System Analysis And Design System Security and Audit - System Analysis and Design

What is System Security and Audit?

System Audit

It is an investigation to review the performance of an operational device. The objectives of undertaking a system audit are as follows −

  • To compare actual and planned performance.
  • To confirm that the stated objectives of system are still valid in current environment.
  • To evaluate the achievement of stated objectives.
  • To ensure the reliability of computer based financial and different records.
  • To make sure all records protected while processing.
  • To ensure protection from frauds.

Audit of computer system usage

Data processing auditors audits the usage of computer system in order to control it. The auditor need manage data which is obtained by computer system itself.

The system Auditor

The role of auditor starts on the initial stage of system development so that resulting system is secure. It describes an idea of usage of system that may be recorded which allows in load planning and choosing hardware and software specs. It gives an indication of wise use of the computer system and possible misuse of the system.

Audit Trial

An audit trial or audit log is a protection record which is comprised of who has accessed a computer system and what operations are performed during a given period of time. Audit trials are used to do specific tracing of the way data at the system has changed.

It presents documentary evidence of various control techniques that a transaction is subject to throughout its processing. Audit trials do not exist independently. they are carried out as a part of accounting for recovering lost transactions.

Audit Methods

Auditing can be done in two different ways −

Auditing Around the Computer

  • Take sample inputs and manually apply processing rules.
  • Compare outputs with computer outputs.

Auditing Through The Computer

  • Establish audit trial which allows examining selected intermediate results.
  • Control totals provide intermediate checks.

Audit Considerations

Audit concerns examine the results of the analysis by using the use of both the narratives and models to identify the problems caused due to misplaced functions, split processes or functions, broken information flows, missing data, redundant or incomplete processing, and nonaddressed automation possibilities.

The sports below this phase are as follows −

  • Identification of the current environment problems
  • Identification of problem causes
  • Identification of alternative solutions
  • Evaluation and feasibility analysis of each solution
  • Selection and recommendation of most practical and appropriate solution
  • Project cost estimation and cost benefit analysis


System security refers to protecting the system from theft, unauthorized access and changes, and accidental or accidental harm. In automated systems, security involves protecting all the parts of computer system which includes data, software, and hardware. systems security includes system privacy and system integrity.

  • System privacy deals with protecting people systems from being accessed and used without the permission/information of the concerned individuals.
  • System integrity is concerned with the quality and reliability of raw as well as processed data in the system.

Control Measures

There are variety of control measures which can be broadly classified as follows –


  • Regular backup of databases daily/weekly depending on the time criticality and size.
  • Incremental back up at shorter intervals.
  • Backup copies stored in secure remote place particularly necessary for disaster recovery.
  • Duplicate systems run and all transactions mirrored if it is a very critical system and cannot tolerate any disruption before storing in disk.

Physical Access Control To Facilities

  • Physical locks and Biometric authentication. for example, finger print
  • Identification cards or entry passes being checked by using security staff.
  • Identity of all humans who examine or adjust information and logging it in a file.

Using Logical or Software Control

  • Password system.
  • Encrypting sensitive data/programs.
  • Training employees on information care/managing and security.
  • Antivirus software and Firewall protection while connected to internet.

Risk Analysis

A risk is the possibility of losing something of value. risk analysis starts with planning for secure system by identifying the vulnerability of system and effect of this. The plan is then made to manage the chance and cope with disaster. it is done to accesses the possibility of possible disaster and their cost.

Risk analysis is a teamwork of experts with different backgrounds like chemicals, human error, and method equipment.

The following steps are to be followed whilst conducting risk analysis −

  • Identification of all of the components of computer system.
  • Identification of all the threats and hazards that every of the components faces.
  • Quantify risks i.e. assessment of loss inside the case threats come to be reality.

Risk Analysis – Main Steps

As the risks or threats are changing and the potential loss also are changing, management of risk must be performed on periodic basis through senior managers.

System Security and Audit

Risk management is a continuous process and it involves the following steps −

  • Identification of security measures.
  • Calculation of the cost of implementation of security measures.
  • Comparison of the cost of security features with the loss and probability of threats.
  • Selection and implementation of security measures.
  • Review of the implementation of security measures.

All rights reserved © 2020 Wisdom IT Services India Pvt. Ltd Protection Status

System Analysis and Design Topics