Presentation is loading. Please wait.

Presentation is loading. Please wait.

Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.1 © 2005 by Prentice Hall Information System Security.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.1 © 2005 by Prentice Hall Information System Security."— Presentation transcript:

1 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.1 © 2005 by Prentice Hall Information System Security and Control Chapter 15

2 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.2 © 2005 by Prentice Hall Objectives 1.Why are information systems so vulnerable to destruction, error, abuse, and system quality problems? 2.What types of controls are available for information systems? 3.What special measures must be taken to ensure the reliability, availability and security of electronic commerce, and digital business processes?

3 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.3 © 2005 by Prentice Hall Objectives 4.What are the most important software quality assurance techniques? 5.Why are auditing information systems and safeguarding data quality so important?

4 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.4 © 2005 by Prentice Hall Management Challenges 1.Achieving a sensible balance between too little control and too much.. 2.Applying quality assurance standards in large systems projects.

5 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.5 © 2005 by Prentice Hall Accessibility to electronic data Increasingly complex software, hardware Network access points Wireless vulnerability Internet System Vulnerability and Abuse Why Systems Are Vulnerable

6 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.6 © 2005 by Prentice Hall System Vulnerability and Abuse Hardware failure Software failure Personnel actions Terminal access penetration Theft of data, services, equipment Fire Electrical problems User errors Unauthorized program changes Telecommunication problems Threats to Computerized Information Systems

7 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.7 © 2005 by Prentice Hall System Vulnerability and Abuse Telecommunications networks vulnerabilities Figure 15-1

8 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.8 © 2005 by Prentice Hall Credit Card Fraud: Still on the Rise To what extent are Internet credit card thefts management and organizational problems, and to what extent are they technical problems? Address the technology and management issues for both the credit card issuers and the retail companies. Suggest possible ways to address the problem. System Vulnerability and Abuse Window on Organizations

9 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.9 © 2005 by Prentice Hall Hacker Trojan horse Denial of service (DoS) attacks Computer viruses Worms Antivirus software System Vulnerability and Abuse Why Systems Are Vulnerable

10 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.10 © 2005 by Prentice Hall Smarter Worms and Viruses: The Worst Is Yet to Come Why are worms so harmful? Describe their business and organizational impact. System Vulnerability and Abuse Window on Technology

11 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.11 © 2005 by Prentice Hall Disaster Security Administrative error Cyberterrorism and Cyberwarfare System Vulnerability and Abuse Concerns for System Builders and Users

12 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.12 © 2005 by Prentice Hall System Vulnerability and Abuse Points in the processing cycle where errors can occur Figure 15-2

13 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.13 © 2005 by Prentice Hall Bugs and Defects Complete testing not possible The Maintenance Nightmare Maintenance costs high due to organizational change, software complexity, and faulty system analysis and design System Vulnerability and Abuse System Quality Problems: Software and Data

14 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.14 © 2005 by Prentice Hall System Vulnerability and Abuse The cost of errors over the systems development cycle Figure 15-3

15 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.15 © 2005 by Prentice Hall Data Quality Problems Caused by errors during data input or faulty information system and database design System Vulnerability and Abuse System Quality Problems: Software and Data

16 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.16 © 2005 by Prentice Hall Controls Methods, policies, and procedures Protection of organization’s assets Accuracy and reliability of records Operational adherence to management standards Creating a Control Environment

17 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.17 © 2005 by Prentice Hall General Controls Govern design, security, use of computer programs throughout organization Apply to all computerized applications Combination of hardware, software, manual procedures to create overall control environment Creating a Control Environment General Controls and Application Controls

18 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.18 © 2005 by Prentice Hall General Controls Software controls Hardware controls Computer operations controls Data security controls Implementation Administrative controls Creating a Control Environment General Controls and Application Controls

19 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.19 © 2005 by Prentice Hall Creating a Control Environment Security profiles for a personnel system Figure 15-4

20 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.20 © 2005 by Prentice Hall Application Controls Automated and manual procedures that ensure only authorized data are processed by application Unique to each computerized application Classified as (1) input controls, (2) processing controls, and (3) output controls. Creating a Control Environment General Controls and Application Controls

21 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.21 © 2005 by Prentice Hall Application Controls Control totals:Input, processing Edit checks:Input Computer matching:Input, processing Run control totals:Processing, output Report distribution logs:Output Creating a Control Environment General Controls and Application Controls

22 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.22 © 2005 by Prentice Hall High-availability computing Fault-tolerant computer systems Disaster recovery planning Business continuity planning Load balancing; mirroring; clustering Recovery-oriented computing Managed security service providers (MSSPs) Creating a Control Environment Protecting the Digital Firm

23 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.23 © 2005 by Prentice Hall Internet Security Challenges Public, accessible network Abuses have widespread effect Fixed Internet addresses Corporate systems extended outside organization Creating a Control Environment Protecting the Digital Firm

24 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.24 © 2005 by Prentice Hall Creating a Control Environment Internet security challenges Figure 15-5

25 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.25 © 2005 by Prentice Hall Firewall screening technologies Static packet filtering Stateful inspection Network address translation Application proxy filtering Intrusion detection systems Scanning software Monitoring software Creating a Control Environment Protecting the Digital Firm

26 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.26 © 2005 by Prentice Hall Security and Electronic Commerce Encryption Authentication Message integrity Digital signatures Digital certificates Public key infrastructure (PKI) Creating a Control Environment Protecting the Digital Firm

27 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.27 © 2005 by Prentice Hall Creating a Control Environment Public key encryption Figure 15-6

28 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.28 © 2005 by Prentice Hall Creating a Control Environment Digital certificates Figure 15-7

29 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.29 © 2005 by Prentice Hall Security for Wireless Internet Access Service set identifiers (SSID) –Identify access points in network –Form of password for user’s radio network interface card –Broadcast multiple time per second –Easily picked up by sniffer programs, war driving Creating a Control Environment Protecting the Digital Firm

30 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.30 © 2005 by Prentice Hall Creating a Control Environment Wi-Fi security challenges Figure 15-8

31 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.31 © 2005 by Prentice Hall Wired Equivalent Privacy (WEP): –Initial security standard –Call for access point and all users to share the same 40- bit encrypted password Wi-Fi Protected Access (WPA) specification –128-bit, non-static encryption key –Data-packet checking Creating a Control Environment Protecting the Digital Firm

32 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.32 © 2005 by Prentice Hall Criteria for Determining Control Structure Importance of data Cost effectiveness of control technique –Efficiency –Complexity –Expense Risk assessment: Level of risk if not properly controlled –Potential frequency of problem –Potential damage Creating a Control Environment Developing a Control Structure: Costs and Benefits

33 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.33 © 2005 by Prentice Hall MIS Audit Identifies all controls that govern individual information systems and assesses their effectiveness Lists and ranks all control weaknesses and estimates the probability of their occurrence Creating a Control Environment The Role of Auditing in the Control Process

34 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.34 © 2005 by Prentice Hall Creating a Control Environment Sample auditor’s list of control weaknesses Figure 15-9

35 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.35 © 2005 by Prentice Hall Development Methodology Collection of methods One or more method for every activity in every phase of development project Ensuring System Quality: Software and Data Software Quality Assurance Methodologies and Tools

36 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.36 © 2005 by Prentice Hall Structured Methodologies Used to document, analyze, design information systems Top-down Process-oriented Linear Includes: –Structured analysis –Structured design –Structured programming Ensuring System Quality: Software and Data Software Quality Assurance Methodologies and Tools

37 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.37 © 2005 by Prentice Hall Structured Analysis Defines system inputs, processes, outputs Logical graphic model of information flow Data flow diagram Data dictionary Process specifications Ensuring System Quality: Software and Data Software Quality Assurance Methodologies and Tools

38 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.38 © 2005 by Prentice Hall Ensuring System Quality: Software and Data Data flow diagram for mail-in university registration system Figure 15-10

39 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.39 © 2005 by Prentice Hall Structured Design Set of design rules and techniques Promotes program clarity and simplicity Design from top-down; main functions and subfunctions Structure chart Ensuring System Quality: Software and Data Software Quality Assurance Methodologies and Tools

40 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.40 © 2005 by Prentice Hall Ensuring System Quality: Software and Data High-level structure chart for a payroll system Figure 15-11

41 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.41 © 2005 by Prentice Hall Structured Programming Organizes and codes programs to simplify control paths for easy use and modification Independent modules with one entry and exit point Three basic control constructs: –Simple sequence –Selection –Iteration Ensuring System Quality: Software and Data Software Quality Assurance Methodologies and Tools

42 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.42 © 2005 by Prentice Hall Ensuring System Quality: Software and Data Basic program control constructs Figure 15-12

