CA FINAL ISCA CLASSES: Chapter 3 Protection of Information Systems (POIS) | (FULL) with Memory Techniques

Chapter 3
Protection of Information Systems


Introduction to the Chapter:

In the computerized information systems, most of the business processes are automated. Organizations are increasingly relying on Information Technology (IT) for information and transaction processing. The growth of E-commerce supported by the growth of the Internet has completely revolutionized and generated need for reengineered business processes. IT innovations such as hardware, software, networking technology, communication technology and ever-increasing bandwidth lead to completely new business models.
All these new business models and new methods assume that the information required by the business managers IS available all the time; it is accurate, it is complete and no unauthorized disclosure of the same is made. Further, it is also presumed that the virtual business organization is up and running all the time on 24 x 7 basis. However, in reality, the technology-enabled and technology-dependent organizations are more vulnerable to information security threats than ever before. The Denial of Service (DOS) attacks on the websites of yahoo.com, amazon.com and lots of other web sites is a significant case. Those websites were down for several hours to a few days jeopardizing the business of those organizations. The virus threats are also in real. The horror stories of 'Melissa' and 'l love you' viruses are fresh in the minds of the IT professionals of those organizations, which were affected by them. Further, the hacking and cracking on the Internet is a real threat to virtual organizations, which are vulnerable to information theft and manipulations. 


Learn ISCA easily


This is a consolidated post which will cover all the topics covered so far & also the future posts.
All the topics will be numbered according to the ICAI module & following the topics you'll find the mnemonics to learn these topics & to further help you guys in understanding the Mnemonics, Video classes are also provided for that Free of Cost.

Let's begin learning.

Topic # 3.6

Classification of Information Systems Controls


#3.6.1 CLASSIFICATION ON THE BASIS OF "OBJECTIVE OF CONTROLS"

Preventive
Detective
Corrective
Compensatory

This topic is already covered earlier, link to that post is provided down below. Go check it out.



Topic # 3.6

Classification of Information Systems Controls

#3.6.3 CLASSIFICATION ON THE BASIS OF "Audit Function"

  • Managerial Control
  • Application Control
Few topics have already been covered before in the earlier post. The topics that are covered before are as follows:

  1. Main Headings of Managerial Control
  2. Main Headings of Application Control
  3. Application and Monitoring System Access Control
  4. System Development Management Controls
Link to this post ---->  "Click Here"




Topic # 3.6

Classification of Information Systems Controls

#3.6.3 CLASSIFICATION ON THE BASIS OF "Audit Function"

APPLICATION CONTROL

The broad headings of Application control have already been covered above viz. Sachin & Shoaib Mnemonic.

Now, we will discuss the Sub-headings.


Topic # 3.8.2
Input Control

Input controls are divided into the following broad classes:
  • Source Document Control, 
  • Data Coding Controls 
  • Batch Controls, and 
  • Validation Controls. 
Now, to remember this we are going to use a Mnemonic that is given below.







Mnemonic: Cheque Input होता है बैंक के लिए 
बैंक वाले Bench पे बैठे हुए थे : Batch Control
Cheque : Source Document होता है
उस पर Data Coding control लगा होता है i.e MICR
उसकी Validation होती है i.e valid upto 3 Months 

(a) Source Document Control


  • Cheque book मे cheques serial numbers से होते है :Use Source Document in Sequence
  • उन पर पहले से ही Numbers होते है: Use Pre-numbered source document
  • हम थोर्ड़े टाइम बाद Cheque बुक की Audit करते है टोटल Expense देखने के लिए : Periodically Audit source document

(b) Data Coding Control

  • Transcription Errors 
    • Addition
    • Truncation (Deletion)
    • Substitution
  • Transposition Errors
    • Single
    • Multiple
(c) Batch Control
  • Physical Control
  • Logical Control



(d) Validation Control


Arithemetic के अध्यापक का बच्चा Kaaalu Ribbon काट रहा था।  
Arithmetic: Field Interrogation
Record Interrogation: Ribbon Cutting
File Interrogation: Kaalu Vala


Field Interrogation:


It involves programmed procedures that examine the characters of the data in the field. The following are some common types of field interrogation. Various field checks used to ensure data integrity have been described below: 


