Question

In: Accounting

Please answer the following questions a) What is Encryption in accounting information system and what are...

Please answer the following questions

a) What is Encryption in accounting information system and what are the steps in the encryption and decryption process?

b) What are the factors that influnces encryption strength?

c) What types of encryption systems and the advantages and disadvantages , risks and their primay uses in information systems?

d) How does hashing, digital signatures, and virtual private networks process in encryption?

Solutions

Expert Solution

a) ENCRYPTION:-  

  Encryption is a simple concept to grasp. Essentially, it’s a way that you can encode a piece of information so only the intended recipient can access it. The information is scrambled using a cipher, such as AES, and a key is shared between parties that allows the recipient to decrypt it.

Steps in the encryption and decryption process:-

Private Key/Symmetric Encryption
Symmetric encryption uses the same key to encrypt and decrypt the data. That means the encryption key is shared between parties before the data is encrypted or decrypted. Symmetric encryption would be like having a safe where you store your data. You, and anybody else that could access that data, would need the combination to open the safe.

This encryption is mainly used to protect data at-rest. A good example of this is cloud storage, where encryption happens while the data is still stored, and only decrypted when accessed by an authorized user. ( refer image 1)

The basic process works like this: A user requests access to encrypted data. The storage container sends back an encryption key to the key manager. The key manager verifies the legitimacy of each party, then opens a secure connection between them.

Now that the secure connection is opened, the encryption key is shared between parties. After that’s done, the encrypted information is decrypted and sent as plaintext to the requesting party.

There are a lot of steps when it comes to symmetric encryption, which makes it most applicable to data at rest. Asymmetric encryption is better for data in motion, as it allows users to actively encrypt packets of data without sharing a key between them.

  There’s more than one way to encrypt plaintext: the limit seems to be the human imagination.

(b) Factors that influences encryption strength :-

  

What you do online, your internet browsing and history, are exposed to your ISP (Internet Service Provider), the government, or to whoever manages to hack into your device and get access to your network.

They can see every website you visit, the files you download, and any interaction you have in the online world.

This gives hackers the chance of collecting private data about you that they can further use to harm you through different types of fraudulent activities.

Fortunately, there are tools designed to protect your personal information when you're browsing online by encrypting your internet traffic.

These services are called VPNs.

With a VPN, the data you send and receive when connected to the internet is encrypted.

c) Types of encrption systems and advantages and disadvantages,risks in information systems:-

There are two types of encryption - symmetric and asymmetric key algorithms.

Symmetric key algorithms
The symmetric key algorithms are also known as public-key cryptography.

Symmetric key algorithms use the same key for both encrypting the plaintext and decrypting the ciphertext. With this type of encryption, the two parties that exchange information only need to share the key once and it will remain the same.

While symmetric key algorithms are easier to use because there is only one key, it is also less secure as if someone manages to obtain the key, he'll be able to decrypt the information.

Asymmetric key algorithm
Unlike symmetric key algorithms, asymmetric key algorithms use two different keys - one for encrypting the plaintext and one for decrypting the ciphertext.

This type of encryption uses a private key and a public key. The private key is used to encrypt the message and it's not shared with the receiver, while the public key can be shared with anyone but only allows access to a limited piece of information.

When you send an encrypted email to your friend that used asymmetric encryption, you send the public key to your friend. He'll be required to authenticate to verify that the message is sent by the private key holder. If someone manages to obtain the public key, he will only be able to read the one email, but he won't be able to get access to the rest of the emails.

Using asymmetric encryption highly diminishes the chances of getting hacked, but its disadvantage is it cannot be used for computing huge amount of data because the algorithm is way more complex and the process of encrypting is much slower.

Risks :-

Specific internal security controls need to be identified for protecting this data and, most importantly, auditing must take place to attest for the efficacy of the controls. But in the context of cloud adoption, especially SaaS, as long as the vendor supports SSL, you’ve got “good enough” encryption. If you go deeper, you end up breaking down the reporting mechanisms which would enable the most important regulatory output: attestation.

Enterprise security postures must be regularly re-assessed – including any changes or deficiencies as a result of changing conditions; in the spirit of compliance controls, they’re intended to be guidelines that survive technological paradigm shifts. The security value of encrypting data at rest in the cloud is nominal when a user with sufficient access privileges has been compromised, which is increasingly the preferred attack vector. Modern compliance best practices should shift resources away from prevention and towards attestation.

d) Hashing, digital signatures and virtual private networks process in encryption:-

A more secure method is to store a password hash on a server. Hashing is a process where a value can be calculated from text using an algorithm. Hashes are better because they can’t be reversed engineered. You can generate a hash from a password, but you can’t generate a password from a hash.

Unfortunately, this doesn’t solve every problem. An attacker can still use the hash to brute force attack your password. If an attacker manages to steal a table of password hashes, then they can use a dictionary attack to figure out those passwords through a process of trial and error.

