This document provides a summary of the controls within a computer environment. It goes into detail around general IT controls and application controls.
Week 4 Planning Controls in a
Computer Environment
Controls – Def per ISA315 Policies or procedures that an entity
establishes to achieve the control objectives of management or
those charged with governance. In this context:
(i) Policies = statements of what should, or should not, be done
within the entity to effect control.
(ii) Procedures = actions to implement policies.
General IT Controls
Access General info:
Controls
Prevents unauthorised persons from gaining access + limiting
activities to certain areas.
Least privilege principle: person only given access to what they
need in order to do their duties properly.
Preventative Controls:
Security policy: document that contains all risks identified as well as
the responsibility of each employee to act in conscious manner.
Physical access:
1. Limit access to physical premises by:
a. have high electric fences
b. install security gates and doors by which they may only be
opened by means of tag, pin or biometric access.
c. have security guard
d. visitors must sign register
e. doors should remain locked at all times
f. premises must be monitors by means of TV (cameras installed)
g. hardware and important documents must be locked away in
dedicated room
h. logs and registers must be reviewed regularly of visitors or
employees entering
2. Limit access to computer terminals by having:
, a. Should only have 1 access point to enter and exit
b. Manager should supervise activities on computer
c. Access to computer should be limited to office hours
d. Computer and hardware must be secured to table or desk by
using cable or metal
e. logs and activity registers must be regularly reviewed.
3. Access to sensitive information limited by:
a. storing devices away in locked room/ cupboard
b. employ data librarian to keep track of sensitive files. She could
use a register which can be signed
Logical Access controls
1. Identification
a. ID number or username
b. magnetic cards
c. biometric techniques
2. Authentication
a. ask specific questions that only user would know (name of
favourite high school teacher)
b. fingerprint or face scan
c. unique password that must meet the following criteria
-not obvious or easy to guess
-remain confidential
-be at least the minimum length prescribed
-contain variety of characters such as letters, numbers and
symbols
-changed frequently
-don’t display on screen
-must be removed from system if employee/ user resigns from
company
-if unsuccessful 3 times when entering password, should
blocked (full safe).
3. Authorisation
a. access to system and data files must be limited to what user
needs to do duties (least privilege principle).
b. access rights are set up once new user is added.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through EFT, credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying this summary from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller mandylee14. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy this summary for R120,00. You're not tied to anything after your purchase.