is acca19(security and legal compliance)
DESCRIPTION
Security Physical threats Physical access control Building controls into an information systemTRANSCRIPT
1
Security and Legal
Compliance
(1)
Lecture 19
Abdisalam Issa-Salwe
Thames Valley University
Abdisalam Issa-Salwe, Thames Valley University
2
Topic list
Security
Physical threats
Physical access control
Building controls into an information system
Abdisalam Issa-Salwe, Thames Valley University
3
Security
Security in information management context means the protection of data from accidental or deliberate threats which might cause unauthorised modification, disclosure or destruction of data, and the protection of the information system from the degradation or non-availability of services
Abdisalam Issa-Salwe, Thames Valley University
4
Physical threats
Fire
Water
Weather
Lighting
Terrorist activity
Accidental damage
Abdisalam Issa-Salwe, Thames Valley University
5
Physical access control
Personal identification numbers (PINs)
Door locks
Card entry systems
Computer theft
Abdisalam Issa-Salwe, Thames Valley University
6
Building control into an information system
Control can be classified into: Security control:
about protection of data from accidental or deliberate threats
Integrity control:
in the context of security is preserved when data is the same as in source documents and has not been accidentally or intentionally altered, destroyed or disclosed
System integrity: operating conforming to the design specification despite attempts (deliberate or accidental) to make it have incorrectly.
Contingency controls:
It is an unscheduled interruption of computing services that requires measures outside the day-to-day routing operating procedures
Abdisalam Issa-Salwe, Thames Valley University
7
Building control into an information system (cont)…
Data will maintain its integrity if it is complete and not corrupt. This means that:
The original input of the data must be controlled
Any processing and storage should be set up so that they are complete and correct
Abdisalam Issa-Salwe, Thames Valley University
8
Building control into an information system (cont)…
Input control should ensure the accuracy, completeness and validity: Data verification involves ensuring data
entered matches source documents
Data validating involves ensuring that data entered is not incomplete or unreasonable. Various checks: Check digits
Control totals
Hash totals
Range checks
Limit checks
Abdisalam Issa-Salwe, Thames Valley University
9
Privacy and data protection
Privacy:
The right of the individual to control the use of information about him or her, including information on financial status, health and lifestyle (I.e. prevent unauthorised disclosure).
Abdisalam Issa-Salwe, Thames Valley University
10
Data protection principles
Personal data is information about a living individual, including expression of opinion about him or her. Data about organisation is not personal data
Data users are organisation or individuals who control personal data and the use of personal data
A data subject is an individual who is the subject of personal data
Abdisalam Issa-Salwe, Thames Valley University
11
Internet security issue
Establishing organisation links to the Internet brings numerous security dangers
Corruptions such as viruses on a single computer can spread through the network to all the organisation's computer
Hacking: involves attempting to gain unauthorised access to a computer system
Abdisalam Issa-Salwe, Thames Valley University
12
Type of virus/program
File virus: Files viruses infect program files
Boot sector or ‘stealth’ virus: the book sector is the part of every hard disk and diskette. The stealth virus hides from virus detection programs by hiding themselves in boot records or files.
Trojan: it is a small program that performs unexpected function. It hides itself inside a ‘valid’ program.
Logic bomb: a logic bomb is a program that is executed when a specific act is performed.
Abdisalam Issa-Salwe, Thames Valley University
13
Type of virus/program (cont…)
Time bomb: a time bomb is a program that is activated at a certain time or data, such as Friday the 13th or April 1st
Worm: it is a type of virus that can replicate (copy) itself and use memory, but cannot attach itself to other programs
Droppers: it is a program that installs a virus while performing another function
Abdisalam Issa-Salwe, Thames Valley University
14
Type of virus/program (cont…)
Macro virus: it is a piece of self-replicating cod written in an application’s ‘macro’ language. Example, Melissa was a well publicised macro virus
Abdisalam Issa-Salwe, Thames Valley University
15
Information systems and accountants
Accountants track companies’ expenses, as well as prepare, analyze and verify financial documents. They look for ways to run businesses more efficiently, keep public records and make sure taxes are paid properly.
Public accountants perform audits and prepare taxes for corporations, government agencies, nonprofits and individuals.
Abdisalam Issa-Salwe, Thames Valley University
16
Information systems and accountants (cont…)
Management accountants are members of the executive team who record and analyze information about budgets, costs and assets. Their work may support strategic planning or product development. They may also write financial reports for stockholders, creditors or government agencies.
Government accountants and auditors maintain and examine government records, or they audit private businesses or individuals on the government's behalf.
Internal auditors are fiscal police officers. They verify the accuracy of an organization's financial records and look for waste, mismanagement and fraud.
Abdisalam Issa-Salwe, Thames Valley University
17
Abdisalam Issa-Salwe, Thames Valley University
18
Abdisalam Issa-Salwe, Thames Valley University
19
Abdisalam Issa-Salwe, Thames Valley University
20
Abdisalam Issa-Salwe, Thames Valley University
21