1. Zulhizam Bin Ebrahim 4092007721 Mohd Shamir Bin Abd Azia 4092007261 Muhammad Salehin Bin Suhaimi 4123014302

2. Management Information Systems, Sixth Edition2  Controls: constraints and restrictions imposed on a user or a system ◦ Controls can be used to secure against risks ◦ Controls are also used to ensure that nonsensical data is not entered  Controls can reduce damage caused to systems, application, and data

3. Management Information Systems, Sixth Edition3

4. 4  A reliable application is one that can resist inappropriate usage such as incorrect data entry or processing ◦ The application should provide clear messages when errors or deliberate misuses occur  Controls also translate business policies into system features

5. Management Information Systems, Sixth Edition5  Backup: periodic duplication of all data  Redundant Arrays of Independent Disks (RAID): set of disks programmed to replicate stored data  Data must be routinely transported off-site as protection from a site disaster  Some companies specialize in data backup services or backup facilities for use in the event of a site disaster

6. Management Information Systems, Sixth Edition6  Access controls: measures taken to ensure only authorized users have access to a computer, network, application, or data ◦ Physical locks: lock the equipment in a secure facility ◦ Software locks: determine who is authorized  Three types of access controls: ◦ What you know: access codes, such as user ID and password ◦ What you have: requires special devices ◦ Who you are: unique physical characteristics

7. Management Information Systems, Sixth Edition7  Access codes and passwords are usually stored in the OS or in a database  Security card is more secure than a password ◦ Allows two-factor access  Biometric: uses unique physical characteristics such as fingerprints, retinal scans, or voiceprints  Up to 50% of help desk calls are from people who have forgotten their passwords ◦ Biometrics can eliminate these kinds of calls

8. Management Information Systems, Sixth Edition8  Atomic transaction: a set of indivisible transactions ◦ All of the transactions in the set must be completely executed, or none can be ◦ Ensures that only full entry occurs in all the appropriate files to guarantee integrity of the data ◦ Is also a control against malfunction and fraud

9. Management Information Systems, Sixth Edition9

10. 10  Audit trail: a series of documented facts that help detect who recorded which transactions, at what time, and under whose approval ◦ Sometimes automatically created using data and timestamps  Certain policy and audit trail controls are required in some countries  Information systems auditor: a person whose job is to find and investigate fraudulent cases