14.1 © 2003 by Prentice Hall 14 INFORMATIONSYSTEMS SECURITY AND CONTROL Chapter.

Slides:



Advertisements
Similar presentations
Security and Control Soetam Rizky. Why Systems Are Vulnerable ?
Advertisements

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
14.1 © 2004 by Prentice Hall INFORMATIONSYSTEMS SECURITY AND CONTROL.
Auditing Computer-Based Information Systems
Auditing Computer Systems
4/15: Security & Controls in IS Systems Vulnerabilities Controls: what to use to guard against vulnerabilities –General controls –Application controls.
Information System Security and Control Chapter 15 © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System.
Chapter 17 Controls and Security Measures
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Lecture 10 Security and Control.
Lecture 10 Security and Control.
10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Risks, Controls and Security Measures
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
14.1 © 2004 by Prentice Hall Management Information Systems 8/e Chapter 14 Information Systems Security and Control 14 INFORMATIONSYSTEMS SECURITY AND.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.1 © 2005 by Prentice Hall Information System Security.
Introduction to Systems Analysis and Design
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
11.1 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality,
Misbahuddin Azzuhri SE. MM. CPHR.
Chapter 8 Security and Control.
10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.
Securing Information Systems
7.1 © 2007 by Prentice Hall 10 Chapter Securing Information Systems.
Overview of Systems Audit
7.1 © 2007 by Prentice Hall 7 Chapter Securing Information Systems.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
1 I.Assets and Treats Information System Assets That Must Be Protected People People Hardware Hardware Software Software Operating systems Operating systems.
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
C8- Securing Information Systems
1 12 Systems Analysis and Design in a Changing World, 2 nd Edition, Satzinger, Jackson, & Burd Chapter 12 Designing Systems Interfaces, Controls, and Security.
8.1 © 2007 by Prentice Hall Minggu ke 6 Chapter 8 Securing Information Systems Chapter 8 Securing Information Systems.
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
Pertemuan-14.1 © 2008 by Abdul Hayat Information Systems Security and Control INFORMATIONSYSTEMS SECURITY AND CONTROL Pertemuan 14.
11.1 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality,
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
12.1 © 2003 by Prentice Hall 12 ISM 6021 MIS Implementing IS Chapter.
1 Chpt. 12: INFORMATION SYSTEM QUALITY, SECURITY, AND CONTROL.
SESSION 14 INFORMATION SYSTEMS SECURITY AND CONTROL.
Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.
Learning Objectives Demonstrate why info systems are vulnerable to destruction, error, abuse, quality control problemsDemonstrate why info systems are.
CPS ® and CAP ® Examination Review OFFICE SYTEMS AND TECHNOLOGY, Fifth Edition By Schroeder and Graf ©2005 Pearson Education, Inc. Pearson Prentice Hall.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Chap1: Is there a Security Problem in Computing?.
Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.
Chapter 7 1Artificial Intelligent. OBJECTIVES Explain why information systems need special protection from destruction, error, and abuse Assess the business.
Information Systems Security and Control Chapter 14.
CPT 123 Internet Skills Class Notes Internet Security Session B.
Management Information Systems 8/e Chapter 14 Information Systems Security and Control BUILDING INFORMATION SYSTEMS SECURITY AND CONTROL.
ESTABLISHING AND MANAGING IT SECURITY Prepared by : Siti Mahani Mahmud Yong Azua Mat Zaliza Azan.
10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.
LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.
Securing Information Systems
Securing Information Systems
INFORMATION SYSTEMS SECURITY AND CONTROL.
Chapter 11 Designing Inputs, Outputs, and Controls.
Controlling Computer-Based Information Systems, Part II
INFORMATION SYSTEMS SECURITY & CONTROL
Chapter 17 Risks, Security and Disaster Recovery
Securing Information Systems
Chapter 10 Security and Control.
Systems Design Chapter 6.
Control , Audit & Security of Information
INFORMATION SYSTEMS SECURITY and CONTROL
Information Systems Security and Control
Presentation transcript:

