What are the different kind of losses
- Monetary losses
- Loss in reputation
- Loss of compliance to regulation
What are the types of decisions made that are affected by poor data
- Strategic planning
- Operational planning
- Management control
Types of computer abuse
- Hacking -
- Malware -
- Illegal physical access -
- Abuse of privileges -
Consequences of computer abuse
- Destruction of assets - hardware, software, data can be destroyed
- Theft of assets - ^ can be stolen
- Modification of assets - data can be modified
- Privacy violation - privacy of personal data compromised
- Disruption of operations - day to day operations can cease to operate immediately
- Unauthorized use of data - unauthorized users
Cost of computer abuse
- monetary costs - business market share, government
- costs - human life, environment
Definition of auditing
the process
of collecting and evaluating evidence to
determine whether a computer system
safeguards assets, maintains data integrity,
allows organizational goals to be achieved
effectively, and uses resources efficiently.
4 foundations of IS auditing
- Infosystems management - technical know how of how to do
- Traditional auditing - forms base knowledge content about auditing using knowledge from traditional auditing
- Computer science - technical know how on how tor rectify errors
- Behavioral science - non-compliance generated from human so what are the conditions that cause humans to be non compliant
4 objectives of IS auditing
- Asset safeguarding
- Data integrity
- System efficiency
- System effectiveness
What can standards help with
- Provide a set of best practices to follow
- Framework for organizations to rate themselves and certify themselves
- Framework for collaboration with other companies
Definition of standards
Mandatory activities, actions, rules or regulations that are used to provide support to policies to make it meaningful and effective.
Provide common standard for security evaluation
What are policies and procedures
Set of documents that describe the org policies for operation and procedures necessary to fulfil the policies.
Policies are usually based on management’s goals or adoption of best practices from standards
Procedures are usually just steps in order to fulfil a task which is in line with the policies
