Please enable JavaScript.
Coggle requires JavaScript to display documents.
Chapter 11 - Coggle Diagram
Chapter 11
Types of controls
Control over physical access
- Prevent unauthorised personnel gaining access
- Example: Locks combined with card entry systems, biometric machines
Logical access controls
- Ensure only authorised personnel have access
- Passwords
Operational control
- D2D activities run effectively
- Segregation of duties, audit trail
Controls over data input
- Accuracy and completeness and validity of data input
- Data verification, data validation, check digits, control totals, range checks, limit checks, compatibility checks, format checks
Robotics and AI
- RPA: Software acting as a robot, captures and interprets existing IT applications
- AI: The ability of machine to perform cognitive functions
Benefits of RPA
- Faster handling time
- Reduced errors
- Reduced costs
- Staff focus on value adding work
Benefits of AI
- Quickly process large amounts of data
- Identify complex pattern
- Provide consistency in decision making
Limitations of AI
- Maintaining high quality data is crucial
- Lack flexibility
Smart technology
- Self-monitoring, Analysis and reporting technology
- Technology that is able to connect to a network and interact with its user and other smart devices
Benefit
- Convenience to users
- Improve sustainability
- Improve efficiency
- Give feedback to users, enabling them to take appropriate action
Risk
- Creates opportunities to be hacked and used by cyber criminals
- Requires users to input and expose personal data
- Users and business becomes too reliant on smart technologies
- Lack of rules and regulations, security can be breach at any time
Mobile technology
- Technology that is portable
Benefit
- Allow access to organisational information when away from workplace
- Makes it easier for organisational stakeholders to interact
Risk
- Purchase costs of the latest devices can be expensive
- Increase number of entry points for unauthorised individuals
Cloud computing
Benefit
- More cost effective
- Greater flexibility for the organisations
- Accessible anywhere around the world
- Available to both large and small organisations
Risk
- Give up control of data to the providers
- Data held by service provider may be stolen, lost or corrupted
- Interference with the data
- Loss of access if fail to keep up with the payments
Big Data
Volume: Large volume of data
Veracity: Truthfulness of data
Velocity: Speed of real time data is being streamed
Variety: Diversity of sources
Opportunities
- Identify new trends and patterns
- Respond to changing conditions faster
- Access to more diverse types of data
- More accurate and detailed performance data
Threats
- Hackers and virus can corrupt the data
- Analysis paralysis
- Cost > benefits
- Garbage in, garbage out
Cybersecurity
- Cybersecurity: Protections of systems, networks and data in cyberspace
- Cyberspace: Environment which communication over IT networks takes place
Promoting cybersecurity
- Making issue easier to understand
- Employ CISO
- Reorganising roles and responsibilities
- Determining accountability for cyber risks at the strategic apex
- Learning from past security breaches
- Determining the organisation's tolerance to the cyber risks
- Ensure NED plays active role
Improving IT/IS controls
- Continuity planning
- Systems development and maintenance
- Personnel security measures
- Asset classification and control
- Compliance measures
Need for IS control
- Information is sources of competitive advantage
- IS involved high cost when IT is used
- Information impact all level of stakeholders
- Information need may require structural changes
- The quality of information flows impact CS
- Information is CSF