P a g e | 51 Type of General Control Description Software Control Monitor the use of system software and prevent an unauthorized access of software program, system software and computer programs. Hardware Control Ensure that computer hardware is physically secure and check for equipment malfunction. Organizations that are critically dependent on their computers also must make provisions for backup or continued operation to maintain constant service. Computer Operation Control Oversee the work of the computer department to ensure that programmed procedures are consistently and correctly applied to the storage and processing of data. They include controls over the setup of computer processing jobs and backup and recovery procedures for processing that ends abnormally. Data Security Control Ensure that valuable business data files on either disk or tape are not subject to unauthorized access, change or distruction while they are in use or in storage. Implementation Control Audit the systems development process at various points to ensure that the process is properly controlled and managed. Administrative Control Formalize standards, rules, procedures and control disciplines to ensure that the organization’s general and application controls are properly executed and enforced. Information systems controls are both manual and automated and consist of general and application controls.
P a g e | 52 b. Application controls Application controls are specific controls unique to each computerized application, such as payroll or order processing. They include both automated and manual procedures that ensure that only authorized data are completely and accurately processed by that application. Application controls can be classified as (1) input controls, (2) processing controls, and (3) output controls. 4.3.2 Information Resources Controls a. Authentication Authentication refers to the ability to know that a person is who he or she claims to be. Authentication is often established by using passwords known only to authorized users. A password has been uses by an end user to log on to a computer system and passwords may also be used for accessing specific systems and files. Figure 4.4 Basic Authentication
P a g e | 53 Figure 4.5 Authentication process Tokens, smart cards, and biometric authentication are new authentication technologies to overcome some of these problems. A token is a physical device, similar to an identification card that is designed to prove the identity of a single user. Tokens are small gadgets that typically fit on key rings and display passcodes that change frequently. A device about the size of a credit card that contains a chip formatted with access permission and other data is called a smart card. (Smart cards are also used in electronic payment systems.) A reader device interprets the data on the smart card and allows or denies access. Biometric authentication uses systems that read and interpret individual human traits, such as fingerprints, irises, and voices, in order to grant or deny access. Biometric authentication is based on the measurement of a physical or behavioural trait that makes each individual unique. Example types of biometric authentication are such as fingerprint scanners, facial recognition, voice recognition and eye scanners as shown in Figure 4.6.
P a g e | 54 Figure 4.6 Biometric Authentication b. Firewalls Unauthorized users are prevented by the firewalls from accessing private networks. A combination of hardware and software that controls the flow of incoming and outgoing network traffic is called a firewall. Firewalls can also be used to protect one part of a company’s network from the rest of the network. The firewall acts like a gatekeeper who examines each user’s credentials before access is granted to a network. Names, IP addresses, applications, and other characteristics of incoming traffic have been identified by the firewall. It checks this information against the access rules that have been programmed into the system by the network administrator. The firewall prevents unauthorized communication into and out of the network. In large organizations, the firewall often resides on a specially designated computer separate from the rest of the network, so no incoming request directly accesses private network resources.
P a g e | 55 Figure 4.7 Firewall c. Intrusion Detection System In addition to firewalls, intrusion detection tools and services have been provided by commercial security vendors now to protect against suspicious network traffic and attempts to access files and databases. Intrusion detection systems feature full-time monitoring tools placed at the most vulnerable points or “hot spots” of corporate networks to detect and deter intruders continually. Scanning software looks for patterns indicative of known methods of computer attacks, such as bad passwords, checks to see if important files have been removed or modified, and sends warnings of vandalism or system administration errors. Monitoring software examines events as they are happening to discover security attacks in progress.
P a g e | 56 Figure 4.8 Intrusion Detection System d. Antivirus and antispyware software Anti-malware protection must be included for every computer as a defensive technology plans for both individuals and businesses. Antivirus software including computer viruses, computer worms, Trojan horses, spyware, and adware can prevents, detects, and removes malware. However, most antivirus software is effective only against malware already known when the software was written. To remain effective, the antivirus software must be continually updated.
P a g e | 57 Figure 4.9 Antivirus Software e. Unified Threat Management System To help businesses reduce costs and improve manageability, various security tools, including firewalls, virtual private networks, intrusion detection systems, and Web content filtering and antispam software have been combined by security vendors into a single appliance. These comprehensive security management products are called unified threat management (UTM) systems for example networking vendors such as Cisco. Figure 4.10 UTM systems provide multiple forms of protection to multiple types of devices on business networks
P a g e | 58 Tutorial 4 1. What are malicious software and list down types of malicious software. 2. Explain the following computer crimes: i. Hackers ii. Spoofing and sniffing iii. Denial of service attack iv. Identity theft v. Click fraud vi. Cyber terrorism and cyber warfare 3. Describe the following information system controls i. General controls ii. Application controls 4. Explain the following information resources control i. Authentication ii. Firewall iii. Intrusion Detection System
P a g e | 59 References Laudon, K. C., & Laudon, J. P. (2018). Management Information Systems (Managing the Digital Firm) 15th Edition. Pearson Education Limited. Bourgeois, D. T. (2014). Information Systems for Business and Beyond. Saylor Academy. [Photograph of Computer Central Processing Unit CPU also called Processor]. (2022). https://greatmike.com/computer-input-processing-output-and-storage/ [Photograph of Input Devices].Retrieved July 2, 2022 from https://www.computerscience.gcse.guru/theory/input-devices [Photograph of Input Devices]. Retrieved July 2, 2022 from https://spencetecuk.com/2017/05/05/multimedia-optical-input-devices/ [Photograph of Printers]. Retrieved July 3, 2022 from https://www.javatpoint.com/printers [Photograph of Output Devices].Retrieved July 3, 2022 from https://www.computerscience.gcse.guru/theory/output-devices [Photograph of Types of Networks]. Retrieved July 4, 2022 from https://www.studytonight.com/computer-networks/types-of-networks [Photograph of networking]. Retrieved July 4, 2022 from https://www.ibm.com/myen/cloud/learn/networking-a-complete-guide [Photograph of Secondary memory]. Retrieved July 3, 2022 from https://www.thecrazyprogrammer.com/2021/08/types-of-secondary-memory.html [Photograph of Cloud Computing]. Retrieved July 4, 2022 from https://www.mbaskool.com/business-concepts/it-and-systems/7250-cloudcomputing.html [Photograph of Cloud Computing]. Retrieved July 4, 2022 from https://www.javatpoint.com/introduction-to-cloud-computing [Photograph of Open Source Software]. Retrieved July 3, 2022 from https://medium.com/@jbp_5214/open-source-software-advantages-anddisadvantages-72ccbce943b [Photograph of Application Software]. Retrieved July 3, 2022 from https://sciencerack.com/types-of-application-software/ [Photograph of Application Software]. Retrieved July 3, 2022 from https://turbofuture.com/computers/Three-Categories-of-Application-Software [Photograph of Campus Area Network]. Retrieved July 4, 2022 from https://digitalthinkerhelp.com/what-is-campus-area-network-can-definitionadvantages-disadvantages/
P a g e | 60 [Photograph of Software Defined Network]. Retrieved July 4, 2022 from https://ukdiss.com/examples/software-defined-network-development.php [Photograph of Antivirus Software]. Retrieved July 5, 2022 from https://expertinsights.com/insights/top-10-antivirus-software-for-small-businesses/ [Photograph of Unified Threat Management System]. Retrieved July 5, 2022 from https://study.com/academy/lesson/what-is-unified-threat-management-utm.html [Photograph of Unified Threat Management System]. Retrieved July 5, 2022 from https://fallbackstatus.com/managing-multi-function-security-products/ [Photograph of Basic Authentication]. Retrieved July 5, 2022 from https://www.wallarm.com/what/what-is-basic-authentication-all-you-need-to-know [Photograph of Authentication]. Retrieved July 5, 2022 from https://www.cloudflare.com/learning/access-management/what-is-authentication/ [Photograph of Biometric Authentication]. Retrieved July 5, 2022 from https://www.spiceworks.com/it-security/identity-access-management/articles/whatis-biometric-authentication-definition-benefits-tools/ [Photograph of Denial of Service Attack]. Retrieved July 5, 2022 from https://developer.okta.com/books/api-security/dos/what/ [Photograph of Spoofing and Sniffing]. Retrieved July 5, 2022 from https://www.cyberpratibha.com/blog/category/ethical-hacking-tutorial/module-11- spoofing-and-sniffing/ [Photograph of Spoofing]. Retrieved July 5, 2022 from https://www.imperva.com/learn/application-security/dns-spoofing/ [Photograph of Sniffing]. Retrieved July 5, 2022 from https://www.enterpriseitworld.com/no-more-http-only-access-if-you-see-a-padlockhttps/ [Photograph of Sniffing]. Retrieved July 5, 2022 from https://sundaytimesmauritius.com/sniffing-and-man-in-the-middle-attacks/
P a g e | 61