Handout for Group Discussion 3.1

typoweheeΗλεκτρονική - Συσκευές

8 Νοε 2013 (πριν από 3 χρόνια και 9 μήνες)

116 εμφανίσεις

Group Discussion 3.1

Session

3


IS Security Management

1


Handout for
Group Discussion
3
.1


Assemblit, Inc., is a medium
-
sized parts manufacturing company
based
in London

with
distribution outlets in the major cities throughout Great Britain. It has a
mainframe computer in its London headquarters. Distribution
ou
tlets
all have
microcomputers that are connected via communications lines to the London
mainframe.

As a member of the external audit team of the company, you have gath
ered the
following information on its operations:

1.

All the company's major application
systems are computerized; some are

online real
-
time update systems, and some are batch systems.

2.

The company uses a database manag
ement system. The system was pur
chased
initially to aid bill
-
of
-
materials processing (online real
-
time update

system),
but now

it is used extensively with other application systems.

3.

All application source data is captured at microcomputer terminals in

head
-
office branches and each distribution outlet.

4.

The mainframe runs six days a week, two shifts a day. Sunday and the third
shif
t are available for "hands
-
on" development and testing of ap
plication
systems by programmers and analysts. During normal opera
tions, however,
only the operators and the system programmer have access to the computer
room. Access is controlled using a card

lock
system.

5.

Asse
m
blit's mainframe computer facility is located in the basement of its

head
office.

6.

The following information systems staff are employed:

a.

An information systems manager

b.

Six analysts

c.

15 programmers

d.

Five operators (one
-
two per shift; shifts
rotated)

e.

One control clerk (day shift only)

f.

One system programmer

Group Discussion 3.1

Session

3


IS Security Management

2


g.

One librarian (day shift only)

7.

The control clerk and the analysts set up daily processing schedules a day

in
advance.

8.

During the week, programmers and analysts use microcomputer terminals

fo
r
development and maintenance work. The company has purchased

powerful
software to support online programming work.

9.

Program development and maintenance work must be authorized by the
analyst in charge of an application system.

10.

Copies of all disk files are
taken twice a week
for
backup purposes.

The
backup files are stored on site in a special fire
-
resistant vault

room.

11.

The vendor has promised to provide backup hardware within a few days

if an
emergency occurs.

12.

Output is placed in trays just outside the comp
uter
room
.
Every hour the
control clerk picks up output and forwards it to users. Users reco
n
cile input to
output and notify the control clerk if there are any discrepan
cies.

Required
.
On the basis of

the information you have so
far,
discuss in your group

as to
the various domains of controls that are affected and also bring out the possible
control mechanisms that must be in place to ensure security of systems.