Once the attacker figures out what algorithm the passwords were hashed with, they can use a piece of software that will generate possible passwords using common words in the dictionary. The candidate passwords are hashed using the known algorithm and then compared to the password hashes in the table.

Besides making you anonymous online and protecting your personal information, you'll also get other perks by using our VPN such as:

Being able to access any content online even if it's usually restricted in your country (e.g. Netflix).
Downloading torrents anonymously.
Finding the best deals when shopping online.
Securing your connection on public WiFis.

  


Related Solutions

Please answer the following questions: a) What is confidentiality and privacy controls in accounting information system?...
Please answer the following questions: a) What is confidentiality and privacy controls in accounting information system? b) How to identify and classify information that to be protected and how to protect confidentiality using encryption? c) What is privacy regulations and generally accepted privacy principles?
Please use the following information to answer the questions: Accounting Standards Codification 470 (Subtopic 50; Section...
Please use the following information to answer the questions: Accounting Standards Codification 470 (Subtopic 50; Section 40; Subsection 2) (formerly: FASB Statement No. 145, Rescission of FASB Statements No.4, 44, and 64, Amendment of FASB Statement No. 13, and Technical Corrections, par. 6.) On 1/1/16, BIGDEBT issued $12,000,000 face value bonds, dated 1/1/16, with a coupon rate of 10% for a price of $11,116,790. Interest is paid semiannually on 6/30 and 12/31. The bonds have a 5-year life, with principal...
PLEASE ANSWER ASAP****** Using the following information for a periodic inventory system, what is the amount...
PLEASE ANSWER ASAP****** Using the following information for a periodic inventory system, what is the amount of net income? Purchases $34,621 Selling expense $673 Inventory, September 1 5,249 Inventory, September 30 10,383 Administrative expense 504 Sales 46,945 Rent revenue 1,153 Interest expense 940 a.$29,487 b.$16,494 c.$940 d.$33,735
Answer the following questions: Briefly state what makes Accounting information useful to its users. List at...
Answer the following questions: Briefly state what makes Accounting information useful to its users. List at least five types of users of financial statements and briefly explain each user’s information expectation from the financial statements.         
Please answer the following questions for the Apple, Inc. (NASDAQ: AAPL) . General information: 1)What was...
Please answer the following questions for the Apple, Inc. (NASDAQ: AAPL) . General information: 1)What was the market value for one share of the company’s common stock at the conclusion of trading on February 28, 2013? 2)Who is the corporation’s independent auditor and in what city is it located? 3) Does the auditor believe the financial statements were presented fairly? What statements in the auditor’s report support your conclusion? 4) Does the auditor think the company’s internal control system is...
Part 1- Capital Budgeting Questions Please use the following information to answer questions 1- 6 (PLEASE...
Part 1- Capital Budgeting Questions Please use the following information to answer questions 1- 6 (PLEASE SHOW CALCULATIONS) Bob makes wooden tables and is creating his 2017 capital budget. He expects to sell 40 tables in 2017 at $150 per table. Additional Information for 2017: DM per table: 6 board feet (b.f.) per table at $2.00 per b.f. DL per table: 2 DLH per table at $25 per DLH O/H is applied at a rate of $4 per DLH (and...
Please answer the questions in detail regarding the Digestive System: 1) Caloric content is useful information...
Please answer the questions in detail regarding the Digestive System: 1) Caloric content is useful information but there are many other variables that are important in choosing a healthy diet. One of them (for carbohydrates) is glycemic index. What is the glycemic index of a food and how can the data you collect be misleading without considering it? 2) When carbohydrates (or any food) molecules are absorbed rapidly what happens to them?
Please answer questions in 175 words. Recall an information system that you have used regularly, such...
Please answer questions in 175 words. Recall an information system that you have used regularly, such an online banking system, a payroll system, or an airline reservation system. Imagine you were involved in the beta testing of that system. 1.) We talked about gathering of the requirements, design and now the challenge is what is needed to release the system into production. We need to talk about the next steps after the design. There are different types of testing. I...
Answer the following questions and include the report. What is a number system? What is the...
Answer the following questions and include the report. What is a number system? What is the purpose of a number base? What methods are utilized to convert number systems? What is the primary usage of binary and hexadecimal?
Required information Use the following information to answer questions [The following information applies to the questions...
Required information Use the following information to answer questions [The following information applies to the questions displayed below.] The following information is available for Lock-Tite Company, which produces special-order security products and uses a job order costing system. April 30 May 31 Inventories Raw materials $ 31,000 $ 30,000 Work in process 9,500 18,200 Finished goods 54,000 34,000 Activities and information for May Raw materials purchases (paid with cash) 197,000 Factory payroll (paid with cash) 200,000 Factory overhead Indirect materials...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT