More Web Proxy on the site http://driver.im/

research-article

Accounting Information Systems and System of Systems: Assessing Security with Attack Surface Methodology

Authors:

Pythagoras Petratos,

Alessio FacciaAuthors Info & Claims

ICCBDC '19: Proceedings of the 2019 3rd International Conference on Cloud and Big Data Computing

Pages 100 - 105

https://doi.org/10.1145/3358505.3358513

Published: 28 August 2019 Publication History

Abstract

Accounting Information Systems are playing the protagonist role in enterprise. This is because they provide the necessary financial information required by law. At the same time there is an increasingly cyber security risk for AIS, which can be considered part of critical infrastructure, in that sense assessing cybersecurity risks is essential. The contribution of the paper is twofold. Firstly, in this paper the authors apply the attack surface methodology and further develop it to assess such risks. Secondly, the attack surface methodology has been expanded to include related systems to AIS.

References

[1]

https://www.dhs.gov/cisa/critical-infrastructure-sectors

[2]

https://www.accaglobal.com/ie/en/student/sa/features/cyber.html

[3]

Gordon, L. A., & Loeb, M. P. (2006). Managing cybersecurity resources: a cost-benefit analysis (Vol. 1). New York: McGraw-Hill.

[4]

https://www.icaew.com/about-icaew/news/press-release-archive/2017-press-releases/regions-2017/tv-cyber-attack

[5]

Chabinsky, S. R. (2010). Cybersecurity strategy: A primer for policy makers and those on the front line. J. Nat'l Sec. L. & Pol'y, 4, 27.

[6]

https://www.ft.com/content/f52f6fee-ccf4-11e6-864f-20dcb35cede2

[7]

Gordon, L. A., Loeb, M. P., & Lucyshyn, W. (2003). Sharing information on computer systems security: An economic analysis. Journal of Accounting and Public Policy, 22(6), 461--485.

[8]

Gordon, L. A., Loeb, M. P., Lucyshyn, W., & Richardson, R. (2005). 2005 CSI/FBI computer crime and security survey. Computer Security Journal, 21(3), 1.

[9]

https://www.bloomberg.com/news/articles/2019-05-11/a-massive-accounting-hack-kept-clients-offline-and-in-the-dark

[10]

Brender, N., & Markov, I. (2013). Risk perception and risk management in cloud computing: Results from a case study of Swiss companies. International journal of information management, 33(5), 726--733.

[11]

Leavitt, N. (2009). Is cloud computing really ready for prime time?. Computer, (1), 15--20.

[12]

Rashid, A., & Chaturvedi, A. (2019). Cloud Computing Characteristics and Services: A Brief Review.

[13]

Singh, M., Kant, U., Gupta, P. K., & Srivastava, V. M. (2019). Cloud-Based Predictive Intelligence and Its Security Model. In Predictive Intelligence Using Big Data and the Internet of Things(pp. 128--143). IGI Global.

[14]

Hall, J. A. (2012). Accounting information systems. Cengage Learning.

[15]

Romney, M. B., Steinbart, P. J., & Cushing, B. E. (2000). Accounting information systems (Vol. 2). Upper Saddle River, NJ: Prentice Hall.

[16]

Simunic, D. A., & Biddle, G. C. (2019). The Big Four: The Curious Past and Perilous Future of the Global Accounting Monopoly.

[17]

Mohammed, A. L., Al-Hosban, A., & Thnaibat, H. (2018). The impact of the risks of the input of accounting information systems on managerial control, accounting control and internal control in commercial banks in Jordan. International Journal of Business and Management, 13(2), 96--107.

[18]

Ogneva, M., Piotroski, J. D., & Zakolyukina, A. A. (2018). Accounting fundamentals and systematic risk: Corporate failure over the business cycle. Chicago Booth Research Paper, (14--31), 14--37.

[19]

Jones, J. P., Long, J. H., & Stanley, J. D. (2019). Pane in the Glass: A Review of the Accounting Cycle. Issues in Accounting Education Teaching Notes, 34(1), 32--53.

