Chapter 8, Problem 3RQ

Explanation of Solution

 General Controls:

• The general controls govern the security, design, computer program usage and data file security throughout Information Technology (IT) infrastructure of organization.
• It applies to all applications that are computerized, it consist of combination of software, hardware as well as manual procedures.
• It creates an overall environment of control.

Types of general control:

• Software controls:
  • It monitors usage of system software.
  • It prevents unauthorized access and usage of system software, software programs and computer programs.
• Hardware controls:
  • It ensures physical security for computer hardware.
  • It checks for any malfunction in equipment.
  • It makes provision for back up as well as continued operation for maintaining constant service...

Explanation of Solution

Application Controls:

• Application controls denote specific controls that are exclusive to each application.
• It includes both manual as well as automated procedures.
• It ensures that authorized data is been processed by application.

Types of application control:

• Input controls:
  • It checks data for correctness as well as completeness while they go in system...

Explanation of Solution

Risk assessment function:

• A risk assessment would determine risk level to firm if an explicit activity is not controlled properly.
• The information assets value, vulnerability point, likely problem frequency and damage potential can be determined by business managers.
• Controls could be added or adjusted to focus on greater risk areas.
• Security risk analysis would involve determination of what is needed to be protected and the manner to protect.
• It denotes an examining process for risks of firm and ranking for those risks by severity level...

Explanation of Solution

Security policy, Acceptable use policy and Identity management:

• A security policy denotes ranking of information risks, identification of acceptable goals of security as well as identification of mechanism to achieve goals.
  • It drives policies that determine acceptable information resource usage of firm.
  • It determines access details of company’s information assets.
• An acceptable use policy denotes acceptable uses of resources of firm and equipment for computing.
  • It includes desktop, laptop, wireless devices, Internet and telephones.
  • It clarifies privacy, responsibility of user as well as personal usage for company equipment policies...

Explanation of Solution

Information systems audit promoting control and security:

• Information system auditing determines effectiveness of information system security as well as control.
• A Management Information System (MIS) audit would ident...