• Australia
    • Canada
    • United Kingdom
    • United States
    • Afghanistan
    • Albania
    • Algeria
    • American Samoa
    • Andorra
    • Angola
    • Anguilla
    • Antarctica
    • Antigua and Barbuda
    • Argentina
    • Armenia
    • Aruba
    • Ascension Island
    • Australia
    • Austria
    • Azerbaijan
    • Bahamas
    • Bahrain
    • Bangladesh
    • Barbados
    • Belarus
    • Belgium
    • Belize
    • Benin
    • Bermuda
    • Bhutan
    • Bolivia
    • Bosnia and Herzegovina
    • Botswana
    • Bouvet Island
    • Brazil
    • British Indian Ocean Territory
    • Brunei Darussalam
    • Bulgaria
    • Burkina Faso
    • Burundi
    • Cambodia
    • Cameroon
    • Canada
    • Cape Verde
    • Cayman Islands
    • Central African Republic
    • Chad
    • Chile
    • China
    • Christmas Island
    • Cocos (Keeling) Islands
    • Colombia
    • Comoros
    • Congo, The Democratic Republic of the
    • Congo, Republic of
    • Cook Islands
    • Costa Rica
    • Cote d'Ivoire
    • Croatia/Hrvatska
    • Cuba
    • Cyprus
    • Czech Republic
    • Denmark
    • Djibouti
    • Dominica
    • Dominican Republic
    • Timor-Leste
    • Ecuador
    • Egypt
    • El Salvador
    • Equatorial Guinea
    • Eritrea
    • Estonia
    • Ethiopia
    • Falkland Islands (Malvinas)
    • Faroe Islands
    • Fiji
    • Finland
    • France
    • French Guiana
    • French Polynesia
    • French Southern Territories
    • Gabon
    • Gambia
    • Georgia
    • Germany
    • Ghana
    • Gibraltar
    • Greece
    • Greenland
    • Grenada
    • Guadeloupe
    • Guam
    • Guatemala
    • Guernsey
    • Guinea
    • Guinea-Bissau
    • Guyana
    • Haiti
    • Heard and McDonald Islands
    • Holy See (Vatican City State)
    • Honduras
    • Hong Kong
    • Hungary
    • Iceland
    • India
    • Indonesia
    • Iran, Islamic Republic of
    • Iraq
    • Ireland
    • Isle of Man
    • Israel
    • Italy
    • Jamaica
    • Japan
    • Jersey
    • Jordan
    • Kazakhstan
    • Kenya
    • Kiribati
    • Korea, Democratic People's Republic
    • Korea, Republic of
    • Kuwait
    • Kyrgyzstan
    • Lao People's Democratic Republic
    • Latvia
    • Lebanon
    • Lesotho
    • Liberia
    • Libyan Arab Jamahiriya
    • Liechtenstein
    • Lithuania
    • Luxembourg
    • Montenegro
    • Macau
    • Macedonia, The Former Yugoslav Republic of
    • Madagascar
    • Malawi
    • Malaysia
    • Maldives
    • Mali
    • Malta
    • Marshall Islands
    • Martinique
    • Mauritania
    • Mauritius
    • Mayotte
    • Mexico
    • Micronesia, Federal State of
    • Moldova, Republic of
    • Monaco
    • Mongolia
    • Montserrat
    • Morocco
    • Mozambique
    • Myanmar
    • Namibia
    • Nauru
    • Nepal
    • Netherlands
    • Netherlands Antilles
    • New Caledonia
    • New Zealand
    • Nicaragua
    • Niger
    • Nigeria
    • Niue
    • Norfolk Island
    • Northern Mariana Islands
    • Norway
    • Oman
    • Pakistan
    • Palau
    • Palestinian Territories
    • Panama
    • Papua New Guinea
    • Paraguay
    • Peru
    • Philippines
    • Pitcairn Island
    • Poland
    • Portugal
    • Puerto Rico
    • Qatar
    • Reunion Island
    • Romania
    • Serbia
    • Russian Federation
    • Rwanda
    • Saint Kitts and Nevis
    • Saint Lucia
    • Saint Vincent and the Grenadines
    • San Marino
    • Sao Tome and Principe
    • Saudi Arabia
    • Senegal
    • Seychelles
    • Sierra Leone
    • Singapore
    • Slovak Republic
    • Slovenia
    • Solomon Islands
    • Somalia
    • South Africa
    • South Georgia and the South Sandwich Islands
    • Spain
    • Sri Lanka
    • Saint Helena
    • Saint Pierre and Miquelon
    • Sudan
    • Suriname
    • Svalbard and Jan Mayen Islands
    • Swaziland
    • Sweden
    • Switzerland
    • Syrian Arab Republic
    • Taiwan
    • Tajikistan
    • Tanzania
    • Thailand
    • Togo
    • Tokelau
    • Tonga
    • Trinidad and Tobago
    • Tunisia
    • Turkey
    • Turkmenistan
    • Turks and Caicos Islands
    • Tuvalu
    • United States Minor Outlying Islands
    • Uganda
    • Ukraine
    • United Arab Emirates
    • United Kingdom
    • United States
    • Uruguay
    • Uzbekistan
    • Vanuatu
    • Venezuela
    • Vietnam
    • Virgin Islands, British
    • Virgin Islands, U.S.
    • Wallis and Futuna Islands
    • Western Sahara
    • Western Samoa
    • Yemen
    • Yugoslavia
    • Zambia
    • Zimbabwe
  • Gift certificates
  • Academic eBooks
  • My account
  • Help
  • Wishlist
  • Feedback
  • Sign up