[20]

Begenau, J., & Salomao, J. (2018). Firm financing over the business cycle. The Review of Financial Studies, 32(4), 1235--1274.

[21]

Habib, A., & Hasan, M. M. (2018). Corporate Life Cycle in Accounting & Finance: A Review of the Literature.

[22]

Laitinen, E. K., & Laitinen, T. (2018). Financial reporting: profitability ratios in the different stages of life cycle. Archives of Business Research, 6(11).

[23]

Yongjun, W. (2007). Expenditure Cycle: the Logical Beginning Point for the Construction of Government Budgetary Accounting Framework-Concurrently Nuclear Proposition and Strategic Sequence about Government Accounting Reform in China [J]. Accounting Research, 5.

[24]

Weygandt, J. J., Kimmel, P. D., KIESO, D., & Elias, R. Z. (2010). Accounting principles. Issues in Accounting Education, 25(1), 179--180.

[25]

Bodnar, G. H., & Hopwood, W. S. (2001). Accounting lnformation Systems.

[26]

Jones, J. P., Long, J. H., & Stanley, J. D. (2019). Pane in the Glass: A Review of the Accounting Cycle. Issues in Accounting Education Teaching Notes, 34(1), 32--53.

[27]

Warren, C., & Jones, J. (2018). Corporate financial accounting. Cengage Learning.

[28]

Maynard-Patrick, S., & Higgins, L. N. (2018). Gleam Lighting: A Collaborative Experiential Payroll Fraud Case. Management Teaching Review, 2379298118811149

[29]

Vegera, S., Malei, A., Sapeha, I., & Sushko, V. (2018). Information support of the circular economy: the objects of accounting at recycling technological cycle stages of industrial waste. Entrepreneurship and Sustainability Issues, 6(1), 190--210.

[30]

Woodward, D. G. (1997). Life cycle costing---theory, information acquisition and application. International journal of project management, 15(6), 335--344.

[31]

Romney, M. B., & Steinbart, P. J. (2011). Accounting information systems. Prentice Hall Press.

Digital Library

[32]

Annand, D., & Dauderis, H. (2018). Introduction to Financial Accounting. Valley Educational Services Limited.

[33]

Lu, X., & Wang, J. (2018). A Review of the Classification of Enterprise Life Cycle. Modern Economy, 9(07), 1169.

[34]

Glover, J. C., & Ijiri, Y. (2002). "Revenue Accounting" in the Age of E-Commerce: A Framework for Conceptual, Analytical, and Exchange Rate Considerations. Journal of International Financial Management & Accounting, 13(1), 32--72.

[35]

Budiarto, D. S., Prabowo, M. A., Djajanto, L., Widodo, K. P., & Herawan, T. (2018, May). Accounting Information System (AIS) Alignment and Non-financial Performance in Small Firm: A Contingency Perspective. In International Conference on Computational Science and Its Applications (pp. 382--394). Springer, Cham.

[36]

FBI, Internet Crime Report 2018.

[37]

Wilkinson, J. W. (1991). Accounting and information systems. John Wiley & Sons, Inc.

Digital Library

[38]

James, D., & Wolf, M. L. (2000). A second wind for ERP. The McKinsey Quarterly, 100--100

[39]

Jackson, M. C., & Keys, P. (1984). Towards a system of systems methodologies. Journal of the operational research society, 35(6), 473--486

[40]

J. Boardman and B. Sauser, (2006). System of Systems - the meaning of of, 2006 IEEE/SMC International Conference on System of Systems Engineering, Los Angeles, CA, 2006, pp. 6 pp.-

[41]

Manadhata, P. K., Tan, K. M., Maxion, R. A., & Wing, J. M. (2007). An approach to measuring a system's attack surface(No. CMU-CS-07-146). CARNEGIE-MELLON UNIV PITTSBURGH PA SCHOOL OF COMPUTER SCIENCE.

