Page 63 - ITGC_Audit Guides
P. 63

Data Quality, Management, and Reporting Risks: “Garbage in, garbage out” refers to inputting bad data into a
                    system will result in bad data output from the system. Poor data or data quality issues may lead to inaccurate
                    management reporting and flawed decision making. Databases that are not designed to ensure the integrity of
                    the data can result in incomplete or invalid data. Analytics that rely on invalid data will most likely yield flawed
                    results. Therefore, big data analytics must account for these data quality risks.
                    Additionally, data that is not obtained and analyzed in a timely manner may also result in incorrect analytic
                    outputs, flawed management decisions, and loss of revenue. Data sourced from third parties should be timely,
                    accurate, complete, and from a reputable source. Third-party data that is in an inappropriate format may not
                    be suitable for analysis and may delay management decision-making.
                    After data has been received and analyzed, it may be challenging to ensure that end users manage and
                    protect the data. A lack of end-user computing controls may lead to inaccurate reports and data leaks. End-
                    user production reports, ad hoc reports, and predictive analytic outputs must all be reviewed and approved to
                    limit flawed management decisions. Big data reports should also adhere to an organization’s data
                    classification policies to ensure only appropriate data is shared, both internally and externally. Report options
                    and distribution channels may be appropriate only for data of specific sizes and formats. Organizations may
                    face obstacles when determining the appropriate report options and channels for each analytic result.
                    Layer 4 — Transport
                    Function: The transport layer is concerned with transmitting data from host to host on a network or across
                    networks with a specified quality of service.
                    Protocols implementing this layer: Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and
                    others.
                    Professional working at this level: Network Engineer, Network Administrator, Cryptographer, or Network
                    Infrastructure Team.
                    The transport layer is primarily known for allowing network hosts to use and/or provide multiple service.
                    Using a TCP example, a client makes a request to a server. The server is listening with an open connection on
                    a well-known port number. Specifying the port number in the request allows the server to identify which
                    service is being requested. The server then replies to the appropriate client port, which can be assigned in
                    any number of ways depending on the protocol. Layer 4 specifies other services like flow control to ensure
                    speed without overwhelming the host, error correction to identify and resend bad packets, and others.
                    Layer 5 — Session
                    Function: The session layer provides services for management of remote connections at very basic levels of
                    interaction. Layer 5 is responsible for enabling the interaction of local and remote processes.
                    Protocols implementing this layer: Remote Procedure Calls (RPC), AppleTalk Session Protocol (ASP), parts of
                    TCP, and others.
                    Professional working at this level: Network Administrator, Application Developer, Cryptographer, or Network
                    Application Team.
                    The session layer includes some of TCP’s functions that provide connections. In contrast, UDP provides
                    “connectionless” service by treating each UDP “datagram” (equivalent to a TCP packet) as independent of
                    other datagrams. TCP packet streams can be placed in order and retransmitted if one is damaged or lost.
                    Layer 5 services also establish and track multiple connections between hosts using the same application (e.g.
                    downloading multiple files simultaneously using File Transfer Protocol [FTP]). Some connections are
                    sensitive to start and stop or combine multiple data streams; the session layer controls start and stop
                    services for applications needing a controlled data stream. This feature also allows recovery of interrupted
                    sessions.

                    Layer 6 — Presentation
                    Function: The presentation layer is concerned with taking data form a wide variety of application layer
                    sources and making the data available to other applications and network standard protocols. The presentation
                    layer represents a departure from the layers associated with data in motion. Presentation applies to data at
                    rest as well as data in motion. The presentation layer also coordinates the encapsulation of data at rest in
                    compressed files, encrypted files, and compound files (i.e., files containing other files like email attachments).






                   55 — theiia.org
   58   59   60   61   62   63   64   65   66   67   68