Kenneth C. Laudon,Jane P. Laudon Management Information System 12th Edition pdf

examines the firm’s overall security

environment as well as controls governing individual information systems. The

auditor should trace the flow of sample transactions through the system and

perform tests, using, if appropriate, automated audit software. The MIS audit

may also examine data quality.

Security audits review technologies, procedures, documentation, training,

and personnel. A thorough audit will even simulate an attack or disaster to test

the response of the technology, information systems staff, and business

employees. 

The audit lists and ranks all control weaknesses and estimates the probabil-

ity of their occurrence. It then assesses the financial and organizational impact

of each threat. Figure 8-4 is a sample auditor’s listing of control weaknesses for

a loan system. It includes a section for notifying management of such weak-

nesses and for management’s response. Management is expected to devise a

plan for countering significant weaknesses in controls.

8.4

T

ECHNOLOGIES AND

OOLS FOR

ROTECTING

I

NFORMATION

ESOURCES

resources. They include tools for managing user identities, preventing unau-

thorized access to systems and data, ensuring system availability, and ensuring

software quality.

IDENTITY MANAGEMENT AND AUTHENTICATION

Large and midsize companies have complex IT infrastructures and many

different systems, each with its own set of users. Identity management software

automates the process of keeping track of all these users and their system

privileges, assigning each user a unique digital identity for accessing each

system. It also includes tools for authenticating users, protecting user identities,

and controlling access to system resources.

To gain access to a system, a user must be authorized and authenticated.