14.1 © 2003 by Prentice Hall 14 INFORMATIONSYSTEMS SECURITY AND CONTROL Chapter

14.2 © 2003 by Prentice Hall Why are information systems so vulnerable to destruction, error, abuse, and system quality problems?Why are information systems so vulnerable to destruction, error, abuse, and system quality problems? What types of controls are available for information systems?What types of controls are available for information systems? What special measures must be taken to ensure the reliability, availability and security of electronic commerce and digital business processes?What special measures must be taken to ensure the reliability, availability and security of electronic commerce and digital business processes? Essentials of Management Information Systems Chapter 14 Information Systems Security and Control OBJECTIVES

14.3 © 2003 by Prentice Hall What are the most important software quality assurance techniques?What are the most important software quality assurance techniques? Why are auditing information systems and safeguarding data quality so important?Why are auditing information systems and safeguarding data quality so important? OBJECTIVES Essentials of Management Information Systems Chapter 14 Information Systems Security and Control

14.4 © 2003 by Prentice Hall Designing systems that are neither over- controlled nor under-controlledDesigning systems that are neither over- controlled nor under-controlled Applying quality assurance standards in large systems projectsApplying quality assurance standards in large systems projects MANAGEMENT CHALLENGES Essentials of Management Information Systems Chapter 14 Information Systems Security and Control

14.5 © 2003 by Prentice Hall Advances in telecommunications and computer softwareAdvances in telecommunications and computer software Unauthorized access, abuse, or fraudUnauthorized access, abuse, or fraud HackersHackers Denial of service attackDenial of service attack Computer virusComputer virus SYSTEM VULNERABILITY AND ABUSE Essentials of Management Information Systems Chapter 14 Information Systems Security and Control Why Systems are Vulnerable

14.6 © 2003 by Prentice Hall SYSTEM VULNERABILITY AND ABUSE Essentials of Management Information Systems Chapter 14 Information Systems Security and Control Telecommunication Network Vulnerabilities Figure 14-1

14.7 © 2003 by Prentice Hall Disaster Destroys computer hardware, programs, data files, and other equipmentDestroys computer hardware, programs, data files, and other equipmentSecurity Prevents unauthorized access, alteration, theft, or physical damagePrevents unauthorized access, alteration, theft, or physical damage SYSTEM VULNERABILITY AND ABUSE Essentials of Management Information Systems Chapter 14 Information Systems Security and Control Concerns for System Builders and Users

14.8 © 2003 by Prentice Hall Errors Cause computers to disrupt or destroy organization’s record-keeping and operationsCause computers to disrupt or destroy organization’s record-keeping and operations SYSTEM VULNERABILITY AND ABUSE Essentials of Management Information Systems Chapter 14 Information Systems Security and Control Concerns for System Builders and Users

14.9 © 2003 by Prentice Hall Bugs Program code defects or errorsProgram code defects or errors Maintenance Nightmare Maintenance costs high due to organizational change, software complexity, and faulty system analysis and designMaintenance costs high due to organizational change, software complexity, and faulty system analysis and design SYSTEM VULNERABILITY AND ABUSE Essentials of Management Information Systems Chapter 14 Information Systems Security and Control System Quality Problems: Software and Data

14.10 © 2003 by Prentice Hall SYSTEM VULNERABILITY AND ABUSE Essentials of Management Information Systems Chapter 14 Information Systems Security and Control Points in the Processing Cycle where Errors can Occur Figure 14-2

14.11 © 2003 by Prentice Hall Data Quality Problems Caused due to errors during data input or faulty information system and database designCaused due to errors during data input or faulty information system and database design SYSTEM VULNERABILITY AND ABUSE Essentials of Management Information Systems Chapter 14 Information Systems Security and Control System Quality Problems: Software and Data

14.12 © 2003 by Prentice Hall SYSTEM VULNERABILITY AND ABUSE Essentials of Management Information Systems Chapter 14 Information Systems Security and Control The Cost of Errors over the Systems Development Cycle Figure 14-3

