MGAD30H3 Lecture Notes - Electronic Data Interchange, Public-Key Cryptography, Public Key Certificate

603 views4 pages
Published on 9 Jul 2013
School
Course
Professor
Chapter 3 Security Part I Auditing
Operating Systems and Networks
Overview
Principal threats to the OS and control techniques
Risks over intranet and internet
Risks associated with personal computing systems
Risks that arise in connection with EDI
Auditing Operating systems
Computer’s control program
Allows users to share and access common computer resources (i.e. processors,
databases)
Operating system objectives
3 main tasks: translate computer language, allocate computer resources, manages
tasks of scheduling
Jobs are sent to computer through: system operator, batch-job queues, and
telecommunications
5 control objectives: protect from users, users to each other, users to themselves,
itself, and environment
Operating system security
Log-on procedure: requests for user ID and password
Access Token: contains information about user, user ID, password, and access
privileges
Access Control list: database of who has access to what
Central system admin determines who has access. In distributed systems, end users
manage themselves
Threats to operating system integrity
3 threats: privileged personnel who abuse their authority, those who seek to exploit
security flaws, those who intentionally insert destructive programs into operating
systems
Operating System controls and audit tests
o Audit objectives: verify that access privileges are granted in a manner that is
consistent with separating incompatible functions and in accordance with
organization’s policy
o Audit procedures: review org policies for separation, match job descriptions
to access, review if there was a security check on employees, permitted log-
on times
Unlock document

This preview shows page 1 of the document.
Unlock all 4 pages and 3 million more documents.

Already have an account? Log in

Document Summary

Chapter 3 security part i auditing. Principal threats to the os and control techniques. Risks that arise in connection with edi. Allows users to share and access common computer resources (i. e. processors, databases) 3 main tasks: translate computer language, allocate computer resources, manages tasks of scheduling. Jobs are sent to computer through: system operator, batch-job queues, and telecommunications. 5 control objectives: protect from users, users to each other, users to themselves, itself, and environment. Log-on procedure: requests for user id and password. Access token: contains information about user, user id, password, and access privileges. Access control list: database of who has access to what. Central system admin determines who has access. 3 threats: privileged personnel who abuse their authority, those who seek to exploit security flaws, those who intentionally insert destructive programs into operating systems. Contra security to passwords: forgetting, failing to change, post-it syndrome, simple passwords. System audit trails are logs that record activity.

Get OneClass Grade+

Unlimited access to all notes and study guides.

YearlyMost Popular
75% OFF
$9.98/m
Monthly
$39.98/m
Single doc
$39.98

or

You will be charged $119.76 upfront and auto renewed at the end of each cycle. You may cancel anytime under Payment Settings. For more information, see our Terms and Privacy.
Payments are encrypted using 256-bit SSL. Powered by Stripe.