NCJ Number
82075
Date Published
1981
Length
256 pages
Annotation
This manual discusses the risks, responsibilities, and requirements imposed on banks and other financial institutions when management assumes responsibility for security, audit, and control of small computer systems.
Abstract
Features of small computer systems significant to the security, audit, and control of the computerized process are considered, and guidelines are provided for defining the significance of the small computer system to the bank. Suggestions are offered for identifying the system components necessary for evaluating security, audit, and control. The major elements of small computer systems that require management's attention to ensure security, audibility, and control are identified. Requirements for organizational control of the small computer system are presented, along with requirements for system access control. Guidelines are provided for controlling errors, data manipulation, and information disclosure. Further, guidelines address the control of system changes, requirements to ensure operational continuity of the system, and documentation requirements. The characteristics of applications processed by small computer system are identified, and guidelines are presented to ensure the completeness, accuracy, and authorization of processing within applications, as well as guidelines for the definition of management trails. The conduct of an evaluation of small computer systems that will minimize exposures to the organization is described. The relationship between the environment in which mini-and microcomputer-based systems are found, the recognition of exposures to the organization, the significance of the general operating environment, and the approach to the application review are described. Suggestions are also offered for correcting deficiencies identified. Appended are a glossary, criteria for system significance, a system component inventory, a processing environment checklist, and an application checklist. Graphic illustrations are provided. (Author summary modified)