Designing Integrity Controls
Ensuring a system that is safe from the threats is one of common issues in a modern information systems development. One of many ways to ensuring a safe system is to set up controls into a system. Controls can be defined as mechanisms and procedures that are built into a system to safeguard the system and information within it (Satzinger, Jackson, and Burd, 2012). Control objectives itself are defined to minimize risk. Many controls may be implemented to achieve a control objective.
Designing integrity controls of a system is needed to ensure correct system function. According to Satzinger, Jackson, and Burd (2012), integrity control is a control that rejects invalid data inputs, prevents unauthorized data outputs, and protects data and programs against accidental or malicious tampering. This kind of controls enable an integration between application programs and the database. The primary objectives of integrity controls are to ensure the business transactions occur in appropriate and correct way, ensure that the only correct transactions can be recorded and processed, and ensure the organization’s assets (including hardware, software, and information) secured.
A layered and multifaceted system of controls that lies on integrity controls are input controls, access controls, transaction logging, complex update controls, redundancy, backup, and recovery procedures, and output controls.
Input Controls
Input controls is a control that provides reasonable assurance that transactions are properly authorized before processed by the computer. According to Senft and Gallegos (2009), input controls ensure authenticity, accuracy, completeness, and timeliness of data entered into an application. Input controls can be implemented within application programs, the database schema, or both, by assigning input control types, such as value limit controls, completeness controls, data validation controls, and field combination controls.
Access Controls
Access controls refer to security features that control who can access resources within a system. According to Satzinger, Jackson, and Burd (2012), access controls restrict which persons or programs can add, modify, or view information resources. Access controls can include the authorization, authentication, and audit of the entity trying to gain access through the Database Management Systems (DBMS) schema.
Transaction Logging
According to Databasecompare.com, transaction log is a record of actions—it can record any action by the database and store the recording results in a separate file. Transaction logging objectives are to help discourage fraudulent transactions or malicious database change and to provide a recovery mechanism for erroneous transactions.
Complex Update Controls
Complex update controls is a control that prevents errors that can occur when multiple programs try to update the same data at the same time or when recording a single transaction requires multiple related database updates (Satzinger, Jackson, and Burd, 2012). Update controls within a DBMS provide locking mechanisms to protect against multiple updates that might be conflict with or overwrite the data because the possibility of accessing and updating the same record simultaneously.
Redundancy, Backup, and Recovery
Many organizations do some preventive actions to protect their data and software from the unexpected threats, such as hardware failures and catastrophes. The procedures that support the organizations to do so are redundancy, backup, and recovery procedures. Redundant databases and servers, or even sites, are employed to support continuous access to the data and systems of organizations in case of one site or server fails. Backup procedures create partial or full copies of a database to removable storage media that stored off-site (cannot be accessed directly by application software). Instead, reading the off-site copies and replicate the contents to a database server and provide access to programs and users are performed in recovery procedures.
Output Controls
Output controls are concerned with the output of data either to a screen or another system displays. According to Satzinger, Jackson, and Burd (2012), output controls ensure that output arrives at the proper destination and is accurate, current, and complete. Common types of output controls are physical access controls to printers, access controls to programs that display or print, and so on.
Reference:
Satzinger, J. W., Jackson, R. B., & Burd, S. D. (2012). Systems Analysis and Design: In A Changing World. Boston: Cengage Learning.
Senft, S., & Gallegos, F. (2009). Information Technology Control and Audit. Boca Raton: Taylor & Francis Group.
What is transaction log. (n.d.). Retrieved February 20, 2017, from Sliced Lemon Software: http://www.databasecompare.com/what-is-transaction-log.html