Presentation is loading. Please wait.

Presentation is loading. Please wait.

IS 425 Enterprise Information LECTURE 3 Winter 2006-2007.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "IS 425 Enterprise Information LECTURE 3 Winter 2006-2007."— Presentation transcript:

1 IS 425 Enterprise Information LECTURE 3 Winter 2006-2007

2 IS425 Winter 2004-2005Session 32 Agenda IT architecture & infrastructure (cont.) Exercise reviewing Week 2 materials Risk Management Analysis Primer Software Development / Architecting Security Disaster Recovery

3 IS425 Winter 2004-2005Session 33

4 IS425 Winter 2004-2005Session 34

5 IS425 Winter 2004-2005Session 35 Hot Topics from Week 2 Web 2.0 Storage consolidation –server virtualization Staffing for PM positions E-commerce Business intelligence (data mining) Quality assurance IT information management IT staffing with business knowledge Growing the business Information & data security, identity management Disaster recovery Service oriented architecture Portfolio management IT offshore outsourcing and IT skills Service oriented architecture Regulatory Compliance Reduce architecture complexity Information and data security Software as service

6 IS425 Winter 2004-2005Session 36 Exercise How do you reconcile the issue rankings below from 1996 to the “hot topics” that we discussed last week? What pressures are different and what pressures are the same for the issues and topics? 1. Building a responsive IT infrastructure 2. Facilitating and Managing Business Process Redesign 3. Developing and managing distributed systems 4. Developing and implementing an information architecture 5. Planning and managing communication networks 6. Improving the effectiveness of software development 7. Making effective use of the data resource 8. Recruiting and developing IS human resources 9. Aligning the IS organization within the enterprise 10. Improving IS strategic planning 11. Implementing and managing collaborative support systems 12. Measuring IS effectiveness and productivity

7 IS425 Winter 2004-2005Session 37 The Debate Discussion Forum “Debate Topics”. If you have a topic that you would like to debate – add a message giving a short description of the topic. If you see a topic that interests you particularly – reply to the topic message stating you are interested giving your section number and your group’s name.

8 IS425 Winter 2004-2005Session 38 This Session Software engineering/architecting is about ensuring that certain thing happen Security engineering is about ensuring that certain things do NOT happen

9 IS425 Winter 2004-2005Session 39 Risk Management Analysis Primer A process for assessing threats and determining which ones to ignore, reduce, eliminate level of feasible support for efforts to reduce and eliminate

10 IS425 Winter 2004-2005Session 310 Risk Management Analysis Primer Expected Loss or EL = P1 x P2 x L where: P1 = Probability of attack P2 = Probability attack is successful L = Loss occurring is attack is successful PC = Prevention costs If EL < PC then ignore If EL > PC then investing in PC is reasonable

11 IS425 Winter 2004-2005Session 311 Risk Analysis Steps

12 IS425 Winter 2004-2005Session 312 Enterprise Architecture Business (process) architecture Business strategy Governance Organization Key business processes (BPs) Information Technology (IT) architecture Software infrastructure supporting BPs Information (Data) architecture Logical and physical data assets Data management resources Software/Application architecture Internal physical structure Problem models to aid developing implementation-independent models

13 IS425 Winter 2004-2005Session 313 Software Development/Architecting The design on a system from multiple viewpoints – some common are: Technology stack (physical) view Object (data) view Use (behavioral) view But need to see attributes such as: Modifiability, Build-ability, Security, Reliability, Performance, Business-oriented qualities.

14 IS425 Winter 2004-2005Session 314 Software Development/Architecting The architectural view is a component or subsystem view of the system Module approach where a module is something that can be replaced by another implementation without causing other elements to change. Relatively small amounts of information are exchanged between modules. Modules are loosely coupled Allows concurrent development

15 IS425 Winter 2004-2005Session 315 Software Development/Architecting Software Architecture definitions-- 1. the description of the elements that compose the system, their interactions, the patterns and principles that guide their composition and design, and the constraints on those patterns. 2. The observable properties of a software system (aka the form of the system) including: 1. Static forms 2. Dynamic forms 3. Encompasses OO and Analysis methodologies Software Architecting means process of creating software architectures.

16 IS425 Winter 2004-2005Session 316 Software Development/Architecting VIEWS have PHASES which Distinct – once completed Never Overlap Contain ACTIVITIES which Overlap Repeat Can contain many non-decomposable STEPS Part of problem-specific TASKS

17 IS425 Winter 2004-2005Session 317 Software Product Life Cycle Management View Software Engineering View Engineering Design View Architectural View

18 IS425 Winter 2004-2005Session 318 Management View Phases constitute a development cycle Inception when need identified Gathering or capturing requirements aka specification of requirements Construction when product is implemented (coded), unit tested & system tested When transitioned to users--

19 IS425 Winter 2004-2005Session 319 Software Engineering View Multiple chains of activities running concurrently & overlapping Inputs to activities are “whats” Outputs are “hows” RAS – understand the actual problems Design – transforming reqs into a technically feasible solution I & T – source code D & M – to users

20 IS425 Winter 2004-2005Session 320 Engineering Design View Taken from mechanical engineering Phases are sequential but can be overlapping Information flows from phase to phase PP –problem is defined and req list created CD –problem analyzed and solution concepts created/revised ED –main design or draft design DD –physical arrangement, dimensions and other material properties are specified

21 IS425 Winter 2004-2005Session 321 Architectural View Phases are sequential and milestone driven Product planning and study the entire enterprise context DA- understand completely needs of acquirers and users SD- prepares the architectural-level design DD- refining the architectural description and selecting among alternative designs BP- construct system

22 IS425 Winter 2004-2005Session 322 Source: Verdon & McGraw: Risk analysis in software design, IEEE Security & Privacy, July 2004

23 IS425 Winter 2004-2005Session 323 Source: Verdon & McGraw: Risk analysis in software design, IEEE Security & Privacy, July 2004

24 IS425 Winter 2004-2005Session 324 Pulling It Together If firms are trying to minimize costs why would they embrace “software architecting”? Is there a possible relationship between software architecting and the value chain? Is this type of software architecture prevalent now? What kind of risk analysis can be done on a software development project?

