Application_framework1.ppt

8/14/2019 Application_framework1.ppt

1/15

APPLICATION CONTROLS

FRAMEWORK


2/15

What are application controls?

Specific controls within each separate

computer application, such as payroll or order

processing.

Includes both automated and manual

procedures.

Classified into Boundary, Input,

Communication, Processing, Database and

output controls.


3/15

Objectives Of Application Controls

Objectives of application controls is to ensure that: Input data is accurate, complete, authorized, and

correct.

Data is processed as intended in an acceptabletime period.

Data stored is accurate and complete.

Outputs are accurate and complete.

A record is maintained to track the process ofdata from input to storage and to the eventualoutput.


4/15

Input Controls

Check data for accuracy and completeness when

they enter the system.

Data can be input into the information system in two

ways: Direct or medium based entry. Type of data input method affects Data integrity and

system efficiency.

More the Human Intervention, More is the likelihood

of error occurring.


5/15

Input Methods

State/Event Recording

Medium

Keyboarding

Direct

Reading

Direct Entry


6/15


7/15

Data Validation and Editing

Sequence Check

Limit or Range Check

Validity Check

Reasonableness CheckExistence Check

Key Verification

Check Digit

Consistency or Logical Relationship Check


8/15

Boundary Controls It establishes the interface between the would be

user of a computer system and the computer system

itself.

Purpose of boundary Controls

To establish the identity and authenticity of wouldbe users of computer system.

To establish the identity and authenticity of

resources that users wish to employ.

To restrict the actions taken by users who obtain

computer resources to a set of authorized actions


9/15

Boundary Controls

Cryptographic controls

a. Transposition Ciphers

b. Substitution Ciphers

c. Product Ciphers

From audit perspective, Cryptographic Key

management must address three functions:a. How keys will be generated

b. How they will be distributed to users

c. How they will be installed in Cryptographic Facilities


10/15

Access Controls

Restricts use of computer system to authorizedusers

Limit the actions users can undertake with respect

to those resources

Ensures that users obtain only authentic computer

resources

Two types of Access control policy:

Discretionary Access control

Mandatory Access control


11/15

PINs

Controls must be in place at several phases in the life

cycle of PINs:

a. Generation of the PIN

b. Issuance and delivery of pin to the users

c. Validation of the pin upon entry

d. Transmission of PIN

e. Processing & Storage

f. Change , Replacement or termination of PIN


12/15

Communication Controls

Communication subsystem Exposures-

Transmission Impairments (Attenuation, Delay

Distortion, Noise) , Component Failure & Subversive

Threat Physical Component Controls

Transmission Media- Can be bounded or unbounded

Communication Lines

Modems


13/15

Communication Controls

Line Error Controls

Loop Checks

Parity Checks

Cyclic Redundancy Checks

Errors can be corrected using

Forward Error Correction

Retransmission


14/15

Flow Controls

Stop & Wait flow control

Sliding Window Flow control

Topological Controls

Channel Access controls

Polling

Contention


15/15

Controls over Subversive Threats

Link Encryption

End-to-End Encryption

Stream Ciphers

Error Propagation Codes

Message Authentication Codes

Message Sequence Numbers

Request-Response Mechanisms

Application_framework1.ppt

Documents

Transcript of Application_framework1.ppt