Question 6 20 marks Accounting information systems require s

Question 6 (20 marks) Accounting information systems require sound internal controls to protect corporate data. Many organisations apply the \'defense-in-depth\' concept to protect their accounting information systems. (a) What is the concept of\'defense-in-depth\' in computer security? (4 marks) (b) Discuss how \'defense-in-depth\' concept can be applied to protect accounting data in the automatic teller machine (ATM) of a bank. Focus your discussion on users, network, host computer, and applications. (16 marks)

Solution

Answers:

It is defined as information assurance concept in which multiple layers of security controls are placed throughout an IT system. The intent of defense in depth is to provide redundancy in case of an event a security control fails or exploitation of vulnerability that can cover aspects like personnel, procedural, technical & physical security for duration of system’s lifecycle.

The main idea is to protect a system against any attack using several independent methods. It is a military strategy that seeks to delay rather than prevent the advance of an attacker by yielding space to buy time.

The defense in depth uses the multiple layers of security in order to protect its customers using ATM. This is done in the following ways: