8/9/2019 Ch-17 Control and Governance of Information System
1/17
Control and governance of
information systems
By Sheetal Thomas
Dean, GIMT
8/9/2019 Ch-17 Control and Governance of Information System
2/17
Need for control of information
system High cost of loss of data and wrong
decision making
Possibility of computer abuse Risk of computer errors
Protection of hardware, software, and
personnel Data privacy and confidentiality
8/9/2019 Ch-17 Control and Governance of Information System
3/17
Objectives of CIS
Safeguarding of assets
Maintenance of data integrity
Effectiveness in achieving organizationalobjectives
Efficient consumption of resources
8/9/2019 Ch-17 Control and Governance of Information System
4/17
Information technology governance
IT infrastructure library
Service delivery
Service support Planning to implement service management
Security management
Infrastructure management
Business perspective
Applications management
Software assets management
8/9/2019 Ch-17 Control and Governance of Information System
5/17
Control objectives for information
and related technology Planning and organization
Acquisition and implementation
Delivery and support Monitoring
8/9/2019 Ch-17 Control and Governance of Information System
6/17
Management control of information
system Top management controls
Planning
Organizing Leading
Monitoring
8/9/2019 Ch-17 Control and Governance of Information System
7/17
Systems development
management control Feasibility study and project initiation
System analysis and specifying userrequirements
System design and development Acceptance testing
Implementation and maintenance
Auditing the systems development management
function Concurrent audit
Post implementation audit
General audit
8/9/2019 Ch-17 Control and Governance of Information System
8/17
Programming Management
Controls Planning
Control
Design Coding
Testing
Operation and maintenance
8/9/2019 Ch-17 Control and Governance of Information System
9/17
Controls
Data resource management controls
Security management controls
Exposure analysis
Operations management controls
Control of computer and network operations
Maintaining data files, programme files, and
documentation Help desk and technical support
Management of outsourced operations
8/9/2019 Ch-17 Control and Governance of Information System
10/17
Quality assurance management
controls Capability maturity model
The initial level
The repeatable level The defined level
The managed level
The optimizing level
8/9/2019 Ch-17 Control and Governance of Information System
11/17
Application control of information
systems Boundary controls
Access controls
Cryptographic controls
Audit trail controls Existence controls
Input controls Design of source documents and data entry screens
Data code controls Batch controls
Validation of data input
Audit trail controls
Existence controls
8/9/2019 Ch-17 Control and Governance of Information System
12/17
Communication controls
Transmission impairment
Component failure
Subversive threats Audit trail controls
Existence controls
Processing controls
8/9/2019 Ch-17 Control and Governance of Information System
13/17
Database controls
Access controls
Integrity controls
Application software controls
Concurrency controls
Cryptographic controls
File handling controls
Audit trail controls
Existence controls
Roll forward
Roll back
8/9/2019 Ch-17 Control and Governance of Information System
14/17
Output controls
Inference controls
Batch report design controls
Output production and distribution controls Audit trail controls
Existence controls
8/9/2019 Ch-17 Control and Governance of Information System
15/17
Information system Audit
Inf. System audit procedures
Use of computers in information systems audit
Business continuity and disaster recovery Business continuity management
Availability
Reliability
Recoverability
Business continuity planning
Disaster recovery planning
8/9/2019 Ch-17 Control and Governance of Information System
16/17
Categorizing the functions
Critical functions
Vital functions
Sensitive functions Non-critical functions
Components of a disaster recovery plan
Emergency plan Backup plan
Recovery plan
Test plan
8/9/2019 Ch-17 Control and Governance of Information System
17/17
Testing a disaster recovery plan
Paper test
Preparedness test
Post test