Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information System Security and Control

Published byEmily Watson Modified over 9 years ago

Similar presentations

Presentation on theme: "Information System Security and Control"— Presentation transcript:

1 Information System Security and Control

2 Information System Security and Control
Threat of Project Failure Threat of Accidents and Malfunctions Threat of Computer Crime Factors That Increase the Risks Methods for Minimizing Risks

3 Introductory Case: London Ambulance Service
Wow, what a mess! What did they do wrong? Did they do anything right? Was this a system that should have even been attempted?

4 Threat of Project Failure
When can projects fail? INITIATION The reasons for building the system have too little support. The system seems too expensive. DEVELOPMENT It is too difficult to define the requirements. The system is not technically feasible. The project is too difficult is too difficult for technical staff assigned. IMPLEMENTATION The system requires too great a change from existing work practices. Potential users dislike the system or resist using it. Too little effort is put into the implementation. OPERATION AND MAINTENANCE System controls are insufficient. Too little effort goes into supporting effective use. The system is not updated as business needs change.

5 Threat of Project Failure
Remember this? What do you think the curve would look like for cost of failure?

6 Threat of Accidents and Malfunctions
Operator error Hardware malfunction Intel Pentium bug Was like the embedded chip issue for Y2K Software bugs Data errors Damage to physical facilities We’ll talk more about this for disaster recovery Inadequate system performance London ambulance case

7 Threat of Computer Crime
Theft Physical (esp. laptops) Case of a laptop taken from the Pentagon in a conference room… Recently heard about Silicon Valley exec who lost laptop CCI insurance Logical Unauthorized use Fraudulent data entry Unauthorized use/modification of data Sabotage and Vandalism Trap door, Trojan Horse, Virus

8 Factors that Increase Risk
Nature of Complex Systems Human Limitations Pressures in the Business Environment

9 Methods for Minimizing Risks
Controlling System Development and Modifications Providing Security Training Maintaining Physical Security Controlling Access to Data, Computers, and Networks Controlling Transaction Processing Motivating Efficient and Effective Operation Auditing the Information System Preparing for Disasters

10 Minimize Risks…

11 Build the system correctly…
Software change control

12 Train the users about security…

13 Maintain physical security…

14 Prevent unauthorized access to hardware and software…
Manual data handling Access privileges Access control What you know What you have Where you are Who you are

15 Prevent unauthorized access to hardware and software…
Be aware of network issues Encrypt if necessary

16 Perform transactions correctly…
Segregation of duties Data validation Error correction Backup & recovery

17 Innovate for efficiency…
Monitor systems Look for opportunities Look for incentives Look for disincentives

18 Audit your system… Trust but verify…

19 Prepare for disasters…
Remember Murphy's Law

Download ppt "Information System Security and Control"

Similar presentations

1 E-business Security and Control 2 Opening Case: Visa 10 commandments for online merchants – Maintaining a network firewall – Keeping security patches.

1 E-business Security and Control 2 Opening Case: Visa 10 commandments for online merchants – Maintaining a network firewall – Keeping security patches.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
4 Information Security.

4 Information Security.
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
Department of Revenue Lessons for Management by Department of Revenue Internal Audit.

Department of Revenue Lessons for Management by Department of Revenue Internal Audit.
1 Pertemuan 10 Membuat dan mengelola resiko dan kriminalitas sistem informasi Matakuliah: H0472 / Konsep Sistem Informasi Tahun: 2006 Versi: 1.

1 Pertemuan 10 Membuat dan mengelola resiko dan kriminalitas sistem informasi Matakuliah: H0472 / Konsep Sistem Informasi Tahun: 2006 Versi: 1.
Information Technology Control Day IV Afternoon Sessions.

Information Technology Control Day IV Afternoon Sessions.
Information Systems Audit Program (cont.). PHYSICAL SECURITY CONTROLS.

Information Systems Audit Program (cont.). PHYSICAL SECURITY CONTROLS.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Auditing Computer Systems

Auditing Computer Systems
Managing Information Systems Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345.
9 - 1 Computer-Based Information Systems Control.

9 - 1 Computer-Based Information Systems Control.
©1999 Addison Wesley Longman Slide 13.1 Information System Security and Control 13.

©1999 Addison Wesley Longman Slide 13.1 Information System Security and Control 13.
Chapter 17 Controls and Security Measures

Chapter 17 Controls and Security Measures
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
THE AUDITING OF INFORMATION SYSTEMS

THE AUDITING OF INFORMATION SYSTEMS

Similar presentations

Ads by Google