Anda di halaman 1dari 9

ACCTG 503: AUDITING IN A CIS ENVIRONMENT Page |1

INFORMATION SYSTEMS
- is an integrated set of components for collecting, storing, and processing data and for delivering information, knowledge, and
digital products. Business firms and other organizations rely on information systems to carry out and manage their operations,
interact with their customers and suppliers, and compete in the marketplace.

Definition of terms:
INFORMATION is termed to as processed data, while data is considered as raw facts.
SYSYTEM is an interrelationship of resources leading to the achievement of a goal.

COMPONENTS of a SYSTEM
a. GOAL – the objective of the firm
b. RESOURCES – can be considered as your, hardware, software and peopleware.
b.1. Hardware - Physical equipment that makes up a computer system.
b.2. Software - Organized information in the form of operating systems, utilities, programs, and applications that enable
computers to work.
b.3. Peopleware - refer to anything that has to do with the role of people in the development or use of computer software
and hardware systems, including such issues as developer productivity, teamwork, group dynamics, the psychology of
programming, project management, organizational factors, human interface design, and human-machine-interaction.

c. INTER-RELATIONSHIP – the means by which every resource communicate with each other.

EDP (electronic data processing)


- is an infrequently used term for what is today usually called "IS" (information services or systems) or "MIS" (management
information services or systems), is the processing of data by a computer and its programs in an environment involving
electronic communication. EDP evolved from "DP" (data processing), a term that was created when most computing input
was physically put into the computer in punched card form and output as punched cards or paper reports.

DATA PROCESSING - Manipulation of input data with an application program to obtain desired output as an audio/video,
graphic, numeric, or text data file.
1. INPUT – data feed to a system that is transformed by the system to become an output.
2. PROCESS - Sequence of interdependent and linked procedures which, at every stage, consume one or more resources to
convert inputs into outputs.
3. OUTPUT - A result produced by a computer that is internal to the system

- One of the important tools in an EDP Environment is the use of electronic devices which may consist of different types of
computers.

COMPUTER
- Computer is an electronic device that is designed to work with Information. The term computer is derived from the Latin
term ‘computare’, this means to calculate. Computer cannot do anything without a Program. Computer is an advanced
electronic device that takes raw data as input from the user and processes these data under the control of set of instructions
(called program) and gives the result (output) and saves output for the future use.

TYPES OF A COMPUTER
A. Supercomputer
- Supercomputer is a broad term for one of the fastest computers currently available. A supercomputer is a computer that
performs at or near the currently highest operational rate for computers. A supercomputer is typically used for scientific and
engineering applications that must handle very large databases or do a great amount of computation (or both).
Supercomputers are very expensive and are employed for specialized applications that require immense amounts of
mathematical calculations (number crunching). For example, weather forecasting requires a supercomputer. Other uses of
supercomputers scientific simulations, (animated) graphics, fluid dynamic calculations, nuclear energy research, electronic
design, and analysis of geological data (e.g. in petrochemical prospecting). As of November 2012, the Titan supercomputer is
the fastest in the world. It is almost 20 billion times faster than the first supercomputer (the CDC 6600).
ACCTG 503: AUDITING IN A CIS ENVIRONMENT Page |2
B. Mainframe
C. was a term originally referring to the cabinet containing the central processor unit or "main frame" of a room-filling Stone
Age batch machine. After the emergence of smaller "minicomputer" designs in the early 1970s, the traditional big iron
machines were described as "mainframe computers" and eventually just as mainframes. Nowadays a Mainframe is a very
large and expensive computer capable of supporting hundreds, or even thousands, of users simultaneously. The chief
difference between a supercomputer and a mainframe is that a supercomputer channels all its power into executing a few
programs as fast as possible, whereas a mainframe uses its power to execute many programs concurrently. In some ways,
mainframes are more powerful than supercomputers because they support more simultaneous programs. But supercomputers
can execute a single program faster than a mainframe. The distinction between small mainframes and minicomputers is
vague, depending really on how the manufacturer wants to market its machines.

D. Minicomputer
- It is a midsize computer. In the past decade, the distinction between large minicomputers and small mainframes has blurred,
however, as has the distinction between small minicomputers and workstations. But in general, a minicomputer is a
multiprocessing system capable of supporting from up to 200 users simultaneously.

