Textbook Notes (363,135)
Canada (158,215)
Administration (1,246)
ADM4346 (10)
Chapter 8

Chapter #8.docx

7 Pages
Unlock Document

University of Ottawa
Sheldon Weatherstone

Chapter 8: Information Systems Controls for System Reliability— Part 1: Information Security AIS Controls • COSO and COSO-ERM address general internal control • COBIT addresses information technology internal control Information for Management Should Be: • Effectiveness o Information must be relevant and timely. • Efficiency o Information must be produced in a cost-effective manner. • Confidentiality o Sensitive information must be protected from unauthorized disclosure. • Integrity o Information must be accurate, complete, and valid. • Availability o Information must be available whenever needed. • Compliance o Controls must ensure compliance with internal policies and with external legal and regulatory requirements. • Reliability o Management must have access to appropriate information needed to conduct daily activities and to exercise its fiduciary and governance responsibilities. COBIT Framework • Plan & organize  Acquire & Implement  Deliver & Support  Monitor & Evaluate COBIT Cycle • Management develops plans to organize information resources to provide the information it needs. • Management authorizes and oversees efforts to acquire (or build internally) the desired functionality. • Management ensures that the resulting system actually delivers the desired information. • Management monitors and evaluates system performance against the established criteria. • Cycle constantly repeats, as management modifies existing plans and procedures or develops new ones to respond to changes in business objectives and new developments in information technology. COBIT Controls • 210 controls for ensuring information integrity o Subset is relevant for external auditors  IT control objectives for Sarbanes-Oxley, 2nd Edition • AICPA and CICA information systems controls o Controls for system and financial statement reliability Trust Services Framework • Security o Access to the system and its data is controlled and restricted to legitimate users. • Confidentiality o Sensitive organizational information (e.g., marketing plans, trade secrets) is protected from unauthorized disclosure. • Privacy o Personal information about customers is collected, used, disclosed, and maintained only in compliance with internal policies and external regulatory requirements and is protected from unauthorized disclosure. • Processing Integrity o Data are processed accurately, completely, in a timely manner, and only with proper authorization. • Availability o The system and its information are available to meet operational and contractual obligations. Security / Systems Reliability • Foundation of the Trust Services Framework o Management issue, not a technology issue  SOX 302 states: • CEO and the CFO responsible to certify that the financial statements fairly present the results of the company’s activities. • The accuracy of an organization’s financial statements depends upon the reliability of its information systems. • Defense-in-depth and the time-based model of information security o Have multiple layers of control Management’s Role in IS Security • Create security aware culture • Inventory and value company information resources • Assess risk, select risk response • Develop and communicate security: o Plans, policies, and procedures • Acquire and deploy IT security r
More Less

Related notes for ADM4346

Log In


Don't have an account?

Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.