A comparison of internal controls, with specific reference to COBIT, SAC, COSO, and SAS 55/78
- Authors: Steyn, Suzanne
- Date: 2012-09-10
- Subjects: Auditing, Internal , Computer security , Computer networks -- Security measures
- Type: Mini-Dissertation
- Identifier: http://ujcontent.uj.ac.za8080/10210/391281 , uj:9810 , http://hdl.handle.net/10210/7213
- Description: M.Comm. , Internal control has come under the attention of many organizations, and each has its own views on the most appropriate framework and evaluation methods to be adopted for specific purposes. As a result of the confusion arising from the different evaluation methods that are in vogue, the implementation of good information technology controls is hampered. Experts from around the world have participated in exhaustive research to develop an internationally acceptable tool that harmonizes standards. Their work has culminated in the development of CobiT. SAC , COSO, SAS 55 and SAS78 were also the result of continuing efforts to define, assess, report on and improve internal control, but each of these documents addresses a different audience, and therefore focuses on different aspects of internal control, and may even completely disregard some areas which may be of crucial importance to other users. It has been suggested that CobiT can replace COSO, SAC, and SAS 55/78, and there is a need to determine whether this is indeed the case. This short dissertation attempts to answer this question, while also putting in place a matrix to aid auditors in deciding which framework to use for a given application.
- Full Text:
- Authors: Steyn, Suzanne
- Date: 2012-09-10
- Subjects: Auditing, Internal , Computer security , Computer networks -- Security measures
- Type: Mini-Dissertation
- Identifier: http://ujcontent.uj.ac.za8080/10210/391281 , uj:9810 , http://hdl.handle.net/10210/7213
- Description: M.Comm. , Internal control has come under the attention of many organizations, and each has its own views on the most appropriate framework and evaluation methods to be adopted for specific purposes. As a result of the confusion arising from the different evaluation methods that are in vogue, the implementation of good information technology controls is hampered. Experts from around the world have participated in exhaustive research to develop an internationally acceptable tool that harmonizes standards. Their work has culminated in the development of CobiT. SAC , COSO, SAS 55 and SAS78 were also the result of continuing efforts to define, assess, report on and improve internal control, but each of these documents addresses a different audience, and therefore focuses on different aspects of internal control, and may even completely disregard some areas which may be of crucial importance to other users. It has been suggested that CobiT can replace COSO, SAC, and SAS 55/78, and there is a need to determine whether this is indeed the case. This short dissertation attempts to answer this question, while also putting in place a matrix to aid auditors in deciding which framework to use for a given application.
- Full Text:
Authentication of banking transactions over the Internet
- Authors: Naude, Louis
- Date: 2012-08-23
- Subjects: Banks and banking -- Security measures , Internet , Computer networks -- Security measures
- Type: Mini-Dissertation
- Identifier: uj:3095 , http://hdl.handle.net/10210/6513
- Description: M.Comm. , Due to the new dimension the Internet has brought to electronic commerce, and the fact that banks are now able to deliver their services over the Internet, a structure need to be in place to ensure a secure environment for such banks. In the literature survey Internet risks and security tools will first be dealt first with in chapter two and then, in chapter three, client authentication methods required when delivering banking services over the Internet will be compared to authentication in the traditional IT banking environment. In chapter four basic Internet policy requirements will be analysed to serve as basis for the development of the Internet Security Policy Framework (checklist) for banks delivering services over the Internet as presented in chapter five. This framework will ensure that all risk areas have been covered in authenticating clients over the Internet and simultaneously to secure the Bank's own systems.
