Enhancing Information Systems Security: A Comprehensive Approach

Classified in Computers

Written at on English with a size of 99.04 KB.

exam 2

exa 4

Establishing Internal Controls for Information Systems Security

With the establishment of the following sub-elements of internal control, the computer system aims to determine the fundamental basis on which to set out the requirements for managing the security of information systems.

Preventing and Avoiding Threats in Systematic Areas

  • Controls to prevent and deter threats, risks, and contingencies in systematic areas.
  • Access control systems, databases, programs, and information.
  • Using privilege levels for access, keywords, and user control.
  • Monitoring user access, information, and program usage.

Ensuring Physical Security of Systems

  • Existence of manuals and instructions, as well as dissemination and enforcement of system regulations.
  • Controls on the physical security of the systems area.
  • Hardware, furniture, and equipment inventory.
  • Reservation of computer equipment.
  • Maintenance logs and corrections.
  • Controlling personnel access to the systems area.
  • Facility maintenance and construction control.
  • Insurance and guarantees for personnel, equipment, and systems.
  • Contracts for updates, advice, and hardware maintenance.

Implementing Logical Security Controls

  • Control system access to programs and information.
  • Setting access levels.
  • Check digit control and figures.
  • Access keywords.
  • Controls to monitor logical sequences and system routines.
  • Safety checks of the databases.
  • Protection programs to prevent misuse and alteration of data used exclusively.
  • Periodic backup of information.
  • Plans and programs to prevent contingencies and retrieve information.
  • Restricting access to databases.
  • Routines for monitoring and evaluating operations related to databases.

Maintaining Operational Security of Computer Systems

  • Controls for operating procedures.
  • Controls for information processing.
  • Controls for issuing results.
  • Specific items for computer operation.
  • Controls for storage.
  • Controls for system maintenance.
  • Controls for computer safety.

Administrative Controls for Personnel

  • Insurance and security for systems personnel.
  • Plans and training programs.

Securing Data Telecommunication

  • Safety checks on data telecommunication.
Karma: -30%
Visits: 0

Entradas relacionadas:

Tags:
Information Systems Security Internal Control Access Control Physical Security