HARDWARE AND SOFTWARE EXPOSURES IN IT SYSTEMS (STUDY OBJECTIVE 4)
The previous sections described and linked risk areas to corresponding controls. To properly understand these risks, we must also understand their possible sources. Consider a burglar alarm analogy. One risk in owning a building is the possibility of break-in and theft of assets from the building. A control to help prevent that risk is a burglar alarm. But to know how to install the sensors for a burglar alarm, the installer must know the potential points of entry, which would be any door or window in the building. Doors and windows serve useful purposes and make the building more efficient, but each one is a risk area and the sensors for the burglar alarm must be placed at each of the windows and doors. In a similar manner, components of an IT system can be thought of as areas that open risks for an organization, or “entry points.” In an IT system, there are security, availability, processing integrity, and confidentiality risks. General controls (described earlier) can help limit those risks, but the “entry points” over which these controls should be placed must be identified. This section describes the typical IT system components that represent “entry points” where the risks must be controlled.
There are so many different types of hardware and software that can be used in an IT-based accounting system that no two organizations are likely to have identical hardware and software configurations. Each organization ...
Get Accounting Information Systems: The Processes and Controls, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.