security, control and reporting security refers to the polices, procedures and technical measures...
DESCRIPTION
Threats to Information Systems Categories of threats Accidents and Malfunctions Computer Crime Operator Error Hardware Malfunctions Software Bugs Data Errors Accidental disclosure of information Damage to physical facilities Inadequate system performance Liability for system failure Hacking Cyber theft Unauthorized use at work Piracy Computer viruses and wormsTRANSCRIPT
![Page 1: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/1.jpg)
SECURITY , CONTROL AND REPORTING
Security refers to the polices, procedures and
technical measures used to prevent unauthorized
access, alteration, theft, or physical damage to
information systems.
Information security means protecting information and
information systems from unauthorized access, use,
disclosure, disruption, modification or destruction.
![Page 2: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/2.jpg)
Need for SecurityMaintaining information
confidentiality.Ensure the integrity and reliability
of data resources.Ensure the uninterrupted
availability of data resources.
![Page 3: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/3.jpg)
Threats to Information Systems Categories
of threatsAccidents and Malfunctions Computer
CrimeOperator ErrorHardware
Malfunctions
Software Bugs
Data ErrorsAccidental
disclosure of information
Damage to physical facilities
Inadequate system performance
Liability for system failure
Hacking
Cyber theft
Unauthorized use at work
Piracy
Computer viruses and
worms
![Page 4: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/4.jpg)
IS Vulnerability A security risk may be classified as a
vulnerability. System vulnerability is a weakness which
allows an attacker to reduces system information assurance.
Vulnerability is the intersection of 3 elements
System weakness Attacker access leads to flaw. Attacker capability to exploit the data base.
![Page 5: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/5.jpg)
Causes of system vulnerabilityVarious system vulnerability are caused by •HackersThrough variety of tricks, access the data flowing over networks.Steel valuable data during transmission.Alter messages without authorization.
![Page 6: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/6.jpg)
Radiation.
• Internet and other networks are vulnerable to disruptions from radiation.
• Intruders can launch denial of services attacks or to disrupt the operation of websites.
• It destroy or alter the corporate data stored in databases or files.
![Page 7: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/7.jpg)
Malfunctioning.
• The major cause for the computer software to fail are:• Errors In Programming, • Improper Installation, or• Unauthorized changes• Other natural disasters can also disrupt computer systems• Power failures• Floods.• Fires.
![Page 8: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/8.jpg)
Information on the network
Domestic or offshore partnering with another company adds to system vulnerability if valuable information resides on networks and computer outside the organizations control.
![Page 9: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/9.jpg)
Internet vulnerabilities Vulnerability has also increased from widespread use of e-mail and
IM.
Employees may use e-mail messages to transmit valuable trade
secrets, financial data or confidential customer information to
unauthorized recipients.
Instant Messaging (IM)
Consumer do not use a secure layer for text messages, so they can
be intercepted and read by outsiders during transmission over the
public internet.
![Page 10: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/10.jpg)
Disaster management DMP is a plan of action to recover from the impact on
the information systems. The objective of DMP is : not only to start the system again but start properly
from a stage when it is stopped with all data integrity maintained after recovery to
ensure that quality of output is not defective due to loss of data, incomplete data or incorrect data.
![Page 11: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/11.jpg)
DMP ProcessStep 1 : Identify the critical business processes.
Step2: Access the business risk. (probability of risk occurrence, risk exposure, time of exposure)
Step3 : Enlist the impact target of the damage for attention to manage and recover.
Step4 : Identify the life saving data, files, software applications, packages, hardware, servers, and database linked to these process.
![Page 12: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/12.jpg)
Step 5 : Segregate need into 2 classes
(i) Switch to manual process.(ii) Work at offsite with data backup
created at offsite location.Step 6 : prepare a plan of bridging
pre - and post- disaster scenario so that community of data and information is maintained.
![Page 13: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/13.jpg)
Step 7 : Ensure all risks are suitably covered by appropriate insurance policies.
Step 8 : Authority, rights for decisions and actions in the event of disaster should be clear in DMP.
Step 9 : Test the DMP plan once a year in simulated live model event.
![Page 14: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/14.jpg)
Threats and controls for disaster management.
1. Threats to facilities and structure
i) Earthquakes, fires, explosions, floods and other events.
ii) Power failures iii) Theftiv) Unauthorized use of IT structure.v) Damage by disgruntled employees.
![Page 15: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/15.jpg)
Controls
Design buildings for the natural threats. Store sensitive data, applications, offsite in a
different building. Provide security training to employees. Provide dedicated power lines with UPS. Screen employees and usual visitors and get the
appropriate secrecy bonds signed from them. Use biometric access controls and IDs.
