11.1 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality,

Slides:



Advertisements
Similar presentations
Security and Control Soetam Rizky. Why Systems Are Vulnerable ?
Advertisements

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
14.1 © 2004 by Prentice Hall INFORMATIONSYSTEMS SECURITY AND CONTROL.
Crime and Security in the Networked Economy Part 4.
Auditing Computer-Based Information Systems
Auditing Computer Systems
Auditing Computer-Based Information Systems
Managing Information Systems Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345.
4/15: Security & Controls in IS Systems Vulnerabilities Controls: what to use to guard against vulnerabilities –General controls –Application controls.
Information System Security and Control Chapter 15 © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System.
Chapter 17 Controls and Security Measures
Lecture 10 Security and Control.
Lecture 10 Security and Control.
10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Risks, Controls and Security Measures
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Fundamentals of Information Systems, Second Edition
14.1 © 2004 by Prentice Hall Management Information Systems 8/e Chapter 14 Information Systems Security and Control 14 INFORMATIONSYSTEMS SECURITY AND.
Chapter 1 Assuming the Role of the Systems Analyst
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.1 © 2005 by Prentice Hall Information System Security.
Introduction to Systems Analysis and Design
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.
11.1 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality,
Chapter 8 Security and Control.
10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.
Securing Information Systems
Chapter 17: Computer Audits ACCT620 Internal Accounting Otto Chang Professor of Accounting.
14. CONTROLLING INFORMATION SYSTEMS 14. CONTROLLING INFORMATION SYSTEMS 14.1.
1 I.Assets and Treats Information System Assets That Must Be Protected People People Hardware Hardware Software Software Operating systems Operating systems.
Prepared by: Dinesh Bajracharya Nepal Security and Control.
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
C8- Securing Information Systems
8.1 © 2007 by Prentice Hall Minggu ke 6 Chapter 8 Securing Information Systems Chapter 8 Securing Information Systems.
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
Pertemuan-14.1 © 2008 by Abdul Hayat Information Systems Security and Control INFORMATIONSYSTEMS SECURITY AND CONTROL Pertemuan 14.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Discovering Computers Fundamentals Fifth Edition Chapter 9 Database Management.
1 Chpt. 12: INFORMATION SYSTEM QUALITY, SECURITY, AND CONTROL.
SESSION 14 INFORMATION SYSTEMS SECURITY AND CONTROL.
Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.
Fundamentals of Information Systems, Second Edition 1 Systems Development.
Learning Objectives Demonstrate why info systems are vulnerable to destruction, error, abuse, quality control problemsDemonstrate why info systems are.
CPS ® and CAP ® Examination Review OFFICE SYTEMS AND TECHNOLOGY, Fifth Edition By Schroeder and Graf ©2005 Pearson Education, Inc. Pearson Prentice Hall.
Chap1: Is there a Security Problem in Computing?.
Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.
Chapter 7 1Artificial Intelligent. OBJECTIVES Explain why information systems need special protection from destruction, error, and abuse Assess the business.
Information Systems Security and Control Chapter 14.
CONTROLLING INFORMATION SYSTEMS
CPT 123 Internet Skills Class Notes Internet Security Session B.
Management Information Systems 8/e Chapter 14 Information Systems Security and Control BUILDING INFORMATION SYSTEMS SECURITY AND CONTROL.
14.1 © 2003 by Prentice Hall 14 INFORMATIONSYSTEMS SECURITY AND CONTROL Chapter.
10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.
LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.
Securing Information Systems
Securing Information Systems
INFORMATION SYSTEMS SECURITY AND CONTROL.
Chapter 11 Designing Inputs, Outputs, and Controls.
INFORMATION SYSTEMS SECURITY & CONTROL
Chapter 17 Risks, Security and Disaster Recovery
Securing Information Systems
Chapter 10 Security and Control.
INFORMATION SYSTEMS SECURITY and CONTROL
Information Systems Security and Control
Presentation transcript:

11.1 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control INFORMATION SYSTEMS SECURITY, QUALITY, AND CONTROL

11.2 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control Why are information systems so vulnerable to destruction, error, abuse, and system quality problems?Why are information systems so vulnerable to destruction, error, abuse, and system quality problems? What types of controls are available for information systems?What types of controls are available for information systems? continued OBJECTIVES

11.3 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control What special measures must be taken to ensure the reliability, availability, and security of electronic commerce and digital business processes?What special measures must be taken to ensure the reliability, availability, and security of electronic commerce and digital business processes? What are the most important software quality assurance techniques?What are the most important software quality assurance techniques? Why are auditing information systems and safeguarding data quality so important?Why are auditing information systems and safeguarding data quality so important? OBJECTIVES (continued)

11.4 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control THE WORLD TRADE CENTER DISASTER: WHO WAS PREPARED?

11.5 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control 1.Designing systems that are neither overcontrolled nor undercontrolled 2.Applying quality assurance standards in large systems projects MANAGEMENT CHALLENGES

11.6 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control Advances in telecommunications and computer softwareAdvances in telecommunications and computer software Unauthorized access, abuse, or fraudUnauthorized access, abuse, or fraud HackersHackers Denial of service attackDenial of service attack Computer virusesComputer viruses 11.1 SYSTEM VULNERABILITY AND ABUSE Why Systems are Vulnerable

11.7 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control 11.1 SYSTEM VULNERABILITY AND ABUSE Why Systems are Vulnerable

11.8 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control 11.1 SYSTEM VULNERABILITY AND ABUSE Why Systems are Vulnerable

11.9 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control 11.1 SYSTEM VULNERABILITY AND ABUSE Why Systems are Vulnerable Hackers A person who gains unauthorized access to a computer network for profit, criminal mischief, or personal pleasureA person who gains unauthorized access to a computer network for profit, criminal mischief, or personal pleasure Denial of Service (DOS) AttackDenial of Service (DOS) Attack –Flooding a network server or Web server with false communications or requests for services in order to crash the network Computer Viruses Rogue software programs that spread rapidly through computer systems, causing damageRogue software programs that spread rapidly through computer systems, causing damage

11.10 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control 11.1 SYSTEM VULNERABILITY AND ABUSE Why Systems are Vulnerable

11.11 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control Disaster Destroys computer hardware, programs, data files, and other equipmentDestroys computer hardware, programs, data files, and other equipmentSecurity Prevents unauthorized access, alteration, theft, or physical damagePrevents unauthorized access, alteration, theft, or physical damageErrors Cause computers to disrupt or destroy organization’s record-keeping and operationsCause computers to disrupt or destroy organization’s record-keeping and operations Concerns for System Developers and Users 11.1 SYSTEM VULNERABILITY AND ABUSE

11.12 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control Concerns for System Builders and Users 11.1 SYSTEM VULNERABILITY AND ABUSE System Quality Problems: Software and Data Bugs and DefectsBugs and Defects –Program code defects or errors The Maintenance NightmareThe Maintenance Nightmare –Maintenance costs high due to organizational change, software complexity, and faulty system analysis and design Data Quality ProblemsData Quality Problems

11.13 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control Concerns for System Builders and Users 11.1 SYSTEM VULNERABILITY AND ABUSE

11.14 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control Controls Methods, policies, and procedures that ensure protection of organization’s assetsMethods, policies, and procedures that ensure protection of organization’s assets Ensure accuracy and reliability of records, and operational adherence to management standardsEnsure accuracy and reliability of records, and operational adherence to management standards CREATING A CONTROL ENVIRONMENT

11.15 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control General Controls Establish framework for controlling design, security, and use of computer programsEstablish framework for controlling design, security, and use of computer programs Application Controls Unique to each computerized applicationUnique to each computerized application Include input, processing, and output controlsInclude input, processing, and output controls General Controls and Application Controls CREATING A CONTROL ENVIRONMENT

11.16 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control General Controls and Application Controls CREATING A CONTROL ENVIRONMENT

11.17 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control General Controls and Application Controls General Controls and Data Security Data Security ControlsData Security Controls –Controls to ensure that data files on tape or disk are not subject to unauthorized access, change, or destruction Administrative ControlsAdministrative Controls –Formalized standards, rules, procedures, and disciplines to ensure that the organization’s controls are properly executed and enforced CREATING A CONTROL ENVIRONMENT

11.18 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control General Controls and Application Controls CREATING A CONTROL ENVIRONMENT

11.19 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control General Controls and Application Controls Application ControlsApplication Controls –Input Controls Procedures to check data for accuracy and completeness when they enter the systemProcedures to check data for accuracy and completeness when they enter the system –Processing Controls Routines for establishing that data are complete and accurate during updatingRoutines for establishing that data are complete and accurate during updating –Output Controls Measures that ensure that the results of computer processing are accurate, complete, and properly distributedMeasures that ensure that the results of computer processing are accurate, complete, and properly distributed CREATING A CONTROL ENVIRONMENT

11.20 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control General Controls and Application Controls CREATING A CONTROL ENVIRONMENT

11.21 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control Online Transaction Processing:Online Transaction Processing: – –Transactions entered online are immediately processed by computer Fault-Tolerant Computer Systems:Fault-Tolerant Computer Systems: – –Contain extra hardware, software, and power supply components to provide continuous uninterrupted service High-Availability Computing:High-Availability Computing: – –Tools and technologies enabling system to recover quickly from a crash Protecting the Digital Firm CREATING A CONTROL ENVIRONMENT

11.22 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control Protecting the Digital Firm CREATING A CONTROL ENVIRONMENT Disaster Recovery Plan:Disaster Recovery Plan: – –Plan for running the business in event of computer outage – –Organizational procedures as well as backup, storage, and database capabilities Load Balancing:Load Balancing: – –Distributes large number of requests for access among multiple servers

11.23 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control Mirroring:Mirroring: – –Duplicating all processes and transactions of server on backup server to prevent any interruption in service Clustering:Clustering: – –Linking two computers together so that a second computer can act as a backup to the primary computer or speed up processing Management Service Providers (MSPs)Management Service Providers (MSPs) – –Company that provides services to subscribers Protecting the Digital Firm CREATING A CONTROL ENVIRONMENT

11.24 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control Internet Security Challenges FirewallsFirewalls – –Prevent unauthorized users from accessing private networks – –Two types: proxies and stateful inspection Intrusion Detection SystemIntrusion Detection System – –Monitors vulnerable points in network to detect and deter unauthorized intruders CREATING A CONTROL ENVIRONMENT Protecting the Digital Firm

11.25 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control CREATING A CONTROL ENVIRONMENT Protecting the Digital Firm

11.26 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control Security and E-Commerce Encryption:Encryption: – –Coding and scrambling of messages to prevent their access without authorization Authentication:Authentication: – –Ability of each party in a transaction to ascertain identity of other party Message Integrity:Message Integrity: – –Ability to ascertain that a transmitted message has not been copied or altered CREATING A CONTROL ENVIRONMENT Protecting the Digital Firm

11.27 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control Security and E-Commerce Digital Signature:Digital Signature: – –Digital code attached to an electronically transmitted message to uniquely identify contents and sender Digital Certificate:Digital Certificate: – –Attachment to electronic message to verify the sender and to provide receiver with means to encode reply CREATING A CONTROL ENVIRONMENT Protecting the Digital Firm

11.28 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control CREATING A CONTROL ENVIRONMENT Protecting the Digital Firm

11.29 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control CREATING A CONTROL ENVIRONMENT Protecting the Digital Firm Figure 11.8: Digital Certificates

11.30 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control Criteria for Determining Control Structure Importance of dataImportance of data Efficiency, complexity, and expense of each control techniqueEfficiency, complexity, and expense of each control technique Level of risk if a specific activity or process is not properly controlledLevel of risk if a specific activity or process is not properly controlled Developing a Control Structure: Costs and Benefits CREATING A CONTROL ENVIRONMENT

11.31 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control Developing a Control Structure: Costs and Benefits CREATING A CONTROL ENVIRONMENT

