Presentation is loading. Please wait.

Presentation is loading. Please wait.

SESSION 14 INFORMATION SYSTEMS SECURITY AND CONTROL.

Published byMelvin Boone Modified over 8 years ago

Similar presentations

Presentation on theme: "SESSION 14 INFORMATION SYSTEMS SECURITY AND CONTROL."— Presentation transcript:

1 SESSION 14 INFORMATION SYSTEMS SECURITY AND CONTROL

2 Advances in telecommunications and computer softwareAdvances in telecommunications and computer software Unauthorized access, abuse, or fraudUnauthorized access, abuse, or fraud HackersHackers Denial of service attackDenial of service attack Computer virusComputer virus SYSTEM VULNERABILITY AND ABUSE

3 Disaster Destroys computer hardware, programs, data files, and other equipmentDestroys computer hardware, programs, data files, and other equipmentSecurity Prevents unauthorized access, alteration, theft, or physical damagePrevents unauthorized access, alteration, theft, or physical damage Concerns for System Builders and Users

4 Errors Cause computers to disrupt or destroy organization’s record-keeping and operationsCause computers to disrupt or destroy organization’s record-keeping and operations Concerns for System Builders and Users

5 Bugs Program code defects or errorsProgram code defects or errors Maintenance Nightmare Maintenance costs high due to organizational change, software complexity, and faulty system analysis and designMaintenance costs high due to organizational change, software complexity, and faulty system analysis and design System Quality Problems: Software and Data

6 The Cost of Errors over the Systems Development Cycle Figure 15-3 System Quality Problems: Software and Data

7 Data Quality Problems Caused due to errors during data input or faulty information system and database designCaused due to errors during data input or faulty information system and database design System Quality Problems: Software and Data

8 Controls Methods, policies, and proceduresMethods, policies, and procedures Ensures protection of organization’s assetsEnsures protection of organization’s assets Ensures accuracy and reliability of records, and operational adherence to management standardsEnsures accuracy and reliability of records, and operational adherence to management standards CREATING A CONTROL ENVIRONMENT Overview

9 General controls Establish framework for controlling design, security, and use of computer programsEstablish framework for controlling design, security, and use of computer programs Include software, hardware, computer operations, data security, implementation, and administrative controlsInclude software, hardware, computer operations, data security, implementation, and administrative controls General Controls and Application Controls CREATING A CONTROL ENVIRONMENT

10 Security Profiles for a Personnel System Figure 15-4 CREATING A CONTROL ENVIRONMENT

11 Application controls Unique to each computerized applicationUnique to each computerized application Ensure that only authorized data are completely and accurately processed by that applicationEnsure that only authorized data are completely and accurately processed by that application Include input, processing, and output controlsInclude input, processing, and output controls General Controls and Application Controls CREATING A CONTROL ENVIRONMENT

12 On-line transaction processing: Transactions entered online are immediately processed by computerOn-line transaction processing: Transactions entered online are immediately processed by computer Fault-tolerant computer systems: Contain extra hardware, software, and power supply componentsthat can back the system up and keep it running to prevent system failureFault-tolerant computer systems: Contain extra hardware, software, and power supply components that can back the system up and keep it running to prevent system failure Protecting the Digital Firm

13 High-availability computing: Tools and technologies enabling system to recover from a crashHigh-availability computing: Tools and technologies enabling system to recover from a crash Disaster recovery plan: Plan for running business in event of computer outageDisaster recovery plan: Plan for running business in event of computer outage Load balancing: Distributes large number of requests for access among multiple serversLoad balancing: Distributes large number of requests for access among multiple servers Protecting the Digital Firm

14 Mirroring: Duplicating all processes and transactions of server on backup server to prevent any interruptionMirroring: Duplicating all processes and transactions of server on backup server to prevent any interruption Clustering: Linking two computers together so that a second computer can act as a backup to the primary computer or speed up processingClustering: Linking two computers together so that a second computer can act as a backup to the primary computer or speed up processing Protecting the Digital Firm

