9. Security and Control Assessment
Brew Bottle Company (BBC) is in the process of planning a more advanced computer – based information system. Slavish & Moore, LLP, BBC’s consulting firm, have recently been provided with an overview of their proposed plan :
The Brew Bottle Company Information System (BBCIS) will be created with the help of its employees so that the system will function effectively. This helps ensure that the end product will perform the tasks that the user wants. System construction will begin with prototyping, computer – aided software engineering (CASE) technology, and Gantt charts. From here, system professionals and a systems administrator who will work full – time for BBC will create data models of the business process, define conceptual user views, design database tables, and specify system controls. Each user in each department will submit a written description of this or her needs and business problems to the systems professionals. Systems professionals will then perform analysis of feasibility and system design. Each aspect of the system will be properly documented for control reasons; this will help if problems arise in the future stages of development and is essential to long – term system success.
The new systems administrator will determine access privileges, maintain the access control list, and maintain the database authorization table. Anyone requesting access will fill out a petition, which the systems administrator must approve and sign. The administrator will have sole access to the transaction log, which will be used to record all changes made to a file or database. This information will help detect unauthorized access, reconstruct events if needed, and promote personal accountability. The systems administrator will also be responsible for updating virus protection weekly so that viruses planted intentionally or accidentally will not damage the system. One of the most important important tasks of the systems administrator will be to copy databases and system documentation for critical applications to tape or disk on a daily basis. These disks and tapes will be stored in a secure location away from the company property.