©1999 Addison Wesley Longman Slide 13.1 Information System Security and Control 13.

Slides:

Advertisements

Similar presentations

1 E-business Security and Control 2 Opening Case: Visa 10 commandments for online merchants – Maintaining a network firewall – Keeping security patches.

Advertisements

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

4 Information Security.

Computer Fraud Chapter 5.

Computer Fraud Chapter 5.

Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,

1 Pertemuan 10 Membuat dan mengelola resiko dan kriminalitas sistem informasi Matakuliah: H0472 / Konsep Sistem Informasi Tahun: 2006 Versi: 1.

FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.

A-Level Computing data damage and prevention. Objectives To know the dangers associated with a computer system To understand the methods of prevention.

Protecting Your Identity: What to Know, What to Do.

1 MIS 2000 Class 22 System Security Update: Winter 2015.

Crime and Security in the Networked Economy Part 4.

Auditing Computer-Based Information Systems

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

9 - 1 Computer-Based Information Systems Control.

©1999 Addison Wesley Longman Slide 6.1 Product, Customer, and Competitive Advantage 6.

Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.

Chapter 17 Controls and Security Measures

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.

Auditing Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Securing Information Systems

General Awareness Training

Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the.

12 Building and Maintaining Information Systems.

© 2013 Pearson Education, Inc. Publishing as Prentice Hall 1 CHAPTER 11: DATA AND DATABASE ADMINISTRATION Modern Database Management 11 th Edition Jeffrey.

Defining Security Issues

Evolving IT Framework Standards (Compliance and IT)

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

1-1 Managing Information Technology. 1-2 Information ●What information do businesses keep and use? ●What information have you been exposed to today?

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Prepared by: Dinesh Bajracharya Nepal Security and Control.

Information System Security and Control

Chapter 16 Designing Effective Output. E – 2 Before H000 Produce Hardware Investment Report HI000 Produce Hardware Investment Lines H100 Read Hardware.

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

Team 16 : MedFRS Device Diagnostic Software Misha DowdProject Manager Delnaz GundeviaLife Cycle Planner Anfal Abdul JaleelSystem Architect Nanda Kishore.

Today’s Lecture Covers < Chapter 6 - IS Security

Networks. A network is formed when a group of computers are connected together. Computers in a Local Area Network (LAN) are fairly close together, generally.

Information Systems Security Operational Control for Information Security.

Presented By: Emergency Management Professionals Dee Grimm RN, JD MUTAL AID AGREEEMENTS FOR HOSPITAL EVACUATION.

Chapter Eight CBIS and Checklists. General Controls 12 controls Planning, controls, standards, security Continuous updating –e.g., C&L 66% of firms inadequate.

1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,

Zulhizam Bin Ebrahim Mohd Shamir Bin Abd Azia Muhammad Salehin Bin Suhaimi

SECURITY OF DATA By: ADRIAN PERHAM. Issues of privacy; Threats to IT systems; Data integrity; Standard clerical procedures; Security measures taken to.

CPS ® and CAP ® Examination Review OFFICE SYTEMS AND TECHNOLOGY, Fifth Edition By Schroeder and Graf ©2005 Pearson Education, Inc. Pearson Prentice Hall.

Network Security & Accounting

Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,

MBA 664 Database Management Dave Salisbury ( )

TM 13-1 Copyright © 1999 Addison Wesley Longman, Inc. Data and Database Administration.

Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.

IT-Secrurity Cookbook Enter your login: Enter your password:

Protecting Yourself from Fraud including Identity Theft Personal Finance.

Protecting Data. Privacy Everyone has a right to privacy Data is held by many organisations –Employers –Shops –Banks –Insurance companies –etc.

Protecting Yourself from Fraud including Identity Theft Advanced Level.

Contingency Management Indiana University of Pennsylvania John P. Draganosky.

Welcome to the ICT Department Unit 3_5 Security Policies.

Copyright © 2016 Pearson Education, Inc. CHAPTER 12: DATA AND DATABASE ADMINISTRATION Modern Database Management 12 th Edition Jeff Hoffer, Ramesh Venkataraman,

TM 13-1 Copyright © 1999 Addison Wesley Longman, Inc. Data and Database Administration.

Information Systems Security

Securing Information Systems

Larry Brownfield, CPO, OHE – KOA, Inc.

Protecting Your Identity:

INFORMATION SYSTEMS SECURITY and CONTROL

Protecting Yourself from Fraud including Identity Theft

Information Systems Security and Control

Presentation transcript:

©1999 Addison Wesley Longman Slide 13.1 Information System Security and Control 13

©1999 Addison Wesley Longman Slide 13.2 Table 13.1 London Ambulance Service: an Information System Disaster

©1999 Addison Wesley Longman Slide 13.3 Table 13.1 London Ambulance Service: an Information System Disaster CUSTOMER People requiring emergency medical care Ambulance drivers requiring information about where to pick up patients requiring emergency transportation to a hospital

©1999 Addison Wesley Longman Slide 13.4 Table 13.1 London Ambulance Service: an Information System Disaster PRODUCT Location of next pickup, selected to minimize delays and communicated immediately

©1999 Addison Wesley Longman Slide 13.5 Table 13.1 London Ambulance Service: an Information System Disaster BUSINESS PROCESS Major steps: Track the location of all ambulances Receive telephone notification of an emergency situation requiring an ambulance Decide which ambulance should respond to the emergency Notify the ambulance driver Track the disposition of each call Rationale: Treat all of London as a single zone Automate many of the dispatching decisions

©1999 Addison Wesley Longman Slide 13.6 Table 13.1 London Ambulance Service: an Information System Disaster PARTICIPANTS Dispatching staff Ambulance drivers INFORMATION Location of people having medical emergencies Location of ambulances Geography of London TECHNOLOGY Telephone Radio transmitters and receivers Computer program making dispatching decisions

©1999 Addison Wesley Longman Slide 13.7 Table 13.2 Common Reasons for Project Failure at Different Project Phases INITIATION The reasons for building the system have too little support. The system seems too expensive. DEVELOPMENT It is too difficult to define the requirements. The system is not technically feasible. The project is too difficult is too difficult for technical staff assigned. IMPLEMENTATION The system requires too great a change from existing work practices. Potential users dislike the system or resist using it. Too little effort is put into the implementation. OPERATION AND MAINTENANCE System controls are insufficient. Too little effort goes into supporting effective use. The system is not updated as business needs change.

©1999 Addison Wesley Longman Slide 13.8 Figure 13.1 Seven types of risks related to accidents

©1999 Addison Wesley Longman Slide 13.9 Figure 13.2 Threats related to computer crime

©1999 Addison Wesley Longman Slide Box 13.1 Examples of fraud committed using transaction processing systems FORGERY IMPERSONATION FRAUD DISBURSEMENTS FRAUD INVENTORY FRAUD PAYROLL FRAUD PENSION FRAUD CASHIER FRAUD

©1999 Addison Wesley Longman Slide Figure 13.3 Check forgery

©1999 Addison Wesley Longman Slide Table 13.3 Conditions That Increase Vulnerability THREATS FROM UNINTENTIONAL OCCURRENCES Operator error Hardware malfunction Software bugs Data errors Damage to physical facilities Inadequate system performance Liability THREATS FROM INTENTIONAL ACTIONS Theft Vandalism and sabotage

©1999 Addison Wesley Longman Slide Figure 13.4 Value chain for system security and control

©1999 Addison Wesley Longman Slide Figure 13.5 Software change control

©1999 Addison Wesley Longman Slide Table 13.4 Controlling Access to Data, Computers, and Networks ENFORCE MANUAL DATA HANDLING GUIDELINES Lock desks Shred discarded documents and manuals DEFINE ACCESS PRIVILEGES Give different individuals different levels of privilege for using the computer Give different individuals different levels of access to specific data files ENFORCE ACCESS PRIVILEGES What you know Password Special personal data What you have ID card Key to physical facility Where you are Call-back system Who you are Fingerprint or handprint or handprint Retina pattern Voice pattern CONTROL INCOMING DATA NETWORKS AND OTHER MEDIA Use firewalls Scan for viruses MAKE DATA MEANINGLESS TO ANYONE LACKING AUTHORIZATION Data encryption

©1999 Addison Wesley Longman Slide Figure 13.7 Possible locations for checking data transfers in a corporate network

©1999 Addison Wesley Longman Slide Figure 13.8 Using public key encryption

©1999 Addison Wesley Longman Slide Figure 13.9 Validation checks for a course enrollment transaction