is acca19(security and legal compliance)

21
1 Security and Legal Compliance (1) Lecture 19 Abdisalam Issa-Salwe Thames Valley University

Upload: taibah-university-college-of-computer-science-engineering

Post on 19-May-2015

100 views

Category:

Technology


1 download

DESCRIPTION

Security Physical threats Physical access control Building controls into an information system

TRANSCRIPT

Page 1: Is acca19(security and legal compliance)

1

Security and Legal

Compliance

(1)

Lecture 19

Abdisalam Issa-Salwe

Thames Valley University

Page 2: Is acca19(security and legal compliance)

Abdisalam Issa-Salwe, Thames Valley University

2

Topic list

Security

Physical threats

Physical access control

Building controls into an information system

Page 3: Is acca19(security and legal compliance)

Abdisalam Issa-Salwe, Thames Valley University

3

Security

Security in information management context means the protection of data from accidental or deliberate threats which might cause unauthorised modification, disclosure or destruction of data, and the protection of the information system from the degradation or non-availability of services

Page 4: Is acca19(security and legal compliance)

Abdisalam Issa-Salwe, Thames Valley University

4

Physical threats

Fire

Water

Weather

Lighting

Terrorist activity

Accidental damage

Page 5: Is acca19(security and legal compliance)

Abdisalam Issa-Salwe, Thames Valley University

5

Physical access control

Personal identification numbers (PINs)

Door locks

Card entry systems

Computer theft

Page 6: Is acca19(security and legal compliance)

Abdisalam Issa-Salwe, Thames Valley University

6

Building control into an information system

Control can be classified into: Security control:

about protection of data from accidental or deliberate threats

Integrity control:

in the context of security is preserved when data is the same as in source documents and has not been accidentally or intentionally altered, destroyed or disclosed

System integrity: operating conforming to the design specification despite attempts (deliberate or accidental) to make it have incorrectly.

Contingency controls:

It is an unscheduled interruption of computing services that requires measures outside the day-to-day routing operating procedures

Page 7: Is acca19(security and legal compliance)

Abdisalam Issa-Salwe, Thames Valley University

7

Building control into an information system (cont)…

Data will maintain its integrity if it is complete and not corrupt. This means that:

The original input of the data must be controlled

Any processing and storage should be set up so that they are complete and correct

Page 8: Is acca19(security and legal compliance)

Abdisalam Issa-Salwe, Thames Valley University

8

Building control into an information system (cont)…

Input control should ensure the accuracy, completeness and validity: Data verification involves ensuring data

entered matches source documents

Data validating involves ensuring that data entered is not incomplete or unreasonable. Various checks: Check digits

Control totals

Hash totals

Range checks

Limit checks

Page 9: Is acca19(security and legal compliance)

Abdisalam Issa-Salwe, Thames Valley University

9

Privacy and data protection

Privacy:

The right of the individual to control the use of information about him or her, including information on financial status, health and lifestyle (I.e. prevent unauthorised disclosure).

Page 10: Is acca19(security and legal compliance)

Abdisalam Issa-Salwe, Thames Valley University

10

Data protection principles

Personal data is information about a living individual, including expression of opinion about him or her. Data about organisation is not personal data

Data users are organisation or individuals who control personal data and the use of personal data

A data subject is an individual who is the subject of personal data

Page 11: Is acca19(security and legal compliance)

Abdisalam Issa-Salwe, Thames Valley University

11

Internet security issue

Establishing organisation links to the Internet brings numerous security dangers

Corruptions such as viruses on a single computer can spread through the network to all the organisation's computer

Hacking: involves attempting to gain unauthorised access to a computer system

Page 12: Is acca19(security and legal compliance)

Abdisalam Issa-Salwe, Thames Valley University

12

Type of virus/program

File virus: Files viruses infect program files

Boot sector or ‘stealth’ virus: the book sector is the part of every hard disk and diskette. The stealth virus hides from virus detection programs by hiding themselves in boot records or files.

Trojan: it is a small program that performs unexpected function. It hides itself inside a ‘valid’ program.

Logic bomb: a logic bomb is a program that is executed when a specific act is performed.

Page 13: Is acca19(security and legal compliance)

Abdisalam Issa-Salwe, Thames Valley University

13

Type of virus/program (cont…)

Time bomb: a time bomb is a program that is activated at a certain time or data, such as Friday the 13th or April 1st

Worm: it is a type of virus that can replicate (copy) itself and use memory, but cannot attach itself to other programs

Droppers: it is a program that installs a virus while performing another function

Page 14: Is acca19(security and legal compliance)

Abdisalam Issa-Salwe, Thames Valley University

14

Type of virus/program (cont…)

Macro virus: it is a piece of self-replicating cod written in an application’s ‘macro’ language. Example, Melissa was a well publicised macro virus

Page 15: Is acca19(security and legal compliance)

Abdisalam Issa-Salwe, Thames Valley University

15

Information systems and accountants

Accountants track companies’ expenses, as well as prepare, analyze and verify financial documents. They look for ways to run businesses more efficiently, keep public records and make sure taxes are paid properly.

Public accountants perform audits and prepare taxes for corporations, government agencies, nonprofits and individuals.

Page 16: Is acca19(security and legal compliance)

Abdisalam Issa-Salwe, Thames Valley University

16

Information systems and accountants (cont…)

Management accountants are members of the executive team who record and analyze information about budgets, costs and assets. Their work may support strategic planning or product development. They may also write financial reports for stockholders, creditors or government agencies.

Government accountants and auditors maintain and examine government records, or they audit private businesses or individuals on the government's behalf.

Internal auditors are fiscal police officers. They verify the accuracy of an organization's financial records and look for waste, mismanagement and fraud.

Page 17: Is acca19(security and legal compliance)

Abdisalam Issa-Salwe, Thames Valley University

17

Page 18: Is acca19(security and legal compliance)

Abdisalam Issa-Salwe, Thames Valley University

18

Page 19: Is acca19(security and legal compliance)

Abdisalam Issa-Salwe, Thames Valley University

19

Page 20: Is acca19(security and legal compliance)

Abdisalam Issa-Salwe, Thames Valley University

20

Page 21: Is acca19(security and legal compliance)

Abdisalam Issa-Salwe, Thames Valley University

21