Presentation is loading. Please wait.

Presentation is loading. Please wait.

14.1 © 2004 by Prentice Hall INFORMATIONSYSTEMS SECURITY AND CONTROL.

Published byJocelyn Frothingham Modified over 9 years ago

Similar presentations

Presentation on theme: "14.1 © 2004 by Prentice Hall INFORMATIONSYSTEMS SECURITY AND CONTROL."— Presentation transcript:

1 14.1 © 2004 by Prentice Hall INFORMATIONSYSTEMS SECURITY AND CONTROL

2 14.2 © 2004 by Prentice Hall Why are information systems so vulnerable to destruction, error, abuse, and system quality problems?Why are information systems so vulnerable to destruction, error, abuse, and system quality problems? What types of controls are available for information systems?What types of controls are available for information systems? What special measures must be taken to ensure the reliability, availability and security of electronic commerce and digital business processes?What special measures must be taken to ensure the reliability, availability and security of electronic commerce and digital business processes? OBJECTIVES

3 14.3 © 2004 by Prentice Hall What are the most important software quality assurance techniques?What are the most important software quality assurance techniques? Why are auditing of information systems and safeguarding of data quality so important?Why are auditing of information systems and safeguarding of data quality so important? OBJECTIVES

4 14.4 © 2004 by Prentice Hall Designing systems that are neither over- controlled nor under-controlledDesigning systems that are neither over- controlled nor under-controlled Applying quality assurance standards in large systems projectsApplying quality assurance standards in large systems projects MANAGEMENT CHALLENGES

5 14.5 © 2004 by Prentice Hall Advances in telecommunications and computer softwareAdvances in telecommunications and computer software Unauthorized access, abuse, or fraudUnauthorized access, abuse, or fraud HackersHackers Denial of service attackDenial of service attack Computer virusesComputer viruses SYSTEM VULNERABILITY AND ABUSE Why Systems are Vulnerable

6 14.6 © 2004 by Prentice Hall Disaster Destroys computer hardware, programs, data files, and other equipment Security Prevents unauthorized access, alteration, theft, or physical damage Errors Cause computers to disrupt and destroy organization’s record keeping and operations Cause computers to disrupt and destroy organization’s record keeping and operations SYSTEM VULNERABILITY AND ABUSE Concerns for System Builders and Users

7 14.7 © 2004 by Prentice Hall Bugs Program code defects or errorsProgram code defects or errors Maintenance Nightmare Maintenance costs high due to organizational change, software complexity, and faulty system analysis and designMaintenance costs high due to organizational change, software complexity, and faulty system analysis and design SYSTEM VULNERABILITY AND ABUSE System Quality Problems: Software and Data

8 14.8 © 2004 by Prentice Hall Data Quality Problems Caused due to errors during data input or faulty information system and database designCaused due to errors during data input or faulty information system and database design SYSTEM VULNERABILITY AND ABUSE System Quality Problems: Software and Data

9 14.9 © 2004 by Prentice Hall SYSTEM VULNERABILITY AND ABUSE The Cost of Errors over the Systems Development Cycle Figure 14-3

10 14.10 © 2004 by Prentice Hall Controls Methods, policies, and procedures that ensure protection of organization’s assetsMethods, policies, and procedures that ensure protection of organization’s assets Ensure accuracy and reliability of records, and operational adherence to management standardsEnsure accuracy and reliability of records, and operational adherence to management standards CREATING A CONTROL ENVIRONMENT Overview

11 14.11 © 2004 by Prentice Hall General controls Establish framework for controlling design, security, and use of computer programsEstablish framework for controlling design, security, and use of computer programs Include software, hardware, computer operations, data security, implementation, and administrative controlsInclude software, hardware, computer operations, data security, implementation, and administrative controls CREATING A CONTROL ENVIRONMENT General Controls and Application Controls

12 14.12 © 2004 by Prentice Hall Application controls Unique to each computerized applicationUnique to each computerized application Include input, processing, and output controlsInclude input, processing, and output controls CREATING A CONTROL ENVIRONMENT General Controls and Application Controls

