Vous êtes sur la page 1sur 16

HARDWARE AND SOFTWARE

CONTROLS
PROGRAM PROTECTION
PREVENT APPLICATION PROGRAMS FROM INTERFERING WITH EACH OTHER
PROGRAM PROTECTION

CONTROL OVER EXTERNAL


BOUNDARY PROTECTION REFERENCES
• OPERATING SYSTEM CAN PARTITION THE • REFERENCE OTHER PROGRAMS THAT MAY BE
MEMORY INTO SECTIONS AVAILABLE IN THE PROGRAM LIBRARY
• LINKAGE EDITING
• RISKS
• FRAUDULENT USE OF SUBROUTINES
• FRAUDULENT SUPPRESSION OF
SUBROUTINES THAT SHOULD BE USED
• DISPLAY OF ERROR MESSAGE OR TAKING OF OTHER
ACTION
• LOG OF LIBRARY PROGRAM OF THE OPERATING
WAYS TO CONTROL SYSTEM
RISKS • MAINTAINING PROCESSING HISTORY OF PROGRAMS
BY THE LINKAGE EDITOR
PROGRAM PROTECTION

CONTROL OVER SYSTEM


LIBRARY PROGRAM SOFTWARE MODIFICATION PROGRAMS
• PROVIDES ADDITIONAL CONTROLS OVER • CONTROL OF UTILITY PROGRAMS THAT
THE USE AND CHANGE OF PROGRAMS SUPPRESS OR MODIFY APPLICATION
• RESTRICTION OF ACCESS TO USE AND PROGRAM CODING
CHANGE OF PROGRAMS
FILE PROTECTION
PREVENT UNAUTHORIZED USE OR MODIFICATION OF DATA
• CHECKING INTERNAL FILE LABELS
• PREVENT PROCESSING OF A WRONG FILE, PREMATURE
DATA DESTRUCTION, UNAUTHORIZED ACCESS
• ENSURE ALL DATA ARE PROCESSED

FILE PROTECTION • STORAGE PROTECTION


• DATA MOVED INTO MEMORY ARE PROTECTED FROM
INADVERTENT OVERWRITING
• MEMORY CLEAR
• REMOVES THE RISK OF SENSITIVE DATA BEING
AVAILABLE FOR SUBSEQUENT ACCESS BY OTHER
PROGRAMS
• ADDRESS COMPARE
• COMPARE DATA ADDRESS IN MEMORY AND THAT
REFERENCED BY A PERIPHERAL DEVICE
SECURITY PROTECTION
CONTROL USE OF UNAUTHORIZED PARTY BY PREVENTING OR DETECTING UNAUTHORIZED
SYSTEM PENETRATION
• MAINTENANCE OF LOGS AND ACTIVITY INFORMATION
• PERMITS VERIFICATION THAT ALL USE OF FILES AND
PROGRAMS IS AUTHORIZED
SECURITY • PERMITS DETECTION OF ATTEMPTS AT UNAUTHORIZED
PROTECTION ACCESS OF THE SYSTEM, FILES, OR PROGRAMS

• LOG AND ACTIVITY ANALYSIS UTILITIES


• ANALYZE LOG AND ACTIVITY DATA TO DETECT
UNAUTHORIZED USAGE OR CHANGES TO FILES OR
PROGRAMS

• PASSWORD MONITORING
• ENSURE THAT ACCESS TO THE COMPUTER SYSTEM,
PROGRAMS, AND FILES IS AUTHORIZED
SELF-PROTECTION
• CONTROL OVER INSTALLATION AND CHANGES
• SEGREGATION OF DUTIES
• LOG OF SYSTEMS SOFTWARE CHANGES

SELF-PROTECTION • UTILITY SCAN


• CONTROL OVER SYSTEM MODIFICATION PROGRAM
• PRIVILEGED MODE
• HARDWIRING
CONTROLS AND SYSTEM COMPLEXITY
CROSS-REFERENCE
System Additional (Cumulative) System Software Controls
Complexity Control Objective
Handling Self- File Program Security
Errors Protection Protection Protection Protection
Batch input and Detection and correction
processing, off-line files of input/output and X
processing errors
Batch input and Operating system must
processing, on-line files protect itself and files X X X
from programs
Batch input and Keeps programs from
processing, on-line files, interfering with each other X X X X
multi-programming
Online input, batch Protect against
processing, on-line files, unauthorized terminal use X X X X X
multiprogramming
On-line input, online files, None
X X X X X
real-time processing
UNDERSTANDING AND TEST OF CONTROLS
PROCEDURES TO OBTAIN UNDERSTANDING

1. INQUIRE OF MANAGEMENT REGARDING THE EXTENT AND SOURCE OF SYSTEMS SOFTWARE,


2. REVIEW LITERATURE ON VENDOR SOFTWARE, AND IN-HOUSE DOCUMENTATION
3. INQUIRE OF MANAGEMENT REGARDING SOFTWARE CONTROLS ACTUALLY USED
4. IF CERTAIN CONTROLS ARE NOT USED, DISCUSS WITH MANAGEMENT THE IMPACT OF
NONUSE OF INTERNAL CONTROLS
5. REVIEW THE LIST OF CONTROLS THAT ARE UTILIZED
6. INQUIRE REGARDING THE ADEQUACY OF AUTHORIZATION AND CONTROL OVER
IMPLEMENTATION OF, AND CHANGES TO, SYSTEMS SOFTWARE.
PROCEDURES TO OBTAIN UNDERSTANDING

7. INQUIRE REGARDING THE SEGREGATION OF DUTIES OF SYSTEM SOFTWARE DEVELOPMENT AND


MAINTENANCE PERSONNEL
8. REVIEW DOCUMENTATION TO ENSURE THAT PROCEDURES FOR CONTROL OVER CHANGES TO
SYSTEMS SOFTWARE, INCLUDING SEGREGATION OF DUTIES, ARE BEING FOLLOWED
9. REVIEW THE RESULTS OF PREIMPLEMENTATION TESTING OF SYSTEMS SOFTWARE
10. INQUIRE REGARDING CONTROLS OVER THE USE OF SYSTEM MODIFICATION UTILITIES
11. REVIEW COMPUTER UTILIZATION LOGS AND ACTIVITY REPORTS FOR UNAUTHORIZED USAGE AND
CHANGES TO SYSTEMS SOFTWARE
12. UTILIZE TECHNICAL HELP TO EVALUATE THE EFFECTIVENESS OF SYSTEMS SOFTWARE CONTROLS