25 IS425 Winter 2004-2005Session 325 Security Engineering Definition == building systems to remain dependable in the face of Malice Error Mischance. To mitigate, reduce, the effects of threats Unintentional Intentional

26 IS425 Winter 2004-2005Session 326 Security Threats

27 IS425 Winter 2004-2005Session 327 General Controls Physical controls Physical design of data center to limit access and protect from elements Access controls Restriction of unauthorized user access to a system Data Security controls Protecting data From disclosure to unauthorized persons From destruction/modification by unauthorized Administrative Controls Issuing guidelines / monitoring compliance Programming Controls Development/Testing standards and procedures Application Controls Inputs/Processing/Output

28 IS425 Winter 2004-2005Session 328 Source: Verdon & McGraw: Risk analysis in software design, IEEE Security & Privacy, July 2004

29 IS425 Winter 2004-2005Session 329 What is the appropriate level? Source: Chokhani: Trusted products evaluation, CACM, july 92 NCSC Guidelines

30 IS425 Winter 2004-2005Session 330 Source: Chokhani: Trusted products evaluation, CACM, july 92

31 IS425 Winter 2004-2005Session 331 Security Engineering Tools Protocols Passwords Access controls Cryptography Distributed Systems Monitoring Systems

32 IS425 Winter 2004-2005Session 332 Encryption & Transaction Security Secret vs. Public Key Encryption Secret-Key Encryption (single key) Symmetric encryption, DES Use a shared secret key for encryption and decryption Key distribution & disclosure fast, for bulk data encryption Public-Key Encryption (Pair of keys) Asymmetric encryption, RSA (Rivest, Shamin, Adlemann) Private/Public keys Need digital certificates and trusted 3rd parties Slower For less demanding applications

33 IS425 Winter 2004-2005Session 333 Network Protection To protect Internet and E-Commerce Most common security measures are: Access control (PINs) Encryption Cable testers with protocol analyzers Firewall systems that enforce access control between two networks

34 IS425 Winter 2004-2005Session 334 Internet security Consumers entering highly confidential information Number of security attacks increasing Four requirements of a secure transaction Privacy – information not read by third party Integrity – information not compromised or altered Authentication – sender and receiver prove identities Non-repudiation – legally prove message was sent and received Availability Computer systems continually accessible

35 IS425 Winter 2004-2005Session 335 Disaster Recovery Planning Purpose is to keep business running after a disaster. Backups –onsite and offsite Offsite computing arrangements made in advance with hot-site vendors Offsite office arrangement made in advance with cold-site vendors Critical applications identified and recovery procedures addressed Written plan kept in several locations

36 IS425 Winter 2004-2005Session 336 Pulling It Together What kind of aptitude does a security engineer need? What skills does a security engineer need? What kind of aptitude does a software engineer need? What skills does a software architect need? Are they different?

37 IS425 Winter 2004-2005Session 337 Quiz Next Week DL students should download the quiz from COL. Complete the form and then submit it on COL.

Download ppt "IS 425 Enterprise Information LECTURE 3 Winter 2006-2007."

Similar presentations

Ch:8 Design Concepts S.W Design should have following quality attribute: Functionality Usability Reliability Performance Supportability (extensibility,

Ch:8 Design Concepts S.W Design should have following quality attribute: Functionality Usability Reliability Performance Supportability (extensibility,
IS 425 Enterprise Information I LECTURE 3 Autumn 2004-2005  2004 Norma Sutcliffe.

IS 425 Enterprise Information I LECTURE 3 Autumn  2004 Norma Sutcliffe.
Secure Systems Research Group - FAU Process Standards (and Process Improvement)

Secure Systems Research Group - FAU Process Standards (and Process Improvement)
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Software Modeling SWE5441 Lecture 3 Eng. Mohammed Timraz

Software Modeling SWE5441 Lecture 3 Eng. Mohammed Timraz
CTO Office Reliability & Security Distinctions and Interactions Hal Lockhart BEA Systems.

CTO Office Reliability & Security Distinctions and Interactions Hal Lockhart BEA Systems.
HIPAA Security Standards What’s happening in your office?

HIPAA Security Standards What’s happening in your office?
Information Security Policies and Standards

Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Chapter 12 Strategies for Managing the Technology Infrastructure.

Chapter 12 Strategies for Managing the Technology Infrastructure.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
1 Software Testing and Quality Assurance Lecture 14 - Planning for Testing (Chapter 3, A Practical Guide to Testing Object- Oriented Software)

1 Software Testing and Quality Assurance Lecture 14 - Planning for Testing (Chapter 3, A Practical Guide to Testing Object- Oriented Software)
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
The Software Product Life Cycle. Views of the Software Product Life Cycle  Management  Software engineering  Engineering design  Architectural design.

The Software Product Life Cycle. Views of the Software Product Life Cycle  Management  Software engineering  Engineering design  Architectural design.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.

Similar presentations

Ads by Google