Transcript Chapter 16
Chapter 16
Controlling
Computer-Based
Information
Systems, Part II
Objectives for Chapter 16
• Risks associated with electronic commerce
conducted over intranets and the Internet and the
control techniques used to reduce these risks
• Exposures that arise in connection with electronic
data interchange (EDI) and how these exposures
can be reduced
• Exposures that threaten firms that rely on personal
computers and the controls necessary to reduce
risks in this environment
• The principal input, processing, and output controls
that are used to ensure the integrity of computer
applications
Organizational Structure
Internet
& Intranet
Operating
System
Data
Management
Internet
& Intranet
Systems
Development
EDI Trading
Partners
Systems
Maintenance
Personal Computers
Applications
Computer Center Security
General Control Framework for CBIS Risks
Organizational Structure
Internet
& Intranet
Operating
System
Data
Management
Internet
& Intranet
Systems
Development
EDI Trading
Partners
Systems
Maintenance
Personal Computers
Applications
Computer Center Security
General Control Framework for CBIS Risks
Internet and Intranet Risks
• Communications is a unique aspect of the
computer networks:
– different than processing (applications) or data
storage (databases)
• Loss, destruction, and corruption of data from
two main sources:
– subversive activities, both inside or outside the
firm
– equipment failure
Internet and Intranet Risks from
Subversive Threats
• These acts include:
– unauthorized interception of a
message
– gaining unauthorized access to an
organization’s network
– a denial-of-service attack from a
remote location
Controlling Risks from
Subversive Threats
• Firewalls - software and hardware that provide
security by channeling all network connections
through a control gateway
• Network level firewalls
–
–
–
–
low cost and low security access control
does not explicitly authenticate outside users
mainly for filtering out junk or improperly routed messages
hackers can easily penetrate the system
• Application level firewalls
– a high level of customizable network security, but can be extremely
expensive
– performs sophisticated functions such as logging or user
authentication
Dual-Homed Firewall
Controlling Risks from
Subversive Threats
• Denial-of-service (DOS) attacks
– Security software searches for connections
which have been half-open for a period of time.
• Encryption
– Computer program transforms a clear message
into a coded (cipher) text form using an
algorithm.
DOS Attack
Receiver
Sender
Step 1: SYN messages
Step 2: SYN/ACK
Step 3: ACK packet code
In a DOS Attack, the sender sends hundreds of messages, receives the
SYN/ACK packet, but does not response with an ACK packet. This leaves the
receiver with clogged transmission ports, and legitimate messages cannot be
received.
Variations of DOS Attacks
• Smurfing
– by sending pings to all members in a network to
respond to the victim’s spoofed IP address causes
the victim’s server to be flooded
• SYN flooding
– never sending the final (ACK) part of the threeway handshake causes the victim to keep sending
the second (SYN/ACK) part until times out
• Ping of death
– send an invalid packet size in the protocol packet
header ‘confuses’ the operating system
Controlling Risks from
Subversive Threats
• Encryption
– A computer program transforms a clear
message into a coded (ciphertext) form
using an algorithm.
– Encryption can be used for transmitted
data and for stored data.
Data Encryption Standard
Technique
Key
Cleartext
Message
Cleartext
Message
Encryption
Program
Encryption
Program
Key
Ciphertext
Communication
System
Ciphertext
Communication
System
Public and Private Key Encryption
Message A
Message B Message C
Multiple people
may have the public key
(e.g., subordinates).
Ciphertext
Public Key is used for
encoding messages.
Ciphertext
Ciphertext
Typically one person or
a small number of people
have the private key (e.g.,
a supervisor).
Message A
Message D
Ciphertext
Private Key is used for
decoding messages.
Message B Message C
Message D
Controlling Risks from
Subversive Threats
• Digital signature: electronic authentication
technique that ensures that the transmitted
message originated with the authorized sender
and that it was not tampered with after the
signature was applied
• Digital certificate: like an electronic
identification card that is used in conjunction
with a public key encryption system to verify the
authenticity of the message sender
Receiver's Location
Sender’s Location
Compare
Text Message
Digest
Encrypt Using
Receiver’s
Public Key
Digital
Signature
Decrypt Using
Sender’s Public
Key
Compute
Digest of
Message
Digest
Encrypted Message
with Digital
Signature Attached
Digital
Signature
Digest
Compute
Digest of
Message
Text Message
Encrypt Using Sender’s
Private Key
Digital
Signature
Decrypt
Using Receiver’s
Private Key
Digital Signature
Controlling Risks from
Subversive Threats
• Message sequence numbering
– sequence number used to detect missing
messages
• Message transaction log
– listing of all incoming and outgoing messages to
detect the efforts of hackers
• Request-response technique
– random control messages are sent from the
sender to ensure messages are received
• Call-back devices
– receiver calls the sender back at a pre-authorized
phone number before transmission is completed
Controlling Risks from
Equipment Failure
• Line errors from noise on a communications. Two
techniques to detect and correct such data errors:
– echo check - the receiver returns the message to
the sender
– parity checks - an extra bit is added onto each byte
of data similar to check digits
• Backup control for networks
– small networks - a single workstation
– medium networks - a network server
– large networks - multiple servers
Vertical and Horizontal Parity
Organizational Structure
Internet
& Intranet
Operating
System
Data
Management
Internet
& Intranet
Systems
Development
EDI Trading
Partners
Systems
Maintenance
Personal Computers
Applications
Computer Center Security
General Control Framework for CBIS Risks
Electronic Data Interchange
(EDI) Risks
• Authorization
– automated and absence of human
intervention
• Access
– need to access EDI partner’s files
• Audit trail
– paperless and transparent (automatic)
transactions
Electronic Data Interchange
(EDI) Controls
• Authorization
– use of passwords and VANs to ensure
valid partner
• Access
– software to specify what can be accessed
and at what level
• Audit trail
– control log records the transaction’s flow
through each phase of the transaction
processing
EDI System without Controls
Company A
Company B (Vendor)
Sales Order
System
Application Purchases
Software
System
EDI
Translation
Software
EDI
Translation
Software
Direct Connection
Communications
Software
Communications
Software
Application
Software
EDI System with Controls
Company B (Vendor)
Company A
Application Purchases
Software
System
EDI
Translation
Software
Communications
Software
Software limits
vendor’s
(Company B)
Company
A’s mailbox
access to
company A’s
database
Audit trail of
transactions between
trading partners
Transaction Transaction
Log
Log
Sales Order
System
Application
Software
EDI
Translation
Software
Communications
Software
Other
Mailbox
VAN
Other
Mailbox
Company
B’s mailbox
Use of VAN to
enforce use of
passwords and
valid partners
Organizational Structure
Internet
& Intranet
Operating
System
Data
Management
Internet
& Intranet
Systems
Development
EDI Trading
Partners
Systems
Maintenance
Personal Computers
Applications
Computer Center Security
General Control Framework for CBIS Risks
Personal Computer (PC) Controls
• PCs…
– are relatively simple to use
– are frequently controlled and used by end users
– usually employ interactive (v. batch) data
processing
– typically run commercial software applications
– allow users to develop their own applications
• PCs, in contrast to servers and
mainframes, have weak operating
systems.
