Sheet Chapter 78101 As system

subject Type Homework Help
subject Pages 6
subject Words 1608
subject School University of california
subject Course Accounting Information Systems

Unlock document.

This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
Chapter 7,8,10
1. As system complexity and our dependence on them increase, companies face the growing risk
of their systems being compromised. What are the threats a company faces? Or what are the
threats to AIS?
Threats to AIS
Examples
Natural and
political disasters
fire or excessive heat
floods
earthquakes
high winds
war
Software errors and
equipment
malfunctions
hardware failures
power outages and fluctuations
undetected data transmission errors
Unintentional acts
accidents caused by human carelessness
innocent errors of omissions
lost or misplaced data
logic errors
systems that do not meet company needs
Intentional acts
sabotage
computer fraud
embezzlement
2. Compare preventive, detective and corrective control techniques with example.
Type of control
Examples
Preventive
● People
Creation of a “security-aware” culture
Training
● Processes: User access controls (authentication and authorization)
● IT solutions
Anti-malware
Network access controls (firewalls, intrusion prevention
systems, etc.)
Device and software hardening (configuration controls)
Encryption
● Physical security: access controls (locks, guards, etc.)
Detective
● Log analysis
● Intrusion detection systems
● Penetration testing
● Continuous monitoring
Corrective
● Computer incident response teams (CIRT)
● Chief information security officer (CISO)
● Patch management
page-pf2
3. Describe the interrelated components of COSO’s internal control model.
Committee of Sponsoring Organizations (COSO) - a private sector group consisting of the
American accounting association, the AICPA, the Institute of Internal auditors, the Institute of
Management accountants, and the financial Executives Institute.
Committee of Sponsoring Organizations(COSO’s) internal control model has five crucial
components:
a) Control environment: This is the foundation for all other components of internal control.
The core of any business is its peopletheir individual attributes, including integrity,
discipline, ethical values, and competence and the environment in which they operate.
They are the engine that drives the organization and the foundation on which everything
rests.
b) Risk assessment: The organization must identify, analyze, and manage its risks. Managing
risk is a dynamic process. Management must consider changes in the external environment
and within the business that may be obstacles to its objectives.
c) Control activities: Control policies and procedures help ensure that the actions identified
by management to address risks and achieve the organization’s objectives are effectively
carried out. Control activities are performed at all levels and at various stages within the
business process and over technology.
page-pf3
page-pf4
page-pf5
page-pf6

Trusted by Thousands of
Students

Here are what students say about us.

Copyright ©2022 All rights reserved. | CoursePaper is not sponsored or endorsed by any college or university.