Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
Chapter 8, information systems controls for system reliability - Part 1: Information security. This chapter explain how information security affects information systems reliability; describe how a combination of preventive, detective, and corrective controls can be employed to provide reasonable assurance about information security. | Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education 8-1 Learning Objectives Discuss how the COBIT framework can be used to develop sound internal control over an organization’s information systems. Explain the factors that influence information systems reliability. Describe how a combination of preventive, detective, and corrective controls can be employed to provide reasonable assurance about information security. Copyright © 2012 Pearson Education 8-2 AIS Controls COSO and COSO-ERM address general internal control COBIT addresses information technology internal control Copyright © 2012 Pearson Education 8-3 Information for Management Should Be: Effectiveness Information must be relevant and timely. Efficiency Information must be produced in a cost-effective manner. Confidentiality Sensitive information must be protected from unauthorized disclosure. Integrity Information must be accurate, complete, and valid. | Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education 8-1 Learning Objectives Discuss how the COBIT framework can be used to develop sound internal control over an organization’s information systems. Explain the factors that influence information systems reliability. Describe how a combination of preventive, detective, and corrective controls can be employed to provide reasonable assurance about information security. Copyright © 2012 Pearson Education 8-2 AIS Controls COSO and COSO-ERM address general internal control COBIT addresses information technology internal control Copyright © 2012 Pearson Education 8-3 Information for Management Should Be: Effectiveness Information must be relevant and timely. Efficiency Information must be produced in a cost-effective manner. Confidentiality Sensitive information must be protected from unauthorized disclosure. Integrity Information must be accurate, complete, and valid. Availability Information must be available whenever needed. Compliance Controls must ensure compliance with internal policies and with external legal and regulatory requirements. Reliability Management must have access to appropriate information needed to conduct daily activities and to exercise its fiduciary and governance responsibilities. Copyright © 2012 Pearson Education 8-4 COBIT Framework Copyright © 2012 Pearson Education 8-5 Information Criteria COBIT Cycle Management develops plans to organize information resources to provide the information it needs. Management authorizes and oversees efforts to acquire (or build internally) the desired functionality. Management ensures that the resulting system actually delivers the desired information. Management monitors and evaluates system performance against the established criteria. Cycle constantly repeats, as management modifies existing plans and procedures or develops new ones to respond to changes in business objectives and new