![Page 16: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/16.jpg)
Threats to communication systemIncorrect input due to communication break down.Intrusion by unauthorized persons and damage to communication system.Insertion of viruses.Defective network operations.
controlsFirewalls.Error deduction and correction methodsUser IDs, passwords and PINs.Encryption and decryption of key inputs/ outputs.
![Page 17: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/17.jpg)
Threats to database and DBMS Corruption of data Theft of data. Unauthorized access. Data inconsistency.Controls: Use of antivirus software Backup copies Restricted authority to update and delete Limited, authorized access to database. Dedicated to DB administrator.
![Page 18: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/18.jpg)
TestingWhen a system is developed, it is hoped
that it performs properly.However, some errors always occur.The main purpose of testing information
systems is to find the errors and correct them.
A successful test is one which finds error.
![Page 19: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/19.jpg)
Objectives of testing To ensure that during operation the system
will perform as per specifications. To make sure that the system meets your
requirements during operation. To see that when correct inputs are fed to
the system so that the outputs are also correct. To make sure that during operations, incorrect
input , processing and outputs will be detected.
![Page 20: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/20.jpg)
Classification of information system tests The test should include both manual operations and
computerized operations.
Information system testing are :
comprehensive evaluation of the programs
Manual procedures
Computer operations and controls
![Page 21: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/21.jpg)
1.Unit Testing• It is a method by which individual units of
source code are tested to determine if they are fit for use.
2.Integration Testing• It is systematic technique for constructing
the program structure while at the same time conducting tests to uncover errors associated with interfacing.
![Page 22: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/22.jpg)
Types of integration testingBig bang integration testing•All components or modules is integrated simultaneously, after which everything is tested as a whole.Top down integration testing•It takes place from top to bottom, following the control flow or architectural structure.•Bottom up
Testing takes place from the bottom of the control flow upward. Components or systems are substituted by drivers.
![Page 23: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/23.jpg)
Mixed Integration testing
It is also called as sandwiched testing.
It follows a combination of top- down and bottom – up testing approaches.
Top- down approach can start only after the top- levels modules have been coded and unit tested.
![Page 24: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/24.jpg)
Bottom – up testing can start only
after the bottom – up modules are
ready.
Mixed approach overcomes this
shortcomings as in it, testing can
start as and when modules
became unavailable.
![Page 25: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/25.jpg)
3.Validation Testing After integration testing, software is assembled as a
package where interfacing errors have been uncovered and corrected, and then validation testing begins.
Validation succeeds when software functions as expected by the customers.
• The types of validation testing are• Alpha testing• Beta testing
![Page 26: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/26.jpg)
4.System testing
• The behavior of whole system/product is tested as defined by the scope of the development project or product.
• It is the final test to verify that the system to be delivered meets the specifications and its purpose.
• Test – carried out by specialist’s testers.• It investigate both functional and non-
functional requirement of the testing.
![Page 27: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/27.jpg)
Error Detection
Software errors are inescapable and they are easily permeable into programs.
The first is to prevent the introduction of errors and the second is to deduct the errors or bugs hidden in the codes.
Software error analysis includes the techniques, used to locate, Analyze, and Estimate errors and data relating to errors.
![Page 28: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/28.jpg)
Static Testing Dynamic Testing
Testing done without executing the program
Testing done by executing the program
This testing does verification processDynamic testing does validation
process
Static testing is about prevention of defects
Dynamic testing is about finding and fixing the defects
Static testing gives assessment of code and documentation
Dynamic testing gives bugs/bottlenecks in the software
system.
Cost of finding defects and fixing is less
Cost of finding and fixing defects is high
Return on investment will be high as this process involved at early stage
Return on investment will be low as this process involves after the
development phase
More reviews comments are highly recommended for good quality
More defects are highly recommended for good quality.
![Page 29: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/29.jpg)
Formal Analysis
Formal methods involve rigorous mathematical techniques to specify or analyze the software requirement specification, design, or code.
![Page 30: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/30.jpg)
Error Detection in phases of Lifecycle
Requirements Design ImplementationTest Installation and CheckoutOperation and Maintenance
![Page 31: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/31.jpg)
Controls Controls are constraints and other restrictions imposed
on a user or a system and they can be used to secure
system against the risk or to reduce caused to
systems, application and data.
Controls are implementation not only for access but
also to implement policies and ensure that nonsensical
data is not entered in to corporate database.
