tailieunhanh - Lecture Accounting information systems - Chapter 9: Information systems controls for system reliability (part 2)
Chapter 9, information systems controls for system reliability - Part 2: Confidentiality and privacy. After studying this chapter, you should be able to: Identify and explain controls designed to protect the confidentiality of sensitive corporate information; identify and explain controls designed to protect the privacy of personal information collected from customers, employees, suppliers, or business partners; explain how the two basic types of encryption systems work. | Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education 9-1 Learning Objectives Identify and explain controls designed to protect the confidentiality of sensitive corporate information. Identify and explain controls designed to protect the privacy of customers’ personal information. Explain how the two basic types of encryption systems work. Copyright © 2012 Pearson Education 9-2 Trust Services Framework Security (Chapter 8) Access to the system and its data is controlled and restricted to legitimate users. Confidentiality (Chapter 8) Sensitive organizational information (., marketing plans, trade secrets) is protected from unauthorized disclosure. Privacy Personal information about customers is collected, used, disclosed, and maintained only in compliance with internal policies and external regulatory requirements and is protected from unauthorized disclosure. Processing Integrity (Chapter 10) Data are . | Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education 9-1 Learning Objectives Identify and explain controls designed to protect the confidentiality of sensitive corporate information. Identify and explain controls designed to protect the privacy of customers’ personal information. Explain how the two basic types of encryption systems work. Copyright © 2012 Pearson Education 9-2 Trust Services Framework Security (Chapter 8) Access to the system and its data is controlled and restricted to legitimate users. Confidentiality (Chapter 8) Sensitive organizational information (., marketing plans, trade secrets) is protected from unauthorized disclosure. Privacy Personal information about customers is collected, used, disclosed, and maintained only in compliance with internal policies and external regulatory requirements and is protected from unauthorized disclosure. Processing Integrity (Chapter 10) Data are processed accurately, completely, in a timely manner, and only with proper authorization. Availability (Chapter 10) System and its information are available to meet operational and contractual obligations. Copyright © 2012 Pearson Education 9-3 Intellectual Property (IP) Strategic plans Trade secrets Cost information Legal documents Process improvements All need to be secured Copyright © 2012 Pearson Education 9-4 Steps in Securing IP Copyright © 2012 Pearson Education 9-5 Where is the information, who has access to it? Classify value of information The process of obscuring information to make it unreadable without special knowledge, key files, or passwords. Information rights management: control who can read, write, copy , delete, or download information. Most important! Employees need to know what can or can’t be read, written, copied, deleted, or downloaded Privacy Deals with protecting customer information vs. internal company information Same controls Identification and .
đang nạp các trang xem trước
