HAPTER 7.ppt

HAPTER 7 Information Systems Controls for Systems Reliability Part 1: Information Security INTRODUCTION Questions to be addressed in this chapter: How does security affect systems reliability? What are the four criteria that can be used to evaluate the effectiveness of an organization’s information security? What is the time-based model of security and the concept of defense-in-depth? What types of preventive, detective, and corrective controls are used to provide information security? How does encryption contribute to security and how do the two basic types of encryption systems work? INTRODUCTION The five basic principles that contribute to systems reliability: Security Confidentiality Online privacy Processing integrity Availability COBIT and Trust Services Control Objectives for Information Technology COBIT Information systems controls required for achieving business and governance objectives COBIT and Trust Services COBIT IT resources: Applications Information Infrastructures People COBIT and Trust Services COBIT information criteria: Effectiveness Efficiency Confidentiality Integrity Availability Compliance Reliability COBIT and Trust Services COBIT domains: Basic management activities for IT Help organize 34 generic IT controls COBIT and Trust Services COBIT and Trust Services COBIT and Trust Services COBIT and Trust Services FUNDAMENTAL INFORMATION SECURITY CONCEPTS There are three fundamental information security concepts that will be discussed in this chapter: Security as a management issue, not a technology issue. The time-based model of security. Defense in depth. SECURITY AS A MANAGEMENT ISSUE Management is responsible for the accuracy of various internal reports and financial statements produced by the organization’s IS. SOX Section 302 requires that the CEO and CFO certify the accuracy of the financial statements. SOX Section 404 requires that the annual report include a report on the company’s internal controls. Within this report, management ac