- Full Text:
- Authors: Naude, Louis
- Date: 2012-08-23
- Subjects: Banks and banking -- Security measures , Internet , Computer networks -- Security measures
- Type: Mini-Dissertation
- Identifier: uj:3095 , http://hdl.handle.net/10210/6513
- Description: M.Comm. , Due to the new dimension the Internet has brought to electronic commerce, and the fact that banks are now able to deliver their services over the Internet, a structure need to be in place to ensure a secure environment for such banks. In the literature survey Internet risks and security tools will first be dealt first with in chapter two and then, in chapter three, client authentication methods required when delivering banking services over the Internet will be compared to authentication in the traditional IT banking environment. In chapter four basic Internet policy requirements will be analysed to serve as basis for the development of the Internet Security Policy Framework (checklist) for banks delivering services over the Internet as presented in chapter five. This framework will ensure that all risk areas have been covered in authenticating clients over the Internet and simultaneously to secure the Bank's own systems.
- Full Text:
Securing host and application information in the TCP/IP protocol suite
- Authors: Boshoff, Paul Marthinus
- Date: 2012-08-14
- Subjects: TCP/IP (Computer network protocol) , Computer networks , Computer networks -- Security measures , Data encryption (Computer science)
- Type: Thesis
- Identifier: uj:9224 , http://hdl.handle.net/10210/5673
- Description: M.Sc. , Using the Internet for communication purposes constitutes a high risk, considering the security of such information. The protocol suite used on the Internet is the TCP/IP protocol suite, which consists of the Transmission Control Protocol (TCP) and the Internet Protocol (IP). In a bid to create a basis to support the newly conceptualised ideas, various areas of networking are briefly discussed in this dissertation. The first in this series of areas is that of the OSI layers. This model forms the basis of all networking concepts. The model describes seven layers, of which each performs a certain networking function. The TCP/IP protocol suite fits into this model. Network security and encryption methods are applied and followed to secure information on the Internet. These methods have been used over a long period of time and will also be used to support the newly conceptualised ideas. The main focus of this dissertation falls on the securing of certain parts of the information contained in the headers of both the Transmission Control Protocol (TCP) and the Internet Protocol (IP) in a bid to minimise the amount of data that may be inferred about the communicating parties from these headers. In addition, where multiple routes exist between hosts, the possibility of the deliberate distribution of a single message across these routes is examined. Such distribution will further complicate the task of a hacker attempting to gather information from TCP and IP headers. In addition, such distribution will minimise the possibility that a hacker may assemble a complete message from its constituent parts and that he/she may infer information about the message that cannot be inferred from the isolated parts. The length of a message sent between hosts is one simple example of such information.
- Full Text:
- Authors: Boshoff, Paul Marthinus
- Date: 2012-08-14
- Subjects: TCP/IP (Computer network protocol) , Computer networks , Computer networks -- Security measures , Data encryption (Computer science)
- Type: Thesis
- Identifier: uj:9224 , http://hdl.handle.net/10210/5673
- Description: M.Sc. , Using the Internet for communication purposes constitutes a high risk, considering the security of such information. The protocol suite used on the Internet is the TCP/IP protocol suite, which consists of the Transmission Control Protocol (TCP) and the Internet Protocol (IP). In a bid to create a basis to support the newly conceptualised ideas, various areas of networking are briefly discussed in this dissertation. The first in this series of areas is that of the OSI layers. This model forms the basis of all networking concepts. The model describes seven layers, of which each performs a certain networking function. The TCP/IP protocol suite fits into this model. Network security and encryption methods are applied and followed to secure information on the Internet. These methods have been used over a long period of time and will also be used to support the newly conceptualised ideas. The main focus of this dissertation falls on the securing of certain parts of the information contained in the headers of both the Transmission Control Protocol (TCP) and the Internet Protocol (IP) in a bid to minimise the amount of data that may be inferred about the communicating parties from these headers. In addition, where multiple routes exist between hosts, the possibility of the deliberate distribution of a single message across these routes is examined. Such distribution will further complicate the task of a hacker attempting to gather information from TCP and IP headers. In addition, such distribution will minimise the possibility that a hacker may assemble a complete message from its constituent parts and that he/she may infer information about the message that cannot be inferred from the isolated parts. The length of a message sent between hosts is one simple example of such information.
- Full Text:
- «
- ‹
- 1
- ›
- »