IT Governance, Risk, and Compliance


August 17, 2012  11:59 PM

IT Hardware Validity Checks – Part III



Posted by: Robert Davis
Configuration Management, Control Methods, Control Processes, Control Techniques, CPU, Digital Storage Devices, EDI, Electronic Commerce, Electronic Data Interchange, Feedback Control, Firmware, Hardware Controls, Information Communication Technology, Information Security, Infrastructure, Integrity, IT Architecture, IT Configuration, IT Infrastructure, IT Security, Media Errors, Risk Management

Validity checking of datum passed to peripheral devices

A data validity check compares characters or fields that are written or read with a set of all valid characters or fields. It is particularly useful technique with peripheral devices such as printers. For example, a printer may be limited to a certain number of characters. Consequently, if there where sixty-four characters associated with a print drum the data validity check would accept data containing any of the sixty-four characters as valid, yet would reject data representing other characters considered invalid.

Validity checking of storage location addresses

IT memory has designated storage addresses that can be accessed. CPUs utilize control units to keep track of addresses associated with the IT configuration. The address validity check compares the memory address requested with the list of valid addresses to detect an invalid request.

Sources:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

Boritz, Efrin J. IS Practitioners’ Views on Core Concepts of Information Integrity. Rev. ed. Ontario: University of Waterloo, 2004. 9

Gleim, Irvin N. CIA Examination Review. 3rd ed. Vol. 1. Gainesville, FL: Accounting Publications, 1989. 284

Watne, Donald A. and Peter B. B. Turney. Auditing EDP Systems. Englewood Cliffs, NJ: Prentice-Hall, 1984. 232-3

View Part I of the IT Hardware Validity Checks series here

 

Post Notes: “IT Hardware Validity Checks – Part III” was originally published through Suite101.com under the title “IT Hardware Validity Checks”.

August 15, 2012  12:34 AM

IT Hardware Validity Checks – Part II



Posted by: Robert Davis
Configuration Management, Control Methods, Control Processes, Control Techniques, Digital Storage Devices, EDI, Electronic Commerce, Electronic Data Interchange, Feedback Control, Hardware Controls, Information Communication Technology, Information Security, Infrastructure, Integrity, IT Architecture, IT Configuration, IT Infrastructure, IT Security, Media Errors, Risk Management

Information validity implies data elements represent real conditions, rules or relationships rather than physical object characteristics. IT hardware validity checks are preventive and/or detective control measures that should be implemented to ensure appropriate data processing. There are three primary types of IT hardware validity checks: operation validity, data validity, and address validity.

Validity checking of operation codes within the Central Processing Unit (CPU)

Each computer has a recognizable instruction set (e.g. Reduced Instruction Set Computing (RISC)) with a designated code for each instruction, such as addition, subtraction, multiplication, and division. The operation validity check will signal an error condition if, during execution, a program attempts to process an invalid instruction.

 

Sources:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

Boritz, Efrin J. IS Practitioners’ Views on Core Concepts of Information Integrity. Rev. ed. Ontario: University of Waterloo, 2004. 9

Gleim, Irvin N. CIA Examination Review. 3rd ed. Vol. 1. Gainesville, FL: Accounting Publications, 1989. 284

Watne, Donald A. and Peter B. B. Turney. Auditing EDP Systems. Englewood Cliffs, NJ: Prentice-Hall, 1984. 232-3

View Part I of the IT Hardware Validity Checks series here

 

Post Notes: “IT Hardware Validity Checks – Part II” was originally published through Suite101.com under the title “IT Hardware Validity Checks”.

On 07/27/2012, Robert E. Davis, MBA, CISA, CICA accepted an invitation to join the ITKnowledgeExchange Advisory Board.


August 11, 2012  12:36 AM

IT Hardware Validity Checks – Part I



Posted by: Robert Davis
Configuration Management, Control Methods, Control Processes, Control Techniques, Digital Storage Devices, EDI, Electronic Commerce, Electronic Data Interchange, Feedback Control, Hardware Controls, Information Communication Technology, Information Security, Infrastructure, Integrity, IT Architecture, IT Configuration, IT Hardware, IT Infrastructure, IT Security, Media Errors, Risk Management

IT hardware validity checks are preventive and/or detective control measures that should be implemented to ensure appropriate data processing. An important component of enabling information integrity is sustaining data and task validity. Within this context, the purpose of an IT hardware validity check is to assist in ensuring that infrastructure processing activities are appropriate actions. Whereby, an appropriate action is one that conforms to a set of authorized rules that are considered to be correct or reasonable.

