Professional Documents
Culture Documents
Governance / Level of
Enterprise Governance IT
Corporate Managerial GEIT Internal Control
Dimensions Governance
Governance Activity
Best Strategic Key
Benefits (i) Corporate Governance or Benefits Why COSO
Practices Planning Governance Benefits
Conformance
Mgmt Control Practices VACCUUM (i) Reliable Assurance
IPL
RIMI ICE Related
mein (ii) Business Governance or Operational EACCM
SEM E-D-M Pighal Transperancy (ii) Preparation of FST
SHADI Performance Control
Gyi Enabler
IT Risk Mgmt
Key Mgmt
Key Mgmt
Practices for Key Mgmt Key Governance
IT Strategic Practices for
Role of IT Steering Evaluating Practices of Practices for
Planning Aligning IT Strategy Risk
IT Committee Whether Business Implementing evaluating Risk
Classification Strategy with Ent
Value Derived Risk Mgmt Mgmt
Strategy
from IT
OAS MIS
(i) Activities/ (iii) Broad (ii) Mis
(ii) Benefits (i) Characteristics (iii) Prerequisite (iv) Constraints (v) Limitations
Types of operation Groups conceptions
UR TURANT
FC Road mein Manager Chlte Effective MIS
AIR 2
PET Document Completely S E
3
Quality
CCD Chlte ja rha tha… requires STD
MAD BF Substitute
Application Control
Controls
App sub
Boundary Input (SC ka judge bhi BV ke samne kuch nhi) Database Output
systems Communication Control
Techniques Source Validation Control Batch Control Update Control
Data Coding Types of Component Internet
Control Types of Types of
Field Record File Control Batch Control Affecting working Multi SAS
Procedure Control Totals Exposure
Boundary CBI ka Pwd Control Reliablitiy Devices
SDLC Output
mein bhi Pin strong Financial, Gate khol
LCD pe Transcription Physical Internet Line PM Modi Media Report Retain
IPOD ka.. rehna chaiye VALID Hash & ke Bridge ke
SPA A Grade VRS LSD se Physical se Communicate
Check Document Raste Chala
ka.. Transposition Record Count Logical FLAT liya krte h SP SR
gya
Chapter 4: BCP/DRP
Business Continuity Mgmt BCM Policy BC Planning
(ii) Advantages
(iii) Scope of B (ii) Life (iii) Goals of (iv) Key Objectives of the
(i) Related Terms of Business (iv) BCP Manual (i) Objective (i) Areas
Continuity Cycle BCP Contingency plan
Continuity
BRP
Business Contingency Documented BCP ko Successful bnane
Top Mgmt DRP
PATI Description of AKIRA RAjIV Weak CCD ke liye aur Complexity
BCP Process defines
Actions Crisis Mgmt Reduce krne k liye DDLj
BC Planning
Component of
Developing BC Plan BC Mgmt Process
BCM Process
(ii) Implementing B
(ii) Activities (iii) Key Tasks Continuity in
(iv) Factors on (iii) Documentation &
under Intial covered in Enterprise &
(i) Phases which methodology (i) Org Structure Records forming part of BC
Plan Testing & Vulnerability Maintenance
emphasizes MIS Develop Mgmt
Implementation Assessment Activities carried out
hota hai Testing
in implementation
aur Training se
PAI pai pdh liya par Org nominate
SIR ki DRP CAR ke sath DP
RPT nhi pdha toh Main person/team with
DI SCAM Development T.Une Integrate SRI TAR Baba Install PRISMA on APPLE
Test mein Implement appropriate
Team krdi
kaise krega authority
Full Emergency Hot Taj m emergency bomb blast hua, sara business dusri
(i) Competencies required location pe move kia, kaunsi inventory kha h iska doc
by Org kiya. Sbko aware aur train kiya tha. Sbko plan ke purpose SO what are the Number
Differential Recovery Cold
aur responsibility pta thi, resumption ke liye phone list se of Conditions for PPF
APRIL mein NRI ko Incremental Back-up Warm police, medical, insurance, airline ko cl kiya. H/w S/w Controls
Promote krna hai vendors se frse khride. Backup tha, recover hote tk
Mirror Test Reciprocal manual kaam kiya
Chapter 5: Development of Systems
System Development Waterfall Prototype
Failure Accountant Features + - Phase + -
User Mgmt Development Roles Nadan AIR ka
GEET ka IDT Pdha Improve
DO Supports Behaviour jaanne
Inadequate bhi IPR revise kiya Unclear
SD US Return on CA Document OPC turnt usko STD se
PNR hota h fr sign off DEFENSE
cl kiya
System Implementation (ET CS Activities) Post Implemenation Review & System Maintenance
Equipment System Change Over Change Over
Post Implemenation Review System Maintenance
Installation Strategies Activities
PIC DPPP SP ki Personal File DO Info Preventive SCRAP
Chapter 6: Auditing Info System
Controls & Audit IS Audit
Change in
Need of IS Objective of IS Change in Category/ Skill of IS Functions of IS
Evidence Steps Standards & Best Practices
Audit Audit Evaluation Types Auditor Auditor
Collection
ISACA (GPS Cobit)
ISO 27001
DEPICA PPF- TU BBQ
AIEE DOSA EdLi SAS MISS Call Internal Audit Std IFRS
Value ARChi Policy
Std on Int Audit
ITIL
Application
Types of Operational Layer IT Risk Mgmt under Tactical
Audit Trail Security Tactical Layer Audit
Layer Audit Layer
Control
Objective Types Audit Issue Security Administration to
SIR ki MAD put in place
Accounting
STO AASRM
DRP Policy UPS
USA ki Risk Monitoring
Operational
Chapter 8: Emerging Technologies
Cloud & Grid Cloud Computing
Issue Enviornment Services
Similarities Differences Goals Architecture Characteristic +
Security Adaptation/ Public SaaS
Front End Private PaaS
Very Popular CIA & IPS Implementation AB QU
SIMRan SF SCRA P
3
Middleware ki GST se Hybrid IaaS
(ASM)2 USE SHIT CA
Back End hui LADAI Community Other (SID)
Best Practices
RIMI SEM
R Assingment of Responsibility
I Incorporating Hierarchy
M Mechanism for interaction & co-operation
I Appropriate Information flow internally
S Implementing Strong Internal Control System
E Special monitoring of risk Exposure
M Financial & Mgmt Incentives
GEIT
Key Governance Practicies
E-D-M
E Evaluate Governance system
D Direct Governance system
M Monitor Governance system
Benefits
ICE Pighal Gyi
I Consistent approach Integrated & Alligned with enterprise governance
C Confirms Compliances with legal & regulatory framework
E Ensure that IT related decision are made in line with the enterprise strategy
Pighal Ensure IT related Process are overseen effectively & transparently
Gyi Ensure the Governance requirements for Board member are met
IT Governance
Benefits
VACCUUM Related Transparency Enabler
V Increased Value delivered through IT compliance
A Improve Agility in supporting business needs
C Better Cost performance
C Improve Compliance with relevant laws, regulation & policies
U More optimal Utilisation of resources
U Improve User satisfaction
M Improve Mgmt
Related Mitigate IT Related business risk
Transparency Improve Transparency
Enabler IT becoming an key Enabler rather than inhibitor (means: rokne vala) for change
Internal Control
As per COSO
EACCM
E Control Environment
A Risk Assessment
C Control Activities
C Information & Communication
M Monitoring
IT
IT Steering Committee
Functions
3
TR ACK & Make Priority Report
Ensure long & short range plans of IT dept are in Tune with enterprise goals &
T
objective
R Review & approve major IT deployment projects
R Review status of IS plans
R Review & approve std, policies & guidelines
A Ensure Availability of viable communication system exist btwn IT & its users
C Facilitate & resolve Conflicts in deployment of IT
K Approve & monitor Key projects by measuring result of IT projects in terms of ROI
Make Make IS plan
Priority Set Priorities within the scope
Report Report to BoD on regular basis
Key mgmt practices for Evaluating whether business value derived from IT
E-D-M
E Evaluate value optimization
D Direct value optimization
M Monitor value optimization
Risk Mgmt
Key mgmt practices of implementing Risk mgmt
CAPtain APRil
C Collect data
A Analyze risk
P Maintain risk Profile
A Articulate risk
P Define risk mgmt action Portfolio
R Respond to risk
Strategies
TE TMT
T Tolerate / Accept
E Eliminate / Terminate
T Transfer / Share
M Mitigate / Treat
T Turn Back / Ignore
Risk
Sources
2
HE LP ATM
H Human behaviour
E Economic circumstances
E Natural Events
L Commercial & Legal relationship
P Political circumstances
A Individual Activities
T Technology & technical issue
M Mgmt Activities & controls
Characteristics
UP Loss
U Uncertainity of loss
P Probability
Loss Loss potential
COBIT 5
Principle
ME - IAS
M Meeting stakeholder needs
E Covering enterprise End to End
I Applying a single Integrate framework
A Enabling a holistic Approach
S Separating Governance from Mgmt
Components
FM PC Mgmt
F Framework
M Maturity models
P Process descriptions
C Control objective
Mgmt Mgmt Guidelines
Benefits
SOO PIC HER
S For all Size & sector
O Enable enterprise in achieving their Objective
O Create Optimal value from IT
P Policy development & good practice
I Increase user satisfaction
C Complaince with relevant laws, regulations & policies
H Enable IT to be governed in a Holistic manner
E Takes full End to End business
R Manage IT related Risk
Enablers
P ICSO
3
Key Mgmt Practices for assessing & evaluating system of Internal control
MIS PEPER
M Monitoring Internal Control
I Identify & report control deficiency
S Scope assurance initiative
P Plan assurance initiative
E Execute assurance initiative
P Perform control self assessment
E Ensure that assurance provider are independent & qualified
R Review business process controls effectiveness
Information System
Information
Attributes
Transport CAR mein MRF ka Valuable, Valid, Adequate & Updated Quality ka tyre kyu Fix krne ka
Purpose hota h
Transport Transperancy
C Completeness
A Availability
R Rate
M Mode
R Reliability
F Format
Valuable Valuable
Valid Valid
Adequate Adequate
Updated Updated
Quality Quality
Fix Frequency
Purpose Purpose
System
Classification
WIDE
W Working / Output
I Interactive Behaviour
D Degree of Human Intervention
E Element
TPS
Components
IPSO
I Input
P Processing
S Output
O Storage
Features
LABS
L Large Volume of Data
A Automation basic operations
B Benefits easily measurable
S Source of Input
OAS
Activities
FC Road mein CCD
F Filing, Search, Retrival
C Calculation
Road Recording utilization of resources
C Document Capture
C Document Creation
D Receipts & Distribution
Benefits
AIR
2
A Ensure Accuracy
I Improve Communication
R Reduce Cost
R Reduce Cycle Time
Broad Groups
PET Documents
P Text Processing System
E Electronic Message Communication System (Email, Fax, Voicemail)
T Teleconferencing & Video Conferencing System
Document Electronic Document Mgmt System
E-Mail Features
PI TREE
P Portability
I Integration with other IS
T Electronic Transmission
R Broadcasting & Rerouting
E Economical
E Online Development & Editing
MIS
Characteristics
Manager Chalte Chalte ja rha tha Meduwada, Samosa, IceCream, Chessee, Lolypop kha rha tha
Manager Mgmt Oriented
Chalte Common Database
Chalte Common Data Flow
Meduwada Mgmt Directed
Samosa Sub System Concepts
IceCream Integrated
Chessee Computerized
Lolypop Long Term Planning
Mis-Conceptions
UR Completely MAD BF
U Study of MIS = Use of Computer
R Any Reporting System is MIS
Completely Any Computer based IS is MIS
M Mgmt Technique
A Accuracy
D More Data = More Information
B Bunch of Technology
F File Structure
Pre-requisite
Effective MIS requires STD
Effective Evolution
MIS Control & Maintenance of MIS
S Qualified System & Mgmt Staff
T Top Mgmt Support
D Database
Constraints
SE
3
Benefits
CUT E PAR I
2 2
C Customer Satisfaction
U Uniform Process
T Turn Collection faster
T Track actual cost
E Improve Effeciency & Workflow
P Consolidated Picture
A Activity Based Costing
R Reduce Redundant Data & Process
R Reduce Inventory Cost
I Single Integrated System
CBS
Elements
INTERSIP
I Interest Calculation
N Opening New Account
T Maintaining record of Transactions
E Establishing Criteria
R CRM Activites
S Making & Servicing Loans
I Interest Rate
P Processing Payments & Cheques
DSS
Characteristics
DSS Friendly OSCAR
D Focus on Decision making
S Support at all levels
S Support Group Decisions
Friendly User Friendly
O Evolve Over time
S Also for Structured Problem
C Used for Decision instead of Communication
A Flexible & Adaptable
R Support decision making rather than Replace them
Components
DUMP
D Database
U User
M Modelbase
P Planning Langauage
Examples
ABCD
A Cost Accounting
B Budget Variance
C Capital Budgeting
D General Decision
Expert System
Need
CEO
C Cannot easily find & keep expert
E Expensive & Scare
O Only handle few factors
Benefits
Expert Think they are not Emotional but they have Strategic Knowledge
Expert As a real life Expert
Think Assist novices in Thinking
Not Emotional Not Emotional
Strategic Strategic Tool
Knowledge Preserve Knowledge
Potential Properties
Structure AbCDE
Structure Structure
A Availability
C Complexity
D Domain
E Expertise
Application of IS
Roles of IS
PDC
P Support org business Processes & operations
D Support business Decision Making
C Support Strategic Competitive Advantage
Knowledge Manager Should Possess
FBI ka MD
F Foundation Concepts
B Business Applications
I Info Technology
M Mgmt Challenges
D Development Process
Important Implication of IS
ICU mein AAM
I Generating Innovative Ideas
C Survive & thrive in highly Competitive Envt.
U Unusual Situation
A Achieve org. goals
A To formulate strategy of Action
M Making Right decision at right time
Impact of IT on Different Sector
Recognised Employees Provident Fund
Recognised Wholesale & Retailing
Employees E Business
Provident Public Sector
Fund Finance
IT Crucials Tools
BIWi ka Computer Software
BI Business Intelligence
W Website
Computer Computer Systm, Scanner, laptop, printer, etc
Software Software & Packages
IS Security
Objective
CIA
C Confidentiality
I Integrity
A Availability
Rules to be included
IPL
I Prevent Inappropriate use or waste of resources
P Preserve & Protect info form any unauthorized modification, access or disclosure
L Limit or eliminate potential legal liability
Members of Policy
MTL
M Mgmt Member
T Technical Group
L Legal Expert
Category of Exposure
OIA
O Error or Omissions
I Improper Authorization & Improper Accountability
A Inefficient Activity
Classification of Controls
NO Audit
N Nature of IS Resources (i) Environmental (ii) Physical (iii) Logical
O Objectives (i)Preventive (ii) Detective (iii) Corrective (iv) Compensatory
Audit Audit Function:- (i) Managerial (ii) Application
Classification of controls on the basis of On Objective
Preventive Control
Characteristic
VPN
V Clear cut understanding about Vulnerabilities of Asset
P Understanding Probable threats
N Provision of Necessary Controls for probable threats
Detective Control
Characteristic
MIS U
Established Mechanism to refer the reported unlawful activities to appropriate person or
M
group
I Interaction with preventive control to prevent such acts from accuring
S Surprise checks by Supervisior
Clear Understanding of lawful activity so that anything which deviates from these to be
U
reported as unlawful
Corrective Control
Characteristic
Identifying M RF Error
2
Possible Perpetrators
Former Employee ne jane se phle sabki STAND PIC li
Former Employee Former Employee
S On Strike Employee
T Threatened by disciplinary action or dismissal
A Addicted to substance or gambling
N Notified for termination
D Discontented (i.e. Dissatisified)
P Experiencing financial or emotional Problems
I Accidental Ignorant
C Interested or informed outsider such as Competitors
2. Environment Controls
Categorization of IS Resources
HIS DP
H Hardware & Media
I Info system supporting Infrastructure or facilities
S Supplies
D Documentation
P People
Controls
Aag, Pani, Dhul-Mitti, Bijli, Bhukmp-Sunami
Aag Fire Controls
Pani Water Controls
Dhul-Mitti Pollution Control
Bijli Power Spikes
Bhukmp-Sunami Natural Disasters
3. Logicial Access Controls
Path
DOT
D Dial Up Port
O Online Terminal
T Telecommunication Network
S Sabotage
S Spoofing
D Disclosure of confidential, sensitive or embarrasing information
L Legal repercussion
C Loss of Credibility or Competitive Edge
Loss Financial Loss
Blackmail Blackmail
Possible Violators
PEEHU
P IS Personnel
E Employee
E Former Employee
H Hackers
U End Users
Technical Exposure
Worm ne Ghode pe baith ke round round krke Data ke upar Bomb feka aur Darwaje ko Salami di
Worm Worm
Ghode Trojan Horse
Round round Rounding down
Data Data Diddling
Bomb Bomb
Darwaje Trap Door
Salami Salami Techniques
Asynchronous Attacks
Piggy ne Data ko Wire se lapet diya toh uski SaS margyi
Piggy Piggybacking
Data Data Leakage
Wire Wire tapping
S Denial of Service
S Subversive Threats (i) Invasive tap (ii) Inductive tap
Ways to control remote & distributed data processing application
NIT ka MAP
Location which sends data should attach Needed control info that helps the receving location
N
to verify the genuiness & integrity
I When Identical copies exist ensure that all copies contains same info
T Having a Terminal lock can assure physical security to some extent
