Information System Control and Auditing Report - Semester 1, 2024

Verified

Added on 2022/09/12

AI Summary

This report delves into the crucial aspects of Information System Control and Auditing, emphasizing the importance of organizational security. It highlights the necessity of access control mechanisms to safeguard systems and data. The report explores various access control procedures, including Role-Based Access Control (RBAC), Administrative Access Control, Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Rule-Based Control. It discusses how these controls contribute to enhanced security, fraud prevention, and vulnerability reduction. The report also emphasizes the significance of audit trails and the integration of logical and physical access controls. It references several scholarly articles to support its arguments, providing a comprehensive overview of the subject.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: INFORMATION SYSTEM CONTROL AND AUDITING
INFORMATION SYSTEM CONTROL AND AUDITING
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1INFORMATION SYSTEM CONTROL AND AUDITING
Table of Contents
Introduction................................................................................................................................2
Description.................................................................................................................................2
Conclusion..................................................................................................................................2
Referencing................................................................................................................................3

2INFORMATION SYSTEM CONTROL AND AUDITING
Introduction
The security of the organization is one of the main and fundamental responsibilities
for all the organization. It can be stated that there will be a huge chance for the safety and the
defence which is needed to be controlled to make the system better. That is why access
control is needed to protect the system properly to get the task done. There is a various
procedure which should be used to modify the access control properly to get the solution
done (Prakash and Sivakumar, 2014).
Network environment and possibilities
The security can be hugely controlled through the process of the task in such a way,
that the task should be maintained adequately to get the cases to control properly. The
authentic user and the customers should get the chance to insert into the process then it can be
stated that the complex control should be easily done through the procedure of the task
completion. The sensitivity level should be properly maintained to complete the protection
procedure (Abu Naser, Al Shobaki and Ammar,2017). The access control is the main process
which should contain reliable support separation with the security complexity to complete the
procedure properly. Main four process needed to add in the company to make the system
better:
RBAC or the Role-based access control: The access policy should be maintained in such a
way that the MAC address clearance will be done properly. It will be denoted as per the role
of the subject. The function and permission will be done properly to make the system better.
The subject-level should be properly specified to make the situation better for every task. So
the object level should be managed properly to get the task done with the process of the task
completion.

3INFORMATION SYSTEM CONTROL AND AUDITING
Administrative access Control: This kind of access control is used to maintain the
security procedures and policies. The proper training to the employee and awareness will also
help to secure the system. Also if any employee will carry the sensitive data, then the data
should be protected and backup is also needed. The duty separation will also help to mature
the system. The hiring procedure should be managed appropriately to make the system better.
The contingency plan and the recovery should be done to make the system better. The
computer access and the registration should be done with the help ot of the management. That
is how the access control should be managed.
DAC or Discretionary Access Control: DAC is generally used to specify the owner of the
access control. It is actually very hard to maintain because the paths and the modification will
be done for the proper access control procedure. The permission management team is needed
to apply the DAV facility in the system appropriately. Extremely confidential documents are
needed to be secured with this procedure (Shin, Lee and Park,2013).
MAC or mandatory access control: This control policy is one of the vital policy that has to
be maintained properly to get the task done with the procedure of task completion. It will be
selected according to the sensitivity level. The subject and the object should be maintained
properly to get the task done. The trust level compilation will be done in such a way, that the
task should be maintained with the completion of the gain access possibilities. The dominate
level task should be maintained to make the situation better in such a way, that there will be
various task completion with the help of the task maintain (Rikhardsson and Dull,2016).
Rule-Based Control: Another one vital points of the task, that should be maintained is the
rule-based access control. The role should be dynamically arranged and also the role of the
access should be determined by the company head (Yeh et al.,2015).

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4INFORMATION SYSTEM CONTROL AND AUDITING
All of the control is needed to maintain the target amount of job completion which is needed
to be solved properly to get the assignment done. There is a various process that has to be
maintained to make the situation better which is needed to be specified properly to get the
task completed. If the company will modify the access in such a way, then the fraud cases
and the chance of the vulnerable attack will decrees. Several points have to be maintained
with these four types of access control. It is used to maintain the access control models to
protect the system. So it can be said that the staff and the systems should be maintained
through this procedure and also it will prevent the theft properly to get the solution done (Pan
and Seow,2016).
Conclusion
The access control is needed to be specified for the actual task completion which is
needed to be solved properly to get the task done. The system should be properly secured
through this process because the hacker will not get a chance to access the data. Audit trail
compliance should be done properly to get the solution done with the help of this procedure.
The logical and physical access should be done properly through integration. So the theft and
the intruders should maintain the problem properly to get the task done with the process of
the task completion.

5INFORMATION SYSTEM CONTROL AND AUDITING
Referencing
Abu Naser, S. S., Al Shobaki, M. J., & Ammar, T. M. (2017). Impact of Communication and
Information on the Internal Control Environment in Palestinian
Universities. Available at SSRN 3085429.
Pan, G., & Seow, P. S. (2016). Preparing accounting graduates for digital revolution: A
critical review of information technology competencies and skills
development. Journal of Education for business, 91(3), 166-175.
Prakash, M., & Sivakumar, D. (2014). Information systems auditing and electronic
commerce. International Journal of Advanced Research in Management and Social
Sciences, 3(2), 106-119.
Rikhardsson, P., & Dull, R. (2016). An exploratory study of the adoption, application and
impacts of continuous auditing technologies in small businesses. International
Journal of Accounting Information Systems, 20, 26-37.
Shin, I. H., Lee, M. G., & Park, W. (2013). Implementation of the continuous auditing system
in the ERP‐based environment. Managerial Auditing Journal.
Yeh, L. Y., Chiang, P. Y., Tsai, Y. L., & Huang, J. L. (2015). Cloud-based fine-grained
health information access control framework for lightweightiot devices with dynamic
auditing andattribute revocation. IEEE transactions on cloud computing, 6(2), 532-
544.