Risks, Controls, and Security: Concepts and ApplicationsAn accountant's guide to managing control risks In today's networked world, security and risk control are no longer just the province of the IT department. Accountants and other business managers who are responsible for corporate risk management must fully understand the control and security risks that can affect the financial health of the entire organization. Risks, Controls and Security: Concepts and Applications introduces you to today's control risks and how to manage them. Beginning with basic systems controls and security awareness, the book provides you with a clear comprehension of the concepts, issues, and techniques of information security in a networked environment. Moving from theory to application, you'll cover all the key security principles that are applicable to all businesses, including e-businesses: * Enterprise risk management * Control and security frameworks * Basic cryptography and public key infrastructure * Security for operating systems, applications, database management systems, and telecommunications * Network and web security * Policy, regulation, and ethics Real-world problem scenarios and a wealth of pedagogical features--discussion questions, short exercises, example cases, and "concept maps" that help you visualize the material--ensure your confident grasp of the material and enable you to put "security into practice." Designed for practicing professionals as well as for students in accounting, business management, and computer science, Risks, Controls and Security will prepare you well for meeting the challenge of protecting information assets. |
Contents
CHAPTER | 1 |
Business processes and information systems | 12 |
Summary | 18 |
Copyright | |
44 other sections not shown
Common terms and phrases
administrative allow AmSoft application assurance attacks authentication bastion host browser buffer overflow business processes called changes chapter cipher client communication components compromise Concept map connection control and security cookie database decrypt digital certificate digital signature disaster recovery discussed employees encryption ensure entity environment example file system firewall firm framework functionality host ID and password identify implementation information assets information security information systems infrastructure internal controls Internet intruders layer malicious message digest Microsoft modems operating system OSI model packet password hashes phone switch plaintext private key privileges protect protocol PSTN public key cryptography remote risk management script secret key Security in Practice security policy sender server session IDs setuid SNMP SQL injection stored strategy system availability tier transactions trust typically unauthorized user ID user input VoIP vulnerability Web server