Anda di halaman 1dari 6

SISTEM INFORMASI DAN PENGENDALIAN

INTERNAL
KELOMPOK 7
Amerina Sitompul (14MPAXXIXA03)
Erdhiani !i Purnami (14MPAXXIX"44)
#a$ta Aulia Li$ti (14MPAXXIX"7%)
o$en & r' S(ai)ul Ali* MIS
PROGRAM PENDIDIKAN PROFESI AKUNTANSI
FAKULTAS EKONOMI DAN BISNIS
UNIVERSITAS GAJAH MADA
2014
DISCUSSION QUESTIONS
9.2 What risks, if any, does offshore outsourcing of various information systems
functions pose to satisfying the principles of confidentiality and privacy?
+i$i,o-ri$i,o (an. dihadapi o))$hore out$our/in. (aitu ma$alah ,eamanan dan
perlindun.an data' Kuran.n(a ,ontrol peru$ahaan pen..una terhadap $i$tem in)orma$i (an.
di,em0an.,an dan ter,un/i oleh pen(edia out$our/in. melalui per1an1ian ,ontra,' In)orma$i
- in)orma$i (an. 0erhu0un.an den.an peru$ahaan ,adan. diperlu,an oleh piha, pen.em0an.
apli,a$i* dan ,adan. in)orma$i pentin. 1u.a perlu di0eri,an* hal ini a,an men1adi an/aman
0a.i peru$ahaan 0ila 0ertemu den.an piha, pen.em0an. (an. /uran.'
9.4 What privacy concerns might arise from the use of biometric authentication
techniques? What about the embedding of R!" tags in products such as clothing?
What other technologies might create privacy concerns?
"an(a, oran. mun.,in melihat otenti,a$i 0iometri, $e0a.ai in2a$i)' Artin(a* dalam
ran.,a untu, mendapat,an a,$e$ ,e lo,a$i atau data (an. ter,ait den.an pe,er1aan* mere,a
haru$ men(edia,an .am0ar (an. $an.at pri0adi 0a.ian tu0uh mere,a $eperti retina* 1ari*
$uara* dll' Men(edia,an in)orma$i pri0adi den.an /ara ter$e0ut dapat mem0uat 0e0erapa
indi2idu mera$a ta,ut ,arena or.ani$a$i dapat men.umpul,an in)orma$i dan di.una,an untu,
memantau mere,a' Selain itu* 0e0erapa 0iometri, dapat men.un.,ap,an in)orma$i (an.
$an.at $en$iti) (pri2a$i)'
3a. +4I pada produ, indi2idu $eperti pa,aian dapat mela/a, ,e0ia$aan ,on$umen
mem0eli 0aran. (an. diin.in,an atau mer,*tipe* !arna* model 0aran. (an. $erin. di0eli dan
in)orma$i ,on$umen lainn(a (an. 0er$i)at pri0adi'
5al lain (an. dapat men(e0a0,an ma$alah pri2a$i adalah $martphone dan 1e1arin.
$o$ial' Se0a.ian 0e$ar $martphone memili,i ,emampuan 6PS (an. dapat di.una,an untu,
mela/a, ,e0eradaan $e$eoran. dan in)orma$i ter$e0ut $erin. di,umpul,an oleh 7app$7 (an.
,emudian men.irim,ann(a ,e pen.i,lan app$' ata 6PS 1u.a di$impan oleh pen(edia
la(anan $martphone ter$e0ut'
PROBLEMS
9.## $btain a copy of %$&!' (available at ))).isaca.org* and read the control
ob+ectives that relate to encryption (",-.. and ",-.##*. What are the essential
control procedures that organi/ations should implement )hen using encryption?
3u1uan pen.endalian 8O"I3 S9': Cryptographic Key Management men.arah,an
peraturan mana1emen ,un/i den.an en,rip$i' Pro$edur (an. haru$ or.ani$a$i la,u,an ,eti,a
men.implementa$i,an pen..unaan e,nrip$i (aitu&
a' Minimum pan1an. ,un/i' Sema,in pan1an. ,un/i menun1u,,an en,rip$i (an. $ema,in
,uat den.an /ara men.uran.i 1umlah pen.ulan.an (an. men.halan.i ciphertext'
0' Men..una,an al.oritma (an. di$etu1ui'
/' Pro$edur untu, penerima (an. terautenti,a$i'
d' Pen(e0aran ,un/i (an. aman'
e' Pen(impanan ,un/i (an. aman'
)' Key escrow' 5al ini di.una,an untu, men(impan /adan.an ,un/i pri0adi pen..una oleh
piha, ,eti.a* 1i,a perlu* untu, mem0antu 0ai, peradilan na$ional atau departemen
,eamanan untu, mendapat,an pe$an plainte;t a$li* atau dalam ,a$u$ lain pne..una
,ehilan.an atau men.alami ,eru$a,an ,un/i dan key escrow dapat di.una,an untu,
memulih,an'
.' Ke0i1a,an (an. men.atur ,apan haru$ men..una,an en,rip$i dan in)orma$i mana (an.
haru$ dien,rip$i (or.ani$a$i diperlu,an untu, men.,la$i)i,a$i,an dan menamai $emua
a$et in)orma$i $ehin..a ,ar(a!an dapat men.identi)i,a$i ,ate.ori (an. 0er0eda)'
h' Pro$edur untu, men/a0ut ,un/i di,ompromi,an'
3u1uan pen.endalian 8O"I3 S9'11 Exchange of Sensitive Data (aitu pen..unaan
en,rip$i $elama tran$mi$i in)orma$i' 5al ini men/a,up pro$edur men.enai&
a' Pro$edur untu, mema$ti,an in)orma$i $udah dien,rip$i $e0elum tran$mi$i'
0' Spe$i)i,a$i al.oritma en,rip$i (an. di$etu1ui'
/' Pen.endalian a,$e$ terhadap in)orma$i en,rip$i (an. a,an datan.'
d' Pen(impanan (an. aman untu, ,un/i en,rip$i'
DISCUSSION QUESTIONS
#0.1 or each of the three basic options for replacing !' infrastructure (cold sites, hot
sites, and real2time mirroring* give an e3ample of an organi/ation that could use
that approach as part of its "R4. &e prepared to defend your ans)er.
a' DRP (disaster recovery planning) (an. haru$ diperhitun.,an (aitu +P (an.
men.ha$il,an +3O (recovery time objective) (an. palin. tepat untu, or.ani$a$i' Cold
site men.ha$il,an +3O dalam hitun.an hari* hot site men.ha$il,an +3O dalam
hitun.an 1am dan real-time mirroring men.ha$il,an +3O dalam hitun.an menit'
0' 5ot site adalah lo,a$i 0a/,up alternati) (an. mempun(ai )a$ilita$ /omputer (an.
dipa$o, den.an da(a li$tri,* pemana$an* 2entila$i* dan pro$e$ pen.aturan $uhu* dan
0er)un.$i $e0a.ai fileprint server dan workstation! Lo,a$i ini memerlu,an
pemeliharaan (an. teratur untu, men1a.a ,e$e$uaian den.an ,ondi$i 0ia$an(a' "ot
site memerlu,an 0ia(a admini$trati) (an. le0ih dan /u,up men.ha0i$,an $um0er
da(a' Keuntun.an utama hot site (aitu ,eter$e$iaann(a $elama <4=7' "ot site dapat
di.una,an $e/ara /epat dan ter$edia (atau dalam toleran$i !a,tu (an. diper0oleh,an)
$e$aat $etelah peri$ti!a (an. men..an..u ter1adi'
/' %old site merupa,an +8 (disaster recovery center) (an. tida, dilen.,api den.an
$i$tem /adan.an* 0ia$an(a han(a 0erupa ruan.an= 0an.unan (an. dilen.,api da(a*
pendin.in ruan.an* $i$tem pen/e.ah ,e0a,aran* 1arin.an in)ra$tru,tur data dan $uara*
$erta terpa$an.n(a raised floor' "i$a di,ata,an cold site adalah +8 (an. ,o$on.'
>i,a $uatu or.ani$a$i mempun(ai an..aran $an.at ,e/il untu, $uatu lo,a$i pro$e$
0a/,up alternati2e* cold site mun.,in le0ih 0ai, di0andin. tida, ada $ama $e,ali'
d' Real2time mirroring adalah pro$e$ ?pendupli,atan@ database ,e tempat lain' Ini
merupa,an $alah $atu 0entu, +8 (an. me,ani$men(a men..una,an $in,roni$a$i
)ile $atu arah' 4ile (an. terupdate a,an di$alin $e/ara real time pada $atu atau le0ih
tar.et lo,a$i (target location) dari lo,a$i $um0er (so#rce location) namun tida, ada
)ile (an. di$alin ,em0ali ,e lo,a$i $um0er' 4un.$i dari target location adalah untu,
men..anti,an )un.$i so#rce location pada $aat men.alami ma$alah'
8ontoh or.ani$a$i (an. dapat men..una,an real-time mirroring $e0a.ai +P-n(a (aitu
peru$ahaan per0an,an' $eal-time mirroring $an.at diperlu,an pada $i$tem database (an.
haru$ 0eropera$i $e/ara teru$ meneru$' an $aat ter1adi ,e.a.alan $i$tem* poten$i ,eru.ian
(an. ditim0ul,an (lan.$un. maupun tida, lan.$un.) $an.at 0e$ar dan upa(a memper0ai,in(a
$an.at 0erat dan lama $ehin..a mele0ihi 0ia(a (an. diperlu,an untu, pem0uatan dan
pemeliharaan mirroring itu $endiri'
Karena pem0an.unan real-time mirroring mem0utuh,an 0ia(a (an. 0e$ar $eperti
di$e0ut,an di ata$* ma,a real-time mirroring /o/o, diimplementa$i,an untu, $i$tem den.an
database terpu$at' Adapaun $(arat utama data0a$e terpu$at adalah &
Sarana ,omuni,a$i=aliran data ,omuni,a$i mendu,un. (0a.u$)'
1eni$ data terma$u, dalam data (an. memerlu,an update realtime'
PROBLEM
#0.. 6onster6ed !nc. (66!* is an online pharmaceutical firm. 66! has a small
systems staff that designs and )rites 66!7s customi/ed soft)are. 'he data center is
installed in the basement of its t)o2story headquarters building. 'he data center is
equipped )ith halon2gas fire suppression equipment and an uninterruptible po)er
supply system.
'he computer operations staff )orks a t)o2shift schedule, five days per )eek.
66!7s programming staff, located in the same building, has access to the data
center and can test ne) programs and program changes )hen the operations staff
is not available. 4rogrammers make changes in response to oral requests by
employees using the system. ,ince the programming staff is small and the )ork
demands have increased, systems and programming documentation is developed
only )hen time is available. &ackups are made )henever time permits. 'he backup
files are stored in a locked cabinet in the data center. 8nfortunately, due to several
days of heavy rains, 66!7s building recently e3perienced serious flooding that
destroyed not only the computer hard)are but also all the data and program files
that )ere on2site.
Required9
a. !dentify at least five )eaknesses in 6onster6ed !nc.7s backup and "R4
procedures.
b. :valuate change controls at 6onster6ed !nc.
a' Lima ,elemahan dalam 0a/,up dan pro$edur +P Mon$terMed In/'
3ida, ada 0a/,up (an. tertuli$'
3ida, ada +P (di$a$ter re/o2er( plan ) (an. tertuli$'
"a/,up tida, dila,u,an $e/ara teratur'
Pemulihan 0a/,up tida, dila,u,an pen.u1ian'
Si$tem do,umenta$i di$iap,an han(a ,eti,a $e$eoran. memili,i !a,tu untu,
mela,u,ann(a' A,i0atn(a* do,umenta$i men1adi tida, len.,ap dan tida, up to date'
Sta) pemro.raman memili,i a,$e$ ,e ruan. ,omputer tanpa pen.a!a$an dari $ta)
opera$i' Para pro.ramer 0i$a $a1a men.u0ah )ile data atau pro.ram opera$ional'
Lo,a$i )a$ilita$ /omputer (an. 0erada di 0a$ement dapat menin.,at,an ri$i,o
,eru$a,an a,i0at 0an1ir'
3ida, ada permintaan tertuli$* pro$e$ per$etu1uan* atau pro$e$ pen.u1ian ,alau ada
peru0ahan $i$tem'
0' E2alua$i peru0ahan pen.endalian di Mon$terMed In/
Pada MMI tida, terlihat adan(a pemi$ahan antara pen.u1ian dan pen.em0an.an
$i$tem* $ehin..a peru0ahan lan.$un. ter1adi pada $i$tem produ,$i'
Permintaan untu, peru0ahan $i$tem dila,u,an $e/ara li$an* tanpa per$etu1uan )ormal
ataupun do,umenta$i'
,umber9

http&==)un.$imana1emeninterna$ional'!ordpre$$'/om=<01<=10=0:=pro-dan-,ontra-te,nolo.i-
r)id=
http&==,ampu$,euan.an'!ordpre$$'/om=<011=09=<3=data0a$e-mirrorin.=
http&==$a0da$an.pen(air')ile$'!ordpre$$'/om=<01<=07=,on$ep-dan-$trate.i<'pd)
+omne(* "' Mar$hall and Paul >' Sten0art'<01<' %cco#nting &nformation System' (welfth
Edition* Prenti/e 5all'