![Page 32: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/32.jpg)
Types of controls
General controls
Application controls
Physical
Biometric Access
Data Security
communication
Administrative
Others
Input
Processing
Output
Storage
![Page 33: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/33.jpg)
Software AuditThe general definition of an audit is an evaluation of a
person, organization, system, process, enterprise, project or
product.
A software audit is the process of checking each computer
in the organization and listing the software packages
installed.
The purpose of software audit is to detect and rectify any
anomalies between the software register and software
installed on the system.
![Page 34: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/34.jpg)
Objectives of software auditOrganizations standards, processes, systems,
and plans are adequate to enable the organization
To meet its policies, requirements, and objectives.
During the execution of its wok activities.Objectives are actually being met.Resources and non- human resources are being
effectively utilized.
![Page 35: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/35.jpg)
Audit Roles and Responsibilities
Client Auditor Management Lead auditorAuditorsAuditee management.
![Page 36: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/36.jpg)
Audit processInitiationPlanningPreparationExecutionReportingCorrective action and follow up
![Page 37: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/37.jpg)
Ethics in IT
Ethics is a study of the principles and practices,
which guides to decide whether the action
taken is morally right or wrong.
Ethics is about values and human behavior.
The values and human behavior is primarily
regulated by various legal provisions and can
be enforced through courts.
![Page 38: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/38.jpg)
Technology Ethics
Ethics of technology referred into
two basic subdivisions.
Ethics in the development of
new technology.
Technological growth.
![Page 39: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/39.jpg)
Ethics to overcome vulnerability
Vulnerability assessment. It is a periodic process that works on a system to
identify, track, and manage the repair of
vulnerabilities on the system.
It does a health check of the system.
• It is essential security process and best practice
for the well – being of the system.
![Page 40: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/40.jpg)
Vulnerability scanning.
It identifies weakness in the
network, the type of weaknesses,
and where they are, it is up to the
security team to fix the identified
loopholes.
![Page 41: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/41.jpg)
Ethical Guidelines
Proportionality
Informed consent
Justice
Minimized risk.
![Page 42: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/42.jpg)
User interfaceAn interface is the common boundary between
the user and the computer system application – the point where the computer and the individual interact.
System model template
Input processin
g
Process and control
Maintenance and
testing
Output processing
User interface processing
![Page 43: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/43.jpg)
A user interface is a part of the system that allows user to input data, to command the operations and to receive outputs from the system.
Purpose of interfaceInterface tells the system what actions
to takeFacilitates the use of systemAvoid users errors.
![Page 44: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/44.jpg)
Types of interfaceNatural language interface
It is designed to understand the user’s own
language.
• These interfaces attempt to interpret what the user
means, and often they present back to the user a
list of interpretations from which they choose.
Eg. Microsoft’s office Assistant.
![Page 45: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/45.jpg)
Question answer interfaceQuestion answer interface are very
popular in web-based applications.For eg. A car reservation system
may ask a series of questions to define what type of car and rental agreement requires.
![Page 46: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/46.jpg)
MENU DRIVEN INTERFACE
The oldest and commonly employed dialogue strategy is menu selection.
Different types of menus cater to novice and expert users.
Menu- driven strategies require that the user select an action from a menu of alternatives.
![Page 47: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/47.jpg)
FORM FILL INTERFACEIf interface has to gather a lot of
information from user, then it often helps if anyone provides a form to fill in.
Most form fill interfaces allow for easy movement around the form and for some fields to be let blank.
![Page 48: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/48.jpg)
Command Language Interface
Instead of menus or in addition to menus, some applications are designed using a dialogue based on command language interface.(instruction driven interface)
![Page 49: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/49.jpg)
Graphical user interfaceA GUI is primary mechanism that enables
the user to interact with a collection of elements, called screen objects that are visible to the user and used by him/her to perform tasks. They are executed by
Direct manipulationIndirect manipulation
![Page 50: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/50.jpg)
Reporting
Report is a business document that contain only predefined data.
Good report design requires effort and attention in detail.
To produce a well-designed report, the analyst must consider design features such as report headers and footers, column headings and alignment , column spacing, field order, and grouping of detail lines.
![Page 51: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/51.jpg)
Characteristics of Reports
Reports should be attractive and easy to understand.
Report must include the information that a user needs.
Report with too little information is of no value.
Too much information can make a report confusing and difficult to understand.
![Page 52: SECURITY, CONTROL AND REPORTING Security refers to the polices, procedures and technical measures used to prevent unauthorized access, alteration, theft,](https://reader035.vdocuments.us/reader035/viewer/2022062401/5a4d1b0c7f8b9ab05998c026/html5/thumbnails/52.jpg)
Types of reports•Detail reports
•Exception report
•Summary report