IS 425 Enterprise Information I LECTURE 3 Autumn 2004-2005  2004 Norma Sutcliffe.

Slides:



Advertisements
Similar presentations
Andrea Maurino Web Service Design Methodology Batini, De Paoli, Maurino, Grega, Comerio WP2-WP3 Roma 24/11/2005.
Advertisements

Week 2 The Object-Oriented Approach to Requirements
Constructing a Task List ITSW 1410 Presentation Media Software Instructor: Glenda H. Easter.
Thermodynamics and Statistical Mechanics First Law of Thermodynamics.
Software Engineering Principles
Ch:8 Design Concepts S.W Design should have following quality attribute: Functionality Usability Reliability Performance Supportability (extensibility,
Ch 3 System Development Environment
Software Modeling SWE5441 Lecture 3 Eng. Mohammed Timraz
Client/Server Computing Ajay Kumar Shrivastava. Network Operating System (NOS) It manages the services of the server It exists at the session and presentation.
Auditing Computer Systems
Requirements Engineering n Elicit requirements from customer  Information and control needs, product function and behavior, overall product performance,
The Architecture Design Process
Unified Modeling (Part I) Overview of UML & Modeling
1 IS371 WEEK 8 Last and Final Assignment Application Development Alternatives to Application Development Instructor Online Evaluations.
Creating Architectural Descriptions. Outline Standardizing architectural descriptions: The IEEE has published, “Recommended Practice for Architectural.
Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.
IS 425 Enterprise Information LECTURE 3 Winter
1 Software Testing and Quality Assurance Lecture 14 - Planning for Testing (Chapter 3, A Practical Guide to Testing Object- Oriented Software)
1 July 23, 2002 Strategic Technology Plan Briefing to LOT Committee.
1 CS 426 Senior Projects Chapter 1: What is UML? Chapter 2: What is UP? [Arlow and Neustadt, 2002] January 26, 2006.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
The Software Product Life Cycle. Views of the Software Product Life Cycle  Management  Software engineering  Engineering design  Architectural design.
Stephen S. Yau CSE , Fall Security Strategies.
Enterprise Architecture
Software Architecture in Practice (3rd Ed) Introduction
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
UML - Development Process 1 Software Development Process Using UML (2)
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
RUP Fundamentals - Instructor Notes
Chapter 2 The process Process, Methods, and Tools
Requirements Analysis
ITEC224 Database Programming
An Introduction to Software Architecture
CS 360 Lecture 3.  The software process is a structured set of activities required to develop a software system.  Fundamental Assumption:  Good software.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Role-Based Guide to the RUP Architect. 2 Mission of an Architect A software architect leads and coordinates technical activities and artifacts throughout.
SOFTWARE DESIGN.
Basic Concepts Software Architecture. What is Software Architecture? Definition: – A software architecture is the set of principal design decisions about.
1 Introduction to Software Engineering Lecture 1.
IS 425 Enterprise Information I LECTURE 10 Autumn  2004 Norma Sutcliffe.
ARCH-2: UML From Design to Implementation using UML Frank Beusenberg Senior Technical Consultant.
Moving On To Design Chapter 9. Key Ideas The purpose of the analysis phase is to figure out what the business needs. The purpose of the design phase is.
1 CMPT 275 High Level Design Phase Modularization.
1 Moving On To Design Chapter 9. 2 Key Ideas The purpose of the analysis phase is to figure out what the business needs. The purpose of the design phase.
Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.
© 2006 Pearson Addison-Wesley. All rights reserved 2-1 Chapter 2 Principles of Programming & Software Engineering.
Week 04 Object Oriented Analysis and Designing. What is a model? A model is quicker and easier to build A model can be used in simulations, to learn more.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
CS223: Software Engineering
Software Development Process CS 360 Lecture 3. Software Process The software process is a structured set of activities required to develop a software.
OOD OO Design. OOD-2 OO Development Requirements Use case analysis OO Analysis –Models from the domain and application OO Design –Mapping of model.
Basic Concepts Key Learning Points : The objectives of this chapter are as follows:  To provide an introduction to the basic Concepts of enterprise architectures,
Disaster Recovery Planning (DRP) DRP: The definition of business processes, their infrastructure supports and tolerances to interruptions, and formulation.
Basic Concepts of Software Architecture. What is Software Architecture? Definition: – A software system’s architecture is the set of principal design.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
LECTURE 5 Nangwonvuma M/ Byansi D. Components, interfaces and integration Infrastructure, Middleware and Platforms Techniques – Data warehouses, extending.
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
1 Advanced Software Architecture Muhammad Bilal Bashir PhD Scholar (Computer Science) Mohammad Ali Jinnah University.
INFORMATION SYSTEMS SECURITY AND CONTROL.
Information Systems Development
Chapter 1: Introduction to Systems Analysis and Design
Object-Oriented Analysis and Design
Unified Modeling Language
SDLC: System Development Life Cycle
Distribution and components
How to Mitigate the Consequences What are the Countermeasures?
An Introduction to Software Architecture
Introduction to Systems Analysis and Design Stefano Moshi Memorial University College System Analysis & Design BIT
Chapter 1: Introduction to Systems Analysis and Design
Chapter 1: Introduction to Systems Analysis and Design
Presentation transcript:

IS 425 Enterprise Information I LECTURE 3 Autumn  2004 Norma Sutcliffe

IS425 Autumn Norma Sutcliffe Session 32 This Session Software engineering/architecting is about ensuring that certain thing happen Security engineering is about ensuring that certain things do NOT happen

IS425 Autumn Norma Sutcliffe Session 33 Agenda Exercise reviewing Week 2 material The Debate Risk Management Analysis Primer Software Development / Architecting Security Disaster Recovery

IS425 Autumn Norma Sutcliffe Session 34 Exercise How do you reconcile the issue rankings below from 1996 to the “hot topics” that we discussed last week? What pressures are different and what pressures are the same for the issues and topics? 1. Building a responsive IT infrastructure 2. Facilitating and Managing Business Process Redesign 3. Developing and managing distributed systems 4. Developing and implementing an information architecture 5. Planning and managing communication networks 6. Improving the effectiveness of software development 7. Making effective use of the data resource 8. Recruiting and developing IS human resources 9. Aligning the IS organization within the enterprise 10. Improving IS strategic planning 11. Implementing and managing collaborative support systems 12. Measuring IS effectiveness and productivity

IS425 Autumn Norma Sutcliffe Session 35 The Debate Discussion Forum “Debate Topics” is now open. If you have a topic that you would like to debate – add a message giving a short description of the topic. If you see a topic that interests you particularly – reply to the topic message stating you are interested giving your section number and your name. Discussion forum is open for next two weeks.

IS425 Autumn Norma Sutcliffe Session 36 Risk Management Analysis Primer A process for assessing threats and determining which ones to ignore, reduce, eliminate level of feasible support for efforts to reduce and eliminate Expected Loss = P1 x P2 x L where: P1 = Probability of attack P2 = Probability attack is successful L = loss occurring is attack is successful

IS425 Autumn Norma Sutcliffe Session 37 Risk Management Analysis Primer A process for assessing threats and determining which ones to ignore, reduce, eliminate level of feasible support for efforts to reduce and eliminate by comparing expected losses to prevention costs

IS425 Autumn Norma Sutcliffe Session 38 Risk Management Analysis Primer Expected Loss or EL = P1 x P2 x L where: P1 = Probability of attack P2 = Probability attack is successful L = Loss occurring is attack is successful PC = Prevention costs If EL < PC then ignore If EL > PC then investing in PC is reasonable

IS425 Autumn Norma Sutcliffe Session 39 Risk Analysis Steps

IS425 Autumn Norma Sutcliffe Session 310 What is the appropriate level

IS425 Autumn Norma Sutcliffe Session 311 Software Development/Architecting The design on a system from multiple viewpoints – some common are: Technology stack (physical) view Object (data) view Use (behavioral) view But need to see attributes such as: Modifiability, Build-ability, Security, Reliability, Performance, Business-oriented qualities.