14.13 © 2003 by Prentice Hall Controls Methods, policies, and proceduresMethods, policies, and procedures Ensures protection of organization’s assetsEnsures protection of organization’s assets Ensures accuracy and reliability of records, and operational adherence to management standardsEnsures accuracy and reliability of records, and operational adherence to management standards CREATING A CONTROL ENVIRONMENT Essentials of Management Information Systems Chapter 14 Information Systems Security and Control Overview

14.14 © 2003 by Prentice Hall General controls Establish framework for controlling design, security, and use of computer programsEstablish framework for controlling design, security, and use of computer programs Include software, hardware, computer operations, data security, implementation, and administrative controlsInclude software, hardware, computer operations, data security, implementation, and administrative controls CREATING A CONTROL ENVIRONMENT Essentials of Management Information Systems Chapter 14 Information Systems Security and Control General Controls and Application Controls

14.15 © 2003 by Prentice Hall Essentials of Management Information Systems Chapter 14 Information Systems Security and Control Security Profiles for a Personnel System CREATING A CONTROL ENVIRONMENT Figure 14-4

14.16 © 2003 by Prentice Hall Application controls Unique to each computerized applicationUnique to each computerized application Include input, processing, and output controlsInclude input, processing, and output controls CREATING A CONTROL ENVIRONMENT Essentials of Management Information Systems Chapter 14 Information Systems Security and Control General Controls and Application Controls

14.17 © 2003 by Prentice Hall On-line transaction processing: Transactions entered online are immediately processed by computerOn-line transaction processing: Transactions entered online are immediately processed by computer Fault-tolerant computer systems: Contain extra hardware, software, and power supply componentsFault-tolerant computer systems: Contain extra hardware, software, and power supply components CREATING A CONTROL ENVIRONMENT Essentials of Management Information Systems Chapter 14 Information Systems Security and Control Protecting the Digital Firm

14.18 © 2003 by Prentice Hall High-availability computing: Tools and technologies enabling system to recover from a crashHigh-availability computing: Tools and technologies enabling system to recover from a crash Disaster recovery plan: Runs business in event of computer outageDisaster recovery plan: Runs business in event of computer outage Load balancing: Distributes large number of requests for access among multiple serversLoad balancing: Distributes large number of requests for access among multiple servers CREATING A CONTROL ENVIRONMENT Essentials of Management Information Systems Chapter 14 Information Systems Security and Control Protecting the Digital Firm

14.19 © 2003 by Prentice Hall Mirroring: Duplicating all processes and transactions of server on backup server to prevent any interruptionMirroring: Duplicating all processes and transactions of server on backup server to prevent any interruption Clustering: Linking two computers together so that a second computer can act as a backup to the primary computer or speed up processingClustering: Linking two computers together so that a second computer can act as a backup to the primary computer or speed up processing CREATING A CONTROL ENVIRONMENT Essentials of Management Information Systems Chapter 14 Information Systems Security and Control Protecting the Digital Firm

14.20 © 2003 by Prentice Hall Firewalls Prevent unauthorized users from accessing private networksPrevent unauthorized users from accessing private networks Two types: proxies and stateful inspectionTwo types: proxies and stateful inspection Intrusion Detection System Monitors vulnerable points in network to detect and deter unauthorized intrudersMonitors vulnerable points in network to detect and deter unauthorized intruders CREATING A CONTROL ENVIRONMENT Essentials of Management Information Systems Chapter 14 Information Systems Security and Control Internet Security Challenges

14.21 © 2003 by Prentice Hall Essentials of Management Information Systems Chapter 14 Information Systems Security and Control Figure 14-5 CREATING A CONTROL ENVIRONMENT Internet Security Challenges

