Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing Information Systems Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345.

Published byEarl Dickerson Modified over 9 years ago

Similar presentations

Presentation on theme: "Managing Information Systems Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345."— Presentation transcript:

1 Managing Information Systems Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345

2 Dr. S. Loizidou - ACSC3452 Objectives  Demonstrate the differences in vulnerability between traditional systems and Information Systems  Demonstrate the impact of Information System vulnerability  Demonstrate why Information Systems are vulnerable

3 Dr. S. Loizidou - ACSC3453 Protecting Information Systems  Information Systems are now very important within organisations  Disabling or corrupting these Information Systems can lead to significant loss –Financial impact –Loss of life / health and safety issues

4 Dr. S. Loizidou - ACSC3454 On-line Auction Site 8 Hour Downtime Type of Loss Value Direct revenue loss $341,652 Compensatory loss $943,521 Depreciation costs $6,279 Lost future revenues $1,024,95 5 Worker downtime loss $46,097 Contract labour loss $52,180 Delay-to-market loss $358,734 Total $2,773,41 8 Technology Spotlight: The Financial Impact of Site Outages. The Industry Standard, 1999

5 Dr. S. Loizidou - ACSC3455 Vulnerability  Why are Information Systems more vulnerable than paper-based systems?

6 Dr. S. Loizidou - ACSC3456 Vulnerability  Paper-based systems –Documents / data stored in filing cabinets –Secured by physical access  Information systems: –Data stored electronically –Logical, rather than physical, access

7 Dr. S. Loizidou - ACSC3457 Vulnerability  Information Systems open to more vulnerabilities than paper-based systems

8 Dr. S. Loizidou - ACSC3458 Security  What examples of threats to Information Systems can you think of?

9 Dr. S. Loizidou - ACSC3459 Malicious Intent  Hackers –Person who gains unauthorised access to a system for profit, criminal purpose or pleasure –Trojan horse  Program that has hidden, secondary purpose –Denial of service  Overwhelm server with requests to disable  (Partially) countered by security procedures

10 Dr. S. Loizidou - ACSC34510 Malicious Intent  Viruses –Software that is difficult to detect, spreads rapidly, destroys data, processing and memory –Logic bomb  Timed virus  (Partially) countered by anti-virus software

11 Dr. S. Loizidou - ACSC34511 Malicious Intent?  The vulnerability of Information Systems is not just restricted to external security threats

12 Dr. S. Loizidou - ACSC34512 Vulnerability  What other types of vulnerability do Information Systems have?

13 Dr. S. Loizidou - ACSC34513 Vulnerability  Threats: –Hardware failure (disk crash, Pentium bug) –Software failure (bugs, design flaws) –Personal actions (accidental, malicious) –Terminal access penetration (hacking) –Theft of data, services or equipment (virus)

14 Dr. S. Loizidou - ACSC34514 Vulnerability  Threats: –Fire (also true of paper-based systems) –Electrical problems (downtime) –User errors (wrong data) –Program changes (upgrades, assumptions) –Telecommunications (Internet, wireless)

15 Dr. S. Loizidou - ACSC34515 Concerns  Disaster: –Hardware, software, data destroyed by fire, flood, power failures, etc. –Software and data may not be replaceable –Significant (financial) loss  Backup, fault tolerance  Disaster recovery planning –Standby sites, equipment, personnel

16 Dr. S. Loizidou - ACSC34516 Concerns  Security –Policies, procedures, technical measures –Prevent unauthorised access, theft, damage  Errors –Software bugs can cause significant loss –Financial: rounding errors? –Life: missile systems

17 Dr. S. Loizidou - ACSC34517 Data Quality  Data quality problems: –Data preparation –Conversion –Input –Form completion –On-line data entry –Keypunching –Scanning –Validation –Processing –File maintenance –Output –Transmission –Distribution

18 Dr. S. Loizidou - ACSC34518 Software Quality  What types of problems may a software system have?

19 Dr. S. Loizidou - ACSC34519 Software Quality  Software problems –Bugs –Defects (wrong requirements) –Misinterpretation of requirements –Incorrect assumptions

20 Dr. S. Loizidou - ACSC34520 Software Quality  The more complex a system is, the less likely it is to be bug free  Impractical to test all paths of complex code –Difficult to test –Too much time required  Total Quality Management –Can only improve quality, not eliminate bugs –Uncertain what bugs remain and their impact

21 Dr. S. Loizidou - ACSC34521 Maintenance  Maintenance of software systems should be built into the design  Maintenance is the most expensive phase of a system –Complexity –Associated organisational changes –(Regression) testing overheads  More expensive to fix bugs as implementation proceeds

Download ppt "Managing Information Systems Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345."

Similar presentations

There are different threats and impacts that affect an organisation. Threats are things that the organisation will get attacked by so for example viruses.

There are different threats and impacts that affect an organisation. Threats are things that the organisation will get attacked by so for example viruses.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
9 - 1 Computer-Based Information Systems Control.

9 - 1 Computer-Based Information Systems Control.
4/15: Security & Controls in IS Systems Vulnerabilities Controls: what to use to guard against vulnerabilities –General controls –Application controls.

4/15: Security & Controls in IS Systems Vulnerabilities Controls: what to use to guard against vulnerabilities –General controls –Application controls.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
IS Security Control & Management. Overview n Why worry? n Sources, frequency and severity of problems n Risks to computerized vs. manual systems n Purpose.

IS Security Control & Management. Overview n Why worry? n Sources, frequency and severity of problems n Risks to computerized vs. manual systems n Purpose.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Saving Your Business from a Data Loss Randy Clark.

Saving Your Business from a Data Loss Randy Clark.
Copyright © 2015 Pearson Education, Inc. Processing Integrity and Availability Controls Chapter 10 10-1.

Copyright © 2015 Pearson Education, Inc. Processing Integrity and Availability Controls Chapter
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.

Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.
11.1 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality,

11.1 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality,
Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.

Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.
Data Security GCSE ICT.

Data Security GCSE ICT.

Similar presentations

Ads by Google