C
HAPTER 8
Information Systems Controls
for System Reliability
Part 2: Confidentiality, Privacy,
Processing Integrity, and
INTRODUCTION
• Questions to be addressed in this chapter
include:
– What controls are used to protect the confidentiality of
sensitive information?
– What controls are designed to protect privacy of
customers’ personal information?
– What controls ensure processing integrity?
INTRODUCTION
• Reliable systems satisfy
five principles:
– Information Security
(discussed in Chapter 7)
– Confidentiality
– Privacy
CONFIDENTIALITY
Reliable systems
CONFIDENTIALITY
• Maintaining confidentiality requires that
management identify which information is
sensitive.
• Each organization will develop its own definitions
of what information needs to be protected.
• Most definitions will include:
– Business plans
– Pricing strategies
– Client and customer lists
– Legal documents
CONFIDENTIALITY
Table 8-1 in your textbook summaries key
controls to protect confidentiality of information:
Situation
Controls
Storage
Encryption and access controls
Transmission
Encryption
Disposal
Shredding, thorough erasure, physical
destruction
Overall
Categorization to reflect value and training
CONFIDENTIALITY
• Encryption is a fundamental control procedure
for protecting the confidentiality of sensitive
information.
• Confidential information should be encrypted:
– While stored
CONFIDENTIALITY
• The Internet provides inexpensive transmission,
but data is easily intercepted.
• Encryption solves the interception issue.
• If data is encrypted before sending it, a
virtual
private network (VPN)
is created.
– Provides the functionality of a privately owned
network
CONFIDENTIALITY
• Use of VPN software creates private
communication channels, often referred to as
tunnels
.
– The tunnels are accessible only to parties who have
the appropriate encryption and decryption keys.
– Cost of the VPN software is much less than costs of
leasing or buying a privately-owned, secure
communications network.
– Also, makes it much easier to add or remove sites
from the “network.”
• In accordance with COBIT DS 5.11, VPNs include
CONFIDENTIALITY
• It is critical to encrypt any sensitive information
stored in devices that are easily lost or stolen,
such as laptops, PDAs, cell phones, and other
portable devices.
– Many organizations have policies against storing
sensitive information on these devices.
CONFIDENTIALITY
• Encryption alone is not sufficient to protect
confidentiality. Given enough time, many encryption
schemes can be broken.
• Access controls are also needed:
– To prevent unauthorized parties from obtaining the encrypted data; and
– Because not all confidential information can be encrypted in storage.
• Strong authentication techniques are necessary.
• Strong authorization controls should be used to limit the
actions (read, write, change, delete, copy, etc.) that
CONFIDENTIALITY
• Access to system outputs should also be controlled:
– Do not allow visitors to roam through buildings unsupervised. – Require employees to log out of any application before leaving
their workstation unattended, so other employees do not have unauthorized access.
– Workstations should use password-protected screen savers that automatically engage when there is no activity for a specified period.
– Access should be restricted to rooms housing printers and fax machines.
CONFIDENTIALITY
• It is especially important to control
disposal
of information resources.
• Printed reports and microfilm with
sensitive information should be shredded.
• COBIT control objective DS 11.4 addresses the need to define and implement procedures
CONFIDENTIALITY
• Special procedures are needed for information stored on
magnet and optical media.
– Using built-in operating system commands to delete the
information does not truly delete it, and utility programs will often be able to recover these files.
– De-fragmenting a disk may actually create multiple copies of a “deleted” document.
– Consequently, special software should be used to “wipe” the media clean by repeatedly overwriting the disk with random patterns of data (sometimes referred to as “shredding” a disk). – Magnetic disks and tapes can be run through devices to
demagnetize them.
CONFIDENTIALITY
• Controls to protect confidentiality must be
continuously reviewed and modified to respond
to new threats created by technological
advances.
• Many organizations now prohibit visitors from
using cell phones while touring their facilities
because of the threat caused by cameras in
these phones.
CONFIDENTIALITY
• Phone conversations have also been affected by
technology.
• The use of voice-over-the-Internet (VoIP)
technology means that phone conversations are
routed in packets over the Internet.
– Because this technology makes wiretapping much
CONFIDENTIALITY
• Employee use of email and instant messaging
(IM) probably represents two of the greatest
threats to the confidentiality of sensitive
information.
– It is virtually impossible to control its distribution once
held by the recipient.
– Organizations need to develop comprehensive
policies governing the appropriate and allowable use
of these technologies for business purposes.
– Employees need to be trained on what type of
CONFIDENTIALITY
• Many organizations are taking steps to address
the confidentiality threats created by email and
IM.
– One response is to mandate encryption of all email
with sensitive information.
– Some organizations prohibit use of freeware IM
products and purchase commercial products with
security features, including encryption.