Terminal & Computer operation at remote locations should be Monitored carefully &
M
frequently for violation
A Applications should be controlled appropriately
P Proper control mechanism over system documentation & manuals
User Responsibilities
UP
U Unattended user equipment
P Password use
Controls
LAL DUPATTA
L Terminal Log in procedure
A Access control list
L Limitation of connection
D Duress Alarm
U Use of system Utilities
P Password mgmt system
A Access Token
T Terminal Time out
T Automated Terminal identification
A User Identification & Authentication
Classification of Controls on the basis of Audit Function
1. Managerial Control
Types of Mgmt sub systems / Types of Controls
Pyare sache ache DOST
Pyare P rogramming mgmt
Sache S ystem development mgmt
Ache Quality A ssurance mgmt
D D ata Resource Mgmt Control
O O peration Mgmt
S S ecurity Mgmt
T T op mgmt
Programming mgmt
Phases
PC DC TOM
P Planning
C Control
D Design
C Coding
T Testing
OM Operation & Maintenance
Operation Mgmt
Controls
D ON se CHuPna MushkiL hi nhi
2
Top mgmt
Functions
PLOC
P Planning (i) Preparing (ii) Types of Plan (iii) Role of Steering committee
L Leading (i) Motivating & Leading (ii) Communicating
O Organising (i) Resourcing (ii) Staffing
Controlling (i) Overall control of IS Function (ii) Control of IS Activities (iii) Control over IS
C
servies
2. Application Control
Types of Application subsystem / Types of Application controls
Boundary mein bhi I-POD ka Communication kaam krta hai
Boundary Boundary
I I nput
P P rocessing
O O utput
D D atabase
Communication Communication
Boundary Controls
CBI ka Password Pin strong rhna chaiye
C Cryptography
B Biometric Devices
I Identification Card
Password Password
Pin PIN
Input Controls
Superme Court ka judge bhi apni BV ke saamne kuch nhi
S S ource Document
C Data C oding
B B atch
V V alidation
Source Documents
Control Procedure
SPA
S Use source document in Sequence
P Use Pre-numbered source document
A Periodically Audit
Data Coding
Types of Error
Transcription Errors
Addition 83276 - 832766
Trunction 83276 - 8327
Substitution 83276 - 83266
Transposition Errors
Single 12345 - 21345
Multiple 12345 - 32145
Batch
Types of controls
Phyiscal Control
Logical Control
Control Tools
Financial Totals
Hash Totals
Document / Record Count
Validation Control
Field Checks
LCD pe A grade ka Valid Picture dekhne ka
L Limit Checks
C Cross Check
D Check Digit
A Arithmetic Check
Valid Valid Code
Picture Picture Check
File Control
VALID Check
V Version Usage
A File updating & maintenance Authorisation
L Labelling
I Before & after Image & logging
D Data file Security
Check Parity Check
Record Control
VRS
V Valid Sign
R Reasonableness
S Sequence
Processing Control
Controls
PVRD
P P rocessor control
V V irtual memory control
R R eal memory control
D D ata processing control
Processor Control
TERM
T Timing control
E Error detection & correction
R Component Replication
M Multiple Execution states
Database Control
Update Control
Multi SAS
Multi Process Multiple transaction for a single record in the correct order
S Sequence check btwn transaction & master files
A Ensure All records on files are processed
S Maintain a Suspense A/c
Report Control
SPSR
S Standing data
P Print run-to-run control totals
S Print Suspense Account entries
R Recovery Control
Communication Controls
Types of Exposure
LSD
L Data can be Lost or corrupted through component failure
S Hostile party could seek to Subvert (i.e. destroy) data
D Transmission impairment can cause Difference btwn data sent & rcvd
Controls
Internet Line se Physical FLAT liya
Internet Internet working control
Line Line error control
Physical Physical control
F Flow control
L Link control
A Channel Access control
T Topological control
Internetworking Devics
Gate khola aur Bridge ke Raaste chala gya
(i) Gateway (ii) Bridge (iii) Router
Data Integrity
Classification of Information
Top Secret
Highly Confidential
Proprietary
Internal Use Only
Public
Policy
2 Software + 1 Environment + 3 Back up
Software Virus Signature Updating
Software Software testing
Environment Division of Enviornment
Back up Offsite Backup
Back up Quarter end & Year end Back up
Back up Disaster Recovery (BCP)
Financial Controls
ABCD IS
2
A Authorization
B Budget
C Cancellation of Document
D Dual Control
I Input / Output verification
S Safekeeping
S Sequentially numbered documents
Cyber Frauds
Impact
SDLC Loss
S Sabotage
D Disclosure of confidential, Sensitive or Embarrasing Info
L Legal Repercussions
C Loss of Credibility or Competitve Edge
Loss Finacial Loss
Cyber Attacks
VO Phishing SMS
V Virus Malicious Code
O Other like Eavesdroping, email forgery, cracking, etc
Phishing Phishing
S Network Scanning
M Malware Propogation
S Spam
Cyber Techniques
BPL valo ko ID dikhane pe SEZ se HTC ka mobile below Discounted MRP miljata hai
B Logic Time Bomb
P Piggybacking
L Data Leakage
I Internet Terrisom
D Data Diddling
S Scavenging
E Social Engineering Technique
Z Super Zapping
H Hacking
T Trap Door
C Cracking
Discounted Denial of Service Attacks
M Masquerading or Impersonation
R Round Down
P Password Cracking
Business Continuity Mgmt
Advantage of Business Continuity
PATI
P Planned response to disruption
A Proactively Assess the threat scenario & potential risks
T Able to demonstrate a response through process of regular Testing & Training
I Minimize the Impact on enterprise
BCM Policy
Objective
AKIRA
A Critical services & Activities undertaken will be identified
K Plans will be developed to ensure continuity of Key services & activities