13 14.13 © 2004 by Prentice Hall On-line transaction processing: Transactions entered online are immediately processed by computerOn-line transaction processing: Transactions entered online are immediately processed by computer Fault-tolerant computer systems: Contain extra hardware, software, and power supply components to provide continuous uninterrupted serviceFault-tolerant computer systems: Contain extra hardware, software, and power supply components to provide continuous uninterrupted service CREATING A CONTROL ENVIRONMENT Protecting the Digital Firm

14 14.14 © 2004 by Prentice Hall High-availability computing: Tools and technologies enabling system to recover quickly from a crashHigh-availability computing: Tools and technologies enabling system to recover quickly from a crash Disaster recovery plan: Runs business in event of computer outageDisaster recovery plan: Runs business in event of computer outage Load balancing: Distributes large number of requests for access among multiple serversLoad balancing: Distributes large number of requests for access among multiple servers CREATING A CONTROL ENVIRONMENT Protecting the Digital Firm

15 14.15 © 2004 by Prentice Hall Mirroring: Duplicating all processes and transactions of server on backup server to prevent any interruption in serviceMirroring: Duplicating all processes and transactions of server on backup server to prevent any interruption in service Clustering: Linking two computers together so that a second computer can act as a backup to the primary computer or speed up processingClustering: Linking two computers together so that a second computer can act as a backup to the primary computer or speed up processing CREATING A CONTROL ENVIRONMENT Protecting the Digital Firm

16 14.16 © 2004 by Prentice Hall Firewalls Prevent unauthorized users from accessing private networksPrevent unauthorized users from accessing private networks Two types: proxies and stateful inspectionTwo types: proxies and stateful inspection Intrusion Detection System Monitors vulnerable points in network to detect and deter unauthorized intrudersMonitors vulnerable points in network to detect and deter unauthorized intruders CREATING A CONTROL ENVIRONMENT Internet Security Challenges

17 14.17 © 2004 by Prentice Hall Figure 14-5 CREATING A CONTROL ENVIRONMENT Internet Security Challenges

18 14.18 © 2004 by Prentice Hall Encryption: Coding and scrambling of messages to prevent their access without authorizationEncryption: Coding and scrambling of messages to prevent their access without authorization Authentication: Ability of each party in a transaction to ascertain identity of other partyAuthentication: Ability of each party in a transaction to ascertain identity of other party Message integrity: Ability to ascertain that transmitted message has not been copied or alteredMessage integrity: Ability to ascertain that transmitted message has not been copied or altered CREATING A CONTROL ENVIRONMENT Security and Electronic Commerce

19 14.19 © 2004 by Prentice Hall Digital signature: Digital code attached to electronically transmitted message to uniquely identify contents and senderDigital signature: Digital code attached to electronically transmitted message to uniquely identify contents and sender Digital certificate: Attachment to electronic message to verify the sender and to provide receiver with means to encode replyDigital certificate: Attachment to electronic message to verify the sender and to provide receiver with means to encode reply CREATING A CONTROL ENVIRONMENT Security and Electronic Commerce

20 14.20 © 2004 by Prentice Hall Public Key Encryption CREATING A CONTROL ENVIRONMENT Figure 14-6

21 14.21 © 2004 by Prentice Hall Digital Certificates CREATING A CONTROL ENVIRONMENT Figure 14-7

22 14.22 © 2004 by Prentice Hall MIS audit Identifies all controls that govern individual information systems and assesses their effectivenessIdentifies all controls that govern individual information systems and assesses their effectiveness CREATING A CONTROL ENVIRONMENT The Role of Auditing in the Control Process

23 14.23 © 2004 by Prentice Hall Structured analysis: Method for defining system inputs, processes, and outputs, for partitioning systems into subsystems or modulesStructured analysis: Method for defining system inputs, processes, and outputs, for partitioning systems into subsystems or modules Data Flow Diagram (DFD): Graphically illustrates system’s component processes and flow of dataData Flow Diagram (DFD): Graphically illustrates system’s component processes and flow of data ENSURING SYSTEM QUALITY Software Quality Assurance Methodologies and Tools

24 14.24 © 2004 by Prentice Hall Structured design: Encompasses set of design rules and techniques for designing systems from top downStructured design: Encompasses set of design rules and techniques for designing systems from top down Structured programming: Organizing and coding programs that simplify control pathsStructured programming: Organizing and coding programs that simplify control paths ENSURING SYSTEM QUALITY Software Quality Assurance Methodologies and Tools

25 14.25 © 2004 by Prentice Hall Automation of step-by-step methodologies for software and systems developmentAutomation of step-by-step methodologies for software and systems development Reduces repetitive workReduces repetitive work Enforces standard development methodology and design disciplineEnforces standard development methodology and design discipline Improves communication between users and technical specialistsImproves communication between users and technical specialists ENSURING SYSTEM QUALITY Computer-Aided Software Engineering (CASE)

26 14.26 © 2004 by Prentice Hall Organizes and correlates design componentsOrganizes and correlates design components Automates tedious and error-prone portion of analysis and design, code generation, testing, and control rolloutAutomates tedious and error-prone portion of analysis and design, code generation, testing, and control rollout ENSURING SYSTEM QUALITY Computer-Aided Software Engineering (CASE)

27 14.27 © 2004 by Prentice Hall Objective assessment of software used in the system in form of quantified measurementsObjective assessment of software used in the system in form of quantified measurements ENSURING SYSTEM QUALITY Software Metrics

28 14.28 © 2004 by Prentice Hall Walkthrough: Review of specification or design document by small group of peopleWalkthrough: Review of specification or design document by small group of people Debugging: Process of discovering and eliminating errors and defects in program codeDebugging: Process of discovering and eliminating errors and defects in program code ENSURING SYSTEM QUALITY Testing

29 14.29 © 2004 by Prentice Hall INFORMATIONSYSTEMS SECURITY AND CONTROL

Download ppt "14.1 © 2004 by Prentice Hall INFORMATIONSYSTEMS SECURITY AND CONTROL."

Similar presentations

Security and Control Soetam Rizky. Why Systems Are Vulnerable ?

Security and Control Soetam Rizky. Why Systems Are Vulnerable ?
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Auditing Computer Systems

Auditing Computer Systems
4/15: Security & Controls in IS Systems Vulnerabilities Controls: what to use to guard against vulnerabilities –General controls –Application controls.

4/15: Security & Controls in IS Systems Vulnerabilities Controls: what to use to guard against vulnerabilities –General controls –Application controls.
Information System Security and Control Chapter 15 © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System.

Information System Security and Control Chapter 15 © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System.
Chapter 17 Controls and Security Measures

Chapter 17 Controls and Security Measures
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Lecture 10 Security and Control.

Lecture 10 Security and Control.
Lecture 10 Security and Control.

Lecture 10 Security and Control.
10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.

10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Risks, Controls and Security Measures

Risks, Controls and Security Measures
Ecommerce: Security and Control James Vickers, Boston College

Ecommerce: Security and Control James Vickers, Boston College
14.1 © 2004 by Prentice Hall Management Information Systems 8/e Chapter 14 Information Systems Security and Control 14 INFORMATIONSYSTEMS SECURITY AND.

14.1 © 2004 by Prentice Hall Management Information Systems 8/e Chapter 14 Information Systems Security and Control 14 INFORMATIONSYSTEMS SECURITY AND.
1 Senn, Information Technology, 3 rd Edition © 2004 Pearson Prentice Hall James A. Senn’s Information Technology, 3 rd Edition Chapter 14 Issues in Information.

1 Senn, Information Technology, 3 rd Edition © 2004 Pearson Prentice Hall James A. Senn’s Information Technology, 3 rd Edition Chapter 14 Issues in Information.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Similar presentations

Ads by Google