AIS CHAPTER 10

IT Security Controls

Measures used to protect systems, ensure accuracy, and prevent unauthorized access.

Unintentional Threats

Risks caused by human error or natural events.

Intentional Threats

Risks caused by deliberate actions such as hacking or fraud.

Application Controls

Controls that ensure accuracy and completeness of transactions.

IT General Controls

Controls that apply to the overall system to ensure security and reliability.

Validity Check

A test ensuring entered data exists and is acceptable.

Consistency Check

A test ensuring entered data aligns logically with related data.

Limit Check

A test ensuring values fall within predefined boundaries.

Completeness Check

A test ensuring all required fields are filled.

Field Check

A test ensuring data is entered in the correct format.

Prenumbering Documents

A control assigning sequential numbers to detect missing transactions.

Record Count

A control comparing number of processed records to expected totals.

Control Total

A control comparing total dollar amounts processed to expected totals.

Hash Total

A control summing nonfinancial values to detect errors.

Distribution Check

A control ensuring outputs go only to authorized users.

Reasonableness Test

A review ensuring outputs appear logical.

Access Control Lists (ACLs)

Lists defining user permissions for system access.

Authentication Controls

Mechanisms used to verify identity such as passwords or biometrics.

Encryption

A method of converting data into unreadable form without a key.

Intrusion Detection Systems (IDS)

Systems that monitor for suspicious activity.

Change Controls

Procedures ensuring system changes are authorized and properly implemented.

Operational Controls

Procedures ensuring systems remain functional and reliable.