Case No.

9
Brew Bottle Company
DIMACALI, ARVEY
GALANG, JANINE
LAXAMANA, ROANNE
MANANSALA, KATHLEEN
TOLOSA, MICHELLE FRANCE
A-533

Brew Bottle Company

Is in the process of planning a more advanced

computer-based information system.

The Brew Bottle Company Information System
(BBCIS) will be created with the help of its
employees so that the system will function
effectively. This helps Ensure that the end
product will perform the tasks that the user
wants.
The employees requiring access will be given a
user name and password that will be entered
when logging on to their computer terminal

Hardware will be purchased from Bell Computer

Company with the advice of in-house system

developers.
BBCIS will run off of a computing center located in
the companys administration building adjacent to
the factory. Access to the computing center will
require formal authorization.
The actual room that houses the computer systems
will have an advanced air-conditioning and air
filtration system to eliminate dust and pollens.
There will also be a sprinkler system to minimize
damages in case of fire.

System Administrator
Determine access privileges, maintain the

access control list, and maintain the database

authorization table. Anyone requesting access
will fill out a petition, which the system
administrator must approve and sign.
Has sole access to the transaction log, which
will be used to record all changes made to a
file or database.
Responsible for updating virus protection
weekly.
Copy databases and system documentation
for critical applications to tape or disk on a

Potential Risks and Needed

Controls
SECURITY
Brew Bottle Company (BBC) should hold a
training seminar to its employees to educate
them on the policies and procedures of the
system and to inform them about viruses, on
how to prevent them, and take precautionary
measures to prevent infection.
Virus Updates should be perform on a daily

basis by the systems administrator rather

than on a weekly basis.

Security
Event monitoring should be used for purposes

of a systems audit trail. The system will record

the user name and then all information
regarding the tasks performed during the
period that they are logged on in the
computer system.
An upper level manager should also have

access to the transaction log. This will prevent

the systems administrator from potentially
trying to hide his own fraudulent actions
involving the computer system.

Security
If a password is entered incorrectly 3-5 times, the

system should automatically reject any further

entries, this is a security measure that prevents
someone from attempting to gain unauthorized
access to another users account. If this situation
arises, the system should make note of the date
and time in case this information is needed in an
investigation.
Passwords should be changed at least twice a year.

The more often passwords are changed the more

secure the system will be. Furthermore, software
should be installed that rejects weak passwords.

Security
To prevent against physical damage in the

case of fire, a water sprinkler system is not

appropriate due to the damage it can cause to
a computer. The automatic fire extinguishing
systems should dispense an appropriate type
of suppressant, such as carbon dioxide.

System Development
Employees should not be allowed to purchase

and install software on company computers

even if it is for work related reasons. All
software should be purchased from single
company to ensure reliability and
compatibility.

Program Changes
The systems administrator should not be

involved in the initial computer programming

since they will be updating the system when
needed. This person would have the
knowledge of how to hide illegal changes and
to fraudulent acts.
All systems changes should be carefully

documented and filed. This serves as a control

and can help somebody see exactly what was
done if a problem with the change occurs.