komponen time based model of security
protection
response
detection
people
process
create a security aware culture'
training
user access controls (authentication dan authorization)
penetration testing
change controls and change management
IT solutions
anti malware
network access controls
device and software hardening
encryption
physical security
log analysis
intrusion detection systems
continous monitoring
CIR
CISO
authentication controls
biometric indentifier
multifactor authen
multimodal authen
authorization controls
- access control matrix
- compatibility test
endpoint configuration
user account management
software design
4 steps:
- recognition
- containment
- recovery
- follow up
implications
cloud computing
internet of things
virtualization
processing integrity and
avaiability controls
processing integrity
availability
process stage
processing
output
input
cancellation n storafe of source documents
data entry controls
forms design
automated data entry controls:
- a field check
- a sign check
- a limit check
- a range check
- a size check
- a completeness check or test
- a validity check
- a reasonableness test
- id codes with check digit n check digit verification
additional batch processing data entry controls
additional online data entry controls
file lables
recalculation of batch totals
data maching
header record
trailer record
transposition error
cross footing and zero balance test
write protection mechanisms
concurrent update controls
user review of output
reconciliation procedures
external data reconciliation
data transmission controls
checksums
parity bits
to minimize risk of systems downtime
quick and complete recovery and resumption of normal operations
data backup procedures
disaster recovery and business continuity planning
differential backup
incremental backup