I Invocation of Incident mgmt & BC plans can be managed
Incident mgmt plan & BC plans are subject to ongoing testing, Revision & updation as
R
required
A Planning & mgmt responsibility are Assigned to member of relevant senior mgmt team
Goals of BCP
Weak CCD
Weak Indentify Weakness & Implement a disaster prevention program
C Facilitate effective Co-ordination of recovery tasks
C Reduce Complexity of recovery effort
D Minimize Duration of serious disruption to business operation
Phases
PAI pai pdha par RPT nhi pdha toh Main Test mein Implement kaise krega
P Pre planning Activities
A Vulneability Assessment & General definition of requirement
I Business Impact Analysis (BIA)
R Detailed Definition of Requirement
P Plan development
T Testing program
Main Maintenance program
Test Initial plan Testing & Plan Implemenatation
Maintenance
Tasks undertaken
new Version vali RTP dena icai ki Responsibility hai
Version Implement Version control procedure
R Determine maintenance Regime to ensure plan remains up-to-date
T Indentify BCP maintenance Triggers
P Determine maintenance Process
Responsibility Determine ownership & Responsibilities for maintaing various BCP strategies
Key All Key product & services have been identified & included in enterprise BCM strategy
Priorities Enterprise BCM policies, strategies, framework & plans accurately reflect its Priorities
Capabilities Enterprise BCM competence & its BCM Capabilities are effective
R BCM procedure have been effectively communicated to Relevant staff
A Enterprise has an ongoing training program for BCM training & Awareness
S Enterprise BCM Solutions are effective & up-to-date
M Enterprise BCM Maintenance & exercising programs have been effectively implemented
I BCM strategies & plans Incorporated improvements identified during incident
Changed Change control processes are in place & operate effectively
Reciprocal Agreement
Issue to be considered while drafting
So what are the number of Conditions for Public Providend Fund (PPF) Controls
So How Soon the site will be made available subsequent ot disaster
Number Number of org that will be allowed to use the site concurrently
Conditions Conditions under which site can be used
P Period during which site can be used
P Priority to be given to concurrent users
F Facilities & services site provider agrees to make available
Controls What Controls will be in place
System Development
Failure
New Technology
User Related Issue
Mgmt Related Issue
Develop Related Issue
User Related issue
Inadequate PNR
Inadequate Inadequate testing & user training
P Lack of user Participation
N Shitifing user Needs
R Resistance to change
Mgmt Related issue
SD
S Lack of senior mgmt Support & involvment
D Development of strategic system
Developer Related issue
US
U Overworker or Undertrained development staff
S Lack of Standard project mgmt & system development methodology
Accountant Roles
Return on CA
Return Return on Investment
C Computing cost of IT implementation & Cost benefit analysis
A Skills expected from Accountant
System Development Methodology
Pyara WARIS
Pyara Prototype
W Waterfall
A Agile
R RAD
I Incremental
S Spiral
Waterfall
Features
DO Document
D Project is Divided into sequential phases
O Implementation of entire system at One time
Document Extensive use of written Documents
Advantages
Supports OPC
Supports Supports less experience project teams
O Order sequence helps to ensure Quality, reliability, adequacy, etc
P Progess of system development is measurable
C Enables to Conserve resources
Disadvantages
GEET ka Bhi IPR hota hai
G Promotes Gap btwn user & developer
E Excessive documentation
E Depends upon Early identification & specification of requirement
T System performance cannot be Tested unless fully coded
B Project progress forward with minimal Backward movement
I Critisised to be Inflexible, slow & costly
P Problems are often not discovered until testing
R Difficult to Respond to the environmental changes
Prototype
Phases
IDT pdha Revise kiya fir Sign off
I Identify info system requirements
D Develop initial prototype
T Test & Revise
Sign off Obtain user Sign off
Advantages
Improve Unclear DEFENSE
Improve Improve user participation
Unclear Especially useful for resolving Unclear objectives
D Encourage innovation & flexible Design
Potential exist for Exploiting knowledge gained in early iteration as later iteration
E
developed
F Provide quick implementation of incomplete but Functional application
E Helps to Easily identify, confusing or difficult fucntions
N Result in better fulfilment of user Needs & requirements
S A very Short time period is normally required to develop & starts experimenting
E Early detection & elimination of error
Disadvantages
Nadan AIR ka Behaviour jaanne usko turnt STD se cl kiya
Nadan Identification on Non-functional elements is difficult to document
A Approval process & controls are not strict
I Incomplete or inaqeduate problem analysis may occur
R Requirements may change frequently
Behaviour May cause Behavioural problems with system users
S May not have Sufficient checks & balances incorporated
T Designer may prototype Too quickly, without sufficient upfront user need analysis
D Only be successful if users are wiling to Devote significant time
Incremental
Features
RIM
R Overall Requirement are defined before proceeding
Intial software concept, requirement analysis, design of architecture & system core are
I
defined using waterfall, following by interative prototyping
M Series of Mini-waterfalls are performed
Advantages
Sasti Dairy Milk GEMS
Sasti More flexible & less costly to change scope & requirement
Dairy Moderate control is maintained through use of written Documentation
Milk Hels to Mitigate intergration & architectural risks earliers
G Allows delivery of series of implementation that are Gradually more complete
E Potential exist for Exploiting knowledge gained in early iteration as later iteration
developed
M Gradual implemenatation providies ability to Monitor effect of incremental changes
S Stakeholder can be given concrete evidence of project status
Disadvantages
RUDE
R Each phases of interaction is Rigid
U Problems may arise because all requirements are not gathered Upfront for entire software
D As some modules are completed much earlier than other well Defined interface are
E Difficult to demonstrate Early success to mgmt
Spiral
Features
NPFS
N New system requirements are defined in as much detail as possible
P Preliminary design is created for new system
F First prototype is constructed from preliminary design
Second prototype is evolved by a fourfold procedure by evaluating first prototype in
S
terms of Strength, weakness & risks
Advantages
ROI
R Enhances the Risk avoidance
O Helpful for Optimal development of software iteration based on project risk
I Incorporates waterfall, prototype & incremental methodologies
Disadvantages
DEAR
D No firm Deadlines, cycles continues with no clear termination condition
E It is challenging to determine Exact composition of development methodology to use
Skilled & experianced project manager are required to determine how to Apply it to any
A
given project
R Highly customized to each project, thus quite complex & limits its Reuseability
RAD
Features
Fast BANTA
Fast Objective is Fast development with high quality & relatively low investment cost
B Attempts to reduce inherent project risk by Breaking a project into smaller segment
A Aims to provide high quality system quickly
N Emphasis is on fulfilling business Needs
T Emphasis is on reducing requirement to fit the Timebox (i.e Deadline)
A Active user requirement is essential
Advantages
SOLAR TV
S Holds great level of committed from Stakeholder
O Operation version of application is available much earlier
L Tends to produce system at Lower cost
A Provides Ability to raipd change system design as demanded by user
R Initial Reviews are possible
T Leads to Tighter fit btwn user requirement & system specification
V Concentrates on essential system elements from user Viewpoint
Disadvantages
Difficult AIMS
Difficult Tendency for Difficult problems to be pushed to the future
A Fast speed & low cost may Adversly affect system quality
I May lead to Inconsistent design within & across system
M May end up with More requirements than needed
S May call for violation of programming Standards
Agile
Features
MSD is always CORRECT
M Working software is the principal Measure of progress
S Simplicity
D Working software is Delivered frequently
C Customer Satisfaction
O Self Organizing team
R Regular adaptation to change environment
R Welcome changing Requirement
E Continue attention to technical Excellance & good design
C Face to face Communication is best form of communication
T Projects are built around motivated individuals, who should be Trusted
Advantages
CEAT
C Face to face Communication & continous inputs
E End results is generally high quality & satisfied customer
A Have Adaptive team which enables to respond to changing environment
T Document is crisp & to the point to save Time
Disadvantages
ALERT
A Difficult to Assess the efforts required at the beginning
L Lack of emphasis on necessary designing & documentation
E Extremly light on documentation
R Requires more re-work because of lack of long term planning
Project can easily be Taken off track if customer representative is not clear about final
T
outcome
SDLC
Advantages from IS perspective
PERT
IS Auditor can have clear understanding of various Phases of SDLC on the basis of
P
document created during each phases
IS Auditor can provide an Evaluation of methods & technique used through various
E
development phases
R IS Audito on examination can state in its Report about the compliance by IS Mgmt
IS Auditor, if has Technical knowledge & ability of different areas of SDLC can be a guide
T
during various phases
Phases of SDLC
Puri Raat DAD ne diye TIP
Puri Preliminary Investigation
Raat System Requirement Analysis
D System Design
A System Acquistion
D System Development
T System Training
I System Implementation
P Post Implementation Review & Maintenance
Preliminary Investigation
Police Officer ne Slip cut diya FRIday ko
Police Identification of Problem
Officer Identification of Objectives
Slip Delineation of Scope
F Feasibility Study
R Reporting Results to mgmt
I Internal control aspects
Delination of Scope
Dimensions
DR IPCC Fail hogya
D Data to be process
R Reliability requirement
I Interfaces
P Performance requirement
C Contraints
C Control requirements
Fail Functionality requirement
Methods
Document then Interview
Document Reviewing Internal Document
Interview Conducting Interview
Feasibility Study
Rakhi ke BF ko uske makeup ki cost ki vajha se hua Economical LOST
Rakhi Resource
B Behavioural
F Finance
Economical Economical
L Legal
O Operational
S Schedule / Time
T Technical
System Requirement
Collection of information
Analysis of present system
Analysis of proposed system
Reporting to the mgmt
Fact Finding
DIOQ
D Documents
I Interview
O Observation
Q Questionaries
SRS Contents
SRS ne apni BV ko diya IIFA award
SRS SRS review
