Presentation is loading. Please wait.

Presentation is loading. Please wait.

INFORMATION SYSTEMS SECURITY & CONTROL

Published byGodfrey Carter Modified over 6 years ago

Similar presentations

Presentation on theme: "INFORMATION SYSTEMS SECURITY & CONTROL"— Presentation transcript:

1 INFORMATION SYSTEMS SECURITY & CONTROL
14 INFORMATION SYSTEMS SECURITY & CONTROL

2 LEARNING OBJECTIVES DEMONSTRATE WHY INFO SYSTEMS ARE VULNERABLE TO DESTRUCTION, ERROR, ABUSE, QUALITY CONTROL PROBLEMS COMPARE GENERAL AND APPLICATION CONTROLS *

3 LEARNING OBJECTIVES DESCRIBE MEASURES TO ENSURE RELIABILITY, AVAILABILITY, SECURITY OF E-COMMERCE, DIGITAL BUSINESS PROCESSES *

4 LEARNING OBJECTIVES DESCRIBE IMPORTANT SOFTWARE QUALITY- ASSURANCE TECHNIQUES DEMONSTRATE IMPORTANCE OF AUDITING INFO SYSTEMS & SAFEGUARDING DATA QUALITY *

5 MANAGEMENT CHALLENGES
SYSTEM VULNERABILITY & ABUSE CREATING A CONTROL ENVIRONMENT ENSURING SYSTEM QUALITY *

6 SYSTEM VULNERABILITY & ABUSE
WHY SYSTEMS ARE VULNERABLE HACKERS & VIRUSES CONCERNS FOR BUILDERS & USERS SYSTEM QUALITY PROBLEMS *

7 THREATS TO INFORMATION SYSTEMS
HARDWARE FAILURE, FIRE SOFTWARE FAILURE, ELECTRICAL PROBLEMS PERSONNEL ACTIONS, USER ERRORS ACCESS PENETRATION, PROGRAM CHANGES THEFT OF DATA, SERVICES, EQUIPMENT TELECOMMUNICATIONS PROBLEMS *

8 WHY SYSTEMS ARE VULNERABLE
SYSTEM COMPLEXITY COMPUTERIZED PROCEDURES NOT ALWAYS READ OR AUDITED EXTENSIVE EFFECT OF DISASTER UNAUTHORIZED ACCESS POSSIBLE *

9 VULNERABILITIES RADIATION: Allows recorders, bugs to tap system
CROSSTALK: Can garble data HARDWARE: Improper connections, failure of protection circuits SOFTWARE: Failure of protection features, access control, bounds control FILES: Subject to theft, copying, unauthorized access *

10 VULNERABILITIES USER: Identification, authentication, subtle software modification PROGRAMMER: Disables protective features; reveals protective measures MAINTENANCE STAFF: Disables hardware devices; uses stand-alone utilities OPERATOR: Doesn’t notify supervisor, reveals protective measures *

11 HACKERS & COMPUTER VIRUSES
HACKER: Person gains access to computer for profit, criminal mischief, personal pleasure COMPUTER VIRUS: Rogue program; difficult to detect; spreads rapidly; destroys data; disrupts processing & memory *

12 COMMON COMPUTER VIRUSES
CONCEPT, MELISSA: Word documents, Deletes files FORM: Makes clicking sound, corrupts data EXPLORE.EXE: Attached to , tries to to others, destroys files MONKEY: Windows won’t run CHERNOBYL: Erases hard drive, ROM BIOS JUNKIE: Infects files, boot sector, memory conflicts *

13 ANTIVIRUS SOFTWARE SOFTWARE TO DETECT ELIMINATE VIRUSES
ADVANCED VERSIONS RUN IN MEMORY TO PROTECT PROCESSING, GUARD AGAINST VIRUSES ON DISKS, AND ON INCOMING NETWORK FILES *

