KnowledgeLeader Blog

What is External Access Risk?

Posted by Joseph Thomas on Mon, Dec 10, 2012 @ 02:55 PM

Many businesses today exchange goods, services, information, and knowledge using network-enabled technologies. Within such business, proper protection of confidential information is essential to achieve the desired benefits and mitigate the associated risks. Failure to adequately restrict access to critical business information from outsiders (intruders) may result in unauthorized knowledge and use of confidential information by inappropriate parties.

Access risk includes the risk that access to information (data or programs) will be inappropriately granted or refused. Unauthorized people may be able to access confidential information, while simultaneously, authorized people may be denied access. Access risk is pervasive – it includes information for any purpose.

Access risk focuses on the risks associated with inappropriate access to systems, data, or information. It encompasses the risks of improper segregation of duties, risks associated with the integrity of data and databases, and risks associated with information confidentiality. Access risk can occur at any, or all, of the following:

  • NetworkThe mechanism used to connect users with a processing environment. The access risk in this area is driven by the risk of inappropriate access to the network itself.
  • PlatformThe host computer system on which application systems and related data are stored and processed. The access risks in this area are driven by the risk of inappropriate access to a processing environment, and the programs or data that are stored in that environment.
  • Database The collection of data that is organized in a manner that allows its contents to be easily accessed, managed, and updated. The access risk in this area is driven by the risk of inappropriate access to valuable information.
  • Application System The programs that are used to process information that is relevant to business processes. The access risk in this area is associated with inappropriate logical access to system resources.
  • Physical The unauthorized physical entry of an intruder to the system resources within an organization. The access risk in this area is associated with inappropriate physical access to critical information systems.
  • Functional Access (Within an Application)
  • Field Level Access (Within a Function)

 

Content Related to External Access Risk on KnowledgeLeader:

External Access Risk Key Performance Indicators (KPIs)

E-Business Risks: External Access – Questionnaire for Audit Committees

Topics: External Access Risk

Add a Comment:

Subscribe to Our Blog

About KnowledgeLeader

KnowledgeLeader, provided by Protiviti, is the premier resource for internal audit and risk management professionals.

With over 1,400 customizable tools and 1,300 articles by industry experts, we offer the most comprehensive service on the market.

For more information:

 Tour the Site

Recent Posts

Posts by Topic

see all