Information System Control and Auditing: Policies and Access

Verified

Added on 2022/09/12

AI Summary

This report discusses information system control and auditing, emphasizing the importance of policies for protecting sensitive data. It focuses on three key areas: access control, user account control, and database access control. The report highlights the need for proper access controls, including role-based and mandatory access controls, to prevent unauthorized access and protect data integrity. The report also discusses the role of authentication and authorization in securing systems, preventing malicious attacks, and maintaining system availability. The references support the discussion of the importance of data security and access control in various systems.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: INFORMATION SYSTEM CONTROL AND AUDITING
INFORMATION SYSTEM CONTROL AND AUDITING
Name of the Student
Name of the University
Author Note


Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1INFORMATION SYSTEM CONTROL AND AUDITING
Introduction
The organizations should maintain some policies regarding the control and auditing
management. The policies should be creted by the network manager, who will address the
situation appropriately. The policies should maintain the one access control, one user account
control and one database access control. Those policies are:
 The policies regarding the one access control should be maintained to prevent the
unauthorised access for protecting the sensitive data appropriately. It can be stated
that if the technology and the data should be applied properly to protect the data with
the task completion for using the different task completion. One user access control
should be used to protect the data properly with preventing the unauthorised entrance.
So only one user for a specific purpose should be allowed to make the task finished
properly (Park, 2017).
 The one access database control will help process the accessibility to those people
who are actually allowed to access the data properly. Both the authentication and
authorization will be done through the procedure of data security. This policy will
help to provide the dictionary access control, mandatory access control, role-based
access control and the attribute-based access control which will provide a systematic
way to prevent the unauthorised access. That is how it can be stated that data lost
chance will decrease in the organization (Bush, Case and Jasper,2018).
 One access control can be specified with the role-based control system. The system
should be restricted to for only the specific amount of user to complete the process of
the work. In the other hand, the mandatory access control should be applied for
performing the target amount of thread completion. Both of the policies should be
applied to prevent malicious attacks with discretionary access control attacks. MAC

2INFORMATION SYSTEM CONTROL AND AUDITING
and DAC both can be applied for the government and the commercial purpose usage
to make the system better. All the policies should be maintained properly to protect
the organization from the thousands of unauthorised user (He et al.,2016).
Conclusion
The proper accessing system will help to protect the system appropriately, which
should be addressed by the management. If the access should properly protected, then the
chance of attack will be low. The security, integrity and the system availability should be
managed according to the requirement. Also the unauthorised access should be provided
through this methods.

3INFORMATION SYSTEM CONTROL AND AUDITING
References
Bush, M. A., Case, C. L., & Jasper, T. J. (2018). U.S. Patent No. 10,075,450. Washington,
DC: U.S. Patent and Trademark Office.
He, D., Kumar, N., Shen, H., & Lee, J. H. (2016). One-to-many authentication for access
control in mobile pay-TV systems. Science China Information Sciences, 59(5),
052108.
Park, J. S. (2017). U.S. Patent No. 9,769,177. Washington, DC: U.S. Patent and Trademark
Office.