– Users sending emails must be trained to be very
careful about the identity of their addressee.
• EXAMPLE: The organization may have two employees
PRIVACY
• In the Trust Services
framework, the privacy
principle is closely related to
the confidentiality principle.
• Primary difference is that
privacy focuses on protecting
personal information about
customers rather than
organizational data.
• Key controls for privacy are
the same that were
previously listed for
PRIVACY
• C
OBI
T section DS 11 addresses the
management of data and specifies the need to
comply with regulatory requirements.
• A number of regulations, including the Health
Insurance Portability and Accountability Act
(HIPAA) and the Financial Services
PRIVACY
• The Trust Services privacy framework of the AICPA and
CICA lists ten internationally recognized best practices
for protecting the privacy of customers’ personal
information:
– Management
• The organization establishes a set of procedures and policies for protecting privacy of personal information it collects.
PRIVACY
• The Trust Services privacy framework of the AICPA and
CICA lists ten internationally recognized best practices
for protecting the privacy of customers’ personal
information:
– Management
– Notice
PRIVACY
• The Trust Services privacy framework of the AICPA and
CICA lists ten internationally recognized best practices
for protecting the privacy of customers’ personal
information:
– Management – Notice
– Choice and consent
• Describes the choices available to individuals and obtains their consent to the collection and use of their
personal information.
• Choices may differ across countries. – United States—The default is “opt
out,” i.e., organizations can collect personal information about
customers unless the customer explicitly objects.
– Europe—The default is “opt in,” i.e., they can’t collect the
information unless customers explicitly give them permission. • Collection
PRIVACY
• The Trust Services privacy framework of the AICPA and
CICA lists ten internationally recognized best practices
for protecting the privacy of customers’ personal
information:
– Management – Notice
– Choice and consent
– Collection
• The organization collects only that information needed to fulfill the
PRIVACY
• The Trust Services privacy framework of the AICPA and
CICA lists ten internationally recognized best practices
for protecting the privacy of customers’ personal
information:
– Management – Notice
– Choice and consent – Collection
– Use and retention
PRIVACY
• The Trust Services privacy framework of the AICPA and
CICA lists ten internationally recognized best practices
for protecting the privacy of customers’ personal
information:
– Management – Notice
– Choice and consent – Collection
– Use and retention
– Access • The organization provides individuals with the ability to access, review,
PRIVACY
• The Trust Services privacy framework of the AICPA and
CICA lists ten internationally recognized best practices
for protecting the privacy of customers’ personal
information:
– Management – Notice
– Choice and consent – Collection
– Use and retention – Access
– Disclosure to Third Parties
• The organization discloses customers’ personal information to third parties only per stated policy and only to third parties who provide equivalent
PRIVACY
• The Trust Services privacy framework of the AICPA and
CICA lists ten internationally recognized best practices
for protecting the privacy of customers’ personal
information:
– Management – Notice
– Choice and consent – Collection
– Use and retention – Access
– Disclosure to Third Parties
– Security
• The organization takes reasonable steps to protect customers’ personal information from loss or unauthorized disclosure.
• Issues that are sometimes overlooked: – Disposal of computer equipment
• Should follow the suggestions presented on section regarding protection of confidentiality.
• If you send emails to a list of recipients, each recipient typically knows who the other recipients are.
• If the email regards a private issue, e.g., perhaps it pertains to their AIDS treatment, then the privacy of all recipients has
been violated.
• One remedy might be to address the recipients on the “bcc” line of the email, rather than as original addresses.
– Release of electronic documents.
PRIVACY
• The Trust Services privacy framework of the AICPA and CICA
lists ten internationally recognized best practices for
protecting the privacy of customers’ personal information:
– Management– Notice
– Choice and consent – Collection
– Use and retention – Access
– Disclosure to Third Parties
PRIVACY
• The Trust Services privacy framework of the AICPA and CICA
lists ten internationally recognized best practices for protecting
the privacy of customers’ personal information:
– Management – Notice
– Choice and consent – Collection
– Use and retention – Access
– Disclosure to Third Parties – Security
– Quality
• The organization assigns one or more employees to be responsible for
assuring and verifying compliance with its stated policies.
• Also provides for procedures to respond to customer complaints, including third-party
PRIVACY
• As with confidentiality, encryption and access
controls are the two basic mechanisms for
protecting consumers’ personal information.
– It is common practice to use SSL to encrypt all
personal information transmitted between individuals
and the organization’s Website.
– However, SSL only protects the information in transit.
– Consequently, strong authentication controls are
PRIVACY
• Organizations should consider encrypting
customers’ personal information in
storage.
– May be economically justified, because some
state laws require companies to notify all
customers of security incidents.
– The notification process is costly but may be
waived if the information was encrypted while
in storage.