14.22 © 2003 by Prentice Hall Encryption: Coding and scrambling of messages to prevent their access without authorizationEncryption: Coding and scrambling of messages to prevent their access without authorization Authentication: Ability of each party in a transaction to ascertain identity of other partyAuthentication: Ability of each party in a transaction to ascertain identity of other party Message integrity: Ability to ascertain that transmitted message has not been copied or alteredMessage integrity: Ability to ascertain that transmitted message has not been copied or altered CREATING A CONTROL ENVIRONMENT Essentials of Management Information Systems Chapter 14 Information Systems Security and Control Security and Electronic Commerce

14.23 © 2003 by Prentice Hall Digital signature: Digital code attached to electronically transmitted message to uniquely identify contents and senderDigital signature: Digital code attached to electronically transmitted message to uniquely identify contents and sender Digital certificate: Attachment to electronic message to verify the sender and to provide receiver with means to encode replyDigital certificate: Attachment to electronic message to verify the sender and to provide receiver with means to encode reply CREATING A CONTROL ENVIRONMENT Essentials of Management Information Systems Chapter 14 Information Systems Security and Control Security and Electronic Commerce

14.24 © 2003 by Prentice Hall Secure Electronic Transaction (SET): Standard for securing credit card transactions over Internet and other networksSecure Electronic Transaction (SET): Standard for securing credit card transactions over Internet and other networks CREATING A CONTROL ENVIRONMENT Essentials of Management Information Systems Chapter 14 Information Systems Security and Control Security and Electronic Commerce

14.25 © 2003 by Prentice Hall Essentials of Management Information Systems Chapter 14 Information Systems Security and Control Public Key Encryption CREATING A CONTROL ENVIRONMENT Figure 14-6

14.26 © 2003 by Prentice Hall Essentials of Management Information Systems Chapter 14 Information Systems Security and Control Digital Certificates CREATING A CONTROL ENVIRONMENT Figure 14-7

14.27 © 2003 by Prentice Hall Criteria for determining control structure Importance of dataImportance of data Efficiency, complexity, and expense of each control techniqueEfficiency, complexity, and expense of each control technique Level of risk if a specific activity or process is not properly controlledLevel of risk if a specific activity or process is not properly controlled CREATING A CONTROL ENVIRONMENT Essentials of Management Information Systems Chapter 14 Information Systems Security and Control Developing a Control Structure: Costs and Benefits

14.28 © 2003 by Prentice Hall MIS audit Identifies all controls that govern individual information systems and assesses their effectivenessIdentifies all controls that govern individual information systems and assesses their effectiveness CREATING A CONTROL ENVIRONMENT Essentials of Management Information Systems Chapter 14 Information Systems Security and Control The Role of Auditing in the Control Process

14.29 © 2003 by Prentice Hall ENSURING SYSTEM QUALITY Essentials of Management Information Systems Chapter 14 Information Systems Security and Control Sample Auditor’s List of Control Weaknesses Figure 14-8

14.30 © 2003 by Prentice Hall Development methodology: Collection of methods, for every activity within every phase of development projectDevelopment methodology: Collection of methods, for every activity within every phase of development project Structured: Refers to fact that techniques are carefully drawn up, step- by-step, with each step building on a previous oneStructured: Refers to fact that techniques are carefully drawn up, step- by-step, with each step building on a previous one ENSURING SYSTEM QUALITY Essentials of Management Information Systems Chapter 14 Information Systems Security and Control Software Quality Assurance Methodologies and Tools

14.31 © 2003 by Prentice Hall Structured analysis: Method for defining system inputs, processes, and outputs, for partitioning systems into subsystems or modulesStructured analysis: Method for defining system inputs, processes, and outputs, for partitioning systems into subsystems or modules Data Flow Diagram (DFD): Graphically illustrates system’s component processes and flow of dataData Flow Diagram (DFD): Graphically illustrates system’s component processes and flow of data ENSURING SYSTEM QUALITY Essentials of Management Information Systems Chapter 14 Information Systems Security and Control Software Quality Assurance Methodologies and Tools

14.32 © 2003 by Prentice Hall ENSURING SYSTEM QUALITY Essentials of Management Information Systems Chapter 14 Information Systems Security and Control Data Flow Diagram for Mail-in University Registration System Figure 14-9