[42]

Sun, K., & Jajodia, S. (2014, November). Protecting enterprise networks through attack surface expansion. In Proceedings of the 2014 Workshop on Cyber Security Analytics, Intelligence and Automation (pp. 29--32). ACM.

Digital Library

[43]

Claudiu Brandas Ovidiu Megan Otniel Didraga (2015) Global Perspectives on Accounting Information Systems: Mobile and Cloud Approach Procedia Economics and Finance Volume 20, 2015, Pages 88--93

[44]

Miklos A. Vasarhelyi, Alexander Kogan, and Brad M. Tuttle (2015) Big Data in Accounting: An Overview. Accounting Horizons: June 2015, Vol. 29, No. 2, pp. 381--396.

[45]

Howard M., Pincus J., Wing J.M. (2005) Measuring Relative Attack Surfaces. In: Lee D.T., Shieh S.P., Tygar J.D. (eds) Computer Security in the 21st Century. Springer, Boston, MA

[46]

Heumann, T., Keller, J., & Türpe, S. (2010). Quantifying the attack surface of a web application. Sicherheit 2010. Sicherheit, Schutz und Zuverlässigkeit.

[47]

Belfo F., Trigo A., 2013, Accounting Information Systems: Tradition and future directions, Procedia Technology. Vol. 9 Pages 536--546.

[48]

Nunez, M. (2012). Cyber-attacks on ERP systems. Datenschutz Und Datensicherheit-DuD, 36(9), 653--656.

[49]

Manadhata, P. K., Karabulut, Y., & Wing, J. M. (2009, February). Report: Measuring the attack surfaces of enterprise software. In International Symposium on Engineering Secure Software and Systems (pp. 91--100). Springer, Berlin, Heidelberg.

Digital Library

[50]

Petratos, P. N. (2018). Systemic Cyber Risks and Defense: Valuation, Innovation and Strategic Implications. Military Cyber Affairs, 3(2), 6.

Cited By

Olivero MBertolino ADominguez-Mayo FEscalona MMatteucci I(2024)A systematic mapping study on security for systems of systemsInternational Journal of Information Security10.1007/s10207-023-00757-023:2(787-817)Online publication date: 1-Apr-2024
https://dl.acm.org/doi/10.1007/s10207-023-00757-0
Song F(2023)Design and implementation of a process-aware accounting information system to improve business process managementApplied Mathematics and Nonlinear Sciences10.2478/amns.2023.2.000569:1Online publication date: 19-Jul-2023
https://doi.org/10.2478/amns.2023.2.00056
Ferreira FNakagawa ESantos R(2023)Towards an understanding of reliability of software-intensive systems-of-systemsInformation and Software Technology10.1016/j.infsof.2023.107186158(107186)Online publication date: Jun-2023
https://doi.org/10.1016/j.infsof.2023.107186
Show More Cited By

Index Terms

Accounting Information Systems and System of Systems: Assessing Security with Attack Surface Methodology
1. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Economics of security and privacy

Recommendations

Accounting Information Systems and ERP in the UAE: An Assessment of the Current and Future Challenges to Handle Big Data
ICCBDC '19: Proceedings of the 2019 3rd International Conference on Cloud and Big Data Computing

Accounting Information Systems (AISs) are fundamental for the recording of the accounting transactions of any company and for the preparation of financial statements, as required by the legislation on financial accounting. However, information systems ...
Information Systems: Towards a System of Information Systems
IC3K 2015: Proceedings of the International Joint Conference on Knowledge Discovery, Knowledge Engineering and Knowledge Management

Information Systems are viewed as a set of services creating a workflow of information directed to specific

groups and members. This allows individuals to share ideas and their talents with other members. In such manner, tasks can be carried out both ...
New method for assets sensitivity calculation and technical risks assessment in the information systems

One of the most important components constructing the information security management system is the risk assessment process. Information technology system risks have a direct impact on the mission of organisations. Risk assessment allows organisations to ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ICCBDC '19: Proceedings of the 2019 3rd International Conference on Cloud and Big Data Computing