• California SB 1386 effectively requires companies to notify all their customers whenever a security incident may have led to the compromise of
PRIVACY
• Organizations need to train employees on how
to manage personal information collected from
customers.
– Especially important for medical and financial
information.
– Intentional misuse or unauthorized disclosure can
have serious economic consequences, including:
• Drop in stock price • Significant lawsuits
PRIVACY
• One topic of concern is cookies used on Web
sites.
– A cookie is a text file created by a Website and stored
on a visitor’s hard drive. It records what the visitor has
done on the site.
– Most Websites create multiple cookies per visit to
make it easier for visitors to navigate the site.
– Browsers can be configured to refuse cookies, but it
may make the Website inaccessible.
PRIVACY
• Another privacy-related issue that is of growing
concern is identity theft.
PRIVACY
• Steps that individuals can take to minimize the risk of
becoming a victim of identity theft include:
– Shred all documents that contain personal information,
especially unsolicited credit card offers. Cross-cut shredders are more effective.
– Never send personally identifying information in unencrypted email.
– Beware of email, phone, and print requests to “verify” personal information that the requesting party should already possess.
• Credit card companies won’t ask for your security code. • The IRS won’t email you for identifying information in
PRIVACY
– Do not carry your social security card with you or comply
with requests to reveal the last 4 digits.
– Limit the amount of identifying information preprinted on
checks and consider eliminating it.
– Do not place outgoing mail with checks or personal
information in your mailbox for pickup.
– Don’t carry more than a few blank checks with you.
– Use special software to thoroughly clean any digital media
before disposal, or physically destroy the media. It is
PRIVACY
– Monitor your credit reports regularly.
– File a police report as soon as you discover that your
purse or wallet was stolen.
– Make photocopies of driver’s licenses, passports, and
credit cards. Store them with phone numbers for all the
credit cards in a safe location to facilitate notifying
authorities if they are stolen.
PRIVACY
• A related concern involves the
overwhelming volume of spam.
– Spam is unsolicited email that contains either
advertising or offensive content.
• Reduces the efficiency benefits of email.
PRIVACY
• In 2003, the U.S. Congress passed the
Controlling the Assault of Non-Solicited
Pornography and Marketing (CAN-SPAM)
Act
.
– Provides criminal and civil penalties for violation of the
law.
– Applies to commercial email, which is any email with
a primary purpose of advertising or promotion.
PRIVACY
• Consequently, organizations must carefully follow the
CAN-SPAM guidelines, which include:
PRIVACY
• Consequently, organizations must carefully follow the
CAN-SPAM guidelines, which include:
– The sender’s identity must be clearly displayed in the message header.
PRIVACY
• Consequently, organizations must carefully follow the
CAN-SPAM guidelines, which include:
– The sender’s identity must be clearly displayed in the message header.
– The subject field in the header must clearly identify the message as an advertisement or solicitation.
– The body must provide recipients with a working link that can be used to “opt out” of future email.
• Organizations have 10 days after receipt of an “opt out” request to ensure they do not send additional
PRIVACY
• Consequently, organizations must carefully follow the
CAN-SPAM guidelines, which include:
– The sender’s identity must be clearly displayed in the message header.
– The subject field in the header must clearly identify the message as an advertisement or solicitation.
– The body must provide recipients with a working link that can be used to “opt out” of future email.
– The body must include the sender’s valid postal address.
PRIVACY
• Consequently, organizations must carefully follow the
CAN-SPAM guidelines, which include:
– The sender’s identity must be clearly displayed in the message header.
– The subject field in the header must clearly identify the message as an advertisement or solicitation.
– The body must provide recipients with a working link that can be used to “opt out” of future email.
– The body must include the sender’s valid postal address.
– Organizations should not:
PROCESSING INTEGRITY
• C
OBI
T
control objective
DS 11.1 addresses the
need for controls over the
input, processing, and
output of data.
• Identifies six categories of
controls that can be used
to satisfy that objective.
• Six categories are grouped
into three for discussion.
PROCESSING INTEGRITY
• Three categories/groups of integrity
controls are designed to meet the
preceding objectives:
– Input controls
PROCESSING INTEGRITY
• Three categories of integrity controls are
designed to meet the preceding
objectives:
–
Input Controls
PROCESSING INTEGRITY
•
Input Controls
– If the data entered into a system is inaccurate or
incomplete, the output will be, too. (Garbage in
garbage out.)
PROCESSING INTEGRITY
• The following input controls regulate integrity of
input:
–
Forms design
• Source documents and other forms should be
PROCESSING INTEGRITY
• The following input controls regulate integrity of
input:
– Forms design
• Pre-numbered forms sequence test
• Pre-numbering helps verify that no items are missing.
• When sequentially pre-numbered input
PROCESSING INTEGRITY
• The following input controls regulate integrity of
input:
– Forms design
– Pre-numbered forms sequence test
• Turnaround documents
• Documents sent to external parties that are prepared in machine-readable form to facilitate their
subsequent processing as input records.
• Example: the stub that is returned by a customer when paying a utility bill.
PROCESSING INTEGRITY
• The following input controls regulate integrity of
input:
– Forms design
• Pre-numbered forms sequence test • Turnaround documents
–
Cancellation and storage of documents
• Documents that have been entered should be canceled
– Paper documents are stamped “paid” or otherwise defaced
– A flag field is set on electronic documents. • Canceling documents does not mean destroying
documents.
PROCESSING INTEGRITY
• The following input controls regulate integrity of
input:
– Forms design
• Pre-numbered forms sequence test • Turnaround documents
– Cancellation and storage of documents
–
Authorization and segregation of duties
• Source documents should be prepared only by authorized personnel acting within their authority. • Employees who authorize documents should not be
PROCESSING INTEGRITY
• The following input controls regulate integrity of
input:
– Forms design
– Pre-numbered forms sequence test
– Turnaround documents
– Cancellation and storage of documents
– Authorization and segregation of duties
–
Visual scanning
PROCESSING INTEGRITY
• The following input controls regulate integrity of
input:
– Forms design
– Pre-numbered forms sequence test
– Turnaround documents
– Cancellation and storage of documents
– Authorization and segregation of duties
– Visual scanning
– Check digit verification
PROCESSING INTEGRITY
• Five categories of integrity controls are
designed to meet the preceding
objectives:
– Input controls
•
Data entry controls
PROCESSING INTEGRITY
• Once data is collected, data entry control procedures are
needed to ensure that it’s entered correctly. Common
tests to validate input include:
– Field check
• Determines if the characters in a field are of the proper type.
PROCESSING INTEGRITY
• Once data is collected, data entry control procedures are
needed to ensure that it’s entered correctly. Common
tests to validate input include:
– Field check
– Sign check
• Determines if the data in a field have the appropriate arithmetic sign.
PROCESSING INTEGRITY
• Once data is collected, data entry control procedures are
needed to ensure that it’s entered correctly. Common
tests to validate input include:
– Field check – Sign check
– Limit check
• Tests whether an amount exceeds a predetermined value.
PROCESSING INTEGRITY
• Once data is collected, data entry control procedures are
needed to ensure that it’s entered correctly. Common
tests to validate input include:
– Field check – Sign check – Limit check
– Range check
• Similar to a field check, but it checks both ends of a range.
PROCESSING INTEGRITY
• Once data is collected, data entry control procedures are
needed to ensure that it’s entered correctly. Common
tests to validate input include:
– Field check – Sign check – Limit check – Range check
– Size (or capacity) check
• Ensures that the data will fit into the assigned field. • Example: A social security number of 10 digits would
PROCESSING INTEGRITY
• Common tests to validate input include:
– Field check – Sign check – Limit check – Range check
– Size (or capacity) check
– Completeness check
PROCESSING INTEGRITY
• Once data is collected, data entry control procedures are
needed to ensure that it’s entered correctly. Common
tests to validate input include:
– Field check – Sign check – Limit check – Range check
– Size (or capacity) check – Completeness check
– Validity check
PROCESSING INTEGRITY
• Once data is collected, data entry control procedures are
needed to ensure that it’s entered correctly. Common
tests to validate input include:
– Field check – Sign check – Limit check – Range check
– Size (or capacity) check – Completeness check – Validity check
– Reasonableness test
• Determines whether a logical relationship seems to be correct.
PROCESSING INTEGRITY
• Once data is collected, data entry control procedures are
needed to ensure that it’s entered correctly. Common
tests to validate input include:
– Field check – Sign check – Limit check – Range check
– Size (or capacity) check – Completeness check – Validity check
– Reasonableness test
– Check digit verification
• An additional digit called a check digit can be
appended to account numbers, policy numbers, ID numbers, etc.
• Data entry devices then perform check digit
verification by using the original digits in the number to recalculate the check digit.
PROCESSING INTEGRITY
• The preceding tests are used for batch
processing and online real-time
processing.
• Both processing approaches also have
PROCESSING INTEGRITY
•
Additional Batch Processing Data Entry
Controls
– In addition to the preceding controls, when
using batch processing, the following data
entry controls should be incorporated.
•
Sequence check
PROCESSING INTEGRITY
•
Additional Batch Processing Data Entry
Controls
– In addition to the preceding controls, when
using batch processing, the following data
entry controls should be incorporated.
• Sequence check
•
Error log
• Records information about data input or processing errors (when they occurred, cause, when they were corrected and resubmitted).
• Errors should be investigated, corrected, and
resubmitted on a timely basis (usually with the next batch) and subjected to the same input validation routines.
• The log should be reviewed periodically to ensure that all errors have been corrected and then used to prepare an error report, summarizing errors by
PROCESSING INTEGRITY
•
Additional Batch Processing Data Entry
Controls
– In addition to the preceding controls, when
using batch processing, the following data
entry controls should be incorporated.
• Sequence check
• Error log
•
Batch totals
• Summarize key values for a batch of input records. Commonly used batch totals include:
– Financial totals—sums of fields that contain dollar values, such as total sales.
– Hash totals—sums of nonfinancial fields, such as the sum of all social security numbers of
employees being paid.
– Record count—count of the number of records in a batch.
PROCESSING INTEGRITY
•
Additional online data entry controls
– Online processing data entry controls include:
•
Automatic entry of data
• Whenever possible, the system should automatically enter transaction data, such as next available
PROCESSING INTEGRITY
•
Additional online data entry controls
– Online processing data entry controls include:
• Automatic entry of data
•
Prompting
PROCESSING INTEGRITY
•
Additional online data entry controls
– Online processing data entry controls include:
• Automatic entry of data
• Prompting
•
Pre-formatting
PROCESSING INTEGRITY
•
Additional online data entry controls
– Online processing data entry controls include:
• Automatic entry of data
• Prompting
• Pre-formatting
•
Closed-loop verification
• Checks accuracy of input data by retrieving related information.
PROCESSING INTEGRITY
•
Additional online data entry controls
– Online processing data entry controls include:
• Automatic entry of data
• Prompting
• Pre-formatting
• Closed-loop verification
•
Transaction logs
• Maintains a detailed record of all transaction data, including:
– A unique transaction identifier – Date and time of entry
– Terminal from which entry is made – Transmission line
– Operator identification
– Sequence in which transaction is entered • The log can be used to reconstruct a file that is
PROCESSING INTEGRITY
•
Additional online data entry controls
– Online processing data entry controls include:
• Automatic entry of data
• Prompting
• Pre-formatting
• Closed-loop verification
• Transaction logs
•
Error messages
PROCESSING INTEGRITY
• Three categories of integrity controls are
designed to meet the preceding
objectives:
– input controls
PROCESSING INTEGRITY
•
Processing Controls
– Processing controls to ensure that data is
processed correctly include:
•
Data matching
• Two or more items must match before processing can proceed.
PROCESSING INTEGRITY
•
Processing Controls
– Processing controls to ensure that data is
processed correctly include:
• Data matching
•
File labels
• External labels should be checked visually to ensure the correct and most current files are being updated.
• There are also two important types of internal labels to be checked. – The header record, located at the beginning of each file, contains
PROCESSING INTEGRITY
•
Processing Controls
– Processing controls to ensure that data is
processed correctly include:
• Data matching
• File labels
•
Recalculation of batch totals
• Batch totals should be recomputed as processing takes place.
• These totals should be compared to the totals in the trailer record. • Discrepancies indicate processing errors, such as:
– If the recomputed record count is smaller than the original count, one or more records were not processed.
– If the recomputed record count is larger than the original, then additional unauthorized transactions were processed or some authorized transactions were processed twice.
PROCESSING INTEGRITY
•
Processing Controls
– Processing controls to ensure that data is
processed correctly include:
• Data matching
• File labels
• Recalculation of batch totals
•
Cross-footing balance test
PROCESSING INTEGRITY
•
Processing Controls
– Processing controls to ensure that data is
processed correctly include:
• Data matching
• File labels
• Recalculation of batch totals
• Cross-footing balance test
•
Write-protection mechanisms
PROCESSING INTEGRITY
•
Processing Controls
– Processing controls to ensure that data is
processed correctly include:
• Data matching
• File labels
• Recalculation of batch totals
• Cross-footing balance test
• Write-protection mechanisms
•
RFID security
• Many businesses are replacing bar codes and manual tags with radio frequency identification (RFID) tags that can store up to 128 bytes of data. • These tags should be write-protected so that
PROCESSING INTEGRITY
•
Processing Controls
– Processing controls to ensure that data is
processed correctly include:
• Data matching
• File labels
• Recalculation of batch totals
• Cross-footing balance test
• Write-protection mechanisms
•
Database processing integrity procedures
• Database systems use database administrators, data dictionaries, and concurrent update controls to
ensure processing integrity.
• The administrator establishes and enforces
procedures for accessing and updating the database. • The data dictionary ensures that data items are
defined and used consistently.
• Concurrent update controls protect records from being updated by two users simultaneously.
PROCESSING INTEGRITY
• Three categories of integrity controls are
designed to meet the preceding
objectives:
– Input controls
PROCESSING INTEGRITY
•
Output Controls
– Careful checking of system output
provides additional control over
processing integrity.
– Output controls include:
•
User review of output
PROCESSING INTEGRITY
•
Output Controls
– Careful checking of system output
provides additional control over
processing integrity.
