Application_framework1.ppt
Transcript of Application_framework1.ppt
-
8/14/2019 Application_framework1.ppt
1/15
APPLICATION CONTROLS
FRAMEWORK
-
8/14/2019 Application_framework1.ppt
2/15
What are application controls?
Specific controls within each separate
computer application, such as payroll or order
processing.
Includes both automated and manual
procedures.
Classified into Boundary, Input,
Communication, Processing, Database and
output controls.
-
8/14/2019 Application_framework1.ppt
3/15
Objectives Of Application Controls
Objectives of application controls is to ensure that: Input data is accurate, complete, authorized, and
correct.
Data is processed as intended in an acceptabletime period.
Data stored is accurate and complete.
Outputs are accurate and complete.
A record is maintained to track the process ofdata from input to storage and to the eventualoutput.
-
8/14/2019 Application_framework1.ppt
4/15
Input Controls
Check data for accuracy and completeness when
they enter the system.
Data can be input into the information system in two
ways: Direct or medium based entry. Type of data input method affects Data integrity and
system efficiency.
More the Human Intervention, More is the likelihood
of error occurring.
-
8/14/2019 Application_framework1.ppt
5/15
Input Methods
State/Event Recording
Medium
Keyboarding
Direct
Reading
Direct Entry
-
8/14/2019 Application_framework1.ppt
6/15
-
8/14/2019 Application_framework1.ppt
7/15
Data Validation and Editing
Sequence Check
Limit or Range Check
Validity Check
Reasonableness CheckExistence Check
Key Verification
Check Digit
Consistency or Logical Relationship Check
-
8/14/2019 Application_framework1.ppt
8/15
Boundary Controls It establishes the interface between the would be
user of a computer system and the computer system
itself.
Purpose of boundary Controls
To establish the identity and authenticity of wouldbe users of computer system.
To establish the identity and authenticity of
resources that users wish to employ.
To restrict the actions taken by users who obtain
computer resources to a set of authorized actions
-
8/14/2019 Application_framework1.ppt
9/15
Boundary Controls
Cryptographic controls
a. Transposition Ciphers
b. Substitution Ciphers
c. Product Ciphers
From audit perspective, Cryptographic Key
management must address three functions:a. How keys will be generated
b. How they will be distributed to users
c. How they will be installed in Cryptographic Facilities
-
8/14/2019 Application_framework1.ppt
10/15
Access Controls
Restricts use of computer system to authorizedusers
Limit the actions users can undertake with respect
to those resources
Ensures that users obtain only authentic computer
resources
Two types of Access control policy:
Discretionary Access control
Mandatory Access control
-
8/14/2019 Application_framework1.ppt
11/15
PINs
Controls must be in place at several phases in the life
cycle of PINs:
a. Generation of the PIN
b. Issuance and delivery of pin to the users
c. Validation of the pin upon entry
d. Transmission of PIN
e. Processing & Storage
f. Change , Replacement or termination of PIN
-
8/14/2019 Application_framework1.ppt
12/15
Communication Controls
Communication subsystem Exposures-
Transmission Impairments (Attenuation, Delay
Distortion, Noise) , Component Failure & Subversive
Threat Physical Component Controls
Transmission Media- Can be bounded or unbounded
Communication Lines
Modems
-
8/14/2019 Application_framework1.ppt
13/15
Communication Controls
Line Error Controls
Loop Checks
Parity Checks
Cyclic Redundancy Checks
Errors can be corrected using
Forward Error Correction
Retransmission
-
8/14/2019 Application_framework1.ppt
14/15
Flow Controls
Stop & Wait flow control
Sliding Window Flow control
Topological Controls
Channel Access controls
Polling
Contention
-
8/14/2019 Application_framework1.ppt
15/15
Controls over Subversive Threats
Link Encryption
End-to-End Encryption
Stream Ciphers
Error Propagation Codes
Message Authentication Codes
Message Sequence Numbers
Request-Response Mechanisms