komponen time based model of security

protection

response

detection

people

process

create a security aware culture'

training

user access controls (authentication dan authorization)

penetration testing

change controls and change management

IT solutions

anti malware

network access controls

device and software hardening

encryption

physical security

log analysis

intrusion detection systems

continous monitoring

CIR

CISO

authentication controls


biometric indentifier
multifactor authen
multimodal authen

authorization controls


  • access control matrix
  • compatibility test

endpoint configuration

user account management

software design

4 steps:

  • recognition
  • containment
  • recovery
  • follow up

implications

cloud computing

internet of things

virtualization

processing integrity and
avaiability controls

processing integrity

availability

process stage

processing

output

input

cancellation n storafe of source documents

data entry controls

forms design

automated data entry controls:

  • a field check
  • a sign check
  • a limit check
  • a range check
  • a size check
  • a completeness check or test
  • a validity check
  • a reasonableness test
  • id codes with check digit n check digit verification

additional batch processing data entry controls

additional online data entry controls

file lables

recalculation of batch totals

data maching

header record

trailer record

transposition error

cross footing and zero balance test

write protection mechanisms

concurrent update controls

user review of output

reconciliation procedures

external data reconciliation

data transmission controls

checksums

parity bits

to minimize risk of systems downtime

quick and complete recovery and resumption of normal operations

data backup procedures

disaster recovery and business continuity planning

differential backup

incremental backup