August 2019

128 pages

ISBN:9781450371650

DOI:10.1145/3358505

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

In-Cooperation

Brookes: Oxford Brookes University

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 August 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ICCBDC 2019

ICCBDC 2019: 2019 3rd International Conference on Cloud and Big Data Computing

August 28 - 30, 2019

Oxford, United Kingdom

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
656
Total Downloads

Downloads (Last 12 months)23
Downloads (Last 6 weeks)1

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Olivero MBertolino ADominguez-Mayo FEscalona MMatteucci I(2024)A systematic mapping study on security for systems of systemsInternational Journal of Information Security10.1007/s10207-023-00757-023:2(787-817)Online publication date: 1-Apr-2024
https://dl.acm.org/doi/10.1007/s10207-023-00757-0
Song F(2023)Design and implementation of a process-aware accounting information system to improve business process managementApplied Mathematics and Nonlinear Sciences10.2478/amns.2023.2.000569:1Online publication date: 19-Jul-2023
https://doi.org/10.2478/amns.2023.2.00056
Ferreira FNakagawa ESantos R(2023)Towards an understanding of reliability of software-intensive systems-of-systemsInformation and Software Technology10.1016/j.infsof.2023.107186158(107186)Online publication date: Jun-2023
https://doi.org/10.1016/j.infsof.2023.107186
Shawabkah AKadir MNori WHassan H(2022)Validating The Framework of The Accounting Information Systems Components and Firm Performance: A Conceptual StudyWSEAS TRANSACTIONS ON BUSINESS AND ECONOMICS10.37394/23207.2022.19.8619(985-999)Online publication date: 4-Apr-2022
https://doi.org/10.37394/23207.2022.19.86
Dias RZacarias RVarella Jdos Santos R(2022)Investigating Information Security in Systems-of-SystemsProceedings of the XVIII Brazilian Symposium on Information Systems10.1145/3535511.3535523(1-8)Online publication date: 16-May-2022
https://dl.acm.org/doi/10.1145/3535511.3535523
Faccia APetratos P(2021)Blockchain, Enterprise Resource Planning (ERP) and Accounting Information Systems (AIS): Research on e-Procurement and System IntegrationApplied Sciences10.3390/app1115679211:15(6792)Online publication date: 23-Jul-2021
https://doi.org/10.3390/app11156792
Petratos PFaccia A(2021)Securing Energy Networks: Blockchain and Accounting Systems2021 International Conference on Electrical, Computer and Energy Technologies (ICECET)10.1109/ICECET52533.2021.9698728(1-5)Online publication date: 9-Dec-2021
https://doi.org/10.1109/ICECET52533.2021.9698728
Faccia AMoşteanu NCavaliere LSantis G(2020)The rise of online banks in Italy “WIDIBA Bank” Case StudyFinancial Markets, Institutions and Risks10.21272/fmir.4(2).80-97.20204:2(80-97)Online publication date: 2020
https://doi.org/10.21272/fmir.4(2).80-97.2020
Sawan NEltweri ADe Lucia CPio Leonardo Cavaliere LFaccia ARoxana Moşteanu N(2020)Mixed and Augmented Reality Applications in the Sport IndustryProceedings of the 2020 2nd International Conference on E-Business and E-commerce Engineering10.1145/3446922.3446932(55-59)Online publication date: 29-Dec-2020
https://dl.acm.org/doi/10.1145/3446922.3446932
Faccia ADe Lucia CEltweri ASawan NPio Leonardo Cavaliere L(2020)Extended Audit Report: Enhancing Trust and Reputation in IT Processes and across E-business IndustriesProceedings of the 2020 2nd International Conference on E-Business and E-commerce Engineering10.1145/3446922.3446927(23-27)Online publication date: 29-Dec-2020
https://dl.acm.org/doi/10.1145/3446922.3446927
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten