You are the chief information security officer for a small company. You are asked to design appropriate controls for the payroll and inventory management sys¬ tems. Following is a list of users and the types of activities each group wants to be able to perform:

Required

a. Create an access control matrix that gives each user group its desired level of access to the following five items: payroll master file, payroll program, inventory master file, inventory update program, and the system log files. Use the following codes for access rights:
0 = no access 1 = read only 2 = read and modify 3 = read, modify, create, and delete

b. What changes should the internal auditor recommend be made to the access control matrix to improve internal control?

Transcribed Image Text:

User Group Sales Inventory control Payroll clerk HR manager Payroll programmer Inventory programmer Yourself Desired Privileges Read records in the inventory master file Read, create, modify, and delete inventory file records Read and modify payroll file records Read, create, modify, and delete payroll file records Process payroll records; read payroll file and pay- roll transaction file records Process inventory records; read both inventory file and inventory transaction file records Perform all possible actions on all files