15 Figure 15-5 Internet Security Challenges

16 Firewalls Prevent unauthorized users from accessing private networksPrevent unauthorized users from accessing private networks Two types: proxies and stateful inspectionTwo types: proxies and stateful inspection Intrusion Detection System Monitors vulnerable points in network to detect and deter unauthorized intrudersMonitors vulnerable points in network to detect and deter unauthorized intruders Internet Security Challenges

17 Encryption: Coding and scrambling of messages to prevent their being accessed without authorizationEncryption: Coding and scrambling of messages to prevent their being accessed without authorization Authentication: Ability of each party in a transaction to ascertain identity of other partyAuthentication: Ability of each party in a transaction to ascertain identity of other party Message integrity: Ability to ascertain that transmitted message has not been copied or alteredMessage integrity: Ability to ascertain that transmitted message has not been copied or altered Security and Electronic Commerce

18 Public Key Encryption Figure 15-6

19 Digital signature: Digital code attached to electronically transmitted message to uniquely identify contents and senderDigital signature: Digital code attached to electronically transmitted message to uniquely identify contents and sender Digital certificate: Attachment to electronic message to verify the sender and to provide receiver with means to encode replyDigital certificate: Attachment to electronic message to verify the sender and to provide receiver with means to encode reply Security and Electronic Commerce

20 Digital Certificates Figure 15-7

21 Criteria for determining control structure Importance of dataImportance of data Efficiency, complexity, and expense of each control techniqueEfficiency, complexity, and expense of each control technique Level of risk if a specific activity or process is not properly controlledLevel of risk if a specific activity or process is not properly controlled Developing a Control Structure: Costs and Benefits

22 MIS audit Identifies all controls that govern individual information systems and assesses their effectivenessIdentifies all controls that govern individual information systems and assesses their effectiveness The Role of Auditing in the Control Process

23 Data quality audit Survey and/or sample of filesSurvey and/or sample of files Determines accuracy and completeness of dataDetermines accuracy and completeness of data Data cleansing Correcting errors and inconsistencies in data to increase accuracyCorrecting errors and inconsistencies in data to increase accuracy Data Quality Audit and Data Cleansing

Download ppt "SESSION 14 INFORMATION SYSTEMS SECURITY AND CONTROL."

Similar presentations

Security and Control Soetam Rizky. Why Systems Are Vulnerable ?

Security and Control Soetam Rizky. Why Systems Are Vulnerable ?
14.1 © 2004 by Prentice Hall INFORMATIONSYSTEMS SECURITY AND CONTROL.

14.1 © 2004 by Prentice Hall INFORMATIONSYSTEMS SECURITY AND CONTROL.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Auditing Computer Systems

Auditing Computer Systems
4/15: Security & Controls in IS Systems Vulnerabilities Controls: what to use to guard against vulnerabilities –General controls –Application controls.

4/15: Security & Controls in IS Systems Vulnerabilities Controls: what to use to guard against vulnerabilities –General controls –Application controls.
Information System Security and Control Chapter 15 © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System.

Information System Security and Control Chapter 15 © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System.
Chapter 17 Controls and Security Measures

Chapter 17 Controls and Security Measures
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Lecture 10 Security and Control.

Lecture 10 Security and Control.
Lecture 10 Security and Control.

Lecture 10 Security and Control.
10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.

10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Risks, Controls and Security Measures

Risks, Controls and Security Measures
Introduction to Information Technology, 2nd Edition Turban, Rainer & Potter © 2003 John Wiley & Sons, Inc. 15-1 Introduction to Information Technology.

Introduction to Information Technology, 2nd Edition Turban, Rainer & Potter © 2003 John Wiley & Sons, Inc Introduction to Information Technology.
Ecommerce: Security and Control James Vickers, Boston College

Ecommerce: Security and Control James Vickers, Boston College
14.1 © 2004 by Prentice Hall Management Information Systems 8/e Chapter 14 Information Systems Security and Control 14 INFORMATIONSYSTEMS SECURITY AND.

14.1 © 2004 by Prentice Hall Management Information Systems 8/e Chapter 14 Information Systems Security and Control 14 INFORMATIONSYSTEMS SECURITY AND.

Similar presentations

Ads by Google