– Output controls include:
• User review of output
•
Reconciliation procedures
• Periodically, all transactions and other system updates should be reconciled to control reports, file
status/update reports, or other control mechanisms. • Control accounts should also be reconciled to
PROCESSING INTEGRITY
•
Output Controls
– Careful checking of system output
provides additional control over
processing integrity.
– Output controls include:
• User review of output
• Reconciliation procedures
•
External data reconciliation
• Database totals should periodically be reconciled with data maintained outside the system.
PROCESSING INTEGRITY
•
Output Controls
– In addition to using encryption to protect the confidentiality of information being transmitted, organizations need controls to minimize the risk of data transmission errors.
– When the receiving unit detects a data transmission error, it asks the sending unit to re-send. Usually done automatically.
– Sometimes, the system may not be able to accomplish
automatic resubmission and will ask the sender to re-transmit the data.
– Two basic types of data transmission controls: • Parity checking
PROCESSING INTEGRITY
•
Output Controls
– In addition to using encryption to protect the confidentiality of information being transmitted, organizations need controls to minimize the risk of data transmission errors.
– When the receiving unit detects a data transmission error, it asks the sending unit to re-send. Usually done automatically.
– Sometimes, the system may not be able to accomplish
automatic resubmission and will ask the sender to re-transmit the data.
– Two basic types of data transmission controls:
• Parity checking
PROCESSING INTEGRITY
•
Parity checking
– Computers represent characters as a set of binary
digits (bits).
– For example, “5” is represented by the seven-bit
pattern 0000101.
– When data are transmitted some bits may be lost or
received incorrectly.
– Two basic schemes to detect these events are
referred to as even parity and odd parity.
PROCESSING INTEGRITY
– In even parity, the parity bit is set so that each character has an even number of bits with the value 1.
– In odd parity, the objective is that an odd number of bits should have the value 1.
– The pattern for 5 is 0000101. This pattern has two bits (an even number) with a value of 1. Therefore, the parity bit that is added would be zero if we were using even parity and 1 if we were
using odd parity.
– The receiving device performs parity checking to verify that the proper number of bits set to one in each character received. – Additional accuracy can be achieved with more complex parity
PROCESSING INTEGRITY
•
Output Controls
– In addition to using encryption to protect the confidentiality of information being transmitted, organizations need controls to minimize the risk of data transmission errors.
– When the receiving unit detects a data transmission error, it asks the sending unit to re-send. Usually done automatically.
– Sometimes, the system may not be able to accomplish
automatic resubmission and will ask the sender to re-transmit the data.
– Two basic types of data transmission controls: • Parity checking
PROCESSING INTEGRITY
•
Message Acknowledgment Techniques
– A number of message acknowledgment
techniques can be used to let the sender of
an electronic message know that a message
was received:
•
Echo check
• When data are transmitted, the system calculates a summary statistic such as the number of bits in the message.
• The receiving unit performs the same calculation (an “echo check”) and sends the result to the sending unit. • If the counts match, the transmission is presumed
PROCESSING INTEGRITY
•
Message Acknowledgment Techniques
– A number of message acknowledgment
techniques can be used to let the sender of
an electronic message know that a message
was received:
• Echo check
•
Trailer record
PROCESSING INTEGRITY
•
Message Acknowledgment Techniques
– A number of message acknowledgment
techniques can be used to let the sender of
an electronic message know that a message
was received:
• Echo check
• Trailer record
•
Numbered batches
AVAILABILITY
• Reliable systems are available
for use whenever needed.
• Threats to system availability
originate from many sources,
including:
– Hardware and software failures – Natural and man-made disasters – Human error
– Worms and viruses
AVAILABILITY
• Proper controls can minimize the risk of
significant system downtime caused by the
preceding threats.
• It is impossible to totally eliminate all
threats.
AVAILABILITY
•
Minimizing Risk of System Downtime
– Loss of system availability can cause
significant financial losses, especially if the
system affected is essential to e-commerce.
– Organizations can take a variety of steps to
minimize the risk of system downtime.
• Physical and logical access controls (Chapter 7)
can reduce the risk of successful denial-of-service
attacks.
AVAILABILITY
– COBIT control objective DS 13.5 identifies the
need for preventive maintenance. Examples:
• Cleaning disk drivers
• Properly storing magnetic and optical media
– Use of redundant components can provide
fault tolerance
, which enables the system to
continue functioning despite failure of a
component. Examples of redundant
components:
• Dual processors
• Arrays of multiple hard drives.
AVAILABILITY
• C
OBI
T control objectives DS 12.1 and 12.4
address the importance of
proper location and
design of rooms housing mission-critical servers
and databases.
– Raised floors protect from flood damage.
– Fire protection and suppression devices reduce
likelihood of fire damage.
– Adequate air conditioning reduces likelihood of
damage from over-heating or humidity.
AVAILABILITY
– An
uninterruptible power supply (UPS)
AVAILABILITY
• Training is especially important.
– Well-trained operators are less likely to make
mistakes and more able to recover if they do.
– Security awareness training, particularly concerning
safe email and Web-browsing practices, can reduce
risk of virus and worm infection.
• Anti-virus software should be installed, run, and
kept current.
• Email should be scanned for viruses at both the
server and desktop levels.
• Newly acquired software and disks, CDs, or
•
C
OBIT control objective DS 13.1 stresses the
importance of defining and documenting
operational procedures and ensuring that
operations staff understand their
AVAILABILITY
•
Disaster Recovery and Business
Continuity Planning
– Disaster recovery and business continuity
plans are essential if an organization hopes to
survive a major catastrophe.
– Being without an IS for even a short period of
time can be quite costly—some report as high
as half a million dollars per hour.
– Yet many large U.S. companies do not have
adequate disaster recovery and business
•
Experience suggests that companies which
experience a major disaster resulting in loss of
use of their information system for more than a
few days have a greater than 50% chance of
AVAILABILITY
• The objectives of a disaster recovery and
business continuity plan are to:
– Minimize the extent of the disruption, damage,
and loss
– Temporarily establish an alternative means of
processing information
– Resume normal operations as soon as
possible
AVAILABILITY
• Key components of effective disaster
recovery and business continuity plans
include:
– Data backup procedures
– Provisions for access to replacement
infrastructure (equipment, facilities, phone
lines, etc.)
– Thorough documentation
– Periodic testing
AVAILABILITY
• Key components of effective disaster
recovery and business continuity plans
include:
–
Data backup procedures
– Provisions for access to replacement
infrastructure (equipment, facilities, phone
lines, etc.)
AVAILABILITY
•
Data Backup Procedures
– Data need to be backed up regularly and
frequently.
– A
backup
is an exact copy of the most current
version of a database. It is intended for use in
the event of a hardware or software failure.
AVAILABILITY
• Several different backup procedures exist.
– A
full backup
is an exact copy of the data
recorded on another physical media (tape,
magnetic disk, CD, DVD, etc.)
– Restoration involves bringing the backup copy
online.
– Full backups are time consuming, so most
organizations:
AVAILABILITY
• Two types of partial backups are
possible:
–
Incremental backup
• Involves copying only the data items that have changed since the last backup.
• Produces a set of incremental backup files, each containing the results of one day’s transactions. • Restoration:
– First load the last full backup.
AVAILABILITY
• Two types of partial backups are
possible:
– Incremental backup
–
Differential backup
• All changes made since the last full backup are copied. • Each new differential backup file contains the cumulative
effects of all activity since the last full backup.
• Will normally take longer to do the backup than when incremental backup is used.
AVAILABILITY
• Incremental and differential backups are both
made daily.
– Additional intra-day backups are often made for
mission-critical databases.
– Periodically, the system makes a copy of the
database at that point in time, called a
checkpoint
,
and stores the copy on backup media.
– If a hardware or software fault interrupts processing,
the checkpoint is used to restart the system.
AVAILABILITY
• Whichever backup procedure is used,
multiple backup copies should be created:
– One can be stored on-site for use in minor
incidents.
– At least one additional copy should be stored
off-site to be safe should a disaster occur
AVAILABILITY
• The offsite copies can be transported to
remote storage physically or electronically.
– The same security controls should apply as to
original copies.
• Sensitive data should be encrypted in storage and
during transmission.
AVAILABILITY
• Backups are retained for only a fixed period of
time.
• An
archive
is a copy of a database, master file,
or software that will be retained indefinitely as an
historical record, usually to satisfy legal and
regulatory requirements.
• Multiple copies of archives should be made and
stored in different locations.
• Appropriate security controls should also be
AVAILABILITY
• Special attention should be paid to email,
because it has become an important archive of
organizational behavior and information.
• Access to email is often important when
companies are embroiled in lawsuits.
• Organizations may be tempted to adopt a policy
of periodically deleting all email to prevent a
AVAILABILITY
• Most experts advise against such policies and
recommend that organizations include email in
their backup and archive procedures because:
– There are likely to be copies of the email stored in
locations outside the organization.
– Such a policy would mean that the organization would
not be able to tell its side of the story.
AVAILABILITY
• Key components of effective disaster
recovery and business continuity plans
include:
– Data backup procedures
–
Provisions for access to replacement
infrastructure (equipment, facilities, phone
lines, etc.)
– Thorough documentation
– Periodic testing
AVAILABILITY
•
Infrastructure Replacement
– Major disasters can totally destroy an organization’s
information processing center or make it inaccessible.
– A key component of disaster recovery and business
continuity plans incorporates provisions for replacing
the necessary computing infrastructure, including:
• Computers
• Network equipment and access • Telephone lines
• Office equipment • Supplies
• How much time can the organization afford to be without its
information system? The recovery time objective (RTO) represents the time following a disaster by which the organization’s information
AVAILABILITY
• Organizations have three basic
options for replacing computer and
networking equipment.
–
Reciprocal agreements
• The least expensive approach.• The organization enters into an agreement with another organization that uses similar equipment to have temporary access to and use of their information system resources in the event of a disaster.
• Effective solutions for disasters of limited duration and magnitude, especially for small organizations.
• Not optimal in major disasters as:
AVAILABILITY
• Organizations have three basic
options for replacing computer and
networking equipment.
– Reciprocal agreements
–
Cold sites
• An empty building is purchased or leased and pre-wired for necessary telephone and Internet access.
AVAILABILITY
• Organizations have three basic
options for replacing computer and
networking equipment.
– Reciprocal agreements
– Cold sites
–
Hot sites
• Most expensive solution but used by organizations like financial
institutions and airlines which cannot survive any appreciable time without there IS.
• The hot site is a facility that is pre-wired for phone and Internet (like
the cold site) but also contains the essential computing and office equipment.
• It is a backup infrastructure designed to provide fault tolerance in the
AVAILABILITY
• Key components of effective disaster
recovery and business continuity plans
include:
– Data backup procedures
– Provisions for access to replacement
infrastructure (equipment, facilities, phone
lines, etc.)
–
Thorough documentation
AVAILABILITY
•
Documentation
– An important and often overlooked component.
Should include:
• The disaster recovery plan itself, including instructions for notifying appropriate staff and the steps to resume operation, needs to be well documented.
• Assignment of responsibility for the various activities. • Vendor documentation of hardware and software. • Documentation of modifications made to the default
configuration (so replacement will have the same functionality).
• Detailed operating instructions.
AVAILABILITY
• Key components of effective disaster
recovery and business continuity plans
include:
– Data backup procedures
– Provisions for access to replacement
infrastructure (equipment, facilities, phone
lines, etc.)
– Thorough documentation
AVAILABILITY
•
Testing
– Periodic testing and revision is probably the
most important component of effective
disaster recovery and business continuity
plans.
• Most plans fail their initial test, because it’s
impossible to anticipate everything that could go
wrong.
• The time to discover these problems is before the
actual emergency and in a setting where the
AVAILABILITY
• Plans should be tested on at least an
annual basis to ensure they reflect recent
changes in equipment and procedures.
– Important to test procedures involved in
executing reciprocal agreements or hot or
cold sites.
AVAILABILITY
• Brainstorming sessions involving mock
scenarios can be effective in identifying gaps
and shortcomings.
– More realistic and detailed simulations or drills should
also be performed, although not to the expense of
completely performing every activity.
– Experts recommend testing individual components of
the plans separately, because it is too difficult and
costly to simulate and analyze every aspect
simultaneously.
• The plan documentation needs to be updated to
reflect any changes in procedure made in
AVAILABILITY
• Key components of effective disaster
recovery and business continuity plans
include:
– Data backup procedures
– Provisions for access to replacement
infrastructure (equipment, facilities, phone
lines, etc.)
AVAILABILITY
•
Insurance
– Organizations should acquire adequate
insurance coverage to defray part or all of the
expenses associated with implementing their
disaster recovery and business continuity
CHANGE MANAGEMENT CONTROLS
• Organizations constantly modify their information
systems to reflect new business practices and to take
advantage of advances in IT.
• Controls are needed to ensure such changes don’t
negatively impact reliability.
• Existing controls related to security, confidentiality,
privacy, processing integrity, and availability should be
modified to maintain their effectiveness after the change.
• Change management controls need to ensure adequate
CHANGE MANAGEMENT CONTROLS
• Important change management controls include:
– All change requests should be documented in a
standard format that identifies:
• Nature of the change • Reason for the change • Date of the request
– All changes should be approved by appropriate levels
of management.
• Approvals should be clearly documented to provide an audit trail.
CHANGE MANAGEMENT CONTROLS
– Changes should be thoroughly tested prior to
implementation.
• Includes assessing effect of change on all five principles of systems reliability.
• Should occur in a separate, non-production environment.
– All documentation (program instructions, system
descriptions, backup and disaster recovery plans)
should be updated to reflect authorized changes to
the system.
– “Emergency” changes or deviations from policy must
be documented and subjected to a formal review and
approval process as soon after implementation as
practicable. All such actions should be logged to
• When changing systems, data from old files and databases are entered into new data structures. • Conversion controls help ensure that the new data
storage media are free of errors.
• Old and new systems should be run in parallel at least once and results compared to identify
discrepancies.