14 CONCERNS FOR BUILDERS & USERS
DISASTER BREACH OF SECURITY ERRORS *

15 DISASTER LOSS OF HARDWARE, SOFTWARE, DATA BY FIRE, POWER FAILURE, FLOOD OR OTHER CALAMITY FAULT-TOLERANT COMPUTER SYSTEMS: Backup systems to prevent system failure (particularly On-line Transaction Processing) *

16 SECURITY POLICIES, PROCEDURES, TECHNICAL MEASURES TO PREVENT UNAUTHORIZED ACCESS, ALTERATION, THEFT, PHYSICAL DAMAGE TO INFORMATION SYSTEMS *

17 WHERE ERRORS OCCUR DATA PREPARATION TRANSMISSION CONVERSION
FORM COMPLETION ON-LINE DATA ENTRY KEYPUNCHING; SCANNING; OTHER INPUTS *

18 WHERE ERRORS OCCUR VALIDATION PROCESSING / FILE MAINTENANCE OUTPUT
TRANSMISSION DISTRIBUTION *

19 SYSTEM QUALITY PROBLEMS
SOFTWARE & DATA BUGS: Program code defects or errors MAINTENANCE: Modifying a system in production use; can take up to 50% of analysts’ time DATA QUALITY PROBLEMS: Finding, correcting errors; costly; tedious *

20 COST OF ERRORS DURING SYSTEMS DEVELOPMENT CYCLE
1.00 2.00 3.00 4.00 5.00 6.00 COSTS ANALYSIS PROGRAMMING POSTIMPLEMENTATION & DESIGN CONVERSION

21 CREATING A CONTROL ENVIRONMENT
CONTROLS: Methods, policies, procedures to protect assets; accuracy & reliability of records; adherence to management standards GENERAL CONTROLS APPLICATION CONTROLS *

22 GENERAL CONTROLS IMPLEMENTATION: Audit system development to assure proper control, management SOFTWARE: Ensure security, reliability of software PHYSICAL HARDWARE: Ensure physical security, performance of computer hardware *

23 GENERAL CONTROLS COMPUTER OPERATIONS: Ensure procedures consistently, correctly applied to data storage, processing DATA SECURITY: Ensure data disks, tapes protected from wrongful access, change, destruction ADMINISTRATIVE: Ensure controls properly executed, enforced SEGREGATION OF FUNCTIONS: Divide responsibility from tasks *

24 APPLICATION CONTROLS INPUT PROCESSING OUTPUT *

25 INPUT CONTROLS INPUT AUTHORIZATION: Record, monitor source documents
DATA CONVERSION: Transcribe data properly from one form to another BATCH CONTROL TOTALS: Count transactions prior to and after processing EDIT CHECKS: Verify input data, correct errors *

26 PROCESSING CONTROLS ESTABLISH THAT DATA IS COMPLETE, ACCURATE DURING PROCESSING RUN CONTROL TOTALS: Generate control totals before & after processing COMPUTER MATCHING: Match input data to master files *

27 OUTPUT CONTROLS ESTABLISH THAT RESULTS ARE ACCURATE, COMPLETE, PROPERLY DISTRIBUTED BALANCE INPUT, PROCESSING, OUTPUT TOTALS REVIEW PROCESSING LOGS ENSURE ONLY AUTHORIZED RECIPIENTS GET RESULTS *

28 SECURITY AND THE INTERNET
ENCRYPTION: Coding & scrambling messages to deny unauthorized access AUTHENTICATION: Ability to identify another party MESSAGE INTEGRITY DIGITAL SIGNATURE DIGITAL CERTIFICATE *

29 Encrypt with public key Decrypt with private key
SECURITY AND THE INTERNET PUBLIC KEY ENCRYPTION SENDER SCRAMBLED MESSAGE RECIPIENT Encrypt with public key Decrypt with private key

