Featured Post
Love In The Canterbury Tales Essay Research free essay sample
Love In The Canterbury Tales Essay, Research Paper Henry Louis Mencken expressed, # 8220 ; Love: The maniacal conviction that one grown-u...
Friday, March 20, 2020
Computer Risks and Exposures Essay Example
Computer Risks and Exposures Essay Example Computer Risks and Exposures Paper Computer Risks and Exposures Paper Computer Risks and Exposures Computers of all kinds within an organisation are constantly faced with a variety of risks and exposures. It is helpful if we first define these terms: Computer risk Probability that an undesirable event could turn into a loss Computer exposure Results from a threat from an undesirable event that has the potential to become a risk Vulnerability A flaw or weakness in the system that can turn into a threat or a risk The total impact of computer risks range from minor to devastating and could include any or all of: Loss of sales or revenues Loss of profits Loss of personnel Failure to meet government requirements or laws Inability to serve customers Inability to sustain growth Inability to operate effectively and efficiently Inability to compete successfully for new customers Inability to stay ahead of the competition Inability to stay independent without being acquired or merged Inability to maintain present customer/client base Inability to control costs I nability to cope with advancements in technology Inability to control employees involved in illegal activities Damage to business reputation Complete business failure Computer risks. exposures and losses may be characterised as intentional or unintentional and may involve actual damage, alteration of data or programs as well as unauthorised dissemination of information. Objects which can be affected include physical items such as the hardware or hard-copy outputs which are both vulnerable to risks such as theft or loss; the tele-communications system which can cause major corporate grief if unavailable for any reason as well as being vulnerable to internal or external penetration; the applications software which, being a major control lement, is vulnerable to change, bypassing or direct sabotage; systems software such as the operating system itself which can also be amended or circumvented; computer operations where control procedures may be amended or bypassed and the data itself where virtually anything could happen. The risks in I. S. are the reverse of the control objectives and must be treated as business risks. As such they are the responsib ility of executive management with enforcement at a technical level. Obviously, the relative importance of risks will vary and the control techniques will vary from industry to industry and from company to company. The risks may be minimised but they can never be totally eliminated. Computer System Threats Threats may come from either external or internal sources and may be intentional or unintentional as well as malicious or non-malicious. Internal threats may come from: Users Management IS Auditors IS Staff Others Acting alone or in collusion. Users Threats from this source are the most commonly occurring and include errors, fraud, breach of confidentiality (commonly accidentally) or malicious damage. The most common causes of these threats are poor supervisory control combined with poor personnel procedures. In many cases far too much power has been granted to users who already have access to the assets. In many cases the users have an in-depth knowledge of the systemââ¬â¢s control weaknesses and are in a position to exploit them. Management Threats here again include error and fraud but may also include systems manipulation for Corporate reasons such as profit smoothing or advance booking of sales or delayed recording of costs. Again breach of confidentiality is a hazard together with malicious damage. Common causes here are likely to involve inadequate segregation of duties with management, in many cases, unquestioned regarding decisions they make and transactions they authorise. This, combined with poor personnel procedures and too much power granted, can lead to major problems, particularly when combined with managementââ¬â¢s access to assets and their authority to override conventional control levels. IS Auditors A commonly ignored threat, IS auditors again are in a position to commit errors or fraud, to breach confidentiality or cause malicious damage. In many cases there is little or no supervisory control exercised and far too much power granted. The auditors have access to the assets and a detailed knowledge of system weaknesses. In addition they have the right to attempt to break the system, although it is not supposed to be for their gain. IS Staff Threats here include the normal problems of error, fraud and breach of confidentiality as well as malicious damage. In this case, however, the impact of errors etc. tend to be further reaching since they may affect, not single transactions, but every transaction passing through a system. Once again the most common problem is accidental destruction rather than deliberate sabotage. Common causes are typically too much power granted, for example granting of access to live data; poor change control and ineffective division of duties. In many cases computer staff hold the keys to the kingdom and again they have the power associated with knowledge of the system. Others Other people also have access to computer systems, including engineers, salespersons etc. Threats here include again errors, fraud, loss of confidentiality as well as malicious damage and accidental destruction. Common causes in these cases include poor disposal of outputs, careless talk, inadequate access control both physical and logical, publicity and the advent and promotion of open systems. External Threats Threats may come from legitimate external users as well as inter-computer links such as the Internet, Electronic Data Interchange systems, system hackers and viral attacks as well as from natural causes. Such threats are commonly caused by inadequate logical access control resulting in high value systems being unguarded. A poor security attitude within staff coupled with an incorrect concept of Computer Security and an incorrect risk evaluation can also open up such exposures. Risk Management With such a plethora of risk exposures, management must adopt a position on risk. It may involve any or all of accepting the risk, reducing the risk (normally by increased internal control) or transferring the risk. The option which is NOT acceptable is simply ignoring the risk. In order to adopt an appropriate position, management must know and understand the risk. The Risk-based Audit Approach In order to achieve an audit which is both efficient and effective, the risk-based approach allows the auditor to focusing in areas of highest impact. The initial audit activity is therefore to gather or update information about the organisation in order to determine the audit strategy. This determination includes forming audit judgments regarding the organisation and assessing the inherent and control risks in order to determine the appropriate audit testing plan. Inherent risk may be seen as the risks the organisation faces without the mitigating impact of internal controls. Control risks involved those elements of inherent risk not successfully mitigated by the internal control structures. The initial information required would include knowledge of the organisations business and place within its industry, as well as a knowledge of the applicable accounting, auditing and regulatory standards within the industry. These allow the determination of the overall business objectives of the organisation or departmental function. Once the business objectives have been determined the auditor may proceed to identify and isolate the individual details control objectives. For example, the overall objective of the purchasing function is to buy items for the organisation. The control objectives for this function would include ensuring that only the right items are purchased, at the right price, in the right quantity, of the right quality, in an authorised manner, for delivery to the right place at the right time. The risks then become those factors which can prevent fully or partially the achievement of the control objectives. The auditor must then determine which controls will mitigate those risks and what source of evidence exists as to the adequacy and effectiveness of that mitigation. Even prior to testing, the auditor can determine the adequacy of the control structures designed to mitigate the risk on the assumption that the controls function as intended. In other words, if all controls function as intended, would the risks be controlled to managementââ¬â¢s predetermined acceptable level. Once the source of evidence has been identified, the auditor can select the appropriate audit technique to determine whether the control objective has been achieved. These techniques could include interviews, reviews of documentation, reviews of systems or the use of computer-assisted audit techniques. After the auditor has decided upon the appropriate audit technique, the appropriate audit tool may be selected. For example if the technique is to interview, the auditor must decide whether the interview will be face-to-face, by telephone, or by videoconferencing. If the technique is to review data on files within the computer, the tool could be generalised audit software, general-purpose software or a specific audit software.
Tuesday, March 3, 2020
Invention of the Crossbow in Asian History
Invention of the Crossbow in Asian History Energy may be likened to the bending of a crossbow; decision, to the releasing of the trigger. - Sun Tzu, The Art of War, c. 5th century BCE. The invention of the crossbow revolutionized warfare, and the technology would spread from Asia through the Middle East and into Europe by the medieval period. In a sense, the crossbow democratized warfare - an archer did not need as much strength or skill to deliver a deadly bolt from a crossbow as he or she would have with a traditional compound bow and an arrow. Who Invented the Crossbow? The first crossbows were likely invented either in one of the states of early Chinaà or in neighboring areas of Central Asia, some time before 400 BCE. Its not clear exactly when the invention of this new, powerful weapon took place, or who first thought of it. Linguistic evidence points to a Central Asian origin, with the technology then spreading to China, but records from such an early period are too scanty to determine the origins of the crossbow beyond a doubt. Certainly, the famed military strategist Sun Tzu knew about crossbows. He attributed them to an inventor named Qin from the 7th century BCE. However, the dates of Sun Tzus lifeà and the first publication of his Art of Warà are also subject to controversy, so they cannot be used to establish the early existence of the crossbow beyond a doubt. Chinese archaeologists Yang Hong and Zhu Fenghan believe that the crossbow may have been invented as early as 2000 BCE, based on artifacts in bone, stone, and shell that may be crossbow triggers. The first known hand-held crossbows with bronze triggers were found in a grave in Qufu, China, dating from c. 600 BCE. That burial was from the State of Lu, in what is now Shandong Province, during Chinas Spring and Autumn Period (771-476 BCE). Archaeological Evidence Additional archaeological evidence shows that crossbow technology was widespread in China during the late Spring and Autumn Period. For example, a mid-5th century BCE grave from the State of Chu (Hubei Province) yielded bronze crossbow bolts, and a tomb burial in Saobatang, Hunan Province from the mid-4th century BCE also contained a bronze crossbow. Some of the Terracotta Warriors buried along with Qin Shi Huangdi (260-210 BCE) carry crossbows. The first known repeating crossbow was discovered in another 4th century BCE tomb in Qinjiazui, Hubei Province. Importance in History Repeating crossbows, called zhuge nu in Chinese, could shoot multiple bolts before needing to be reloaded. Traditional sources attributed this invention to a Three Kingdoms period tactician named Zhuge Liang (181-234 CE), but the discovery of the Qinjiazui repeating crossbow from 500 years before Zhuges lifetime proves that he was not the original inventor. It seems likely that he improved significantly on the design, however. Later crossbows could fire as many as 10 bolts in 15 seconds before being reloaded. Standard crossbows were well-established across China by the second century CE. Many contemporary historians cited the repeating crossbow as a key element in Han Chinas Pyrrhic victory over the Xiongnu. The Xiongnu and many other nomadic peoples of the Central Asian steppes used ordinary compound bows with great skillà but could be defeated by legions of crossbow-wielding infantry, particularly in sieges and set-piece battles. Koreas King Sejong (1418-1450) of the Joseon Dynasty introduced the repeating crossbow to his army after seeing the weapon in action during a visit to China. Chinese troops continued to use the weapon through the late Qing Dynasty era, including the Sino-Japanese War of 1894-95. Unfortunately, crossbows were no match for modern Japanese weaponry, and Qing China lost that war. It was the last major world conflict to feature crossbows. Sources Landrus, Matthew. Leonardos Giant Crossbow, New York: Springer, 2010.Lorge, Peter A. Chinese Martial Arts: From Antiquity to the Twenty-First Century, Cambridge University Press, 2011.Selby, Stephen. Chinese Archery, Hong Kong: Hong Kong University Press, 2000.Sun Tzu. The Art of War, Mundus Publishing, 2000.
Subscribe to:
Posts (Atom)