numbers to properly assemble the segments. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 94 of 138 PROCESSING INTEGRITY • Five categories of integrity controls are designed to meet the preceding objectives: – Source data controls – Data entry controls – Processing controls – Data transmission controls – Output controls © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 95 of 138 PROCESSING INTEGRITY • Output Controls – Careful checking of system output provides additional control over processing integrity. – Output controls include: • User review of output • Users carefully examine output for reasonableness, completeness, and to assure they are the intended recipient. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 96 of 138 PROCESSING INTEGRITY • Output Controls – Careful checking of system output provides additional control over • Periodically, all transactions and other system updates processing integrity. should be reconciled to control reports, file status/update or other control mechanisms. – Output controlsreports, include: • Control accounts should also be reconciled to User reviewaccount of output subsidiary totals. • • Reconciliation procedures © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 97 of 138 PROCESSING INTEGRITY • Output Controls – Careful checking of system output provides additional control over processing integrity. • Database totals should periodically be reconciled with data – Output controls maintained outsideinclude: the system. • EXAMPLE: Compare number of employee records in the (Excess • User review of output payroll file to number in the human resources file. records in payroll suggests a “ghost” employee.) • Reconciliation procedures • External data reconciliation © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 98 of 138 AVAILABILITY AVAILABILITY PROCESSING INTEGRITY PRIVACY CONFIDENTIALITY SYSTEMS RELIABILITY • Reliable systems are available for use whenever needed. • Threats to system availability originate from many sources, including: – – – – – Hardware and software failures Natural and man-made disasters Human error Worms and viruses Denial-of-service attacks and other sabotage SECURITY © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 99 of 138 AVAILABILITY • Proper controls can minimize the risk of significant system downtime caused by the preceding threats. • It is impossible to totally eliminate all threats. • Consequently, organizations must develop disaster recovery and business continuity plans to enable them to quickly resume normal operations after such an event. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 100 of 138 AVAILABILITY • Minimizing Risk of System Downtime – Loss of system availability can cause significant financial losses, especially if the system affected is essential to e-commerce. – Organizations can take a variety of steps to minimize the risk of system downtime. • Physical and logical access controls (Chapter 7) can reduce the risk of successful denial-of-service attacks. • Good computer security reduces risk of theft or sabotage of IS resources. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 101 of 138 AVAILABILITY – Preventive maintenance can reduce risk of hardware and software failure. Examples: • Cleaning disk drivers • Properly storing magnetic and optical media – Use of redundant components can provide fault tolerance, which enables the system to continue functioning despite failure of a component. Examples of redundant components: • Dual processors • Arrays of multiple hard drives. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 102 of 138 AVAILABILITY – Surge protection devices provide protection against temporary power fluctuations. – An uninterruptible power supply (UPS) provides protection from a prolonged power outage and buys the system enough time to back up critical data and shut down safely. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 103 of 138 AVAILABILITY • Risks associated with natural and man-made disasters can be reduced with proper location and design of rooms housing mission-critical servers and databases. – Raised floors protect from flood damage. – Fire protection and suppression devices reduce likelihood of fire damage. – Adequate air conditioning reduces likelihood of damage from over-heating or humidity. – Cables with special plugs that cannot be easily removed reduce risk of damage due to accidentally unplugging. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 104 of 138 AVAILABILITY • Training is especially important. – Well-trained operators are less likely to make mistakes and more able to recover if they do. – Security awareness training, particularly concerning safe email and web-browsing practices, can reduce risk of virus and worm infection. • Anti-virus software should be installed, run, and kept current. • Email should be scanned for viruses at both the server and desktop levels. • Newly acquired software and disks, CDs, or DVDs should be scanned and tested first on a machine that is isolated from the main network. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 105 of 138 AVAILABILITY • Disaster Recovery and Business Continuity Planning – Disaster recovery and business continuity plans are essential if an organization hopes to survive a major catastrophe. – Being without an IS for even a short period of time can be quite costly—some report as high as half a million dollars per hour. – Yet many large U.S. companies do not have adequate disaster recovery and business continuity plans. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 106 of 138 AVAILABILITY • The objectives of a disaster recovery and business continuity plan are to: – Minimize the extent of the disruption, damage, and loss – Temporarily establish an alternative means of processing information – Resume normal operations as soon as possible – Train and familiarize personnel with emergency operations © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 107 of 138 AVAILABILITY • Key components of effective disaster recovery and business continuity plans include: – Data backup procedures – Provisions for access to replacement infrastructure (equipment, facilities, phone lines, etc.) – Thorough documentation – Periodic testing – Adequate insurance © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 108 of 138 AVAILABILITY • Key components of effective disaster recovery and business continuity plans include: – Data backup procedures – Provisions for access to replacement infrastructure (equipment, facilities, phone lines, etc.) – Thorough documentation – Periodic testing – Adequate insurance © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 109 of 138 AVAILABILITY • Data Backup Procedures – Data need to be backed up regularly and frequently. – A backup is an exact copy of the most current version of a database, file, or software program. It is intended for use in the event of a hardware or software failure. – The process of installing the backup copy for use is called restoration. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 110 of 138 AVAILABILITY • Several different backup procedures exist. – A full backup is an exact copy of the data recorded on another physical media (tape, magnetic disk, CD, DVD, etc.) – Restoration involves bringing the backup copy online. – Full backups are time consuming, so most organizations: • Do full backups weekly • Supplement with daily partial backups. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 111 of 138 AVAILABILITY • Two types of partial backups are possible: – Incremental backup • Involves copying only the data items that have changed since the last backup. • Produces a set of incremental backup files, each containing the results of one day’s transactions. • Restoration: – First load the last full backup. – Then install each subsequent incremental backup in the proper sequence. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 112 of 138 AVAILABILITY • Two types of partial backups are possible: – Incremental backup – Differential backup • All changes made since the last full backup are copied. • Each new differential backup file contains the cumulative effects of all activity since the last full backup. • Will normally take longer to do the backup than when incremental backup is used. • Restoration: – First load the last full backup. – Then install the most recent differential backup file. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 113 of 138 AVAILABILITY • Incremental and differential backups are both made daily. – Additional intra-day backups are often made for mission-critical databases. – Periodically, the system makes a copy of the database at that point in time, called a checkpoint, and stores the copy on backup media. – If a hardware or software fault interrupts processing, the checkpoint is used to restart the system. – The only transactions that need to be reprocessed are those that occurred since the last checkpoint. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 114 of 138 AVAILABILITY • Whichever backup procedure is used, multiple backup copies should be created: – One can be stored on-site for use in minor incidents. – At least one additional copy should be stored off-site to be safe should a disaster occur © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 115 of 138 AVAILABILITY • The offsite copies can be transported to remote storage physically or electronically. – The same security controls should apply as to original copies. • Sensitive data should be encrypted in storage and during transmission. • Access to the backup files should be carefully controlled and monitored. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 116 of 138 AVAILABILITY • Backups are retained for only a fixed period of time. • An archive is a copy of a database, master file, or software that will be retained indefinitely as an historical record, usually to satisfy legal and regulatory requirements. • Multiple copies of archives should be made and stored in different locations. • Appropriate security controls should also be applied to these files. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 117 of 138 AVAILABILITY • Special attention should be paid to email, because it has become an important archive of organizational behavior and information. • Access to email is often important when companies are embroiled in lawsuits. • Organizations may be tempted to adopt a policy of periodically deleting all email to prevent a plaintiff’s attorney from finding a “smoking gun.” © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 118 of 138 AVAILABILITY • Most experts advise against such policies and recommend that organizations include email in their backup and archive procedures because: – There are likely to be copies of the email stored in locations outside the organization. – Such a policy would mean that the organization would not be able to tell its side of the story. – Also, courts have sanctioned companies for failing to provide timely access to email. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 119 of 138 AVAILABILITY • Key components of effective disaster recovery and business continuity plans include: – Data backup procedures – Provisions for access to replacement infrastructure (equipment, facilities, phone lines, etc.) – Thorough documentation – Periodic testing – Adequate insurance © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 120 of 138 AVAILABILITY • Infrastructure Replacement – Major disasters can totally destroy an organization’s information processing center or make it inaccessible. – A key component of disaster recovery and business continuity plans incorporates provisions for replacing the necessary computing infrastructure, including: • • • • • Computers Network equipment and access Telephone lines Office equipment Supplies – It may even be necessary to hire temporary staff. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 121 of 138 • The least expensive approach. • The organization enters into an agreement with another organization that uses similar equipment to have temporary access to and use of their information system resources in the event of a disaster. • Effective solutions for disasters of limited duration and magnitude, especially for small organizations. • Not optimal in major disasters as: – The host organization may also be affected. – The host also needs the resources. AVAILABILITY • Organizations have three basic options for replacing computer and networking equipment. – Reciprocal agreements © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 122 of 138 AVAILABILITY • Organizations have three basic options for replacing computer and networking equipment. – Reciprocal agreements – Cold sites • An empty building is purchased or leased and pre-wired for necessary telephone and Internet access. • Contracts are created with vendors to provide all necessary computer and office equipment within a specified period of time. • Still leaves the organization without use of the IS for a period of time. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 123 of 138 AVAILABILITY • Organizations have three basic options for replacing computer and networking equipment. • Most expensive solution but used by organizations like financial institutions and airlines which cannot survive any appreciable time without there IS. • The hot site is a facility that is pre-wired for phone and Internet (like the cold site) but also contains the essential computing and office equipment. • It is a backup infrastructure designed to provide fault tolerance in Cold the–event of asites major disaster. – Reciprocal agreements – Hot sites © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 124 of 138 AVAILABILITY • Key components of effective disaster recovery and business continuity plans include: – Data backup procedures – Provisions for access to replacement infrastructure (equipment, facilities, phone lines, etc.) – Thorough documentation – Periodic testing – Adequate insurance © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 125 of 138 AVAILABILITY • Documentation – An important and often overlooked component. Should include: • The disaster recovery plan itself, including instructions for notifying appropriate staff and the steps to resume operation, needs to be well documented. • Assignment of responsibility for the various activities. • Vendor documentation of hardware and software. • Documentation of modifications made to the default configuration (so replacement will have the same functionality). • Detailed operating instructions. – Copies of all documentation should be stored both on-site and off-site. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 126 of 138 AVAILABILITY • Key components of effective disaster recovery and business continuity plans include: – Data backup procedures – Provisions for access to replacement infrastructure (equipment, facilities, phone lines, etc.) – Thorough documentation – Periodic testing – Adequate insurance © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 127 of 138 AVAILABILITY • Testing – Periodic testing and revision is probably the most important component of effective disaster recovery and business continuity plans. • Most plans fail their initial test, because it’s impossible to anticipate everything that could go wrong. • The time to discover these problems is before the actual emergency and in a setting where the weaknesses can be carefully analyzed and appropriate changes made. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 128 of 138 AVAILABILITY • Plans should be tested on at least an annual basis to ensure they reflect recent changes in equipment and procedures. – Important to test procedures involved in executing reciprocal agreements or hot or cold sites. – Backup restoration procedures also require practice. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 129 of 138 AVAILABILITY • Brainstorming sessions involving mock scenarios can be effective in identifying gaps and shortcomings. – More realistic and detailed simulations or drills should also be performed, although not to the expense of completely performing every activity. – Experts recommend testing individual components of the plans separately, because it is too difficult and costly to simulate and analyze every aspect simultaneously. • The plan documentation needs to be updated to reflect any changes in procedure made in response to problems identified during testing. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 130 of 138 AVAILABILITY • Key components of effective disaster recovery and business continuity plans include: – Data backup procedures – Provisions for access to replacement infrastructure (equipment, facilities, phone lines, etc.) – Thorough documentation – Periodic testing – Adequate insurance © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 131 of 138 AVAILABILITY • Insurance – Organizations should acquire adequate insurance coverage to defray part or all of the expenses associated with implementing their disaster recovery and business continuity plans. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 132 of 138 CHANGE MANAGEMENT CONTROLS • Organizations constantly modify their information systems to reflect new business practices and to take advantage of advances in IT. • Controls are needed to ensure such changes don’t negatively impact reliability. • Existing controls related to security, confidentiality, privacy, processing integrity, and availability should be modified to maintain their effectiveness after the change. • Change management controls need to ensure adequate segregation of duties is maintained in light of the modifications to the organizational structure and adoption of new software. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 133 of 138 CHANGE MANAGEMENT CONTROLS • Important change management controls include: – All change requests should be documented in a standard format that identifies: • Nature of the change • Reason for the change • Date of the request – All changes should be approved by appropriate levels of management. • Approvals should be clearly documented to provide an audit trail. • Management should consult with the CSO and other IT managers about impact of the change on reliability. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 134 of 138 CHANGE MANAGEMENT CONTROLS – Changes should be thoroughly tested prior to implementation. • Includes assessing effect of change on all five principles of systems reliability. • Should occur in a separate, non-production environment. – All documentation (program instructions, system descriptions, backup and disaster recovery plans) should be updated to reflect authorized changes to the system. – “Emergency” changes or deviations from policy must be documented and subjected to a formal review and approval process as soon after implementation as practicable. All such actions should be logged to provide an audit trail. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 135 of 138 CHANGE MANAGEMENT CONTROLS – “Backout” plans should be developed for reverting to the previous configuration if the approved changes need to be interrupted or aborted. – User rights and privileges should be carefully monitored during the change process to ensure proper segregation of duties. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 136 of 138 CHANGE MANAGEMENT CONTROLS • The most important change management control is adequate monitoring and review by top management to ensure that the changes are consistent with the entity’s multiyear strategic plan. • Objective: Be sure the system continues to effectively support the organization’s strategy. • Steering committees are often created to perform this function. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 137 of 138 SUMMARY • In this chapter, you’ve learned about the controls used to protect the confidentiality of sensitive information and the controls used to protect the privacy of customer information. • You’ve also learned about controls that help ensure processing integrity. • Finally, you’ve learned about controls to ensure that the system is available when needed. © 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart 138 of 138