E. Workstation
- It is a type of computer used for engineering applications (CAD/CAM), desktop publishing, software development, and other
types of applications that require a moderate amount of computing power and relatively high quality graphics capabilities.
Workstations generally come with a large, high-resolution graphics screen, at large amount of RAM, built-in network
support, and a graphical user interface. Most workstations also have a mass storage device such as a disk drive, but a special
type of workstation, called a diskless workstation, comes without a disk drive.
- A computer designed for technical or scientific applications. Intended primarily to be used by one person at a time, they are
commonly connected to a local area network and run multi-user operating systems. Like personal computers, most
workstations are single-user computers. However, workstations are typically linked together to form a local-area network,
although they can also be used as stand-alone systems.

N.B.: In networking, workstation refers to any computer connected to a local-area network. It could be a workstation or a personal
computer.

F. Personal computer
- It can be defined as a small, relatively inexpensive computer designed for an individual user. In price, personal computers
range anywhere from a few hundred pounds to over five thousand pounds. All are based on the microprocessor technology
that enables manufacturers to put an entire CPU on one chip. Businesses use personal computers for word processing,
accounting, desktop publishing, and for running spreadsheet and database management applications. At home, the most
popular use for personal computers is for playing games and recently for surfing the Internet.

Personal Computer Types


- Actual personal computers can be generally classified by size and chassis / case. The chassis or case is the metal frame that
serves as the structural support for electronic components. Every computer system requires at least one chassis to house the
circuit boards and wiring. The chassis also contains slots for expansion boards. If you want to insert more boards than there
are slots, you will need an expansion chassis, which provides additional slots. There are two basic flavors of chassis designs–
desktop models and tower models–but there are many variations on these two basic types. Then came the portable computers
that are computers small enough to carry. Portable computers include notebook and subnotebook computers, hand-held
computers, palmtops, and PDAs.

1. Tower model The term refers to a computer in which the power supply, motherboard, and mass storage devices are stacked
on top of each other in a cabinet. This is in contrast to desktop models, in which these components are housed in a more
compact box. The main advantage of tower models is that there are fewer space constraints, which makes installation of
additional storage devices easier.

2. Desktop model A computer designed to fit comfortably on top of a desk, typically with the monitor sitting on top of the
computer. Desktop model computers are broad and low, whereas tower model computers are narrow and tall. Because of their
shape, desktop model computers are generally limited to three internal mass storage devices. Desktop models designed to be
very small are sometimes referred to as slimline models.

3. Notebook computer An extremely lightweight personal computer. Notebook computers typically weigh less than 6 pounds
and are small enough to fit easily in a briefcase. Aside from size, the principal difference between a notebook computer and a
personal computer is the display screen. Notebook computers use a variety of techniques, known as flat-panel technologies,
to produce a lightweight and non-bulky display screen. The quality of notebook display screens varies considerably. In terms
ACCTG 503: AUDITING IN A CIS ENVIRONMENT Page |3
of computing power, modern notebook computers are nearly equivalent to personal computers. They have the same CPUs,
memory capacity, and disk drives. However, all this power in a small package is expensive. Notebook computers cost about
twice as much as equivalent regular-sized computers. Notebook computers come with battery packs that enable you to run
them without plugging them in. However, the batteries need to be recharged every few hours.

4. Laptop computer A small, portable computer -- small enough that it can sit on your lap. Nowadays, laptop computers are
more frequently called notebook computers.

5. Subnotebook computer A portable computer that is slightly lighter and smaller than a full-sized notebook computer.
Typically, subnotebook computers have a smaller keyboard and screen, but are otherwise equivalent to notebook computers.

6. Hand-held computer A portable computer that is small enough to be held in one’s hand. Although extremely convenient to
carry, handheld computers have not replaced notebook computers because of their small keyboards and screens. The most
popular hand-held computers are those that are specifically designed to provide PIM (personal information manager)
functions, such as a calendar and address book. Some manufacturers are trying to solve the small keyboard problem by
replacing the keyboard with an electronic pen. However, these pen-based devices rely on handwriting recognition
technologies, which are still in their infancy. Hand-held computers are also called PDAs, palmtops and pocket computers.

7. Palmtop A small computer that literally fits in your palm. Compared to full-size computers, palmtops are severely limited,
but they are practical for certain functions such as phone books and calendars. Palmtops that use a pen rather than a keyboard
for input are often called hand-held computers or PDAs. Because of their small size, most palmtop computers do not include
disk drives. However, many contain PCMCIA slots in which you can insert disk drives, modems, memory, and other devices.
Palmtops are also called PDAs, hand-held computers and pocket computers.

8. PDA Short for personal digital assistant, a handheld device that combines computing, telephone/fax, and networking
features. A typical PDA can function as a cellular phone, fax sender, and personal organizer. Unlike portable computers, most
PDAs are pen-based, using a stylus rather than a keyboard for input. This means that they also incorporate handwriting
recognition features. Some PDAs can also react to voice input by using voice recognition technologies. The field of PDA was
pioneered by Apple Computer, which introduced the Newton MessagePad in 1993. Shortly thereafter, several other
manufacturers offered similar products. To date, PDAs have had only modest success in the marketplace, due to their high
price tags and limited applications. However, many experts believe that PDAs will eventually become common gadgets.
PDAs are also called palmtops, hand-held computers and pocket computers.

COMPUTER HARDWARE COMPONENTS AND ARCHITECTURES


The hardware components of computer systems include differing interdependent components specific functions, which can be
classified as either processing or input/output control.
A. PROCESSING COMPONENTS
1. CPU - The central processing unit (CPU) processes all of the data that is accessed by the machine. It is a small internal piece that
is located beneath the fan.
a. The heart of the computer, this is the component that actually executes instructions organized in programs ("software")
which tell the computer what to do.
b. The CPU is attached to a string of conductors called a system data bus (bus: shared electrical path)
c. When different computers share one CPU, this is called time sharing.

2. Motherboard - The motherboard is an underlying circuit board that holds all the computer components together. Computer
components, including the CPU, RAM, hard drive and optical drives, plug into the motherboard. This allows the separate
components to interact with each other to create a fully functional machine. While each computer part has a unique function, they
would be utterly useless without the unifying motherboard.

3. DATA STORAGE – Every computer requires additional storage space, such as hard disk. Data storage may be fixed, semi fixed
or even removable. When a computer is turned on, initial start-up is executed from storage disks, these is usually called the
process of boot strapping or initial program load. The operating system is then loaded together with the BIOS Setup (Basic
Input/Output System)

a. Internal Memory (fast, expensive, short-term memory): Enables a computer to store, at least temporarily, data, programs, and
intermediate results.
1. RAM – Random Access Memory( Primary Memory). Random access memory provides a buffer between the hard drive
and central processing unit. When files are requested for processing, they transfer from the hard drive to the memory.
The CPU then processes the file and replaces it in the memory. The memory provides a temporary storage that will be
ACCTG 503: AUDITING IN A CIS ENVIRONMENT Page |4
eliminated if power is removed from the machine. It is important to save modified files to the hard drive so that they will
be retained if the power turns off.
2. ROM – Read Only Memory. Data stored in ROM cannot be modified, or can be modified only slowly or with difficulty,
so it is mainly used to distribute firmware (software that is very closely tied to specific hardware, and unlikely to need
frequent updates).

b. Mass storage device (slower, cheaper, long-term memory): Allows a computer to permanently retain large amounts of data
and programs between jobs. Common mass storage devices include disk drives and tape drives.
1. Hard Drive - A hard drive provides permanent storage for the operating system, programs and files on a machine. When
files are saved to the hard drive, they are retained through power outages. New computers are usually equipped with
SATA drives, which have replaced the older IDE drive technology. These drives use slimmer cables, smaller power
connections, and have numerous performance benefits over the older hard drive types. SATA hard drives do not get as
hot and can transfer data faster.
2. CD and DVD drives
3. Floppy disk drive

5. INPUT/OUTPUT DEVICES
The I/O components are used to pass intructions/ information to the computer and to display or record the output generated by the
computer.
a. Input device: Usually a keyboard, a mouse or a touchscreen, the input device is the conduit through which data and
instructions enter a computer.
b. Output device: A display screen (monitor), printer, speaker, or other device that lets you see what the computer has
accomplished.

COMMON ENTERPRISE BACK-END DEVICES


In today’s distributed environment, there are many different devices used in delivering application services. The following are the
most common devices encountered
ROLE FUNCTION EXAMPLES
User Workstation Runs applications to solve problems and Microsoft Office, personal spreadsheets, email client,
can access data on network servers. web surfing. Usually desktop or laptop.
File Server Stores data files for shared user access. Microsoft and Novell shared network drives (usually
Provide organization wide access to files labelled F: through Z:)
and programs. Document repositories can
be centralized to a few locations within the
organization and controlled with an access
control matrix. Group collaboration and
document management are easier when a
document repository is used, rather than
dispersed storage across multiple
workstations.
Website Server Performs the same function as the file Stores file on the web. Example: Google Docs
server. Provides information and services
to external customers and internal
employees through web pages.
DNS Server Converts server domain names into their Converts an easy to remember name such as
matching IP addresses. www.google.com into its corresponding IP address.
Domain Name System is a program to find the IP
addresses matching the name you entered. DNS
works like an automated phonebook.
Database Server Stores raw data and organizes it in tables Accounting software, sales automation, and online
for authorized users to access. shopping carts. Can exist on a file server, web server,
or dedicated machine. May be internally developed
or built using a commercial product such as
ORACLE SQL, IBM Informix or IBM DB2.
Application server Application or program server typically
host software programs that provide
application access to client computers,
including processing of the application
business logic and communication with the
application’s database. Consolidation of
ACCTG 503: AUDITING IN A CIS ENVIRONMENT Page |5
applications and licenses in servers enables
centralized management and a more secure
environment
Print servers Businesses of all sizes requires that
printing capability be made available to
users across multiple sites and domains.
Generally, a network printer is configured
based upon where the printer is physically
located and who within the organization
needs to use it. Print servers allow
businesses to consolidate printing
resources for cost-savings.
Proxy server Provide an intermediate link between users
and resources. A opposed to direct access,
proxy servers will access on a user’s
behalf. Depending on the services being
provided, a proxy server may render more
secure and faster response than direct
access.
Appliances Provide a specific service normally would FiREWALL- a specific device that inspects a;; traffic
(specialized devices) not be capable of running other services. going between segments and applies security policies
As a result the devices are significantly to help ensure a secure network. An effective firewall
smaller and faster, and very efficient. implementation depends on the quality of the security
Capacity and performance demands certain policies written and their compliance with the best
services to be run on appliances instead of practices
generic servers. INTRUSION DETECTION SYSTEM (IDS)- listens
to all incoming and outgoing traffic to deduce and
warn potentially malicious connections
INTRUSION PREVENTION SYSTEM (IPS)-
actively attempts to prevent intrusion by monitoring
traffic and identifying irregular usage patterns.
SWITCHES- Data link-level devices that can divide
and interconnect network segments and help reduce
collision domains in Ethernet-based networks
ROUTERS- devices used to link two or more
physically separated segments. The network
segments linked by a router remain logically separate
and can function as independent network.
VIRTUAL PRIVATE NETWORK (VPN)- VPNs
provide remote access to enterprise IT resources or
can link two or more physically separate networks
through a security tunnel. A Secure Sockets Layer-
Virtual Private Network (SSL-VPN) provides
clientless remote access only through an internet
browser.
LOAD BALANCER- a load balancer distributes
traffic across several different devices to increase the
performance and availability of IT services.

COMMON CHARACTERISTICS OF DIFFERENT TYPES OF COMPUTER


1. Speed
- A computer is a very fast device. It can carry out instructions at a very high speed obediently, uncritically and without
exhibiting any emotions. It can perform in a few seconds the amount of work that a human being can do in an entire year – if
he work day and night and is nothing else.
- Some calculation that would have taken hours and days to complete otherwise, can be completed in a few seconds using the
computer. The speed of computer is calculated in MHz that is one million instructions per second.
2. Accuracy
- Accuracy of a computer is consistently high and the degree of accuracy of a particular computer depends on the instructions
and the type of processor. But for a particular computer, each and every calculation is performed. For example, the computer
accurately gives the result of division of any number up to 10 decimal points.
ACCTG 503: AUDITING IN A CIS ENVIRONMENT Page |6
3. Versatility
- Versatility is one of the most wonderful things about computer. Multi-processing features of computer makes it quiet versatile
in nature. One moment, it is preparing the results of particular examination, the next moment it is busy preparing electricity
bills, and in between it may be helping an office secretary to trace an important letter in seconds.
- It can perform different types of tasks with same ease. All that is required to change its talent is to slip in a new program into
it. Briefly, a computer is capable of performing almost any task provided that the task can be reduced to a series of logical
steps.
4. Reliability
- Computer provides very high speed accompanied by an equality high level for reliability. Thus computers never make
mistakes of their own accord.
5. Power of Remembering
- A computer can store and recall any amount of information because of its secondary storage capability. Every piece of
information can be retained as long as desired by the user and it can be recalled information almost instantaneously. Even
after several years, the information recalled will be as accurate as on the day when it was fed to the computer.

