Output Controls

1
Output Controls

• Chapter 15

2
Introduction

• The output subsystem provides functions that
  determine
• The content of data that will be provided to
  users
• The ways data will be formatted and presented to
  users
• The way data will be prepared and routed to users

Content Format Timeliness
Software
3
Changes in the Output Subsystem

• Less printed output more as display
• Less reliance on IT personnel to produce output
  access to reporting software and DBMS
• Widely dispersed printers rather than centalized
• More varieties of output sound, video, images
• Laser printers can handle text, graphics, images
• Cheap high density storage CD-ROMs
• Imaging software adobe PDF
• WWW images, text, sound public access to
  documents

4
Topics to Consider

• Inference Controls
• Filter the output that users see
• Batch Output Controls
• Production and Distribution Controls
• Batch reports
• Online Output Controls
• Production and Distribution Controls
• Audit Trail Controls
• Existence Controls

5
Inference Controls

• Inference controls are used in the output
  subsystem to prevent compromise of statistical
  databasesdatabases from which users can obtain
  only aggregate statistics rather than the values
  of individual items. They are used to prevent
  four types of compromise

Negative compromise, whereby users determine that
a person does not have a particular attribute
value
Approximate compromise, whereby users determine
within some range the attribute value possessed
by a person
Positive compromise, whereby users determine that
a person has a particular attribute value
Exact compromise, whereby users determine the
precise value of an attribute possessed by a
person
6
Inference ControlsExamples

• Compromise of statistical databases
• Positive ExactDoes salary is 120,000
• Positive and approximate Does salary is in the
  range 100,000 to 140,000
• Negative and Exact Does salary is not 120,000
• Negative and Approximate Does salary is not in
  the range 120,000 to 140,000

7
InferenceRestriction controls

• Restriction Controls
• limit the set of responses that will be provided
  to users to protect confidentiality of data about
  persons in the database
• For example, the system will not provide a
  response if the number of persons in the response
  set is less than a particular number
• It is difficult to devise a set of restrictions
  that can not be compromised fairly easily

8
InferencePerturbation Controls

• Perturbation Controls
• introduce noise into the statistics calculated on
  the records retrieved for the database
• introduce a random rounding factor

Record set
Randomfunction
Randomfunction
Report
DBMS
OR
9
Batch Output

• Produced at some operations facility and
  subsequently distributed to custodians and users
• Controls over production and distribution of
  batch output to ensure that accurate, complete
  and timely output is provided ony to authorized
  users

accurate
complete
timely
authorized users
10
Controls Over Batch Output Production and
Distribution
StationarySupplies

• Secure storage for stationery supplies
• Only authorized users are permitted to execute
  batch report programs
• Ensuring that queuing/spooling/printer file can
  not be altered
• Preventing unauthorized parties from viewing
  confidential reports as they are printed
• Collecting reports promptly after meetings or
  otherwise to prevent their loss

Programs
PrinterQueue
Reports
11
Batch Output Production and Distribution Controls

• User/Client services review controls for errors
• Report distribution controlscorrect user
• User output controlsreview errors and omissions
• Storage controls
• Retention controls
• Destruction controls

Right User?
Errors?
Reports
StorageRetentionDestruction
Shredder
12
Batch ReportsDesign Controls

• Good report design facilitates the orderly flow
  of reports through the various output phases
• Title pagedistribution list
• information to assist personnel
• who to contact is the report is defective
• Controls to prevent removal of pagespage numbers
  on all pages and end of document markers

13
Control Information on a Well-Designed Report

• Report Name
• Time and Date of Production
• Distribution List
• Processing Period covered
• Program producing the report (version number)
• Contact persons

• Security Classification
• Retention Date
• Method of Destruction
• Page Heading
• Page Number
• End-of-job Marker

14
Online Output Production and Distribution Controls
Reports

• Online output is output that is delivered
  electronically to the terminal employed by the
  user to gain access to the system
• Only authorized parties receive reports
• Protecting the integrity of transmitted
  information
• Controlling viewing of display terminals
• Preventing unauthorized copying of display
  information

TransmissionIntegrity
AuthorizedUsers
?
ViewingCopying
15
Online Output Controls

• ensuringauthorized, accurate, complete
• ensuringcorrect network address
• preserving integrity and privacy of communication
  line
• checking data has been received
• determine is output is read
• assuring disposition is appropriate
• retention period is adequate / deletion is OK

16
Online Output Production and Distribution
ControlsNew Issues

• Factors impacting exposures
• amount of online information has increased
  substantiallyuse of EDI and the WWW
• The variety of online output and the ways it can
  be manipulated have increased (modification)
• growth of the internet has resulted in changed
  perceptions about the nature of output

Receipt
Sourcing
Distribution
Communication
Deletion
Review
Disposition
Retention
17
Source Controls

• Obtaining output
• Eventsinformation exchange
• input / access
• Users invoke a program to access a database
• database Ch14 / program authorized / user access
  / user training

• File transfer / browser programs
• accuracy/authorized/ complete/timely source
• prevent improper use
• source is authentic
• appropriate to goals
• E-mail
• e-mail guidelines
• Netiquette
• sender id (digital signatures)

18
Distribution Controls

• Correct person receives output
• Electronic addresses / access controls /
  distribution lists
• Timely distribution (EDI) - logs
• Intermediary distribution
• Policies to define allowed recipients
• Policies re forwarding of messages

19
Communication Controls

• See Chapter 12
• active attacksmessage insertion, deletion and
  modification
• passive attacksrelease of contents
• Cryptographic controls
• Public / private keys

20
Receipt Controls

• Should output be accepted?
• E-mail attachment contains a virus
• Letter bombs
• Message size controls

21
Review Controls

• Is output read and acted upon in a timely manner?
• EDI order filling timely
• recipient on vacation
• E-mail verification of reading or notification of
  unavailability of recipient
• Information overload
• scanning / intelligent agents
• Control while review is in progress

22
Disposition Controls

• Guidelines over forwarding and copying
• Education of employees
• Integrity of employees
• Secure logs of actions taken on confidential
  information

23
Retention Controls

• Tendency to quickly dispose of output received
• Unsolicited output
• Statutory requirements?
• Output describes information important to the
  organization?
• Access to retained output controlled

24
Deletion controls

• Expiry date
• Disk scan for duplicate files
• Make sure deletion is not just from the file list
• Overwriting of confidential files to prevent
  recovery of deleted files

25
Audit Trail Controls

• Accounting audit trail
• What was presented
• Who received it
• When was it received
• What actions were taken
• Who relied on it
• Have unauthorized users gained access

• Operation audit trail
• resource consumption
• graphics and high intensity output
• high-quality stationery
• machine time
• communication structure

26
Existence Controls

• Output lost or destroyed?
• Loss of batch files / recovery from reports
• Spool files
• larger files
• longer retention
• Nature of the report recovery
• status
• transactions
• in-place updates