Presentation is loading. Please wait.

Presentation is loading. Please wait.

Learning Objectives Demonstrate why info systems are vulnerable to destruction, error, abuse, quality control problemsDemonstrate why info systems are.

Published byCornelius Davis Modified over 9 years ago

Similar presentations

Presentation on theme: "Learning Objectives Demonstrate why info systems are vulnerable to destruction, error, abuse, quality control problemsDemonstrate why info systems are."— Presentation transcript:

1

2 Learning Objectives Demonstrate why info systems are vulnerable to destruction, error, abuse, quality control problemsDemonstrate why info systems are vulnerable to destruction, error, abuse, quality control problems vulnerable Compare general and application controlsCompare general and application controls Select factors for developing controlsSelect factors for developing controls*

3 Learning Objectives Describe important software quality- assurance techniquesDescribe important software quality- assurance techniques Demonstrate importance of auditing info systems & safeguarding data qualityDemonstrate importance of auditing info systems & safeguarding data quality*

4 System Vulnerability & Abuse Why systems are vulnerableWhy systems are vulnerable Hackers & virusesHackers & viruses Concerns for builders & usersConcerns for builders & users System quality problemsSystem quality problems*

5 Threats to Information Systems Hardware failure, fireHardware failure, fire Software failure, electrical problemsSoftware failure, electrical problems Personnel actions, user errorsPersonnel actions, user errors Access penetration, program changesAccess penetration, program changes Theft of data, services, equipmentTheft of data, services, equipment Telecommunications problemsTelecommunications problems*

6 System Vulnerability System complexitySystem complexity Computerized procedures not always read or auditedComputerized procedures not always read or audited Extensive effect of disasterExtensive effect of disaster Unauthorized access possibleUnauthorized access possible*

7 Vulnerabilities RADIATION: Allows recorders, bugs to tap systemRADIATION: Allows recorders, bugs to tap system CROSSTALK: Can garble dataCROSSTALK: Can garble data HARDWARE: Improper connections, failure of protection circuitsHARDWARE: Improper connections, failure of protection circuits SOFTWARE: Failure of protection features, access control, bounds controlSOFTWARE: Failure of protection features, access control, bounds control FILES: Subject to theft, copying, unauthorized accessFILES: Subject to theft, copying, unauthorized access*

8 VULNERABILITIES USER: Identification, authentication, subtle software modificationUSER: Identification, authentication, subtle software modification PROGRAMMER: Disables protective features; reveals protective measuresPROGRAMMER: Disables protective features; reveals protective measures MAINTENANCE STAFF: Disables hardware devices; uses stand-alone utilitiesMAINTENANCE STAFF: Disables hardware devices; uses stand-alone utilities OPERATOR: Doesn’t Notify supervisor, reveals protective measuresOPERATOR: Doesn’t Notify supervisor, reveals protective measures*

9 HACKER: Person gains access to computer for profit, criminal mischief, personal pleasureHACKER: Person gains access to computer for profit, criminal mischief, personal pleasure COMPUTER VIRUS: Rouge program; difficult to detect; spreads rapidly; destroys data; disrupts processing & memoryCOMPUTER VIRUS: Rouge program; difficult to detect; spreads rapidly; destroys data; disrupts processing & memory* HACKERS & COMPUTER VIRUSES

10 Antivirus Software Software to detectSoftware to detect Eliminate virusesEliminate viruses Advanced versions run in memory to protect processing, guard against viruses on disks, and on incoming network filesAdvanced versions run in memory to protect processing, guard against viruses on disks, and on incoming network files*

11 Concerns For Builders & Users DisasterDisaster Breach of securityBreach of security ErrorsErrors*

12 Disaster Loss of hardware, software, data by fire, power failure, flood or other calamityLoss of hardware, software, data by fire, power failure, flood or other calamity Fault-tolerant computer systems: backup systems to prevent system failure (particularly on-line transaction processing)Fault-tolerant computer systems: backup systems to prevent system failure (particularly on-line transaction processing)*

13 Security Policies, procedures, technical measures to prevent unauthorized access, alteration, theft, physical damage to information systems *

14 System Quality Problems Software & data Bugs: program code defects or errorsBugs: program code defects or errors Maintenance: modifying a system in production use; Can take up to 85% of analysts’ timeMaintenance: modifying a system in production use; Can take up to 85% of analysts’ time Data quality problems: finding, correcting errors; costly; tedious (do it right the first time!)Data quality problems: finding, correcting errors; costly; tedious (do it right the first time!)*

15 Cost Of Errors During Systems Development Cycle 1.00 2.00 3.00 4.00 5.00 6.00 COSTS ProgrammingConversionPOST-Implementation Analysis Analysis & design

16 Creating A Control Environment Controls: methods, policies, procedures to protect assets; Accuracy & reliability of records; Adherence to management standards Controls: methods, policies, procedures to protect assets; Accuracy & reliability of records; Adherence to management standards GeneralGeneral ApplicationApplication*

17 General Controls Implementation: audit system development to assure proper control, managementImplementation: audit system development to assure proper control, management Software: ensure security, reliability of softwareSoftware: ensure security, reliability of software Program security: prevent unauthorized changes to programsProgram security: prevent unauthorized changes to programs Hardware: ensure physical security, performance of computer hardwareHardware: ensure physical security, performance of computer hardware*

18 Computer operations: ensure procedures consistently, correctly applied to data storage, processingComputer operations: ensure procedures consistently, correctly applied to data storage, processing Data security: ensure data disks, tapes protected from wrongful access, change, destructionData security: ensure data disks, tapes protected from wrongful access, change, destruction Administrative: ensure controls properly executed, enforcedAdministrative: ensure controls properly executed, enforced Segregation of functions: divide tasks to minimize risksSegregation of functions: divide tasks to minimize risks* General controls

19 Application Controls InputInput ProcessingProcessing OutputOutput*

20 Input Controls Input authorization: record, monitor source documentsInput authorization: record, monitor source documents Data conversion: transcribe data properly from one form to anotherData conversion: transcribe data properly from one form to another Batch control totals: count transactions prior to and after processingBatch control totals: count transactions prior to and after processing Edit checks: verify input data, correct errorsEdit checks: verify input data, correct errors*

21 Developing A Control Structure Costs: Can be expensive to build; complicated to useCosts: Can be expensive to build; complicated to use Benefits: Reduces expensive errors, loss of time, resources, good willBenefits: Reduces expensive errors, loss of time, resources, good will Risk assessment: Determine frequency of occurrence of problem, cost, damage if it were to occurRisk assessment: Determine frequency of occurrence of problem, cost, damage if it were to occur*

Download ppt "Learning Objectives Demonstrate why info systems are vulnerable to destruction, error, abuse, quality control problemsDemonstrate why info systems are."

Similar presentations

1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.

1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
14.1 © 2004 by Prentice Hall INFORMATIONSYSTEMS SECURITY AND CONTROL.

14.1 © 2004 by Prentice Hall INFORMATIONSYSTEMS SECURITY AND CONTROL.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Auditing Computer Systems

Auditing Computer Systems
Managing Information Systems Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
16.1 16.2 LEARNING OBJECTIVES DEMONSTRATE WHY INFO SYSTEMS ARE VULNERABLE TO DESTRUCTION, ERROR, ABUSE, QUALITY CONTROL PROBLEMSDEMONSTRATE WHY INFO.

LEARNING OBJECTIVES DEMONSTRATE WHY INFO SYSTEMS ARE VULNERABLE TO DESTRUCTION, ERROR, ABUSE, QUALITY CONTROL PROBLEMSDEMONSTRATE WHY INFO.
4/15: Security & Controls in IS Systems Vulnerabilities Controls: what to use to guard against vulnerabilities –General controls –Application controls.

4/15: Security & Controls in IS Systems Vulnerabilities Controls: what to use to guard against vulnerabilities –General controls –Application controls.
Chapter 17 Controls and Security Measures

Chapter 17 Controls and Security Measures
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
IS Security Control & Management. Overview n Why worry? n Sources, frequency and severity of problems n Risks to computerized vs. manual systems n Purpose.

IS Security Control & Management. Overview n Why worry? n Sources, frequency and severity of problems n Risks to computerized vs. manual systems n Purpose.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Introduction Security is a major networking concern. 90% of the respondents to the 2004 Computer Security Institute/FBI Computer Crime and Security Survey.

Introduction Security is a major networking concern. 90% of the respondents to the 2004 Computer Security Institute/FBI Computer Crime and Security Survey.
Pertemuan 20 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan 20 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
14.1 © 2002 by Prentice Hall c h a p t e r 14 INFORMATION SYSTEMS SECURITY & CONTROL.

14.1 © 2002 by Prentice Hall c h a p t e r 14 INFORMATION SYSTEMS SECURITY & CONTROL.

Similar presentations

Ads by Google