Access Controls An access control system


IT General Controls (ITGC)



Download 0.56 Mb.
Page6/17
Date28.01.2017
Size0.56 Mb.
#8835
1   2   3   4   5   6   7   8   9   ...   17

IT General Controls (ITGC)


ITGC represent the foundation of the IT control structure. They help ensure the reliability of data generated by IT systems and support the assertion that systems operate as intended and that output is reliable. General controls are tested prior to testing the application controls as they ensure the proper functioning of the information system and therefore support the application controls. ITGC usually include the following types of controls:

  • Control Environment, or those controls designed to shape the corporate culture or "tone at the top."

  • Change management procedures - controls designed to ensure changes meet business requirements and are authorized.

  • Source code/document version control procedures - controls designed to protect the integrity of program code

  • Software development life cycle standards - controls designed to ensure IT projects are effectively managed.

  • Security policies, standards and processes - controls designed to secure access based on business need.

  • Incident management policies and procedures - controls designed to address operational processing errors.

  • Technical support policies and procedures - policies to help users perform more efficiently and report problems.

  • Hardware/software configuration, installation, testing, management standards, policies and procedures.

  • Disaster recovery/backup and recovery procedures, to enable continued processing despite adverse conditions.

IT Application Controls


IT application or program controls are fully-automated (i.e., performed automatically by the systems) designed to ensure the complete and accurate processing of data, from input through output. These controls vary based on the business purpose of the specific application. These controls may also help ensure the privacy and security of data transmitted between applications. Categories of IT application controls may include:

  • Completeness checks - controls that ensure all records were processed from initiation to completion.

  • Validity checks - controls that ensure only valid data is input or processed.

  • Identification - controls that ensure all users are uniquely and irrefutably identified.

  • Authentication - controls that provide an authentication mechanism in the application system.

  • Authorization - controls that ensure only approved business users have access to the application system.

  • Problem management - controls that ensure all application problems are recorded and managed in a timely manner.

  • Change management - controls that ensure all changes on production environment are implemented with preserved data integrity.

  • Input controls - controls that ensure data integrity fed from upstream sources into the application system.


Groupware

Collaborative software (also referred to as groupware or workgroup support systems) is software designed to help people involved in a common task achieve their goals. Collaborative software is the basis for computer supported cooperative work. Such software systems as email, calendaring, text chat, wiki, and bookmarking belong to this category. It has been suggested that Metcalfe's law — the more people who use something, the more valuable it becomes — applies to such software.

The more general term social software applies to systems used outside the workplace, for example, online dating services and social networks like Friendster, Twitter and Facebook. The study of computer-supported collaboration includes the study of this software and social phenomena associated with it.



Hardware

Typical PC hardware


Hardware of Personal Computer.
1. Monitor
2. Motherboard
3. CPU
4. RAM Memory
5. Expansion card
6. Power supply
7. CD-ROM Drive
8. Hard Disk
9. Keyboard
10. Mouse
Though a PC comes in many different form factors, a typical personal computer consists of a case or chassis in a tower shape (desktop) and the following parts:

Motherboard


The motherboard is the main component inside the case. It is a large rectangular board with integrated circuitry that connects the rest of the parts of the computer including the CPU, the RAM, the disk drives (CD, DVD, hard disk, or any others) as well as any peripherals connected via the ports or the expansion slots.

Components directly attached to the motherboard include:



  • The central processing unit (CPU) performs most of the calculations which enable a computer to function, and is sometimes referred to as the "brain" of the computer. It is usually cooled by a heat sink and fan.

  • The chipset mediates communication between the CPU and the other components of the system, including main memory.

  • RAM Stores all running processes (applications) and the current running OS. RAM Stands for Random Access Memory

  • The BIOS includes boot firmware and power management. The Basic Input Output System tasks are handled by operating system drivers.

  • Internal Buses connect the CPU to various internal components and to expansion cards for graphics and sound.

    • Current

      • The northbridge memory controller, for RAM and PCI Express

        • PCI Express, for expansion cards such as graphics and physics processors, and high-end network interfaces

      • PCI, for other expansion cards

      • SATA, for disk drives

    • Obsolete

      • ATA (superseded by SATA)

      • AGP (superseded by PCI Express)

      • VLB VESA Local Bus (superseded by AGP)

      • ISA (expansion card slot format obsolete in PCs, but still used in industrial computers)

  • External Bus Controllers support ports for external peripherals. These ports may be controlled directly by the southbridge I/O controller or based on expansion cards attached to the motherboard through the PCI bus.

    • USB

    • FireWire

    • eSATA

    • SCSI

[edit] Power supply


Main article: Power supply unit (computer)

Includes power cords, switch, and cooling fan. Supplies power at appropriate voltages to the motherboard and internal disk drives. It also converts alternating current to direct current and provides different voltages to different parts of the computer.


[edit] Video display controller


Main article: Graphics card

Produces the output for the computer monitor. This will either be built into the motherboard or attached in its own separate slot (PCI, PCI-E, PCI-E 2.0, or AGP), in the form of a graphics card.



Most video cards support the most basic requirements, and video card manufacturing companies are doing a good job of keeping up with the requirements the games need. However the games are still evolving faster than the video because of manufacturing companies.

[edit] Removable media devices


Main article: Computer storage

  • CD (compact disc) - the most common type of removable media, suitable for music and data.

    • CD-ROM Drive - a device used for reading data from a CD.

    • CD Writer - a device used for both reading and writing data to and from a CD.

  • DVD (digital versatile disc) - a popular type of removable media that is the same dimensions as a CD but stores up to 12 times as much information. It is the most common way of transferring digital video, and is popular for data storage.

    • DVD-ROM Drive - a device used for reading data from a DVD.

    • DVD Writer - a device used for both reading and writing data to and from a DVD.

    • DVD-RAM Drive - a device used for rapid writing and reading of data from a special type of DVD.

  • Blu-ray Disc - a high-density optical disc format for data and high-definition video. Can store 70 times as much information as a CD.

    • BD-ROM Drive - a device used for reading data from a Blu-ray disc.

    • BD Writer - a device used for both reading and writing data to and from a Blu-ray disc.

  • HD DVD - a discontinued competitor to the Blu-ray format.

  • Floppy disk - an outdated storage device consisting of a thin disk of a flexible magnetic storage medium. Used today mainly for loading RAID drivers.

  • Iomega Zip drive - an outdated medium-capacity removable disk storage system, first introduced by Iomega in 1994.

  • USB flash drive - a flash memory data storage device integrated with a USB interface, typically small, lightweight, removable, and rewritable. Capacities vary, from hundreds of megabytes (in the same ballpark as CDs) to tens of gigabytes (surpassing, at great expense, Blu-ray discs).

  • Tape drive - a device that reads and writes data on a magnetic tape, used for long term storage and backups.

[edit] Internal storage


Hardware that keeps data inside the computer for later use and remains persistent even when the computer has no power.

  • Hard disk - for medium-term storage of data.

  • Solid-state drive - a device similar to hard disk, but containing no moving parts and stores data in a digital format.

  • RAID array controller - a device to manage several internal or external hard disks and optionally some peripherals in order to achieve performance or reliability improvement in what is called a RAID array.

[edit] Sound card


Main article: Sound card

Enables the computer to output sound to audio devices, as well as accept input from a microphone. Most modern computers have sound cards built-in to the motherboard, though it is common for a user to install a separate sound card as an upgrade. Most sound cards, either built-in or added, have surround sound capabilities.


[edit] Other peripherals


Main article: Peripheral

In addition, hardware devices can include external components of a computer system. The following are either standard or very common.

Includes various input and output devices, usually external to the computer system.

[edit] Input


Main article: Input

  • Text input devices

    • Keyboard - a device to input text and characters by depressing buttons (referred to as keys), similar to a typewriter. The most common English-language key layout is the QWERTY layout.

  • Pointing devices

    • Mouse - a pointing device that detects two dimensional motion relative to its supporting surface.

    • Optical Mouse - a newer technology that uses lasers, or more commonly LEDs to track the surface under the mouse to determine motion of the mouse, to be translated into mouse movements on the screen.

    • Trackball - a pointing device consisting of an exposed protruding ball housed in a socket that detects rotation about two axes.

  • Gaming devices

    • Joystick - a general control device that consists of a handheld stick that pivots around one end, to detect angles in two or three dimensions.

    • Gamepad - a general handheld game controller that relies on the digits (especially thumbs) to provide input.

    • Game controller - a specific type of controller specialized for certain gaming purposes.

  • Image, Video input devices

    • Image scanner - a device that provides input by analyzing images, printed text, handwriting, or an object.

    • Webcam - a low resolution video camera used to provide visual input that can be easily transferred over the internet.

  • Audio input devices

    • Microphone - an acoustic sensor that provides input by converting sound into electrical signals.



Hash Total

Hash functions are primarily used in hash tables, to quickly locate a data record (for example, a dictionary definition) given its search key (the headword). Specifically, the hash function is used to map the search key to the hash. The index gives the place where the corresponding record should be stored. Hash tables, in turn, are used to implement associative arrays and dynamic sets.

In general, a hashing function may map several different keys to the same index. Therefore, each slot of a hash table is associated with (implicitly or explicitly) a set of records, rather than a single record. For this reason, each slot of a hash table is often called a bucket, and hash values are also called bucket indices.

Thus, the hash function only hints at the record's location — it tells where one should start looking for it. Still, in a half-full table, a good hash function will typically narrow the search down to only one or two entries.


Hot Site

A hot site is a duplicate of the original site of the organization, with full computer systems as well as near-complete backups of user data. Real time synchronization between the two sites may be used to completely mirror the data environment of the original site using wide area network links and specialized software. Following a disruption to the original site, the hot site exists so that the organization can relocate with minimal losses to normal operations. Ideally, a hot site will be up and running within a matter of hours or even less. Personnel may still have to be moved to the hot site so it is possible that the hot site may be operational from a data processing perspective before staff has relocated. The capacity of the hot site may or may not match the capacity of the original site depending on the organizations requirements. This type of backup site is the most expensive to operate. Hot sites are popular with organizations that operate real time processes such as financial institutions, government agencies and ecommerce providers


Hypertext Markup Language (HTML)

HTML, which stands for Hyper Text Markup Language, is the predominant markup language for web pages. It provides a means to create structured documents by denoting structural semantics for text such as headings, paragraphs, lists etc as well as for links, quotes, and other items. It allows images and objects to be embedded and can be used to create interactive forms. It is written in the form of HTML elements consisting of "tags" surrounded by angle brackets within the web page content. It can include or can load scripts in languages such as JavaScript which affect the behavior of HTML processors like Web browsers; and Cascading Style Sheets (CSS) to define the appearance and layout of text and other material. The W3C, maintainer of both HTML and CSS standards, encourages the use of CSS over explicit presentational markup.[1]

Hyper Text Markup Language(HTML) is the encoding scheme used to create and format a web document. A user need not be an expert programmer to make use of HTML for creating hypertext documents that can be put on the internet.


Importing Data

Generalized Audit Software is a software designed to read, process and write data with the help of functions performing specific audit routines and with self-made macros. It is a tool in applying Computer Assisted Auditing Techniques. Functions of generalized audit software include importing computerized data; thereafter other functions can be applied: the data can be e.g. browsed, sorted, summarized, stratified, analyzed, taken samples from, and made calculations, conversions and other operations with.

Examples of generalized audit software are Audit Command Language (ACL), Interactive Data Extraction and Analysis (IDEA), Statistical Analysis System (SAS), and Statistical Package for Social Sciences (SPSS). TopCAATs is a new player (released Q4 2008) in this market and runs from within Excel.



Information

Information is a term with many meanings depending on context, but is as a rule closely related to such concepts as meaning, knowledge, instruction, communication, representation, and mental stimulus. Simply stated, information is a message received and understood. In terms of data, it can be defined as a collection of facts from which conclusions may be drawn. There are many other aspects of information since it is the knowledge acquired through study or experience or instruction. But overall, information is the result of processing, manipulating and organizing data in a way that adds to the knowledge of the person receiving it.



Information is the state of a system of interest. Message is the information materialized.

Information is a quality of a message from a sender to one or more receivers. Information is always about something (size of a parameter, occurrence of an event, value, ethics, etc). Viewed in this manner, information does not have to be accurate; it may be a truth or a lie, or just the sound of a falling tree. Even a disruptive noise used to inhibit the flow of communication and create misunderstanding would in this view be a form of information. However, generally speaking, if the amount of information in the received message increases, the message is more accurate.

This model assumes there is a definite sender and at least one receiver. Many refinements of the model assume the existence of a common language understood by the sender and at least one of the receivers. An important variation identifies information as that which would be communicated by a message if it were sent from a sender to a receiver capable of understanding the message. In another variation, it is not required that the sender be capable of understanding the message, or even cognizant that there is a message, making information something that can be extracted from an environment, e.g., through observation, reading or measurement.

Input Controls

IT application or program controls are fully-automated (i.e., performed automatically by the systems) designed to ensure the complete and accurate processing of data, from input through output. These controls vary based on the business purpose of the specific application. These controls may also help ensure the privacy and security of data transmitted between applications. Categories of IT application controls may include:



  • Completeness checks - controls that ensure all records were processed from initiation to completion.

  • Validity checks - controls that ensure only valid data is input or processed.

  • Identification - controls that ensure all users are uniquely and irrefutably identified.

  • Authentication - controls that provide an authentication mechanism in the application system.

  • Authorization - controls that ensure only approved business users have access to the application system.

  • Problem management - controls that ensure all application problems are recorded and managed in a timely manner.

  • Change management - controls that ensure all changes on production environment are implemented with preserved data integrity.

  • Input controls - controls that ensure data integrity fed from upstream sources into the application system.


Information Risk

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction.[1]

The terms information security, computer security and information assurance are frequently incorrectly used interchangeably. These fields are interrelated often and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them.

These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms.

Computer security can focus on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer.

Governments, military, corporations, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers.

Should confidential information about a business' customers or finances or new product line fall into the hands of a competitor, such a breach of security could lead to lost business, law suits or even bankruptcy of the business. Protecting confidential information is a business requirement, and in many cases also an ethical and legal requirement.

For the individual, information security has a significant effect on privacy, which is viewed very differently in different cultures.

The field of information security has grown and evolved significantly in recent years. As a career choice there are many ways of gaining entry into the field. It offers many areas for specialization including: securing network(s) and allied infrastructure, securing applications and databases, security testing, information systems auditing, business continuity planning and digital forensics science, to name a few.



Internet

The Internet is a global system of interconnected computer networks that use the standardized Internet Protocol Suite (TCP/IP) to serve billions of users worldwide. It is a network of networks that consists of millions of private and public, academic, business, and government networks of local to global scope that are linked by copper wires, fiber-optic cables, wireless connections, and other technologies. The Internet carries a vast array of information resources and services, most notably the inter-linked hypertext documents of the World Wide Web (WWW) and the infrastructure to support electronic mail. In addition it supports popular services such as online chat, file transfer and file sharing, gaming, commerce, social networking, publishing, video on demand, and teleconferencing and telecommunications. Voice over Internet Protocol (VoIP) applications allow person-to-person communication via voice and video.

The origins of the Internet reach back to the 1960s when the United States funded research projects of its military agencies to build robust, fault-tolerant and distributed computer networks. This research and a period of civilian funding of a new U.S. backbone by the National Science Foundation spawned worldwide participation in the development of new networking technologies and led to the commercialization of an international network in the mid 1990s, and resulted in the following popularization of countless applications in virtually every aspect of modern human life. As of 2009, an estimated quarter of Earth's population uses the services of the Internet
Intranet

An intranet is built from the same concepts and technologies used for the Internet, such as client-server computing and the Internet Protocol Suite (TCP/IP). Any of the well known Internet protocols may be found in an intranet, such as HTTP (web services), SMTP (e-mail), and FTP (file transfer). Internet technologies are often deployed to provide modern interfaces to legacy information systems hosting corporate data.

An intranet can be understood as a private version of the Internet, or as a private extension of the Internet confined to an organization by a firewall. The first intranet websites and home pages began to appear in organizations in 1990 - 1991. Although not officially noted, the term intranet first became common-place with early adopters, such as universities and technology corporations, in 1992.

Intranets are also contrasted with extranets; the former are generally restricted to employees of the organization, while the latter may also be accessed by customers, suppliers, or other approved parties.[1] Extranets extend a private network onto the Internet with special provisions for access, authorization, and authentication.

An organization's intranet does not necessarily have to provide access to the Internet. When such access is provided it is usually through a network gateway with a firewall, shielding the intranet from unauthorized external access. The gateway often also implements user authentication, encryption of messages, and often virtual private network (VPN) connectivity for off-site employees to access company information, computing resources and internal communications.
Local Area Network (LAN)

is a computer network covering a small physical area, like a home, office, or small group of buildings, such as a school, or an airport. The defining characteristics of LANs, in contrast to wide-area networks (WANs), include their usually higher data-transfer rates, smaller geographic area, and lack of a need for leased telecommunication lines.

ARCNET, Token Ring and many other technologies have been used in the past, and G.hn may be used in the future, but Ethernet over twisted pair cabling, and Wi-Fi are the two most common technologies currently in use.
Macro

Keyboard macros and mouse macros allow short sequences of keystrokes and mouse actions to be transformed into other, usually more time-consuming, sequences of keystrokes and mouse actions. In this way, frequently-used or repetitive sequences of keystrokes and mouse movements can be automated. Separate programs for creating these macros are called macro recorders.

During the 1980s, macro programs -- originally SmartKey, then SuperKey, KeyWorks, Prokey -- were very popular, first as a means to automatically format screenplays, then for a variety of user input tasks. These programs were based on the TSR (Terminate and stay resident) mode of operation and applied to all keyboard input, no matter in which context it occurred. They have to some extent fallen into obsolescence following the advent of mouse-driven user interface and the availability of keyboard and mouse macros in applications, such as word processors and spreadsheets, which makes it possible to create application-sensitive keyboard macros.

Keyboard macros have in more recent times come to life as a method of exploiting the economy of massively multiplayer online role-playing game (MMORPG)s. By tirelessly performing a boring, repetitive, but low risk action, a player running a macro can earn a large amount of the game's currency. This effect is even larger when a macro-using player operates multiple accounts simultaneously, or operates the accounts for a large amount of time each day. As this money is generated without human intervention, it can dramatically upset the economy of the game by causing runaway inflation. For this reason, use of macros is a violation of the TOS or EULA of most MMORPGs, and administrators of MMORPGs fight a continual war to identify and punish macro users[3].

[edit] Application macros and scripting


Keyboard and mouse macros that are created using an application's built-in macro features are sometimes called application macros. They are created by carrying out the sequence once and letting the application record the actions. An underlying macro programming language, most commonly a Scripting language, with direct access to the features of the application may also exist.

The programmers' text editor Emacs (short for "editing macros") follows this idea to a conclusion. In effect, most of the editor is made of macros. Emacs was originally devised as a set of macros in the editing language TECO; it was later ported to dialects of Lisp.

Another programmer's text editor Vim (a descendant of vi) also has full implementation of macros. It can record into a register (macro) what a person types on the keyboard and it can be replayed or edited just like VBA macros for Microsoft Office. Also it has a scripting language called Vimscript[4] to create macros.[5]

Visual Basic for Applications (VBA) is a programming language included in Microsoft Office and some other applications. However, its function has evolved from and replaced the macro languages that were originally included in some of these applications.


[edit] Macro virus


Main article: Macro virus (computing)

VBA has access to most Microsoft Windows system calls and executes when documents are opened. This makes it relatively easy to write computer viruses in VBA, commonly known as macro viruses. In the mid-to-late 1990s, this became one of the most common types of computer virus. However, during the late 1990's and to date, Microsoft has been patching and updating their programs. In addition, current anti-virus programs immediately counteract such attacks.



Download 0.56 Mb.

Share with your friends:
1   2   3   4   5   6   7   8   9   ...   17




The database is protected by copyright ©ininet.org 2024
send message

    Main page