In: Accounting
My instructor ask me to give answers for these questions and i don't how to answer in details.
The course is Accounting information system and this questions are from chapter talking about Controls for Information Security.
1- Is there a formal procedure dictating actions that must be taken when a user has violated any information security policies?
2- Are all users required to sign a confidentiality agreement?
3- Are all critical information assets located in a physically secure area?
4- Are the systems configured to record system faults?
5- What tools and technologies do you utilize to effectively manage the development lifecycle?
1. There must be a formal procedure dictating actions that must be taken when a user has violated any information security policies. The alleged user must be reported to the information system security managers and proper actions should be taken against him/her.
2. All the users which are in connection with the critical information regarding the business of the organization can be asked to sign the confidentiality agreement so as to prevent the disclosure of the secrets of the organization. However, where the user can not get access to the confidential and critical information, then there is no need for such agreement.
3. Mostly critical information assets located in a physically secure area so as to prevent unauthorized access, retrieval or damage to the information. This type of control where assets are physically secured are known as physical access controls.But organizations can also adopt logical access controls to prevent such unauthorized access, retrieval or damage to the information and ensure confidentiality, integrity and availability of information.
4. Yes, the systems configured to record system faults. Internal controls are placed everywhere in the information systems which ensures that there is no or less flow of incorrect information and everything is working smoothly in the organization. One of such control is segregation of duty where no one person can complete the whole process. Thus, in case mistake of one person can be caught by the next person in the process.
5. Development of information system is a very important phase. There are some tools and techniques which helps to effectively manage the development lifecycle. Some of these are CA Agile Central, Application lifecycle Management, Rommana ALM, SpiraTeam and Jama Software.