11.32 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control MIS Audit Identifies all controls that govern individual information systems and assesses their effectivenessIdentifies all controls that govern individual information systems and assesses their effectiveness The Role of Auditing in the Control Process CREATING A CONTROL ENVIRONMENT

11.33 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control The Role of Auditing in the Control Process CREATING A CONTROL ENVIRONMENT

11.34 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control Development Methodology: Collection of methods for every activity within every phase of development projectDevelopment Methodology: Collection of methods for every activity within every phase of development project Structured: Refers to fact that techniques are carefully drawn up, step- by-step, with each step building on a previous oneStructured: Refers to fact that techniques are carefully drawn up, step- by-step, with each step building on a previous one ENSURING SYSTEM QUALITY Software Quality Assurance Methodologies and Tools

11.35 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control Structured Analysis:Structured Analysis: – –Method for defining system inputs, processes, and outputs, for partitioning systems into subsystems or modules Data Flow Diagram (DFD):Data Flow Diagram (DFD): – –Primary tool for structured analysis – –Graphically illustrates system’s component processes and flow of data Process specificationsProcess specifications – –Describe logic of the processes in the lowest levels of a DFD Software Quality Assurance Methodologies and Tools ENSURING SYSTEM QUALITY

11.36 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control Structured Design:Structured Design: – –Encompasses set of design rules and techniques for designing systems from top down Structure Chart:Structure Chart: – –System documentation showing each level of design Software Quality Assurance Methodologies and Tools ENSURING SYSTEM QUALITY

11.37 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control Software Quality Assurance Methodologies and Tools ENSURING SYSTEM QUALITY

11.38 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control Software Quality Assurance Methodologies and Tools ENSURING SYSTEM QUALITY Structured Programming:Structured Programming: –Discipline for organizing and coding programs that simplifies control paths –Allows programs to be understood and modified –Modules have only one entry and exit point

11.39 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control Software Quality Assurance Methodologies and Tools ENSURING SYSTEM QUALITY

11.40 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control Limitations of Traditional Methods InflexibleInflexible Time-consumingTime-consuming ENSURING SYSTEM QUALITY Software Quality Assurance Methodologies and Tools

11.41 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control 11.3 ENSURING SYSTEM QUALITY Tools and Methodologies for Object- Oriented Development Unified Modeling Language (UML):Unified Modeling Language (UML): –has become industry standard for analyzing and designing object-oriented systems Software Quality Assurance Methodologies and Tools

11.42 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control Computer-Aided Software Engineering (CASE) Enforces standard development methodology and design discipline Improves communication between users and technical specialists Organizes and correlates design components and provides rapid access to them via a design repository Automates tedious and error-prone portions of analysis and design Automates code generation, testing and rollout ENSURING SYSTEM QUALITY Software Quality Assurance Methodologies and Tools

11.43 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control ENSURING SYSTEM QUALITY Software Quality Assurance Methodologies and Tools Resource Allocation During Systems Development Determines how costs, time, and personnel are assigned to different phases of systems development projectDetermines how costs, time, and personnel are assigned to different phases of systems development project

11.44 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control ENSURING SYSTEM QUALITY Software Quality Assurance Methodologies and Tools Software Metrics Objective assessment of software used in the system in form of quantified measurementsObjective assessment of software used in the system in form of quantified measurements

11.45 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control Testing Walkthrough:Walkthrough: –Review of specification or design document by small group of people Debugging:Debugging: –Process of discovering and eliminating errors and defects (bugs) in program code 11.3 ENSURING SYSTEM QUALITY Software Quality Assurance Methodologies and Tools

11.46 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control Data Quality Audit: Determines accuracy and completeness of data Methods:Methods: – –Survey of end users for their perceptions of data quality – –Survey entire data files – –Survey samples from data files Data Cleansing: Correcting errors and inconsistencies in data to increase accuracy ENSURING SYSTEM QUALITY Data Quality Audit and Data Cleansing

11.47 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control INFORMATION SYSTEMS SECURITY, QUALITY, AND CONTROL

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.