  • Limit Check: This is a basic test for data processing accuracy and may be applied to both the input and output data. The field is checked by the program against predefined limits to ensure that no input/output error has occurred or at least no input error exceeding certain pre-established limits has occurred. 
  • Picture Checks: These check against entry into the processing of incorrect/invalid characters. 
  • Valid Code Checks: Checks are made against predetermined transactions codes, tables or order data to ensure that input data are valid. The predetermined codes or tables may either be embedded in the or stored in (direct access) files. 
  • Check Digit: One method for detecting data coding errors is a check digit. A check digit is a control digit (or digits) added to the code when it IS originally assigned that allows the integrity of the code to be established during subsequent processing.
  • Arithmetic Checks: Simple Arithmetic is performed in different ways to validate the result of other computations of the values of selected data fields. 
  • Cross Checks: may be employed to verify fields appearing in different files to see that the result tally.  
Now, Mnemonic to learn the above topic is given down below.







Arithmetic के अध्यापक दोनों एक ही FIELD के थे, दोनों को प्यार होगया 
Story:

Arithmetic के अध्यापक: Arithmetic Checks
दोनों को Cross मे प्यार हुआ: Cross Checks
Age की Limit नहीं check की थी प्यार करते time: Limit Check
दोनों 143 नहीं बोल पाते थे एक दूसरे को: Valid Code Check
दोनों Check करते थे एक दूसरे की : Check Digit
Picture facebook पे : Picture Check


Video Class to explain this topic Further:

PART 2 CLASS VIDEO LINK IN DOWN BELOW, DON'T FORGET TO CHECK THAT OUT







Record Interrogation:


Reasonableness Check: Whether the value specified in a field is reasonable for that particular field? 
Valid Sign: The contents of one field may determine which sign is valid for a numeric field.
Sequence Check: If physical records follow a required order matching with logical records.


Mnemonic for this topic:

Ribbon cutting वाला i.e रिबन cutting के time Recording हो रही थी। 

Story:

लड़की वालो ने 51000 मांगे, दूल्हे ने बोला Reasonable amount बोलो
 बोला 11000 Valid है
अब सबने Sequence से Entry करी। 



File Interrogation:

These are discussed as follows:

  • Version Usage: Proper version of a file should be used for processing the data correctly. In this regard, it should be ensured that only the most current file be processed. 
  • Internal and External Labeling: Labeling of storage media is important to ensure that the proper files are loaded for process. Where there is a manual process for loading files, external labeling is important to ensure that the correct file is being processed. Where there is an automated tape loader system, internal labeling IS more important. 
  • Data File Security: Unauthorized access to data file should be prevented, to ensure Its confidentiality, integrity and availability. These controls ensure that the correct file used for processing. 
  • Before and after Image and Logging: The application may provide for reporting of before and after images of transactions. These Images combined with the logging of events enable re-constructing the data file back to its last state of integrity, after which the application can ensure that the incremental transactions/events are rolled back or forward. 
  • File Updating and Maintenance Authorization: Sufficient controls should exist for file updating and maintenance to ensure that stored data are protected. The access restrictions may either be part of the application or of the overall system access restrictions. 
  • Parity Check: When programs or data are transmitted, additional controls are needed. Transmission errors are controlled primarily by detecting errors or correcting codes. 







Mnemonic for the above topic:
Kaaaalu वाला i.e कालू Flipkart से कपडे खरीदता था (कपड़ो की interrogation कर के) i.e  File Interrogation 

Story:

कालू अपनी Internal & External Labelling करता था Flipkart से कपड़े खरीद कर
रोज़ नई version की लड़की पे दिल आ जाता था
इस बार एक परि जैसी लड़की पे दिल आ गया
कालू ने लड़की को बोलै अपने दिल की Data File दे दे मे उसकी Security करूंगा
लड़की ने उसकी Before & after की Image देखी
finally लड़की ने उसे अपनी File Updation & maintenance की Authorization दे दी। 

 For the Video Class click the link given below
PART #2

-------------->CLICK HERE<-------------- 

Or watch it here directly

Video Class:



Share:

2 comments

  1. I am from South India and for me this is not useful. Sir please do it in English, also do Mnemonics in English.

    ReplyDelete