Accounting Information System

Only available on StudyMode
  • Topic: Audit, Backup, Access control
  • Pages : 8 (2510 words )
  • Download(s) : 64
  • Published : May 30, 2013
Open Document
Text Preview
|CH 8: Authentication: Process of verifying the identity of the person or device attempting to access the | |system. The objective is to ensure that only legitimate users can access the system. Three different | |credentials are PINs(password), ID badge, or biometrics. Authorization: Process of restricting access of | |authenticated users to specific portions of the system and limiting what actions they are permitted to | |perform. Access control matrix: shows that access controls of each user or device in your company to see | |who have what privileges. Best Practice of Passwords: Must have at least 8 characters in length, must have| |multiple character types (upper-lower case, numbers, and special characters), Randomness (not be words | |found in dictionary), and changed frequently (every 30 for sensitive of 90 for most users). Physical | |Access Controls: Only have one unlocked door during business hours (none after hours), safe lock all | |devices (computers, phones, and PDA devices), and physical access controls must be cost-effective. Access | |to the wiring used in the org’s LANs needs to be restricted in order to prevent wiretapping. Firewall: | |behind the border router (connects an orgs information system to the internet), and is either a | |special-purpose hardware device or software running on a general-purpose computer. The demiliarized is a | |seperate network that permits controlled access from the internet to selected resources, such as the | |organizarion’s e-commerce Web server. Intrusion Prevention System: Monitors patterns in the traffic flow, | |rather than only inspecting individual packets, to identify and automatically block attacks. Examining | |pattern traffic is often the only way to identify undesirable activity. Intrusion Detection System | |consists of a set of sensors and a central monitoring unit that create logs of network traffic that was | |permitted to pass the firewall and then analyze those logs for signs of attempted or successful | |intrusions. The difference between the two is that the IPS only produces a warning alert when it detects a| |suspicious pattern of network traffic, whereas the IDS not only issues an alert but also automatically | |takes steps to stop a suspected attack. Preventive controls that deter problems before they arise. | |Effective preventive controls include hiring qualified accounting personnel; appropriately segregating | |employee duties; and effectively controlling physical access to assets, facilities, and information | |Detective controls enhance security by monitoring the effectiveness of preventive controls and detecting | |incidents in which preventive controls have been successfully circumvented. Corrective are procedures that| |correct problems that have occurred. Social Engineering: Attackers will often try to use the information | |obtained during their initial reconnaissance to trick an unsuspecting employee into granting them access. | | | | | |CH 9: Encryption: The process of transforming normal content, called plaintext, into unreadable gibberish,| |called ciphertext. This is a type of preventive control. Public key to encryption is widely distributed | |and available to everyone. Decryption reverses this process, transforming ciphertext back into plaintext. | |Hashing: The process that takes plaintext of any length and transform it into a short code called a hash. | |Digital Signatures: A hash of a document or file that is encrypted using the document creator’s private | |key. This provides proof about two important issues: 1.That a copy of a document or file has not been | |altered 2.Who created the original version of a digital document or...
tracking img