1. Information Systems Security and Control Chapter 14

2. Scalability and Stress Tests  CNN web traffic during the presidential election – ? Times more  Performance failure often accompany a web site’s success –Scalability –Wealth effect –vulnerability

3. September 11, 2001  Lean (JIT) system faced serious impact on unpredictable disruptions  Need to be able to dynamically handle the “surge and ebb” of lead times when traditional conditions no longer exist.

4. Balanced systems  Neither over-controlled nor under- controlled –Opposite forces: ease of use of a system  No perfect systems – no system without hidden bugs  No free lunch – no system without constant maintenance and modification

5. Fragility of IT systems  Health and Normal usage –No drink, no food, etc  Fire, flood,  User errors  Program changes  Electrical surge or outage  Hardware and software failure

6. maliciousness  Unauthorized access  Degree of exposure  Ease of intercept – radio frequency bands –Hacker –Computer viruses – antivirus software

7. Look no further  Human error – ignorant and self protection  System error – defected system and complicated setting  Shallow and weak foundation – domino effects and man-made disasters

8. Preparedness  Security and quality according to the importance of the data and operation –Visa USA systems: duplicated systems and fault-tolerant computer systems –A dental office patients management system

9. Controls  General controls  Application controls

10. General controls  Controls over the system implementation process  Software controls  Physical hardware controls  Computer operations controls  Data security controls  Administrative disciplines, standards, and procedures

11. Application controls  Input controls –Control totals –Edit checks  Processing control –Run control totals –Computer pattern matchings  Output control

12. Security and E-commerce  Encryption  Public key encryption  Authentication  Message integrity  Digital signature  Digital certificate

13. E-payment systems  Digital wallet  E-cash  Electronic check  Smart card

14. System quality  Rigorous methodologies in system development  Spent more on front end – right system analysis, specification, and design - to reduce cost on the back end – rework, and maintenance  Use software metrics to assess system performance continuously

15. System audit  Surveying end users for their perceptions of data quality and system performance  Surveying entire data files  Surveying samples from data files

16. Software Quality Assurance Methodologies and Tools  Structured methodologies  Structured Analysis – Data Flow Diagram  Structured Design  Structured Programming  CASE  Software Metrics  Structure Walkthrough