ACC 706 Study Guide - Final Guide: Forensic Accountant, Business Logic, Internal Auditor

Organization of information security: requires security to be a formal part of the organization; special attention to segregation of duties. Human resources security: proper training and careful hiring. Physical and environmental security: restricted access and proper protection. Communications and operations management: off site backups of critical data and appropriate security software. Access controls: provide primary line of defense against most intentional attacks. Best defense is layered approach to data protection: 1st layer network layer, 2nd layer domain layer, 3rd layer application layer , 4th layer database layer. Information systems acquisition, development and maintenance: maintain control over it at various stages, changes never made to active software but to copies. Information security incident management: operations carefully monitored for security incidents. Policies in place to automatically set responses in motion. Business continuity management: formal written disaster management and recovery plans. The fraud detection process involves identifying indicators of fraud that suggest a need for further investigation.