30 SECURITY AND THE INTERNET
DIGITAL WALLET: Software stores credit card, electronic cash, owner ID, address for e-commerce transactions SECURE ELECTRONIC TRANSACTION: Standard for securing credit card transactions on Internet *

31 SECURITY AND THE INTERNET
ELECTRONIC PAYMENT SYSTEMS CREDIT CARD-SET: Protocol for payment security ELECTRONIC CASH: Digital currency ELECTRONIC CHECK: Encrypted digital signature SMART CARD: Chip stores e-cash ELECTRONIC BILL PAYMENT: Electronic funds transfer *

32 DEVELOPING A CONTROL STRUCTURE
COSTS: Can be expensive to build; complicated to use BENEFITS: Reduces expensive errors, loss of time, resources, good will RISK ASSESSMENT: Determine frequency of occurrence of problem, cost, damage if it were to occur *

33 SYSTEM BUILDING APPROACHES
STRUCTURED METHODOLOGIES COMPUTER AIDED SOFTWARE ENGINEERING (CASE) SOFTWARE REENGINEERING *

34 STRUCTURED METHODOLOGIES
TOP DOWN, STEP BY STEP, EACH STEP BUILDS ON PREVIOUS STRUCTURED ANALYSIS STRUCTURED DESIGN STRUCTURED PROGRAMMING FLOWCHARTS *

35 STRUCTURED ANALYSIS DEFINES SYSTEM INPUTS, PROCESSES, OUTPUTS
PARTITIONS SYSTEM INTO SUBSYSTEMS OR MODULES LOGICAL, GRAPHICAL MODEL OF INFORMATION FLOW DATA FLOW DIAGRAM: Graphical display of component processes, flow of data *

36 SYMBOLS FOR DATA FLOW DIAGRAMS (DFD):
PROCESS SOURCE OR SINK FILE

37  DATA FLOW DIAGRAM: BALANCE GENERATE BILL PAYMENT FILE REPORT
CUSTOMER BALANCE REPORT MANAGER PAYMENT FILE

38 STRUCTURED ANALYSIS DATA DICTIONARY: Controlled definitions of descriptions of all data, such as variable names & types of data PROCESS SPECIFICATIONS: Describes logic of processes at module level *

39 STRUCTURED DESIGN DESIGN RULES / TECHNIQUES TO DESIGN SYSTEM, TOP DOWN IN HIERARCHICAL FASHION STRUCTURE CHART STRUCTURED PROGRAMMING MODULE SEQUENCE CONSTRUCT SELECTION CONSTRUCT *

40 HIGH LEVEL STRUCTURE CHART: HIGH LEVEL STRUCTURE CHART:
CALCULATE GROSS PAY NET PAY PAY PROCESS PAYROLL UPDATE MASTER FILE GET VALID INPUTS WRITE OUTPUTS GET VALIDATE (WHITE BOXES ARE MODULES)

41 STRUCTURED PROGRAMMING:
DISCIPLINE TO ORGANIZE, CODE PROGRAMS SIMPLIFIES CONTROL PATHS EASY TO UNDERSTAND, MODIFY MODULE HAS ONE INPUT, ONE OUTPUT *

42 STRUCTURED PROGRAMMING:
MODULE: Logical unit of program. performs specific task(s) SEQUENCE CONSTRUCT: Sequential steps or actions in program logic; streamlines flow SELECTION CONSTRUCT: IF condition R is True THEN action C ELSE action D ITERATION CONSTRUCT: WHILE Condition is True DO action E *

43 PROGRAM FLOWCHART SYMBOLS:

44 PROGRAM FLOWCHART: 2 2 1 1 START READ >$10,000 <$10,000 MORE?
PRINT >$10,000 REPORT PROCESS A <$10,000 2 MORE? PROCESS B 1 END

45 PROGRAM FLOWCHART: SEQUENCE SELECTION ITERATION PROCESS A PROCESS B
PROCESS C PROCESS D R TRUE SELECTION PROCESS E S TRUE ITERATION