43 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.43 © 2005 by Prentice Hall Limitations of Traditional Methods Can be inflexible and time-consuming Programming depends on completion of analysis and design phases Specification changes require changes in analysis and design documents first Function-oriented Ensuring System Quality: Software and Data Software Quality Assurance Methodologies and Tools

44 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.44 © 2005 by Prentice Hall Unified Modeling Language (UML) Industry standard for analysis and design of object-oriented systems Represents different views using graphical diagrams Underlying model integrates views for consistency during analysis, design, and implementation Ensuring System Quality: Software and Data Software Quality Assurance Methodologies and Tools

45 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.45 © 2005 by Prentice Hall UML Components Things: –Structural thingsClasses, interfaces, collaborations, use cases, active classes, components, nodes –Behavioral thingsInteractions, state machines –Grouping thingsPackages –Annotational thingsNotes Ensuring System Quality: Software and Data Software Quality Assurance Methodologies and Tools

46 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.46 © 2005 by Prentice Hall UML Components Relationships –Structural Dependencies, aggregations, associations, generalizations –BehavioralCommunicates, includes, extends, generalizes Diagrams –StructuralClass, object, component, and deployment diagrams –BehavioralUse case, sequence, collaboration, stateschart, and activity diagrams Ensuring System Quality: Software and Data Software Quality Assurance Methodologies and Tools

47 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.47 © 2005 by Prentice Hall Ensuring System Quality: Software and Data A UML use-case diagram Figure 15-13

48 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.48 © 2005 by Prentice Hall Ensuring System Quality: Software and Data A UML sequence diagram Figure 15-14

49 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.49 © 2005 by Prentice Hall Computer-Aided Software Engineering (CASE) Automation of step-by-step methodologies Reduce repetitive development work Support documentation creation and revisions Organize design components; design repository Support code generation Require organizational discipline Ensuring System Quality: Software and Data Software Quality Assurance Methodologies and Tools

50 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.50 © 2005 by Prentice Hall Resource Allocation: Assigning costs, time, personnel to different development phases Software Metrics: Quantified measurements of systems performance Testing: Walkthroughs, debugging Ensuring System Quality: Software and Data Software Quality Assurance Methodologies and Tools

51 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.51 © 2005 by Prentice Hall Data Quality Audit –Survey end users for perceptions of data quality –Survey entire data files –Survey samples from data files Data Cleansing –Correcting errors and inconsistencies in data between business units Ensuring System Quality: Software and Data Data Quality Audits and Data Cleansing

52 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.52 © 2005 by Prentice Hall 1.Summarize the ISM security problem and its impact on ISM and its clients. 2.Describe the control weaknesses of ISM and those of its clients that made it possible for this problem to occur. What management, organization, and technology factors contributed to those weaknesses? Chapter 15 Case Study Could a Missing Hard Drive Create Canada’s Biggest Identity Theft?

53 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.53 © 2005 by Prentice Hall 3.Was the disappearance of the hard drive a management problem, an organization problem, or a technical problem? Explain your answer. 4.If you were responsible for designing security at ISM and its client companies, what would you have done differently? How would you have solved their control problems? Chapter 15 Case Study Could a Missing Hard Drive Create Canada’s Biggest Identity Theft?

Download ppt "Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control 15.1 © 2005 by Prentice Hall Information System Security."

Similar presentations

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
14.1 © 2004 by Prentice Hall INFORMATIONSYSTEMS SECURITY AND CONTROL.

14.1 © 2004 by Prentice Hall INFORMATIONSYSTEMS SECURITY AND CONTROL.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Auditing Computer Systems

Auditing Computer Systems
Managing Information Systems Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345.
7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.

7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.
4/15: Security & Controls in IS Systems Vulnerabilities Controls: what to use to guard against vulnerabilities –General controls –Application controls.

4/15: Security & Controls in IS Systems Vulnerabilities Controls: what to use to guard against vulnerabilities –General controls –Application controls.
7.1 © 2007 by Prentice Hall 7 Chapter Securing Information Systems.

7.1 © 2007 by Prentice Hall 7 Chapter Securing Information Systems.
Security Controls – What Works

Security Controls – What Works
Information System Security and Control Chapter 15 © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System.

Information System Security and Control Chapter 15 © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Lecture 10 Security and Control.

Lecture 10 Security and Control.
Lecture 10 Security and Control.

Lecture 10 Security and Control.
10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.

10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Risks, Controls and Security Measures

Risks, Controls and Security Measures
Chapter 1 Assuming the Role of the Systems Analyst

Chapter 1 Assuming the Role of the Systems Analyst

Similar presentations

Ads by Google