SESSION 14 INFORMATION SYSTEMS SECURITY AND CONTROL.

Slides:



Advertisements
Similar presentations
Security and Control Soetam Rizky. Why Systems Are Vulnerable ?
Advertisements

14.1 © 2004 by Prentice Hall INFORMATIONSYSTEMS SECURITY AND CONTROL.
Crime and Security in the Networked Economy Part 4.
Auditing Computer-Based Information Systems
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Auditing Computer Systems
4/15: Security & Controls in IS Systems Vulnerabilities Controls: what to use to guard against vulnerabilities –General controls –Application controls.
Information System Security and Control Chapter 15 © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System.
Chapter 17 Controls and Security Measures
Security+ Guide to Network Security Fundamentals
Lecture 10 Security and Control.
Lecture 10 Security and Control.
10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Risks, Controls and Security Measures
Introduction to Information Technology, 2nd Edition Turban, Rainer & Potter © 2003 John Wiley & Sons, Inc Introduction to Information Technology.
Ecommerce: Security and Control James Vickers, Boston College
14.1 © 2004 by Prentice Hall Management Information Systems 8/e Chapter 14 Information Systems Security and Control 14 INFORMATIONSYSTEMS SECURITY AND.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.1 © 2005 by Prentice Hall Information System Security.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
11.1 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality,
Misbahuddin Azzuhri SE. MM. CPHR.
Chapter 8 Security and Control.
10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.
Securing Information Systems
7.1 © 2007 by Prentice Hall 10 Chapter Securing Information Systems.
7.1 © 2007 by Prentice Hall 7 Chapter Securing Information Systems.
1 I.Assets and Treats Information System Assets That Must Be Protected People People Hardware Hardware Software Software Operating systems Operating systems.
Prepared by: Dinesh Bajracharya Nepal Security and Control.
Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
C8- Securing Information Systems
8.1 © 2007 by Prentice Hall Minggu ke 6 Chapter 8 Securing Information Systems Chapter 8 Securing Information Systems.
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
Pertemuan-14.1 © 2008 by Abdul Hayat Information Systems Security and Control INFORMATIONSYSTEMS SECURITY AND CONTROL Pertemuan 14.
11.1 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality,
12.1 © 2003 by Prentice Hall 12 ISM 6021 MIS Implementing IS Chapter.
1 Chpt. 12: INFORMATION SYSTEM QUALITY, SECURITY, AND CONTROL.
Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.
Learning Objectives Demonstrate why info systems are vulnerable to destruction, error, abuse, quality control problemsDemonstrate why info systems are.
CPS ® and CAP ® Examination Review OFFICE SYTEMS AND TECHNOLOGY, Fifth Edition By Schroeder and Graf ©2005 Pearson Education, Inc. Pearson Prentice Hall.
Chap1: Is there a Security Problem in Computing?.
Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.
Chapter 7 1Artificial Intelligent. OBJECTIVES Explain why information systems need special protection from destruction, error, and abuse Assess the business.
CPT 123 Internet Skills Class Notes Internet Security Session B.
Management Information Systems 8/e Chapter 14 Information Systems Security and Control BUILDING INFORMATION SYSTEMS SECURITY AND CONTROL.
Web Database Security Session 12 & 13 Matakuliah: Web Database Tahun: 2008.
ESTABLISHING AND MANAGING IT SECURITY Prepared by : Siti Mahani Mahmud Yong Azua Mat Zaliza Azan.
14.1 © 2003 by Prentice Hall 14 INFORMATIONSYSTEMS SECURITY AND CONTROL Chapter.
10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.
LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.
UNIT V Security Management of Information Technology.
Securing Information Systems
Information Systems Security
Securing Information Systems
INFORMATION SYSTEMS SECURITY AND CONTROL.
INFORMATION SYSTEMS SECURITY & CONTROL
Chapter 17 Risks, Security and Disaster Recovery
Securing Information Systems
Computer-Based Processing: Developing an Audit Assessment Approach
Chapter 10 Security and Control.
Systems Design Chapter 6.
Control , Audit & Security of Information
INFORMATION SYSTEMS SECURITY and CONTROL
Information Systems Security and Control
Presentation transcript:

SESSION 14 INFORMATION SYSTEMS SECURITY AND CONTROL

Advances in telecommunications and computer softwareAdvances in telecommunications and computer software Unauthorized access, abuse, or fraudUnauthorized access, abuse, or fraud HackersHackers Denial of service attackDenial of service attack Computer virusComputer virus SYSTEM VULNERABILITY AND ABUSE

Disaster Destroys computer hardware, programs, data files, and other equipmentDestroys computer hardware, programs, data files, and other equipmentSecurity Prevents unauthorized access, alteration, theft, or physical damagePrevents unauthorized access, alteration, theft, or physical damage Concerns for System Builders and Users

Errors Cause computers to disrupt or destroy organization’s record-keeping and operationsCause computers to disrupt or destroy organization’s record-keeping and operations Concerns for System Builders and Users

Bugs Program code defects or errorsProgram code defects or errors Maintenance Nightmare Maintenance costs high due to organizational change, software complexity, and faulty system analysis and designMaintenance costs high due to organizational change, software complexity, and faulty system analysis and design System Quality Problems: Software and Data

The Cost of Errors over the Systems Development Cycle Figure 15-3 System Quality Problems: Software and Data

Data Quality Problems Caused due to errors during data input or faulty information system and database designCaused due to errors during data input or faulty information system and database design System Quality Problems: Software and Data

Controls Methods, policies, and proceduresMethods, policies, and procedures Ensures protection of organization’s assetsEnsures protection of organization’s assets Ensures accuracy and reliability of records, and operational adherence to management standardsEnsures accuracy and reliability of records, and operational adherence to management standards CREATING A CONTROL ENVIRONMENT Overview

General controls Establish framework for controlling design, security, and use of computer programsEstablish framework for controlling design, security, and use of computer programs Include software, hardware, computer operations, data security, implementation, and administrative controlsInclude software, hardware, computer operations, data security, implementation, and administrative controls General Controls and Application Controls CREATING A CONTROL ENVIRONMENT

Security Profiles for a Personnel System Figure 15-4 CREATING A CONTROL ENVIRONMENT

Application controls Unique to each computerized applicationUnique to each computerized application Ensure that only authorized data are completely and accurately processed by that applicationEnsure that only authorized data are completely and accurately processed by that application Include input, processing, and output controlsInclude input, processing, and output controls General Controls and Application Controls CREATING A CONTROL ENVIRONMENT

On-line transaction processing: Transactions entered online are immediately processed by computerOn-line transaction processing: Transactions entered online are immediately processed by computer Fault-tolerant computer systems: Contain extra hardware, software, and power supply componentsthat can back the system up and keep it running to prevent system failureFault-tolerant computer systems: Contain extra hardware, software, and power supply components that can back the system up and keep it running to prevent system failure Protecting the Digital Firm

High-availability computing: Tools and technologies enabling system to recover from a crashHigh-availability computing: Tools and technologies enabling system to recover from a crash Disaster recovery plan: Plan for running business in event of computer outageDisaster recovery plan: Plan for running business in event of computer outage Load balancing: Distributes large number of requests for access among multiple serversLoad balancing: Distributes large number of requests for access among multiple servers Protecting the Digital Firm

Mirroring: Duplicating all processes and transactions of server on backup server to prevent any interruptionMirroring: Duplicating all processes and transactions of server on backup server to prevent any interruption Clustering: Linking two computers together so that a second computer can act as a backup to the primary computer or speed up processingClustering: Linking two computers together so that a second computer can act as a backup to the primary computer or speed up processing Protecting the Digital Firm

Figure 15-5 Internet Security Challenges

Firewalls Prevent unauthorized users from accessing private networksPrevent unauthorized users from accessing private networks Two types: proxies and stateful inspectionTwo types: proxies and stateful inspection Intrusion Detection System Monitors vulnerable points in network to detect and deter unauthorized intrudersMonitors vulnerable points in network to detect and deter unauthorized intruders Internet Security Challenges

Encryption: Coding and scrambling of messages to prevent their being accessed without authorizationEncryption: Coding and scrambling of messages to prevent their being accessed without authorization Authentication: Ability of each party in a transaction to ascertain identity of other partyAuthentication: Ability of each party in a transaction to ascertain identity of other party Message integrity: Ability to ascertain that transmitted message has not been copied or alteredMessage integrity: Ability to ascertain that transmitted message has not been copied or altered Security and Electronic Commerce

Public Key Encryption Figure 15-6

Digital signature: Digital code attached to electronically transmitted message to uniquely identify contents and senderDigital signature: Digital code attached to electronically transmitted message to uniquely identify contents and sender Digital certificate: Attachment to electronic message to verify the sender and to provide receiver with means to encode replyDigital certificate: Attachment to electronic message to verify the sender and to provide receiver with means to encode reply Security and Electronic Commerce

Digital Certificates Figure 15-7

Criteria for determining control structure Importance of dataImportance of data Efficiency, complexity, and expense of each control techniqueEfficiency, complexity, and expense of each control technique Level of risk if a specific activity or process is not properly controlledLevel of risk if a specific activity or process is not properly controlled Developing a Control Structure: Costs and Benefits

MIS audit Identifies all controls that govern individual information systems and assesses their effectivenessIdentifies all controls that govern individual information systems and assesses their effectiveness The Role of Auditing in the Control Process

Data quality audit Survey and/or sample of filesSurvey and/or sample of files Determines accuracy and completeness of dataDetermines accuracy and completeness of data Data cleansing Correcting errors and inconsistencies in data to increase accuracyCorrecting errors and inconsistencies in data to increase accuracy Data Quality Audit and Data Cleansing