Systems Design Chapter 6.

Slides:



Advertisements
Similar presentations
Computer Fraud Chapter 5.
Advertisements

Computer Fraud Chapter 5.
Auditing Computer-Based Information Systems
Chapter 12 Designing System Interfaces, Controls, and Security
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
8.
Systems Analysis and Design in a Changing World, 6th Edition
Database Integrity, Security and Recovery Database integrity Database integrity Database security Database security Database recovery Database recovery.
Risks, Controls and Security Measures
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
14 Systems Analysis and Design in a Changing World, Fourth Edition.
1 Output Controls Ensure that system output is not lost, misdirected, or corrupted and that privacy is not violated. Exposures of this sort can cause serious.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Chapter 19 Security.
Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
General Ledger and Reporting System
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
INFO 355Week #61 Systems Analysis II Essentials of design INFO 355 Glenn Booker.
Chapter 10: Computer Controls for Organizations and Accounting Information Systems
Data and Database Administration
© 2013 Pearson Education, Inc. Publishing as Prentice Hall 1 CHAPTER 11: DATA AND DATABASE ADMINISTRATION Modern Database Management 11 th Edition Jeffrey.
ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.
Objectives Discuss examples of system interfaces found in information systems Define system inputs and outputs based on the requirements models of the.
Computer Based Information Systems Control UAA – ACCT 316 – Fall 2003 Accounting Information Systems Dr. Fred Barbee.
Chapter 16 Designing Effective Output. E – 2 Before H000 Produce Hardware Investment Report HI000 Produce Hardware Investment Lines H100 Read Hardware.
Security Architecture
15 Chapter 15 Design System Interfaces, Controls, and Security Systems Analysis and Design in a Changing World, 5th Edition.
1 12 Systems Analysis and Design in a Changing World, 2 nd Edition, Satzinger, Jackson, & Burd Chapter 12 Designing Systems Interfaces, Controls, and Security.
Chapter 7 Control and AIS. Threats to AIS Natural disasters –DSM flood (p. 249) Political disasters –Terrorism Cyber crime (as opposed to general terrorism)
Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 - Databases, Controls, and Security.
Chapter 5: Networks, Internet & Ecommerce IT Auditing & Assurance, 2e, Hall & Singleton.
Figures – Chapter 14. Figure 14.1 System layers where security may be compromised.
Information Systems Security Operational Control for Information Security.
Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 Databases, Controls, and Security.
1 Chpt. 12: INFORMATION SYSTEM QUALITY, SECURITY, AND CONTROL.
Data Security Assessment and Prevention AD660 – Databases, Security, and Web Technologies Marcus Goncalves Spring 2013.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Database Security Outline.. Introduction Security requirement Reliability and Integrity Sensitive data Inference Multilevel databases Multilevel security.
SESSION 14 INFORMATION SYSTEMS SECURITY AND CONTROL.
Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.
CPS ® and CAP ® Examination Review OFFICE SYTEMS AND TECHNOLOGY, Fifth Edition By Schroeder and Graf ©2005 Pearson Education, Inc. Pearson Prentice Hall.
Today’s Lecture Covers
Chapter 2 Securing Network Server and User Workstations.
© G. Dhillon Principles of IS Security Security of Technical Systems in Organizations – an introduction.
Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,
TM 13-1 Copyright © 1999 Addison Wesley Longman, Inc. Data and Database Administration.
IAD 2263: System Analysis and Design Chapter 7: Designing System Databases, Interfaces and Security.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Database Design Chapter 9 Part-2: Normalization 1.
14 Systems Analysis and Design in a Changing World, Fourth Edition.
Final Review Systems Analysis and Design in a Changing World, 4th Edition 1 Final Review u Chapters 1-6, 8-10, 13, 14, 15 u Multiple choice, short answer,
IT Audit for non-IT auditors Cornell Dover Assistant Auditor General 31 March 2013.
Copyright © 2016 Pearson Education, Inc. CHAPTER 12: DATA AND DATABASE ADMINISTRATION Modern Database Management 12 th Edition Jeff Hoffer, Ramesh Venkataraman,
TM 13-1 Copyright © 1999 Addison Wesley Longman, Inc. Data and Database Administration.
INFORMATION SYSTEMS SECURITY AND CONTROL.
Design for Security Pepper.
Chapter 11 Designing Inputs, Outputs, and Controls.
Controlling Computer-Based Information Systems, Part II
Chapter 17 Risks, Security and Disaster Recovery
APPLICATION RISK AND CONTROLS
Managing the IT Function
The Impact of Information Technology on the Audit Process
Computer-Based Processing: Developing an Audit Assessment Approach
The Impact of Information Technology on the Audit Process
Chapter 1 (pages 4-9); Overview of SDLC
Systems Analysis and Design in a Changing World, 6th Edition
INFORMATION SYSTEMS SECURITY and CONTROL
How to Mitigate the Consequences What are the Countermeasures?
SDLC Phases Systems Design.
CHAPTER 6 ELECTRONIC DATA PROCESSING SYSTEMS
Presentation transcript:

Systems Design Chapter 6

Outline Design Phase Integrity & Security Controls Describe the Environment Design Application Components Note: other tasks described in other lectures Integrity & Security Controls Integrity Input controls Output controls Fraud Recovery Security

DESIGN What is Design? ANALYSIS IMPLEMENTATION "the Bridge" "Requirements gathering" "Construction" Less user involvement More technical specialists Modeling the solution The blueprint

SDLC Phase: Design Core Process 4: Design system components Environment Application components User interfaces (Ch 8) Database (Ch 9) Software classes (Ch 12-14)

Describe the Environment Describe not define! System designer does not have control of the environment. Many times we have to conform to what is already there. Environment External Systems Communciation protocols, message formats Security methods Organization’s Technology Architecture Desktops, Mobile Devices Servers Operating Systems Networks Database Management Systems Network Diagram

Describe the Environment Location Diagram Deployment Diagram

Design Application Components a well defined unit of software that performs some function(s) Desktop Application P.O.S. System Website Mobile App

Design Application Components Package Diagram Determine major components Subsystems Packages used to group related functionality into one group/namespace Multi-Layer Design

Integrity & Security Controls

Designing Integrity Controls Input Output Recovery Fraud Security Designing Integrity Controls Input Controls - preventing erroneous data What could go wrong? Data entry errors Missing information Inaccurate & unreliable data What can we do? Value limit controls Completeness controls Data validation controls Field combination controls Other Lookup tables Check digits

Designing Integrity Controls Input Output Recovery Fraud Security Designing Integrity Controls Output Controls - ensuring that info arrives at proper destination, is accurate, current, & complete What could go wrong? Missing printed reports with sensitive data Making decisions off of incomplete reports Making decisions off of old data What can we do? Limit physical access to printers Dispose of discarded output properly Label printed output properly page 1 of 10 timestamp

Designing Integrity Controls Input Output Recovery Fraud Security Designing Integrity Controls Backups & Recovery, Redundancies - protecting from data loss What could go wrong? Destruction of data due to: Human error Hardware failure Disaster Malicious intent What can we do? Backup & Recovery Redundancy

Designing Integrity Controls Input Output Recovery Fraud Security Designing Integrity Controls Fraud Prevention – preventing unauthorized transactions by authorized users What could go wrong? What can we do? Separation of duties Records & Audit trails Transaction Logging Monitoring Unusual transactions Asset control Limit physical access Security Opportunity Motive Rationalization Fraud Triangle

Designing Security Controls Input Output Recovery Fraud Security Designing Security Controls Access Controls – preventing unauthorized access by unauthorized users What could go wrong? Networks or systems accessed or attacked Data viewed and/or copied by unauthorized users What can we do? Access Controls Authentication Authorization Data Encryption Symmetric vs Asymmetric Public key encryption Digital Signatures & Certificates Secure Transactions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.