46 SYSTEM FLOWCHART SYMBOLS:

47 UPDATED PAYROLL MASTER PAYROLL REPORTS & CHECKS
SYSTEM FLOWCHART: LOAD & VALIDATE COMPARE & UPDATE VALID TRANS ACTIONS PAYROLL SYSTEM TIME CARDS HUMAN RESOURCES DATA PAYROLL MASTER UPDATED PAYROLL MASTER DIRECT DEPOSITS GENERAL LEDGER PAYROLL REPORTS & CHECKS

48 COMPUTER AIDED SOFTWARE ENGINEERING (CASE)
AUTOMATION OF SOFTWARE METHODOLOGIES PRODUCES CHARTS; DIAGRAMS; SCREEN & REPORT GENERATORS; DATA DICTIONARIES; PROGRESS REPORTS; ANALYSIS; CHECKING TOOLS; CODE; DOCUMENTATION * CASE

49 COMPUTER AIDED SOFTWARE ENGINEERING (CASE)
INCREASES PRODUCTIVITY & QUALITY: ENFORCES DEVELOPMENT DISCIPLINE IMPROVES COMMUNICATION DESIGN REPOSITORY FOR OBJECTS AUTOMATES TEDIOUS TASKS AUTOMATES TESTING & CONTROL REQUIRES ORGANIZATIONAL DISCIPLINE * CASE

50 MIS AUDIT IDENTIFIES CONTROLS OF INFORMATION SYSTEMS, ASSESSES THEIR EFFECTIVENESS SOFTWARE METRICS: Objective measurements to assess system TESTING: Early, regular controlled efforts to detect, reduce errors WALKTHROUGH DEBUGGING DATA QUALITY AUDIT: Survey samples of files for accuracy, completeness *

51 INFORMATION SYSTEMS SECURITY & CONTROL
14 INFORMATION SYSTEMS SECURITY & CONTROL

Download ppt "INFORMATION SYSTEMS SECURITY & CONTROL"

Similar presentations

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
14.1 © 2004 by Prentice Hall INFORMATIONSYSTEMS SECURITY AND CONTROL.

14.1 © 2004 by Prentice Hall INFORMATIONSYSTEMS SECURITY AND CONTROL.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Auditing Computer Systems

Auditing Computer Systems
Managing Information Systems Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345.
9 - 1 Computer-Based Information Systems Control.

9 - 1 Computer-Based Information Systems Control.
16.1 16.2 LEARNING OBJECTIVES DEMONSTRATE WHY INFO SYSTEMS ARE VULNERABLE TO DESTRUCTION, ERROR, ABUSE, QUALITY CONTROL PROBLEMSDEMONSTRATE WHY INFO.

LEARNING OBJECTIVES DEMONSTRATE WHY INFO SYSTEMS ARE VULNERABLE TO DESTRUCTION, ERROR, ABUSE, QUALITY CONTROL PROBLEMSDEMONSTRATE WHY INFO.
4/15: Security & Controls in IS Systems Vulnerabilities Controls: what to use to guard against vulnerabilities –General controls –Application controls.

4/15: Security & Controls in IS Systems Vulnerabilities Controls: what to use to guard against vulnerabilities –General controls –Application controls.
Information System Security and Control Chapter 15 © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System.

Information System Security and Control Chapter 15 © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System.
Chapter 17 Controls and Security Measures

Chapter 17 Controls and Security Measures
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Auditing 81.3550 Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.

Auditing Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.
Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.1 © 2005 by Prentice Hall Information System Security.

Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.1 © 2005 by Prentice Hall Information System Security.
Copyright © 2015 Pearson Education, Inc. Processing Integrity and Availability Controls Chapter 10 10-1.

Copyright © 2015 Pearson Education, Inc. Processing Integrity and Availability Controls Chapter
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Similar presentations

Ads by Google