GENERAL CONTROLS FOR IT SYSTEMS (STUDY OBJECTIVE 2)
The general controls described in this section are divided into five broad categories:
- Authentication of users and limiting unauthorized access
- Hacking and other network break-ins
- Organizational structure
- Physical environment and physical security of the system
- Business continuity
AUTHENTICATION OF USERS AND LIMITING UNAUTHORIZED USERS
Authentication of users is a process or procedure in an IT system to ensure that the person accessing the IT system is a valid and authorized user. Unauthorized users trying to access IT systems is a prevalent, difficult, and ongoing problem that organizations must try to control. Unauthorized users may be hackers or people outside the organization, or users within the company trying to gain access to data they are not entitled to. In order to limit unauthorized access, there are many general controls that should be in place.
First, it is important to authenticate users as they attempt to access the IT system. Users may be authenticated in one or more of several ways. An IT system should require that users log in with a distinct user identification, or user ID, and password. Log in means to make the computer recognize you in order to create a connection at the beginning of a computer session. To increase the effectiveness of log-in restriction, user IDs must be unique for each user. A password is a secret set of characters that identifies the user as the authentic owner of that associated user ...
Get Accounting Information Systems: The Processes and Controls, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.