Page 341 -
P. 341
340 Part Two Information Technology Infrastructure
• Recovering data from computers while preserving evidential integrity
• Securely storing and handling recovered electronic data
• Finding significant information in a large volume of electronic data
• Presenting the information to a court of law
Electronic evidence may reside on computer storage media in the form of
computer files and as ambient data, which are not visible to the average user.
An example might be a file that has been deleted on a PC hard drive. Data that a
computer user may have deleted on computer storage media can be recovered
through various techniques. Computer forensics experts try to recover such
hidden data for presentation as evidence.
An awareness of computer forensics should be incorporated into a firm’s
contingency planning process. The CIO, security specialists, information
systems staff, and corporate legal counsel should all work together to have a
plan in place that can be executed if a legal need arises. You can find out more
about computer forensics in the Learning Tracks for this chapter.
8.3 ESTABLISHING A FRAMEWORK FOR SECURITY
AND CONTROL
Even with the best security tools, your information systems won’t be reliable
and secure unless you know how and where to deploy them. You’ll need to
know where your company is at risk and what controls you must have in place
to protect your information systems. You’ll also need to develop a security
policy and plans for keeping your business running if your information systems
aren’t operational.
INFORMATION SYSTEMS CONTROLS
Information systems controls are both manual and automated and consist of
general and application controls. General controls govern the design, security,
and use of computer programs and the security of data files in general through-
out the organization’s information technology infrastructure. On the whole,
general controls apply to all computerized applications and consist of a com-
bination of hardware, software, and manual procedures that create an overall
control environment.
General controls include software controls, physical hardware controls,
computer operations controls, data security controls, controls over implemen-
tation of system processes, and administrative controls. Table 8.4 describes the
functions of each of these controls.
Application controls are specific controls unique to each computer-
ized application, such as payroll or order processing. They include both
automated and manual procedures that ensure that only authorized data
are completely and accurately processed by that application. Application
controls can be classified as (1) input controls, (2) processing controls, and
(3) output controls.
Input controls check data for accuracy and completeness when they enter
the system. There are specific input controls for input authorization, data
conversion, data editing, and error handling. Processing controls establish that
data are complete and accurate during updating. Output controls ensure that the
results of computer processing are accurate, complete, and properly distributed.
MIS_13_Ch_08 Global.indd 340 1/17/2013 3:10:20 PM