6. No I.Q
- It possess no intelligence of its own. It can only perform what is programmed to do. Hence, only the user can determine what
tasks a computer will perform. Computers have no sense of meaning, cannot perceive and are only able to make simple
robotic decision about the data they receive.
7. Common Data Used
- One item can be involved in several different procedures or accessed, update and inspected by a number of different users.
This can hinder the work of those who need access to data. As the time is changing, more and more facilities are being added
to the computers they can perform but in practical life many tasks are limited to these basic operations.
8. Diligence
- The computer is a machine, does not suffer from the human traits of tiredness. Nor does it loses concentration even after
working continuously for a long time.
- This characteristic is especially useful for those jobs where same tasks is done again and again. It can perform long and
complex calculations with same speed and accuracy from the start till the end.
9. Several Storage Capacity
- The computers have a lot of storage devices which can store a tremendous amount of data. Data storage is essential function
of the computer. Second storage devices like floppy disk can store a large amount of data permanently.
10. Consistency
- same output shall be provided as long as same input and program is used
11. No Feeling

DEALING WITH DATA STORAGE

Adequate data storage is an important issue in an information system. Controls need to be in place to ensure safe storage of data. In an
EDP audit the auditor is concerned with how many copies of the data exist and controls that are on use. It is amazingly easy to lose
control over electronic data.

Tape management systems (TMS) and Disk Management Systems (DMS) are used to help retain control over data files. These
automated systems can provide label and tracking management. The following are some of the common types of data storage media.
1. MAGNETIC HARD DISK
- These, metal disks mounted inside a sealed disk drive are high speed devices that are designed for permanent installation.
Hard disks are the most common method of online data storage. By using a special software, you can cluster drives into high
availability storage arrays. An example is RAID (Redundant Array of Independent Disks)

2. MAGNETIC SOFT DISKS


- Magnetic tapes are used for large computers like mainframe computers where large volume of data is stored for a longer
time. In PC also you can use tapes in the form of cassettes. The cost of storing data in tapes is inexpensive. Tapes consist of
magnetic materials that store data permanently. These include floppy, Zip and Jaz drives. They are designed with a soft read-
write disk inside a hard shell.

3. MAGNETIC TAPE
- Available in reel or cartridge design, most common method of long term data storage. Examples include DLT (digital linear
tape, 3590 cartridge, VHS videos.
ACCTG 503: AUDITING IN A CIS ENVIRONMENT Page |7

4. READ ONLY MEMORY (ROM)


- Used to permanently record software programs on integrated circuits (chips). Programming is accomplished by using
specialized equipment to burn or fuse microscopic links inside the semi-conductor chip. Once programmed the software
becomes permanent and cannot be changed or erased.

5. FLASH MEMORY
- A special type of electronically erasable programmable read-only memory (EEPROM) which is used for flash BIOS, video
cameras and USB hand held memory sticks. The small size and high capacity can really be a security concern.

6. OPTICAL DISK
- With every new application and software there is greater demand for memory capacity. It is the necessity to store large
volume of data that has led to the development of optical disk storage medium. Optical disks can be divided into the
following categories:
a. Compact Disk/ Read Only Memory (CD-ROM)
b. Write Once, Read Many (WORM)
c. Erasable Optical Disk
- Often called as WMRM ( Write Many, Read Many)

*ACCESSING DATA for WMRM and WORM devices may either be


1. Sequential - All data must be read.
2. Direct – Data may be read directly without reading the others.

HIERARCHY OF MEMORY STORAGE

1. Registers - a small amount of storage available as


part of a CPU that is preloaded for instant access.
A, special, high-speed storage area within the CPU.
All data must be represented in a register before it
can be processed. For example, if two numbers are
to be multiplied, both numbers must be in registers,
and the result is also placed in a register. (The
register can contain the address of a memory
location where data is stored rather than the actual
data itself.)

2. Cache Memory - The speed of CPU is extremely


high compared to the access time of main memory.
Therefore the performance of CPU decreases due to
the slow speed of main memory. To decrease the
mismatch in operating speed, a small memory chip
is attached between CPU and Main memory whose
access time is very close to the processing speed of
CPU. It is called CACHE memory. CACHE
memories are accessed much faster than
conventional RAM. It is used to store programs or
data currently being executed or temporary data frequently used by the CPU. So each memory makes main memory to be
faster and larger than it really is. It is also very expensive to have bigger size of cache memory and its size is normally kept
small.

3. Main/Primary Memory (RAM)- internal memory of the computer


 Random Access Memory (RAM): The primary storage is referred to as random access memory (RAM) because it is
possible to randomly select and use any location of the memory directly store and retrieve data. It takes same time to any
address of the memory as the first address. It is also called read/write memory. The storage of data and instructions inside
the primary storage is temporary. It disappears from RAM as soon as the power to the computer is switched off. The
memories, which lose their content on failure of power supply, are known as volatile memories .

 Read Only Memory (ROM): There is another memory in computer, which is called Read Only Memory (ROM). The
storage of program and data in the ROM is permanent. The ROM stores some standard processing programs supplied by
the manufacturers to operate the personal computer. The ROM can only be read by the CPU but it cannot be changed.
ACCTG 503: AUDITING IN A CIS ENVIRONMENT Page |8
The basic input/output program is stored in the ROM that examines and initializes various equipment attached to the PC
when the power switch is ON. The memories, which do not lose their content on failure of power supply, are known as
non-volatile memories.

4. Auxillary/Secondary Memory (Hard Disk/CD/DVD/Diskette)

OTHER DEVICES
1. Universal Serial Bus (USB) - The most widely used hardware interface for attaching peripherals to a single standardized
interface socket and to improve the plug and play capabilities by allowing hot swapping; that is, by allowing devices to be
connected and disconnected without rebooting the computer or turning off the device.
- The most common type of computer port used in today's computers. It can be used to connect keyboards, mice, game
controllers, printers, scanners, digital cameras, and removable media drives.

2. Radio Frequency Identification Device (RFID)


- RFID is a system used to track objects, people, or animals using tags that respond to radio waves. RFID tags are
integrated circuits that include a small antenna. They are typically small enough that they are not easily noticeable and
therefore can be placed on many types of objects. RFID tags are often used to uniquely identify the object they are
attached to. However, RFID tags don't need to be scanned directly with a laser scanner. Instead, they can be recorded by
simply placing the tag within the range of an RFID radio transmitter. This makes it possible to quickly scan several items
or to locate a specific product surrounded by many other items.
- RFID tags have many different uses. Some examples include:
a. Merchandise tags - These tags are attached to clothing, electronics, and other products to prevent theft from
retail stores. These tags are typically deactivated at the place of checkout. Tags that have not been deactivated
will sound the alarm system near the store's exit.
b. Inventory management - Products stored in warehouses may be given RFID tags so they can be located more
easily.
c. Airplane luggage - RFID tags may be placed on checked bags so they can be easily tracked and located.
d. Toll booth passes - E-ZPass and I-Pass receivers may be placed in automobiles, allowing cars and trucks to pass
through toll booths without needing to stop. This enables drivers to make toll payments automatically.
e. Credit cards - Some credit cards have built-in RFIDs so they can be "waved" rather than "swiped" near
compatible readers. The SpeedPass wand is an example of an RFID-only payment device.
f. Animal tags - RFID tags can be placed pet collars to make help identify pets if they are lost. Tags may also be
placed on birds and other animals to help track them for research purposes.

3. Memory card or flash card


- is an electronic flash memory data storage device used for storing digital information. They are commonly used in many
electronic devices, including digital cameras, mobile phones, laptop computers, MP3 players and video game consoles.
They are small, re-recordable, and able to retain data without power.

 A USB flash drive is a data storage device that includes flash memory with an integrated Universal Serial Bus (USB)
interface. USB flash drives are typically removable and rewritable, and physically much smaller than an optical disc.

RISKS

Viruses and other malicious software- Users can bring infected documents from home to their place of employment or take
home a business document to their infected PC, update the document and return the document to a corporate file server. Flash
drives present a vector for computer viruses that is very difficult to defend against.

Whenever files are transferred between two machines there is a risk that malware will be transmitted, and USB memory
sticks are no exceptions. Some USB memory sticks include a physical switch that can put the drive in read-only mode. When
transferring files to an untrusted machine, a drive in read-only mode will prevent any data to be written to the device.

Data Theft- Hackers, corporate spies and disgruntled employees steal data and, in many cases, there are crimes of
opportunity. With a flash drive, any unattended and unlocked PC with a USB port provides an opportunity for criminal
activity. Social engineering is a tool that can give a hacker physical access to a corporate PC in order to steal data and plant
spyware
ACCTG 503: AUDITING IN A CIS ENVIRONMENT Page |9
Data and media loss-The portability of USB flash drives opens another door for crime-the potential for lost data that can fall
into the wrong hands. Most of these devices have little or no security features. If you happen to lose your flash drives during
your morning commute, anyone who picks up the device may be able to access data on the drive.

Corruption of Data- If the drive is improperly unplugged, then data loss can occur to corruption.

Loss of confidentiality-

Anda mungkin juga menyukai