IS425 Autumn Norma Sutcliffe Session 312 Software Development/Architecting The architectural view is a component or subsystem view of the system Module approach where a module is something that can be replaced by another implementation without causing other elements to change. Relatively small amounts of information are exchanged between modules. Modules are loosely coupled Allows concurrent development

IS425 Autumn Norma Sutcliffe Session 313 Software Development/Architecting Software Architecture definitions-- 1. the description of the elements that compose the system, their interactions, the patterns and principles that guide their composition and design, and the constraints on those patterns. 2. The observable properties of a software system (aka the form of the system) including: 1. Static forms 2. Dynamic forms 3. Encompasses OO and Analysis methodologies Software Architecting means process of creating software architectures.

IS425 Autumn Norma Sutcliffe Session 314 Software Development/Architecting VIEWS have PHASES which Distinct – once completed Never Overlap Contain ACTIVITIES which Overlap Repeat Can contain many non-decomposable STEPS Part of problem-specific TASKS

IS425 Autumn Norma Sutcliffe Session 315 Enterprise Architecture Business (process) architecture Business strategy Governance Organization Key business processes (BPs) Information Technology (IT) architecture Software infrastructure supporting BPs Information (Data) architecture Logical and physical data assets Data management resources Application (software) architecture Internal physical structure Problem models to aid developing implementation- independent models

IS425 Autumn Norma Sutcliffe Session 316 Software Product Life Cycle Management View Software Engineering View Engineering Design View Architectural View

IS425 Autumn Norma Sutcliffe Session 317 Management View Phases constitute a development cycle Inception when need identified Gathering or capturing requirements aka specification of requirements Construction when product is implemented (coded), unit tested & system tested When transitioned to users--

IS425 Autumn Norma Sutcliffe Session 318 Software Engineering View Multiple chains of activities running concurrently & overlapping Inputs to activities are “whats” Outputs are “hows” RAS – understand the actual problems Design – transforming reqs into a technically feasible solution I & T – source code D & M – to users

IS425 Autumn Norma Sutcliffe Session 319 Engineering Design View Taken from mechanical engineering Phases are sequential but can be overlapping Information flows from phase to phase PP –problem is defined and req list created CD –problem analyzed and solution concepts created/revised ED –main design or draft design DD –physical arrangement, dimensions and other material properties are specified

IS425 Autumn Norma Sutcliffe Session 320 Architectural View Phases are sequential and milestone driven Product planning and study the entire enterprise context DA- understand completely needs of acquirers and users SD- prepares the architectural-level design DD- refining the architectural description and selecting among alternative designs BP- construct system

IS425 Autumn Norma Sutcliffe Session 321 Pulling It Together If firms are trying to minimize costs why would they embrace “software architecting”? Is there a possible relationship between software architecting and the value chain? Is this type of software architecture prevalent now? What kind of risk analysis can be done on a software development project?

IS425 Autumn Norma Sutcliffe Session 322 Security Engineering Definition == building systems to remain dependable in the face of Malice Error Mischance. To mitigate, reduce, the effects of threats Unintentional Intentional

IS425 Autumn Norma Sutcliffe Session 323 Security Threats

IS425 Autumn Norma Sutcliffe Session 324 General Controls Physical controls Physical design of data center to limit access and protect from elements Access controls Restriction of unauthorized user access to a system Data Security controls Protecting data From disclosure to unauthorized persons From destruction/modification by unauthorized Administrative Controls Issuing guidelines / monitoring compliance Programming Controls Development/Testing standards and procedures Application Controls Inputs/Processing/Output

IS425 Autumn Norma Sutcliffe Session 325 Security Engineering Tools Protocols Passwords Access controls Cryptography Distributed Systems Monitoring Systems

IS425 Autumn Norma Sutcliffe Session 326 Network Protection To protect Internet and E-Commerce Most common security measures are: Access control (PINs) Encryption Cable testers with protocol analyzers Firewall systems that enforce access control between two networks

IS425 Autumn Norma Sutcliffe Session 327 Disaster Recovery Planning Purpose is to keep business running after a disaster. Backups –onsite and offsite Offsite computing arrangements made in advance with hot-site vendors Offsite office arrangement made in advance with cold-site vendors Critical applications identified and recovery procedures addressed Written plan kept in several locations

IS425 Autumn Norma Sutcliffe Session 328 Pulling It Together What kind of aptitude does a security engineer need? What skills does a security engineer need? What kind of aptitude does a software engineer need? What skills does a software architect need? Are they different?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.