The Leading eBooks Store Online

for your Apple or Android device, Nook, Kobo, PC, Mac, Sony Reader...

New to eBooks.com?

Learn more

Popular Subjects

Fiction

Non-Fiction

Complex Integrated Accounting Systems And Auditing

Jagdish Pathak(ed.)
Complex Integrated Accounting Systems And Auditing
Add to cart
US$ 199.00 (+ tax)
Preview (read now) Add to my own site Buy multiple copies Give this ebook to a friend Add to my wishlist Author's page Publisher's page
Devices
  • iPad
  • PC
  • e-readers with Adobe Digital Editions installed
  • Mac
See the full list
File Formats
Download: PDF.
You can also read this book online in eb20 format without having to download anything.
Permissions
Printing
PDF 25 pages every 7 days
eb20 25 pages every 7 days
Copy/Paste
PDF 25 pages every 7 days
eb20 25 pages every 7 days
Read Aloud
PDF off
eb20 off
 more
This theme editorial for the special issue is a compilation of my considered views on the state of organizational technology riskmanagement and related issues being faced by the nations, enterprises and even individuals today. The modern auditor is a complexly and eclectically educated and trained person sincemost of the professional audit organizations expect that an entrant to the profession must possess skills not only in the conventional aspects of financial systems but also in the eclectic sphere of knowledge related to the information technology and management, security and forensics, sociology of the enterprise, human perceptions and professional judgement, etc. My objective in this editorial is tomake these auditors aware about technology risk management, its impact on the enterprise internal controls and organizational vulnerabilities. Billions of dollars are spent each year on technology used to protect people, assets and facilities. International information technology (IT) security standards are identified and used to select the best technical solution for an organization’s risk and security problems. Yet security incidents keep occurring daily, and when one hole is plugged, another one is discovered! The vicious cycle never ends. Despite the technological benefits brought to security, this is one of the drawbacks technology brings to risk management and security. The impact that technology has on risk and security is exacerbated by the convergence of IT into the physical security space where the internal controls of an organization are impacted in areas such as risk management, physical security, IT security and safety. Access control systems and video surveillance are now computerized and integrated with other business systems such as human resources (HR). Technology and security have been converging for decades directly impacting risk management functions throughout the organization. At this point of the convergence trend, technology can bring new capabilities and vulnerabilities to physical security and risk management. This trend began to be noticed in the 1990s. Five star hotels started replacing their mortise locks on guest rooms with magnetic card readers. Today, we have access control systems, digital video cameras and smart cards that have become a ubiquitous part of our life. A number of factors are causing a paradigm shift in risk and security philosophy. Including the rapid evolution of the threat matrix with an increased understanding of the concept of “asymmetric” threat coupled with a growing realization of the significant operational inter-dependencies between IT and the various physical assets/processes they support (at the system, enterprise, and critical infrastructure levels). This shift is being driven by the “convergence” of IT security methods with those of the more traditional physical security methods. The impact is being felt throughout the community, but is perhaps currently most evident at the risk management or governance level. This editorial is to serve as an introduction into the topic of convergence within security space. To understand the impact technology has on risk, it is important to understand the dynamics involved when technology is added into the physical security paradigm. We need to understand the difference between static and dynamic security systems. We need to also take into consideration the inherent weaknesses in any security system. Finally, and most importantly, we need to understand the impact that technology has on risk