Determination of the validity of an IT hardware action is something a redundancy check is unable to perform. However, in conjunction with redundancy checks, validity checks provide considerable certainty that hardware processing and transfer of datum will be complete, accurate and creditable.

 

Sources:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

Boritz, Efrin J. IS Practitioners’ Views on Core Concepts of Information Integrity. Rev. ed. Ontario: University of Waterloo, 2004. 9

Gleim, Irvin N. CIA Examination Review. 3rd ed. Vol. 1. Gainesville, FL: Accounting Publications, 1989. 284

Watne, Donald A. and Peter B. B. Turney. Auditing EDP Systems. Englewood Cliffs, NJ: Prentice-Hall, 1984. 232-3

 

Post Notes: “IT Hardware Validity Checks – Part I” was originally published through Suite101.com under the title “IT Hardware Validity Checks”.


August 7, 2012  5:48 PM

Are Organizations Potentially Falling Short?



Posted by: Robert Davis
Accountability, Accounting, Application Portfolio Management, Asset Management, Audit Assurance, Audit Committee, Certified Information Systems Auditor, Change Control, Change Management, Control Processes, Decision Making, Enterprise Governance, ERP, Fiduciary Responsibility, Governance Tree, IT Governanace, Life Cycle Management, Organizational Structure, Project Management, Risk Management, Value Delivery

Current events posted by various news outlets, including Fox News, the Wall Street Journal, Forbes and Yahoo.com, concerning Knight Capital’s financial debacle, present some very serious allegations regarding managerial due diligence during system development lifecycles.  In this case, the cost to the already troubled firm is an estimated $440,000,000.00 USD.  An amount no financial-based institution can classify as immaterial.

Undoubtedly, an individual and/or group authorized activation of this critical new application.  Yet, it appears adequate precautions, such as application processing testing, were not performed either prior to deployment, during implementation, or after installation by the project team.

Considering, as computing power has advanced, entities have become increasingly dependent on technology to carry out their operational requirements and to collect, process, maintain, and report essential data.  This reliance on electronically encoded data and on the systems that affect managerial decisions are a major concern of audit professionals.  Consequently, Information Technology (IT) auditors examine the adequacy of controls in information systems and related operations to assure effectiveness and efficiency in business processes.  In addition, among other assurance services, IT auditors evaluate the reliability of computer generated data supporting financial statements and analyze specific programs and their processing results.  Thus, my question regarding the circumstances that produced this extraordinary financial loss is: Did management assign an IT auditor to the software project team?


August 4, 2012  12:23 AM

IT Hardware Duplicity and Echo Checks – Part IV



Posted by: Robert Davis
Configuration Management, Control Methods, Echo Check, Hardware Controls, Information Communication Technology, Information Security, Infrastructure Management, Integrity, IT Architecture, IT Configuration, IT Hardware, IT Security, Risk Management

Deploying appropriate hardware communication controls

Hardware size and accessibility make transportability an issue because of uncertainty that an installed configuration has appropriate controls. Small IT configurations have unique hardware characteristics that distinguish them from large IT configurations. Wherefore, operating systems for many small IT configurations are idiomatic because programs that run in interpreter mode are easy to modify without detection.

Nevertheless, objectives of control systems remain the same with small hardware configurations as they are with any other IT processing — prevent, detect, and correct errors, mistakes, or omissions. However, the differences in the small configuration’s IT environment typically is the accentuation placed on various controls and the availability of compensating or mitigating controls.

For small configurations, control emphasis changes in order to compensate, or mitigate, for some of the weaknesses inherent in the IT environment. Yet, the problem sometimes encountered in the area of hardware controls can be avoided by relying on infrastructure acquisition and development controls. Consequently, IT hardware should not be acquired or developed if they lack the necessary controls to ensure expected processing reliability and integrity.

 

Sources:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

Gleim, Irvin N. CIA Examination Review. 3rd ed. Vol. 1. Gainesville, FL: Accounting Publications, 1989. 284

Watne, Donald A. and Peter B. B. Turney. Auditing EDP Systems. Englewood Cliffs, NJ: Prentice-Hall, 1984. 230-1, 490, 499

View Part I of the IT Hardware Duplicity and Echo Checks series here

 

Post Notes: “IT Hardware Duplicity and Echo Checks” was originally published through Suite101.com under the title “IT Hardware Duplicity and Echo Checks”.

Warning! Excessive external echo checking may be a hacker or cracker attempting a Denial of Service (DoS) attack. Therefore, continuous echo check monitoring is required when the Internet Control Message Protocol (ICMP) Echo Request setting is turned on.


August 1, 2012  12:33 AM

IT Hardware Duplicity and Echo Checks – Part III



Posted by: Robert Davis
Configuration Management, Control Methods, Echo Check, Hardware Controls, Information Communication Technology, Information Security, Infrastructure Management, Integrity, IT Architecture, IT Configuration, IT Hardware, IT Security, Risk Management

IT echo checking to ensure data integrity and command compliance

The control purpose of an IT hardware echo check is to ensure that commands sent to peripheral, or remote, equipment are obeyed and that datum are received correctly. In this activity, the computer checks to ensure that its directives are obeyed by requiring that contacted equipment return a signal verifying that the command has been received and complied with. For instance, the CPU transmits a command to the printer to commence processing, and the printer transmits a message back to the CPU that it has been activated as instructed.

The same echo check technique is utilized in data communications to ensure that data is received correctly. For example, data is retransmitted by the receiving computer back to the sending computer. The sending computer then compares the echo with the original data for possible transmission errors.

 

Video Link: http://youtu.be/HEjPop-aK_w

 

Sources:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

Gleim, Irvin N. CIA Examination Review. 3rd ed. Vol. 1. Gainesville, FL: Accounting Publications, 1989. 284

Watne, Donald A. and Peter B. B. Turney. Auditing EDP Systems. Englewood Cliffs, NJ: Prentice-Hall, 1984. 230-1, 490, 499

 

View Part I of the IT Hardware Duplicity and Echo Checks series here

 

Post Notes: “IT Hardware Duplicity and Echo Checks – Part III” was originally published through Suite101.com under the title “IT Hardware Duplicity and Echo Checks”.


July 27, 2012  11:39 PM

IT Hardware Duplicity and Echo Checks – Part II



Posted by: Robert Davis
Configuration Management, Control Methods, Echo Check, Hardware Controls, Information Communication Technology, Information Security, Infrastructure Management, Integrity, Internet, IT Architecture, IT Configuration, IT Hardware, IT Security, Risk Management

Duplicate operations may be performed on independent IT hardware components or on the same component. Alternatively, the repeat operation may be complimentary to the initial operation, such as where a read is performed after a write to check what was written.

Duplicate operations are commonly utilized in the arithmetic logic unit (ALU) of a central processing unit (CPU). In addition, a dual operation is sometimes utilized in the ALU of the CPU. Calculations are carried out twice either by the same circuitry or by duplicate circuitry. The results of the two calculations are then compared to ascertain correctness in processing.

 

Video Link: What is a checksum?

 

Sources:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

Gleim, Irvin N. CIA Examination Review. 3rd ed. Vol. 1. Gainesville, FL: Accounting Publications, 1989. 284

Watne, Donald A. and Peter B. B. Turney. Auditing EDP Systems. Englewood Cliffs, NJ: Prentice-Hall, 1984. 230-1, 490, 499

 

View Part I of the IT Hardware Duplicity and Echo Checks series here

 

Post Notes: “IT Hardware Duplicity and Echo Checks – Part II” was originally published through Suite101.com under the title “IT Hardware Duplicity and Echo Checks”.


July 25, 2012  12:08 AM

IT Hardware Duplicity and Echo Checks – Part I



Posted by: Robert Davis
Configuration Management, Control Methods, Echo Check, Hardware Controls, Information Communication Technology, Information Security, Infrastructure Management, Integrity, Internet, IT Architecture, IT Configuration, IT Hardware, IT Security, Risk Management

Conceptual Connect To Server Image – Salvatore Vuono

 

Effective communication checks should be applied to small as well as large IT configurations. IT hardware duplicity and echo checks are a way of establishing the accuracy achieved during the transfer of data over a communication medium. They provide quality checks and error-control techniques for data transferred over a computer network or other communications link.

IT operation duplication as an error control

In contrast to data deduplication, IT hardware duplicity checks utilize the principle of duplicate, or complimentary, processing to detect and correct errors. When this control is deployed, an operation is performed twice to assist in detecting errors. If the repeated operation matches the base operation, it is a duplicate operation. With this check, the result of the repeated operation is compared, and any difference between them will indicate a hardware-induced error requiring corrective action.

 

Sources:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

Gleim, Irvin N. CIA Examination Review. 3rd ed. Vol. 1. Gainesville, FL: Accounting Publications, 1989. 284

Watne, Donald A. and Peter B. B. Turney. Auditing EDP Systems. Englewood Cliffs, NJ: Prentice-Hall, 1984. 230-1, 490, 499

 

Post Notes: “IT Hardware Duplicity and Echo Checks – Part I” was originally published through Suite101.com under the title “IT Hardware Duplicity and Echo Checks”.


July 21, 2012  12:16 AM

IT Hardware Redundancy Checks Using Parity Bits – Part IV



Posted by: Robert Davis
Configuration Management, Hardware Controls, Information Communication Technology, Information Security, Infrastructure Management, Integrity, Internet, IT Architecture, IT Configuration, IT Hardware, IT Security, Risk Management

Reducing data reliability and integrity risks from IT hardware

When properly deployed, parity bits can be utilized to detect communication errors between IT hardware items. An advantage of the double parity bit is that an error is defined in two dimensions: vertical and horizontal. This permits the precise bit that is causing the error to be detected, thus enabling cybernetic error correction.

The redundancy check is a valuable control, however it is not foolproof. It is designed to detect mechanical, electronic and transmission sequence errors, but not to detect otherwise invalid data types. Furthermore, its reliability in error detection and correction is a function of the degree of built in redundancy. Therefore, the IT hardware user must determine the acceptable risk-level regarding receiving, storing, and transmitting accurate as well as complete datum, considering the IT architecture, then act accordingly.

 

Sources:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

Gleim, Irvin N. CIA Examination Review. 3rd ed. Vol. 1. Gainesville, FL: Accounting Publications, 1989. 283-4

Watne, Donald A. and Peter B. B. Turney. Auditing EDP Systems. Englewood Cliffs, NJ: Prentice-Hall, 1984. 227-30

View Part I of the IT Hardware Redundancy Checks Using Parity Bits series here

 

Post Notes: “IT Hardware Redundancy Checks Using Parity Bits – Part IV” was originally published through Suite101.com under the title “IT Hardware Redundancy Checks Using Parity Bits”.

 


July 18, 2012  1:51 AM

IT Hardware Redundancy Checks Using Parity Bits – Part III



Posted by: Robert Davis
Configuration Management, Hardware Controls, Information Communication Technology, Information Security, Infrastructure Management, Integrity, Internet, IT Configuration, IT Hardware, IT Security, Risk Management

Parity bits as a foundation for redundancy checks

One of the simplest error detection schemes is parity checking. Classically, parity checks are deployed to maintain information integrity. Parity checks are generally considered a hardware control that requires calculation for incorporation and subsequent verification of electronically formatted data strings. The value of the parity bit depends on the number of binary ones in the byte, and also on the type of parity checking method used.

Reflective of the bits summation process, data parity can be even or odd as well as single, double, dual, or diagonal. Extensions and variations on the parity bit method are horizontal redundancy checks and vertical redundancy checks. Of the types of redundancy checks mentioned in this article, the single parity bit has the least redundancy, followed by the double, diagonal, and dual parity bit.

 

 

Sources:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

Gleim, Irvin N. CIA Examination Review. 3rd ed. Vol. 1. Gainesville, FL: Accounting Publications, 1989. 283-4

Watne, Donald A. and Peter B. B. Turney. Auditing EDP Systems. Englewood Cliffs, NJ: Prentice-Hall, 1984. 227-30

View Part I of the IT Hardware Redundancy Checks Using Parity Bits series here

 

Post Notes: “IT Hardware Redundancy Checks Using Parity Bits – Part III” was originally published through Suite101.com under the title “IT Hardware Redundancy Checks Using Parity Bits”.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: