Zulhizam Bin Ebrahim 4092007721 Mohd Shamir Bin Abd Azia 4092007261 Muhammad Salehin Bin Suhaimi 4123014302.

Slides:

Advertisements

Similar presentations

Management Information Systems, Sixth Edition

Advertisements

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

Database Management System MIS 520 – Database Theory Fall 2001 (Day) Lecture 13.

Core Concepts of ACCOUNTING INFORMATION SYSTEMS Moscove, Simkin & Bagranoff John Wiley & Sons, Inc. Developed by: S. Bhattacharya, Ph.D. Florida Atlantic.

Auditing Computer-Based Information Systems

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Auditing Computer Systems

9 - 1 Computer-Based Information Systems Control.

Security: Playing in Safe By: Matt Hill Identification and Access Identification and Access | When Disaster Strikes | Disaster Recovery Plan | Software.

B.A. (Mahayana Studies) Introduction to Computer Science November March Safety and Security What are the main safety and security.

Chapter 17 Controls and Security Measures

Database Integrity, Security and Recovery Database integrity Database integrity Database security Database security Database recovery Database recovery.

Risks, Controls and Security Measures

THE AUDITING OF INFORMATION SYSTEMS

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

DBMS Functions Data, Storage, Retrieval, and Update

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Concepts of Database Management Seventh Edition

Concepts of Database Management Seventh Edition

Factors to be taken into account when designing ICT Security Policies

Auditing Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.

Security Equipment Equipment for preventing unauthorised access to data & information.

Prepared by:Nahed AlSalah Data Security 2 Unit 19.

Chapter 10: Authentication Guide to Computer Network Security.

Disaster Planning and Security Policies. Threats to data DeliberateTerrorism Criminal vandalism/sabotage White collar crime Accidental Floods and fire,

Chapter 10: Computer Controls for Organizations and Accounting Information Systems

Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the.

Evolving IT Framework Standards (Compliance and IT)

Computer Based Information Systems Control UAA – ACCT 316 – Fall 2003 Accounting Information Systems Dr. Fred Barbee.

The Islamic University of Gaza

Concepts of Database Management Sixth Edition

Chapter 13 Processing Controls. Operating System Integrity Operating system -- the set of programs implemented in software/hardware that permits sharing.

Core Concepts of ACCOUNTING INFORMATION SYSTEMS Moscove, Simkin & Bagranoff John Wiley & Sons, Inc. Developed by: Marianne Bradford, Ph.D. Bryant College.

Concepts of Database Management Sixth Edition

The University of Akron Dept of Business Technology Computer Information Systems DBMS Functions 2440: 180 Database Concepts Instructor: Enoch E. Damson.

Concepts of Database Management Eighth Edition

Risks, Security, and Disaster Recovery

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

Physical ways of keeping your system secure. Unit 7 – Assignment 2. (Task1) By, Rachel Fiveash.

Security PoliciesIT3 Security Policies. IT3 All companies adopt ICT Security Policies to protect themselves against:- Bad publicity Security threats Loss.

D ATABASE A DMINISTRATION L ECTURE N O 3 Muhammad Abrar.

Database Security Outline.. Introduction Security requirement Reliability and Integrity Sensitive data Inference Multilevel databases Multilevel security.

Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.

SECURITY OF DATA By: ADRIAN PERHAM. Issues of privacy; Threats to IT systems; Data integrity; Standard clerical procedures; Security measures taken to.

Chapter 2 Securing Network Server and User Workstations.

Viewing Information Systems Security. The basic objectives of Information Security are the same as the basic objectives of EDP auditing. They are: 1.To.

Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,

Cmpe 471: Personnel and Legal Issues. Personnel Crime is a human issue not a technological one Hiring On-going management Unauthorised access Redundancy.

MBA 664 Database Management Dave Salisbury ( )

IS 630 : Accounting Information Systems Auditing Computer-based Information Systems Lecture 10.

Topic 8 – Security Methods 1)TechMed scenario covers Security methods and devices, including biometrics In the scenario: Implied.

Protecting Data. Privacy Everyone has a right to privacy Data is held by many organisations –Employers –Shops –Banks –Insurance companies –etc.

Chapter 3-Auditing Computer-based Information Systems.

Management Information Systems by Prof. Park Kyung-Hye Chapter 14 (15th Week) Risks, Security, and Disaster Recovery 14.

UNIT V Security Management of Information Technology.

ISMS Information Security Management System

Chapter 17 Risks, Security and Disaster Recovery

Managing the IT Function

IT effective auditing in MIS and prevention

Security Measures Module 7 Section 1.

Planning and Security Policies

County HIPAA Review All Rights Reserved 2002.

Security of Data

Implementation of security elements in database

INFORMATION SYSTEMS IN ORGANIZATIONS

G061 - Network Security.

Presentation transcript:

Zulhizam Bin Ebrahim Mohd Shamir Bin Abd Azia Muhammad Salehin Bin Suhaimi

Management Information Systems, Sixth Edition2  Controls: constraints and restrictions imposed on a user or a system ◦ Controls can be used to secure against risks ◦ Controls are also used to ensure that nonsensical data is not entered  Controls can reduce damage caused to systems, application, and data

Management Information Systems, Sixth Edition3

4  A reliable application is one that can resist inappropriate usage such as incorrect data entry or processing ◦ The application should provide clear messages when errors or deliberate misuses occur  Controls also translate business policies into system features

Management Information Systems, Sixth Edition5  Backup: periodic duplication of all data  Redundant Arrays of Independent Disks (RAID): set of disks programmed to replicate stored data  Data must be routinely transported off-site as protection from a site disaster  Some companies specialize in data backup services or backup facilities for use in the event of a site disaster

Management Information Systems, Sixth Edition6  Access controls: measures taken to ensure only authorized users have access to a computer, network, application, or data ◦ Physical locks: lock the equipment in a secure facility ◦ Software locks: determine who is authorized  Three types of access controls: ◦ What you know: access codes, such as user ID and password ◦ What you have: requires special devices ◦ Who you are: unique physical characteristics

Management Information Systems, Sixth Edition7  Access codes and passwords are usually stored in the OS or in a database  Security card is more secure than a password ◦ Allows two-factor access  Biometric: uses unique physical characteristics such as fingerprints, retinal scans, or voiceprints  Up to 50% of help desk calls are from people who have forgotten their passwords ◦ Biometrics can eliminate these kinds of calls

Management Information Systems, Sixth Edition8  Atomic transaction: a set of indivisible transactions ◦ All of the transactions in the set must be completely executed, or none can be ◦ Ensures that only full entry occurs in all the appropriate files to guarantee integrity of the data ◦ Is also a control against malfunction and fraud

Management Information Systems, Sixth Edition9

10  Audit trail: a series of documented facts that help detect who recorded which transactions, at what time, and under whose approval ◦ Sometimes automatically created using data and timestamps  Certain policy and audit trail controls are required in some countries  Information systems auditor: a person whose job is to find and investigate fraudulent cases