Chapter 16
Controlling ComputerBased Information Systems, Part II
1
�Objectives for Chapter 16
Risks associated with electronic commerce conducted over intranets and the Internet and the control techniques used to reduce these risks Exposures that arise in connection with electronic data interchange (EDI) and how these exposures can be reduced Exposures that threaten firms that rely on personal computers and the controls necessary to reduce risks in this environment The principal input, processing, and output controls that are used to ensure the integrity of computer applications
�Organizational Structure Internet & Intranet Data Management Internet & Intranet
Operating System Systems Development
EDI Trading Partners
Systems Maintenance
Personal Computers Applications
Computer Center Security
General Control Framework for CBIS Risks
�Organizational Structure Internet & Intranet Data Management Internet & Intranet
Operating System Systems Development
EDI Trading Partners
Systems Maintenance Applications
Personal Computers
Computer Center Security
General Control Framework for CBIS Risks
�Internet and Intranet Risks
Communications is a unique aspect of the computer networks:
different than processing (applications) or data storage (databases)
Loss, destruction, and corruption of data from two main sources:
Subversive activities, both inside or outside the firm Equipment failure
�Internet and Intranet Risks from Subversive Threats
These acts include:
unauthorized interception of a message gaining unauthorized access to an organizations network a denial-of-service attack from a remote location
�Controlling Risks from Subversive Threats
Firewalls - software and hardware that provide security by channeling all network connections through a control gateway
Network level firewalls
low cost and low security access control does not explicitly authenticate outside users mainly for filtering out junk or improperly routed messages hackers can easily penetrate the system
Application level firewalls
a high level of customizable network security, but can be extremely expensive performs sophisticated functions such as logging or user authentication
7
�Controlling Risks from Subversive Threats
One-time password control
The password constantly changes. It can only be used once and for a short time period.
Encryption
Computer program transforms a clear message into a coded (cipher) text form using an algorithm.
Denial-of-Service Attacks
Security software searches for connections which have been half-open for a period of time.
�Controlling Risks from Subversive Threats
Encryption - A computer program transforms a clear message into a coded (ciphertext) form using an algorithm.
Key
Cleartext Message
Encryption Program
Ciphertext
Communication System
Cleartext Message
Encryption Program
Ciphertext
Communication System
9
Key
�Controlling Risks from Subversive Threats
Digital signature: electronic authentication
technique that ensures that the transmitted message originated with the authorized sender and that it was not tampered with after the signature was applied
Digital certificate: like an electronic
identification card that is used in conjunction with a public key encryption system to verify the authenticity of the message sender
10
�Senders Location
Receiver's Location
Compare
Text Message Encrypt Using Receivers Public Key Digital Signature Compute Digest of Message Digest Digest
Decrypt Using Senders Public Key
Compute Digest of Message
Digest
Encrypted Message with Digital Signature Attached
Digital Signature
Text Message
Encrypt Using Senders Private Key Decrypt Using Receivers Private Key
Digital Signature
Digital Signature
�Denial of Service Attack
Sender
Receiver
Step 1: SYN messages Step 2: SYN/ACK
Step 3: ACK packet code
In a DOS Attack, the sender sends hundreds of messages, receives the SYN/ACK packet, but does not respond with an ACK packet. This leaves the receiver with clogged transmission ports, and legitimate messages cannot be received.
�Controlling Risks from Subversive Threats
Message Sequence Numbering
sequence number used to detect missing messages
Message Transaction Log
listing of all incoming and outgoing messages to detect the efforts of hackers
Request-Response Technique
random control messages are sent from the sender to ensure messages are received
Call-Back Devices
receiver calls the sender back at a pre-authorized phone number before transmission is completed
13
�Controlling Risks from Equipment Failure
Line Errors from noise on a communications. Two techniques to detect and correct such data errors: echo check - the receiver returns the message to the sender parity checks - an extra bit is added onto each byte of data similar to check digits Backup Control for Networks Small networks - a single workstation Medium networks - a network server Large networks - multiple servers 14
�Organizational Structure Internet & Intranet Data Management Internet & Intranet
Operating System Systems Development
EDI Trading Partners
Systems Maintenance Applications
Personal Computers
Computer Center Security
General Control Framework for CBIS Risks
�Electronic Data Interchange (EDI) Risks
Authorization--automated
and absence of human intervention Access--need to access EDI partners files Audit trail--paperless and transparent (automatic) transactions
16
�EDI System
Company A
Application Purchases Software System
Company B
Sales Order System Application Software
EDI Translation Software Direct Connection
Communications Software
EDI Translation Software
Communications Software
Other Mailbox
Company As Mailbox
VAN
Other Mailbox
Company Bs mailbox
�Electronic Data Interchange (EDI) Risks
Authorization--use
of passwords and VANs to ensure valid partner Access--software to specify what can be accessed and at what level Audit trail--control log records the transactions flow through each phase of the transaction processing
18
�EDI System Using Transaction Control Log for Audit Trail Company A
Application Purchases Software System Audit Trail of Transactions between Trading Partners
Company B
Sales Order System Application Software
EDI Translation Software
Communications Software
Transaction Transaction Log Log
EDI Translation Software
Communications Software
Other Mailbox
Company As Mailbox
VAN
Other Mailbox
Company Bs mailbox
�Organizational Structure Internet & Intranet Data Management Internet & Intranet
Operating System Systems Development
EDI Trading Partners
Systems Maintenance Applications
Personal Computers
Computer Center Security
General Control Framework for CBIS Risks
�Personal Computer Controls
Microcomputer systems:
are relatively simple to use are frequently controlled and used by end users usually employ interactive (vs. batch) data processing typically run commercial software applications allow users to develop their own applications
21
�Access Risks in the Personal Computer Environment
Microcomputers typically weak in controlling access data files Techniques to prevent theft or tampering of data:
Data Encryption - must decode even if stolen Disk Locks - software or physical locks to prevent booting from A:\
22
�Inadequate Segregation of Duties
In microcomputer environments, employees
often have access to multiple applications that process incompatible transactions.
increased supervision detailed management reports more frequent independent verification multilevel password controls if employees share computers
Controls:
23
�Personal Computer Backup Controls
End-users often fail to appreciate the importance of backup procedures until it is too late. Back up mechanisms:
floppy disks--low capacity (1.44mb), inexpensive tape--high capacity (3.2gb), inexpensive CD--about 650mb (over 450 floppies) dual internal hard drives--high capacity dual external hard drives--12 gb
24
�Inadequate Systems Development and Maintenance Procedures in Microcomputers
Commercial software should be used when possible for accounting applications, and these systems should be purchased from a reputable vendor. Formal software selection procedures should be practiced by firms of all sizes.
25
�Organizational Structure Internet & Intranet Data Management Internet & Intranet
Operating System Systems Development
EDI Trading Partners
Systems Maintenance Applications
Personal Computers
Computer Center Security
General Control Framework for CBIS Risks
�Application Controls
Narrowly focused exposures within a specific system:
accounts payable cash disbursements fixed asset accounting payroll sales order processing cash receipts general ledger
27
�Application Controls
Risks within specific applications Can affect manual procedures (e.g., entering data) or embedded procedures Convenient to look at in terms of:
input stage processing stage output stage
INPUT PROCESSING OUTPUT
28
�Application Controls INPUT
Goal of input controls--inputted data are valid, accurate, and complete Source Document Controls
use prenumbered source documents audit missing source documents
GIGO
Data Coding Controls
transcription errors check digits
29
�Application Controls INPUT
Batch controls - used to reconcile the output produced by the system with the input originally entered into the system Based on different types of batch totals:
total # of records total $ hash totals--sum of nonfinancial #s
30
�Application Controls INPUT
Validation controls - intended to detect errors in transaction data before the data are processed field interrogation - data in individual fields e.g., missing data, data type, range record interrogation - interrelationship of data in fields of a record file interrogation - is it the correct file? e.g., internal Employee# Name Payrate Job Code and external labels compared, version, dates
31
�Application Controls INPUT
Input Error Correction Techniques
immediate correction during data entry error file creation batch rejection
32
�Application Controls INPUT
Generalized Data Input Systems (GDIS) centralized procedures to manage the data input for all of the organizations TPSs It has 5 major components: generalized validation module - standard validation routines common to different applications validated data file error file error reports 33 transaction log
�Input Transactions Sales Orders Purchase Orders Payroll Time Cards Cash Receipts
G D I S
Stored Parameters
Stored Validation Procedures
Generalized Validation Module
Sales Purchases Payroll Cash Receipts Error File
Transaction Log
Validated Data Files
To Users
Sales System
Purchases System Applications
Payroll System
Cash Receipts System
�Application Controls PROCESSING
Run-to-Run Controls - use batch figures to monitor the batch as it moves from one programmed procedure (run) to another Operator Intervention Controls - used to limit human involvement in certain actions in order to reduce error Audit Trail Controls - numerous logs used so that every transaction can be traced through each stage of processing from its economic source to its presentation in financial statements 35
�Transaction Log to Preserve the Audit Trail
Transactions Validation Program Valid Transactions Application Process Output Reports
Transaction Log
Error File
Valid transactions equal successful transactions plus error transactions.
Input Phase
Processing Phase
Output Phase
�Application Controls OUTPUT
Goal of output controls is to ensure that system output is not lost, misdirected, or corrupted, and that privacy is not violated. In the following flowchart, there are exposures at every stage.
37
�Output Run (Spooling)
Output Report
Output File Print Run
Data Control Output Report Report Distribution Output Report End User
Output Report
Bursting Aborted Output
Output Report File
Waste
STAGES IN THE OUTPUT PROCESS
�Application Controls OUTPUT
Batch Systems Output: Spooling creates a file as an intermediate step in the printing process that is a risk. Report Distribution: For sensitive reports, the following are available:
use of secure mailboxes in which to place reports require the user to sign for reports in person deliver the reports to the user
39
�Application Controls OUTPUT
End User Controls: End users need to inspect reports and report any inaccurately produced reports.
Highly sensitive reports should be shredded after their use.
Controlling Real-time System Output: The primary output threat is the interception, disruption, destruction, or corruption of the output message as it passes along the communications link.
40