and security internal controls. Nature of security systems Security systems can be classified into one of two categories, static or dynamic. Dynamic systems are just what the words say; they are adaptable, flexible, resilient, and elastic. They rely less on technology and more on people. Dynamic systems do not need additional programming and new costs each time the threat and situations change. They are also the most expensive. People are not cheap, yet it has been proven time and time again, you get what you pay for. Technology should be viewed as an enabler to dynamic systems instead of a replacement. Static security systems, as the name implies, can be characterized as being rigid, difficult to modify and inflexible. A concrete barrier or gate once installed can change little to defeat changing threats. The same holds true for technology. Software and hardware upgrades come out periodically, yet the threat is constantly changing. Look at the vicious cycle of hackers and IT security software. Each time a new version of a tool is made available for sale, hackers find and exploit the weaknesses. The software companies fix the weaknesses, and the hackers find new ones. The cycle never ends. Technology cannot take the context of a threat situation and make decisions. People can. Yet many organizations spend millions of dollars on technology-based security solutions, only to discover they still have vulnerabilities. Used properly, technology does close vulnerability gaps; by enabling people to do their jobs more effectively in protecting assets. How many terrorists or criminals are located and captured by technology alone. It is the people that use the technology that protect us against these threats. Design of security system All security systems have weaknesses. When technology is introduced into a security system, its weaknesses are much more difficult to discover and protect. User interfaces hide the complexity and vulnerabilities of technology security solutions. Technology promises to enable, yet physical security is designed to deter. Designing security systems requires testing against a number of threats to find new vulnerabilities. The testing is performed each time a new component is installed and before the threat strikes. Thus the security solution’s weaknesses are discovered (what made them fail) and adjustments are made accordingly to protect those weaknesses. We are also less prone to fully test complex systems to determine their weaknesses resulting in insecure systems that may be more vulnerable because of the new component. For instance, over the last few hundred years, prisoners sit in their cells all day, every day, using plastic utensils to destroy door hinges, locks and anything else that they can find. They have the time and opportunity to discover and attempt to defeat the protection against abuse in all prison cell components. Modern prison cell construction utilizes pre-cast concrete, doors with minimum clearances and tempered steel construction. The same holds true in with technology. The difference is that unlike the prison cells which can be inspected daily for tampering, unauthorized tampering with technology (hacking) is much more difficult to discover and defend against. User interfaces designed for ease of end-user use, hide complex systems underneath. These systems have vulnerabilities that most organizations do not and many times cannot detect. Testing for vulnerabilities in technology based security solutions is minimal at best. Consider the testing done on a bullet-proof vest. The prototypes and production units are initially tested in labs replicating real-world conditions. They are also tested by actual use in the field. On the other hand, when a new technological tool is developed, it is tested in even the client’s labs. Very few end users continue to test once the solution is implemented. This reduction in the field-testing gives the opportunity to exploit vulnerabilities unknown to the client. Security systems can also fail at the edges. The edges are where different security system components meet each other.

Previously published in: Managerial Auditing Journal, Volume 20, Number 6, 2005

Emerald Group Publishing Limited; July 2005
81 pages; ISBN 9781845443429
Read online, or download in secure PDF format
More Business
Subject categories
ISBNs
9781845443429
9781845443412
184544342X