ITEC 3010 Lecture Notes - Access Control List, Security Controls, Transport Layer Security

Three conditions are present in fraud cases: personal pressure, such as desire to maintain extravagant lifestyle, rationalizations, including i will repay this money or i have this coming , opportunity, such as unverified cash receipts. Control of fraud requires both manual procedures and computer integrity controls. Security controls protect assets of organization from all threats: external threats such as hackers, viruses, worms, and message overload attacks. Security control objectives: maintain stable, functioning operating environment for users and, protect information and transactions during transmission outside application systems (24 x 7) organization (public carriers) Used to control access to any resource managed by operating system or network. User categories: unauthorized user no authorization to access, registered user authorized to access system, privileged user authorized to administrate system. Organized so that all resources can be accessed with same unique id/password characteristics. Data and files themselves must be secure. Encryption primary security method: altering data so unauthorized users cannot view.