Financial Management Service: Areas for Improvement in Computer Controls : Report to the Secretary of the TreasuryThe Office, 1998 - 14 páginas |
Otras ediciones - Ver todas
Términos y frases comunes
access profiles access to computer access to system application software development appropriately segregated audit change control procedures changes to system communicated to FMS computer control weaknesses computer operations computer security planning contingency plans continuity and contingency contractors corrective actions Cycle Assess development and change effective entitywide computer electronic funds transfer entitywide computer security evaluate federal agencies Federal Reserve System Financial Management Service financial systems fiscal year 1998 FMS data centers FMS financial FMS management FRBS Gene L House Committee identified and communicated increasing the risk Limited Official local area networks management program material weakness monitoring number of weaknesses planning and management policies and controls policies and procedures processing regional financial centers review FMs risk management cycle risk of unauthorized safeguarding programs segregation of duties Senate Committee sites we visited system resources system software systems and applications terminated employees testing unauthorized access unauthorized modification user access user IDS Weaknesses in FMs
Pasajes populares
Página 8 - In addition, a strong, centralized focal point can help ensure that the major elements of the risk management cycle are carried out and serve as a communications link among organizational units.
Página 7 - ... needs, • promoting awareness of policies and controls and of the risks that prompted their adoption among those responsible for complying with them, and • implementing a program of routine tests and examinations for evaluating the effectiveness of policies and related controls and reporting the resulting conclusions to those who can take appropriate corrective action. In addition...
Página 9 - As a result of this ambiguity, system or application programs that use dates to perform calculations, comparisons, or sorting may generate incorrect results when working with years after 1999.
Página 7 - ... the security management practices of eight nonfederal organizations with reputations as having superior information security programs. We found that these organizations successfully managed their information security risks through an ongoing cycle of risk management...
Página 6 - A contingency plan specifies emergency response, backup operations, and postdisaster recovery procedures to ensure the availability of critical resources and facilitate the continuity of operations in an emergency situation.
Página 8 - Year 2000 problem is rooted in the way dates are recorded and computed in many computer systems. For the past several decades, systems have typically used two digits to represent the year, such as "97" representing 1997, in order to conserve on electronic data storage and reduce operating costs.
Página 7 - The risk management cycle begins with an assessment of risks and a determination of needs. This assessment includes selecting cost-effective policies and related controls. Once policies and controls are selected, they must be implemented. Next, the policies and controls, as well as the risks that prompted their adoption, must be communicated to those responsible for complying with them. Finally, and perhaps most important, there must be procedures for evaluating the effectiveness of policies and...