Presentation is loading. Please wait.

Presentation is loading. Please wait.

Management Information Systems The Islamia University of Bahawalpur Delivered by: Tasawar Javed Lecture 19.

Published byJoseph Rolf Lang Modified over 8 years ago

Similar presentations

Presentation on theme: "Management Information Systems The Islamia University of Bahawalpur Delivered by: Tasawar Javed Lecture 19."— Presentation transcript:

1 Management Information Systems The Islamia University of Bahawalpur Delivered by: Tasawar Javed Lecture 19

2 Today’s talk  Informal Controls  Government and Industry Assistance  Government Legislation  Industry Standards  Professional Certification  Business Continuity Management Information Security

3  Informal Controls Includes  Education  Training programs  Management development These controls are intended to ensure that the firm’s employees both understand and support the security program Information Security

4 Government and industry Assistance  UK BS 7799  UK standards establish a set of the baseline controls. They were first published by the British Standards Institute in 1995, then published by the ISO  BSI IT baseline protection Manual  Baseline approach is also followed by the German Bundesamt Fur Sicherheit in der Informationstechnik. Intended to provide reasonable security Information Security

5  COBIT  Focuses on the process that a firm can follow in developing standards, paying special attention to the writing and maintaining of the documentation  GASSP  Generally Accepted System Security Principles is a product of the US national research council; establish security policy  ISF Standard of Good Practice  Information Security Forum Standard of Good practice takes a base line approach, devoting considerable attention to the user behavior that is expected

6  Government Legislation US government Computer Security Standards  The US Govt. responded with a program aimed at applying these known protections. A set of security standards that participating organizations should meet, plus the availability of a software program that grades users systems and assists them in configuring their systems to meet the standards The UK anti Terrorism, Crime and Security Act  UK, parliament enacted the Anti Terrorism, Crime and Security act; provisions are on next slide Information Security

7 Provisions are:  ISPs are required to maintain data about all communication events  Government taxing authorities are empowered to disclose information about an individual’s or organization’s financial affairs to authorities investigating crime or terrorism  The obligation of confidence is removed for public bodies even if there is only suspicion of an impending terrorist act

8 Information Security Professional certification  Information Systems Audit and Control Association  International Information System Security Certification Consortium  SANS Institute

9 Information Security Business Continuity Management  Disaster planning  The Emergency Plan It specifies those measures that ensure the safety of employees when disaster strikes; it includes: alarm system, evacuation procedures, and fire-suppression systems

10 Information Security The Backup Plan  Redundancy Hardware, software, and data are duplicated so that when one set is inoperable, the backup ser can continue the processing  Diversity Information resources are not all installed at the same location. Large firm typically establish separate computing centers for different areas of their operations  Mobility A hot side is complete computing facility that is made available by a supplier to its customers for use in the events of emergencies

11 Information Security Cold site  Includes only the building facilities, but not the computing resources. The firm can obtain a cold site from a supplier or construct its own facilities. For either approach, the firm must provide the computing resources. The largest supplier of hot and cold sites are IBM and SunGard

12 Information Security The Vital Records Plan  a firm’s vital records are those paper documents, microforms, and magnetic and optical storage media that are necessary for carrying on the firm’s business. The vital records plan specifies how the vital records will be protected. In addition to safeguarding the records at the computer site, backup copies should be stored at a remote location. All types of records can be physically transported to the remote location, but the computer records can be transmitted electronically.

13 Thank you!!! Q&A

Download ppt "Management Information Systems The Islamia University of Bahawalpur Delivered by: Tasawar Javed Lecture 19."

Similar presentations

IMPS Information Management and Policy Services Information Services Directorate A briefing for all University staff November 2004 New Information Legislation.

IMPS Information Management and Policy Services Information Services Directorate A briefing for all University staff November 2004 New Information Legislation.
Information Technology Disaster Recovery Awareness Program.

Information Technology Disaster Recovery Awareness Program.
© 2007 by Prentice Hall Management Information Systems, 10/e Raymond McLeod and George Schell 1 Management Information Systems, 10/e Raymond McLeod Jr.

© 2007 by Prentice Hall Management Information Systems, 10/e Raymond McLeod and George Schell 1 Management Information Systems, 10/e Raymond McLeod Jr.
The International Security Standard

The International Security Standard
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
What Can You Do Today?. Steps To Preparedness 1. Assess your risk – both internally and externally. 2. Assess your critical business functions. 3. Prepare.

What Can You Do Today?. Steps To Preparedness 1. Assess your risk – both internally and externally. 2. Assess your critical business functions. 3. Prepare.
EPSON STAMPING ISO 9000 1 REV 1 2/10/2000.

EPSON STAMPING ISO REV 1 2/10/2000.
Customer Service & Customer Protection in MANSELL

Customer Service & Customer Protection in MANSELL
Security Controls – What Works

Security Controls – What Works
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
Pertemuan 20 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan 20 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Concepts of Database Management Seventh Edition

Concepts of Database Management Seventh Edition
Regulatory Body MODIFIED Day 8 – Lecture 3.

Regulatory Body MODIFIED Day 8 – Lecture 3.
Physical and Cyber Attacks1. 2 Inspirational Quote Country in which there are precipitous cliffs with torrents running between, deep natural hollows,

Physical and Cyber Attacks1. 2 Inspirational Quote Country in which there are precipitous cliffs with torrents running between, deep natural hollows,
ISO 9000:2000 Quality system standards adopted in 1987 by International Organization for Standardization; revised in 1994 and 2000 Technical specifications.

ISO 9000:2000 Quality system standards adopted in 1987 by International Organization for Standardization; revised in 1994 and 2000 Technical specifications.
Session 6: Data Integrity and Inspection of e-Clinical Computerized Systems May 15, 2011 | Beijing, China Kim Nitahara Principal Consultant and CEO META.

Session 6: Data Integrity and Inspection of e-Clinical Computerized Systems May 15, 2011 | Beijing, China Kim Nitahara Principal Consultant and CEO META.
Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.

Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.
© 2006 Jupitermedia Corporation Webcast TitleSuccessful Rollout Planning 1 January 19, 2006 2:00pm EST, 11:00am PST George Spafford, President Spafford.

© 2006 Jupitermedia Corporation Webcast TitleSuccessful Rollout Planning 1 January 19, :00pm EST, 11:00am PST George Spafford, President Spafford.
University of Sunderland CIFM03Lecture 3 1 QMS / Standards CIFM03 Lecture 3.

University of Sunderland CIFM03Lecture 3 1 QMS / Standards CIFM03 Lecture 3.
 Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office.

 Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office.

Similar presentations

Ads by Google