Para 3.22.59 — MSO (Audit)
Original Rule Text
3.22.59 Applications which transmit information across networks may be subject to the following risks:
(i) Data may be intercepted and altered either during transmission or during storage at intermediate sites.
(ii) Unauthorised data may be introduced into the transaction stream using the communication connections.
(iii) Data may be corrupted during transmission.
The integrity of transmitted data may be compromised through communication faults. The auditor should ensure that there are adequate controls in place, either within the network system, or the financial applications, to detect corrupted data. The network’s communication protocol, i.e. the predetermined rules that determine the format and meaning of transmitted data, may incorporate automatic error detection and correction facilities. It is fairly easy to intercept transmitted data on most local and wide area networks. Inadequate network protection increases the risk of unauthorised data amendment, deletion and duplication. There are a number of controls that may be used to address these problems. For instance, digital signatures may be used to verify that the transaction originated from an authorised user and that its contents are intact. Similarly, data encryption techniques may be used to prevent the interception and alteration of transactions.
What This Means
Applications transmitting data over networks face three main risks: data interception and alteration (either during transmission or at intermediate storage), introduction of unauthorised data into the transaction stream, and data corruption during transmission. Auditors must ensure controls exist to detect corrupted data, protect against unauthorised amendment and duplication, and verify transaction authenticity. Digital signatures can confirm a transaction came from an authorised user, and data encryption can prevent interception and alteration.
This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.
Key Points
- 1Data may be intercepted and altered during transmission or at intermediate storage points
- 2Unauthorised data may be injected into the transaction stream via network connections
- 3Data may be corrupted during transmission due to communication faults
- 4Digital signatures verify transaction origin and content integrity
- 5Data encryption prevents interception and alteration of transmitted transactions
Practical Example
A government tax collection system transmits daily collection figures from 500 collection centres to the central server. Without proper controls, someone could intercept the data and alter collection amounts, or inject fake collection records into the transmission. The system uses digital signatures so the central server can verify each transmission genuinely came from an authorised collection centre. Data is encrypted using SSL/TLS during transmission so it cannot be read or altered in transit. The communication protocol automatically detects and flags any records corrupted by transmission errors.
This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.
Frequently Asked Questions
How do digital signatures help protect transmitted data?▼
What is the difference between encryption and digital signatures?▼
What is a communication protocol's error detection facility?▼
This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.