– makes them easy to use
– but results in minimal security and weak
controls
Access Risks in the PC
Environment
• PCs typically weak in controlling access
data files
• Techniques to prevent theft or tampering
of data:
– data encryption - must decode even if
stolen
– disk locks - software or
physical locks to prevent
booting from A:\
Inadequate Segregation of
Duties
• In PC environments, employees often have
access to multiple applications that process
incompatible transactions.
• Controls:
– increased supervision
– detailed management reports
– more frequent independent verification
PC Backup Controls
• PC end-users often fail to
appreciate the importance
of backup procedures
until it is too late.
• Back up mechanisms:
– tape--high capacity (3.2gb, inexpensive)
– CD--about 650mb (>450 floppies)
– dual internal hard drives (high capacity)
– dual external hard drives (>12 gb)
– USB memory attachments (portable, >64 mb)
Inadequate Systems Development and
Maintenance Procedures in PCs
• Commercial software should be used
when possible for accounting
applications, and these systems
should be purchased from a reputable
vendor.
• Formal software selection procedures
should be practiced by firms of all
sizes.
Organizational Structure
Internet
& Intranet
Operating
System
Data
Management
Internet
& Intranet
Systems
Development
EDI Trading
Partners
Systems
Maintenance
Personal Computers
Applications
Computer Center Security
General Control Framework for CBIS Risks
Application Controls
• Narrowly focused exposures within a
specific system, for example:
–
–
–
–
–
–
–
accounts payable
cash disbursements
fixed asset accounting
payroll
sales order processing
cash receipts
general ledger
Application Controls
• Risks within specific applications
• Can affect manual procedures (e.g., entering
data) or embedded procedures
• Convenient to look at in terms of:
– input stage
– processing stage
– output stage
INPUT
PROCESSING
OUTPUT
Application Controls Input
• Goal of input controls - inputted data are
valid, accurate, and complete
• Source document controls
– use prenumbered source documents
– auditing missing source documents
• Data coding controls
– transcription errors
– check digits
GIGO
Application Controls Input
• Batch controls - used to reconcile the
output produced by the system with the
input originally entered into the system
• Based on different types of batch totals:
– total number of records
– total dollar value
– hash totals - sum of non-financial numbers
Application Controls Input
• Validation controls - intended to detect
errors in transaction data before the data are
processed
– field interrogation - data in individual fields; for
example, missing data, data type, range
– record interrogation - interrelationship of data in
fields of a record
– file interrogation - the correct file; for example,
internal and external labels compared, version,
dates
Application Controls Input
• Input error correction techniques
– immediate correction
during data entry
– error file creation
– batch rejection
Application Controls Input
• Generalized data input systems (GDIS) centralized procedures to manage the data input
for all of the organization’s TPSs
• Five major components:
– generalized validation module - standard
validation routines common to different
applications
– validated data file
– error file
– error reports
– transaction log
G
D
I
S
Application Controls Processing
• Run-to-run controls - use batch figures to
monitor the batch as it moves from one
programmed procedure (run) to another
• Operator intervention controls - used to limit
human involvement in certain actions in order
to reduce error
• Audit trail controls - numerous logs used so
that every transaction can be traced through
each stage of processing from its economic
source to its presentation in financial
statements
Transaction Log to Preserve the
Audit Trail
Application Controls Output
• Goal of output controls is to ensure that
system output is not lost, misdirected, or
corrupted, and that privacy is not
violated.
• In the following flowchart, there are
exposures at every stage.
Output Run
(Spooling)
Output File
Print
Run
Output
Report
Bursting
Aborted
Output
Output
Report
Data
Control
Output
Report
Report
Distribution
Output
Report
End
User
Waste
STAGES IN THE OUTPUT PROCESS
Output
Report
File
Application Controls Output
• Batch systems output: spooling creates
a file as an intermediate step in the
printing process that is a risk
• Report distribution: for sensitive reports,
the following are available:
– use of secure mailboxes in which to place
reports
– require the user to sign for reports in person
– deliver the reports to the user
Application Controls Output
• End user controls: end users need to
inspect reports and report any inaccurately
produced reports
– Highly sensitive reports should be shredded after
their use.
• Controlling real-time system output: the
primary output threat is the interception,
disruption, destruction, or corruption of the
output message as it passes along the
communications link