Dr. Yan Xiong College of Business CSU Sacramento January 27, 2003 This lecture is based on Martin (2002) and Romney and Steinbart (2002)
Agenda
AIS Threats
AIS Threats
AIS Threats
AIS Threats
Agenda
Internal Control
Internal Control Classifications
Types of Controls
Internal Control Model
The Control Environment
The Control Environment
Control Activities
Segregation of Duties
Segregation of Duties
Segregation of Duties
Segregation of Duties
Design and Use of Adequate Documents and Records
Design and Use of Adequate Documents and Records
Information and Communication
Information and Communication
Monitoring Performance
Risk Assessment
Risk Assessment
Risk Assessment
Risk Assessment
Cost and Benefits
Loss / Fraud Conditions
Loss / Fraud Conditions
Exposur Possible es Expo. Threat Symb ol Disaster D Power Outage O System Down H Human Error E Fraud F Data Theft T Sabotage S sure H M L M M L H Ris k L+ H L M L
Risk Assessment of Controls
Condition Cost Payroll Risk of Error Cost Validate Cost Expected Benefit t Payroll Case Withou With Differen ce $10 K 15% 1% $1. 5 K $0. 1 K $1. 4 K 0 $0. 6 K $(0. 6 K) $0. 8 K
Agenda
General Controls
General Controls
General Controls
Security Plan
Segregation of Duties
Segregation of Duties
Segregation of Duties Divide following functions:
Project Development Controls
Physical Access Controls
Logical Access Controls
Access Control Matrix PASS- FILES WORD A B ABC 0 DEF S PROGRAM 1 2 1 0 0 1 2 0 0 KLM 1 1 NOP 3 0
Data Storage Controls
Data Transmission Controls
1 0 1
Data Transmission Controls
Data Transmission Control
Documentation Standards
Minimizing System Downtime
Protection of PCs and Client/Server Networks
Protection of PCs and Client/Server Networks
Protection of PCs and Client/Server Networks
Agenda
Internet Controls
Internet Controls
Internet Risks
Messaging Security
Symmetric Encryption
PKI
Biometric Usage
Digital Signature
Firewall
Firewalls
Firewall Types
Firewall Types
Agenda
Contingency Management
Disaster Recovery Plan
Disaster Plan Objectives
Plan Elements
Back Up Data
Back Up Data Decisions
Remote Access
Recovery Plan
Cardinal Health
The Money Store
The Money Store
Topics Covered
Скачать презентацию Dr Yan Xiong College of Business CSU Sacramento
c87918d8b2abfb0f3ecf6e090cbd8322.ppt