14.33 © 2003 by Prentice Hall Structured design: Encompasses set of design rules and techniques for designing systemsStructured design: Encompasses set of design rules and techniques for designing systems Structured programming: Organizing and coding programs that simplify control pathsStructured programming: Organizing and coding programs that simplify control paths System flowchart: Graphic design tool depicting physical media and sequence of processing stepsSystem flowchart: Graphic design tool depicting physical media and sequence of processing steps ENSURING SYSTEM QUALITY Essentials of Management Information Systems Chapter 14 Information Systems Security and Control Software Quality Assurance Methodologies and Tools

14.34 © 2003 by Prentice Hall ENSURING SYSTEM QUALITY Essentials of Management Information Systems Chapter 14 Information Systems Security and Control High-Level Structure Chart For a Payroll System Figure 14-10

14.35 © 2003 by Prentice Hall ENSURING SYSTEM QUALITY Essentials of Management Information Systems Chapter 14 Information Systems Security and Control Basic Program Control Constructs Figure 14-11

14.36 © 2003 by Prentice Hall ENSURING SYSTEM QUALITY Essentials of Management Information Systems Chapter 14 Information Systems Security and Control System Flow-Chart for a Payroll System Figure 14-12

14.37 © 2003 by Prentice Hall InflexibleInflexible Time-consumingTime-consuming ENSURING SYSTEM QUALITY Essentials of Management Information Systems Chapter 14 Information Systems Security and Control Limitation of Traditional Methods

14.38 © 2003 by Prentice Hall Automation of step-by-step methodologies for software and systems developmentAutomation of step-by-step methodologies for software and systems development Reduces repetitive workReduces repetitive work Enforces standard development methodology and design disciplineEnforces standard development methodology and design discipline Improves communication between users and technical specialistsImproves communication between users and technical specialists ENSURING SYSTEM QUALITY Essentials of Management Information Systems Chapter 14 Information Systems Security and Control Computer-Aided Software Engineering (CASE)

14.39 © 2003 by Prentice Hall Organizes and correlates design componentsOrganizes and correlates design components Automates tedious and error-prone portion of analysis and design, code generation, testing, and control rolloutAutomates tedious and error-prone portion of analysis and design, code generation, testing, and control rollout ENSURING SYSTEM QUALITY Essentials of Management Information Systems Chapter 14 Information Systems Security and Control Computer-Aided Software Engineering (CASE)

14.40 © 2003 by Prentice Hall Resource allocation Determines how costs, time, and personnel are assigned to different phases of systems development projectDetermines how costs, time, and personnel are assigned to different phases of systems development project ENSURING SYSTEM QUALITY Essentials of Management Information Systems Chapter 14 Information Systems Security and Control Resource Allocation During Systems Development

14.41 © 2003 by Prentice Hall Objective assessment of software used in the system in form of quantified measurementsObjective assessment of software used in the system in form of quantified measurements ENSURING SYSTEM QUALITY Essentials of Management Information Systems Chapter 14 Information Systems Security and Control Software Metrics

14.42 © 2003 by Prentice Hall Walkthrough: Review of specification or design document by small group of peopleWalkthrough: Review of specification or design document by small group of people Debugging: Process of discovering and eliminating errors and defects in program codeDebugging: Process of discovering and eliminating errors and defects in program code ENSURING SYSTEM QUALITY Essentials of Management Information Systems Chapter 14 Information Systems Security and Control Testing

14.43 © 2003 by Prentice Hall Data quality audit Survey and/or sample of filesSurvey and/or sample of files Determines accuracy and completeness of dataDetermines accuracy and completeness of data Data cleansing Correcting errors and inconsistencies in data to increase accuracyCorrecting errors and inconsistencies in data to increase accuracy ENSURING SYSTEM QUALITY Essentials of Management Information Systems Chapter 14 Information Systems Security and Control Data Quality Audit and Data Cleansing

14.44 © 2003 by Prentice Hall 14 INFORMATIONSYSTEMS SECURITY AND CONTROL Chapter

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.