B Behavioural description
V Validation criteria
I Introduction
I Info description
F Functional description
A Appendices
DB Designing
Activities
Conceptual DPS
Conceptual Conceptual Modeling
D Data modeling
P Physical layout design
S Storage structure design
Unit Testing
Categories of tests
SP SP F
S Stress Test
P Performance Test
S Structural Test
P Parallel Test
F Functional Test
Unit Testing Techniques / Classification
Static Testing
DSC
D Desk Check
S Structured walk Through
C Code Inspection
Dynamic Analysis Testng
BGW
B Black box testing
G Grey box testing
W White box testing
Integration Testing
BRT
B Bottom-up Integration
R Regression Testing
T Top-down Integration
System Testing
RSP Volume
R Recovery Testing
S Security Testing
P Performance Testing
Volume Volume or Stress Testing
Final Testing
QA
Q Quality Assurance Testing
A User Acceptance Testing (i) Alpha Testing (ii) Beta Testing
System Implementation
Equipment Installation
PIC
P Preparation of Site
I Installation of new hardware/software
C Equipment Checkout
System Maintenance
Preventive SCRAP
Preventive Preventive Maintenance
S Scheduled Maintenance
C Corrective Maintenance
R Rescue Maintenance
A Adaptive Maintenance
P Perfective Maintenance
Auditor's Role in SDLC
Vhi Purani SAM ki DASTAN
Vhi Version control on programs
Purani Established Project team with all infrastructure & facilities
S Development is carried over as per Standard, functional specification
A Adequate Audit trails are provided in system
M Appropriateness of Methodologies selected
D Documented policy & procedures
A Appropriate Approvals are being taken at identified mile-stones
S Source code is properly secured
T Separate Test environment for development/test/production/test plans
A Business owner testing & Approval before system going live
N Design Norms & naming conventions are as per standards
Controls & Audit
Need of IS Audit
DEPICA Value
D Org cost of Data loss
E High cost of computer Error
P Maintenance of Privacy
I Cost of Incorrect decision making
C Controlled evolution of computer use
A Cost of computer Abuse
Value Value of hardware, software & Personnel
Objectives of IS Audit
AIEE
A Asset safeguarding
I Data Integrity
E System Effectivness
E System Efficiency
Change in Evaluation
SAS
S System generated transaction
A Automated transaction processing
S Systematic error
IS Audit
Categories/Types
MISS Call
M Mgmt of IT & enterprise architecture
I Info processing facilities
S System & Application
S System Development
Call Telecommunications, Intranets & Extranets
Steps in IS Audit
PPF ARChi
P Scoping & Pre-Audit Survey
P Planning & Preparation
F Fieldwork
A Analysis
R Reporting
C Closure
Functions of IS Auditor
IFRS
I Inadequate IS controls
F IT related Frauds
R Inefficient use of Resources
S Ineffecitve IT Strategies, policies & practices
Performing IS Audit
Preliminary Review
KAMTI
K Knowledge of business
A Legal consideration & Audit Standard
M Risk assessment & Materiality
T Understanding the Technology
I Understanding Internal Control System
Understanding Technology
BAS RAAT din Network
B Analysis of Business Processes
A Level of Automation
S Studying IT policies, standard, guidelines & procedure
R Role of IT in the success of business
A Understanding technology Architecture
A Understanding extended enterprise Architecture
T Knowledge of various Technologies & their advantages & limitations
Network Studying Network diagram to understand physical & logical network connectivity
Category of Risk
CID
C Control
I Inherent
D Detection
CAT
Advantages
CAT Objective
C Surprise test Capabilities
A Timely, comprehensive & detailed Auditing
T Training for new users
Objective Info to system staff on meeting of Objective
Disadvantage
SADSE
Auditor should obtain resource requirement to Support development. Implementation,
S
operation & maintenance
A CAT used where Audit trail is less visible & cost of error & irregularities are high
D CAT are more likely to be used if auditor involved in Development work
CAT unlikely to be effective unless they are implemented in application system that is
S
relatively Stable
Auditor need knowledge & Experience of working with computer system to use CAT
E
effectively & efficiently
ITF
Entering Data (Method)
Time Pass (TP)
T Tagging live transaction
P Test data specially Prepared
Removing Effect (Method)
RIT
R Reverse effect of ITF transaction
I Identify & Ignore
T Trivial entries
SCARF
Types of Info Collected
S AMVED
2
S Statistical Sample
S Snapshot & Extened records
A Application system error
M Performance Measurement
V Policy & Procedural Variances
E System Exception
D Profiling Data
Roles of IS Auditor
Phyiscal Access Control
RCD
R Risk Assessment
C Control Assessment
D Review of Documents
Environemental Control
ACD
A Audit planning & Assessment
C Audit of Enviornmental Control
D Documentation
Managerial Controls
Controls
Pyare Sache Ache DOST
Pyare Programming mgmt controls
Sache System development mgmt control
Ache Quality Assurance mgmt control
D Data resource mgmt control
O Operation mgmt control
S Security mgmt control
T Top mgmt & IS mgmt control
Audit Trails
Objective
DRP
D Detecting Unauthorised Access
R Reconstructing Events
P Personal Accountability
Operation Layer
Audit Issue
UPS
U User Access Rights
P Password Control
S Seg. of duties
Tactical Layer
Security Administration to put in place
USA ki Risk Monitoring
U Timely Update to user profile
S Interface Security
A Audit logging & monitoring
Risk IT Risk mgmt
Difference
SF
S Storage of data
F Focuses
Cloud Computing
Goals
SCRA P
3
To Scale the IT ecosystem quickly, easily & cost effectively based on the evolving
S
business needs
C To Consolidate IT infrastructure into a more integrated & manageable environment
R To Reduce costs related to IT energy / power consumption
A To access services & data from Anywhere
A To access services & data from Anytime
A For Availability of resources when needed
To create a highly efficient IT ecosystem, where resources are Pooled together & cost are
P
aligned with what resources are actually used
Architecture
Front End
Back End
Middleware
Characteristic
Very Popular (ASM)
2
Very Virtualisation
Popular Performance
A Agility (Responsiveness)
A High Availability & Reliability
S High Scalability
S Services in pay-per-use mode
M Multisharing
M Maintenance
Security Issue
CIA & IPS ki GST se hui LADAI
C Confidentiality
I Integrity
A Availability
I Identification
P Privacy
S Software Isolation
G Governance
S Application & Security
T Trust
L Legal Compliances
A Architecture
D Data Stealing
A Audit
I Incident Response
Advantages
AB QU CA
A Access to Information
B Back up & Recovery
Q Quick deployment
U Unlimited Storage
C Cost efficiency
A Automatic software integration
Environment
Public
Private
Hybrid
Community
Services
Software as a Service (SaaS)
Platfrom as a Service (PaaS)
Infrastructure as a Service (IaaS)
Other (i) Data as a Service (DaaS) (ii) Identity as a Service (IDaaS) (iii) Security as a Service (SECaaS)
Cloud Computing Environment
Private Cloud
Characteristic
CAS
C Central Control
A Weak SLAs
S Secure
Advantages
PLUS
P Privacy to user
L High Level of security
U Improve average server Utilisation
S Small in size, controlled & managed by organsiation
Disadvantage
BMW
B Budget
M May have to invest in buying
W Weak SLAs
Advantages
NISHA
N No limit for Number of user
I No need for establishing Infrastructure
S Strict SLAs
H Deliver Higly scalable & reliable application
A Affordable cost
Disadvantages
SAP
S Security Assurance
A Org Autonomy are not possible
P Privacy
Community Cloud
Characteristic
CPC
C Collaborative & Distributed maintenance
P Partially secure
C Cost Effective
Advantages
Low CSR
Low Low cast pvt cloud
C Collaborative work
S Better Security than public cloud
R Sharing of Responsibility amony organisation
Disadvantages
NAS
N Not suitable in cases where no collaboration
A Autonomy of org is lost
S Security features are not good as private cloud
Hybrid Cloud
Characteristic
SPAM
S Scalable
P Partially secure
A Stringet SLA
M Management of cloud is complex
Advantages
HusBand
H Highly scalable
B Better security than public
Disadvantages
SM
S Security feature are not as good as public cloud
M Complex to Manage
Characteristic
One & only SAMBHA
One One to many
S Support multiple device
A Web Access
M Centralized Management
B Better Scalability
H High availability
A API Integration
Different Instance
EAT
E Email as a Service (EaaS)
A API as a Service (APIaaS)
T Testing as a Service TaaS)
Infrastructure as a Service (IaaS)
Serivces
CSNL
C Compute
S Storage
N Network
L Load Balancers
Characteristic
MISS Web
M Centralized Management
I Infrastructure are shared
S Elastic & dynamic Scaling
S Metered Services
Web Web access to resources
Different Instance
Storage NEDD
Storage Storage as a Service (STaaS)
N Network as a Service (NaaS)
E BackEnd as a Service (BaaS)
D Desktop as a Service (DTaaS)
D Database as a Service (DBaaS)
Characteristics
OBAPA Client
O All in One
B Built-in Scalibility
A Web Access to the development platform
P Collaborative Platform
A Offline Access
Client Diverse Client tools
Other Services
SID
S Security as a Service (SECaaS)
I Identity as a Service (IDaaS)
D Data as a Service (DaaS)
Mobile Computing
Components
CHS
C Mobile Communication
H Mobile Hardware
S Mobile Software
Benefits
MUJRA
M Improve Mgmt effectiveness
U Enable mobile sales personnel to Update work order status in real-time
J Provide remote access to corporate database at Job location
R Provide mobile workforce with Remote access to work order details
A Facilitates access to corporate services & information at Anytime from anywhere
Issues
Lal Bahadur sharstri ne BRet lee ko Loly Pop khate dekha toh SAD hogye
Lal Location Intelligance
Bahadur Bandwidth
B Business Challenges
R Reliability, coverage, capacity & cost
Loly Integration with Legacy mainframe & emerging clien/server applications
Pop Power consumption
S Security Issue (CIA LA)
A Revising technical Architecture
D End-to-end Design & performance
Security Issue
CIA LA
C Confidentiality
I Integrity
A Availability
L Legitimate
A Accountability
Limitation
HIS TIP
H Potential Health hazard
I Human Interface with devices
S Security standards
T Transmission interference
I Insufficient bandwidth
P Power consumption
Green IT
Best Practices
PRESS
P Paper consumption reduce
R Recycle
E Conserve Energy
S Make environmentally Sound purchase decisions
S Develop a Sustainable green computing plan
Threats
INDiA
I Implementation Risk
N Network Risk
D Device Risk
A Application Risk
Web 2.O
Component of Web 2.O for social network
RCB ke Fan MWF ko match dekhte hai
R RSS-generated syndication
C Communities
B Blogging
F Folksonomy
M Mash-ups
W Wiki
F File sharing / Podcasting
S Study Circle
O Others
C Social Contact Network
I Social Network for Investor
A Fine Arts
S Sporting Network
M Military & Police Network
M Mixed Network
S Specialist Group
S Shopping & Utility Service Network
Sectors / Field
SME
S Social Media
M Marketing
E Education
Web 3.O
Components
SW
S Semantic Web
W Web Services