1 / 23

SESSION 14 INFORMATION SYSTEMS SECURITY AND CONTROL

SESSION 14 INFORMATION SYSTEMS SECURITY AND CONTROL. SYSTEM VULNERABILITY AND ABUSE. Advances in telecommunications and computer software Unauthorized access, abuse, or fraud Hackers Denial of service attack Computer virus. Concerns for System Builders and Users. Disaster

rrhoades
Download Presentation

SESSION 14 INFORMATION SYSTEMS SECURITY AND CONTROL

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SESSION 14 INFORMATION SYSTEMS SECURITY AND CONTROL

  2. SYSTEM VULNERABILITY AND ABUSE • Advances in telecommunications and computer software • Unauthorized access, abuse, or fraud • Hackers • Denial of service attack • Computer virus

  3. Concerns for System Builders and Users • Disaster • Destroys computer hardware, programs, data files, and other equipment • Security • Prevents unauthorized access, alteration, theft, or physical damage

  4. Concerns for System Builders and Users • Errors • Cause computers to disrupt or destroy organization’s record-keeping and operations

  5. System Quality Problems: Software and Data • Bugs • Program code defects or errors • Maintenance Nightmare • Maintenance costs high due to organizational change, software complexity, and faulty system analysis and design

  6. Figure 15-3 System Quality Problems: Software and Data The Cost of Errors over the Systems Development Cycle

  7. System Quality Problems: Software and Data • Data Quality Problems • Caused due to errors during data input or faulty information system and database design

  8. CREATING A CONTROL ENVIRONMENT Overview • Controls • Methods, policies, and procedures • Ensures protection of organization’s assets • Ensures accuracy and reliability of records, and operational adherence to management standards

  9. CREATING A CONTROL ENVIRONMENT General Controls and Application Controls • General controls • Establish framework for controlling design, security, and use of computer programs • Include software, hardware, computer operations, data security, implementation, and administrative controls

  10. Figure 15-4 CREATING A CONTROL ENVIRONMENT Security Profiles for a Personnel System

  11. CREATING A CONTROL ENVIRONMENT General Controls and Application Controls • Application controls • Unique to each computerized application • Ensure that only authorized data are completely and accurately processed by that application • Include input, processing, and output controls

  12. Protecting the Digital Firm • On-line transaction processing: Transactions entered online are immediately processed by computer • Fault-tolerant computer systems: Contain extra hardware, software, and power supply componentsthat can back the system up and keep it running to prevent system failure

  13. Protecting the Digital Firm • High-availability computing: Tools and technologies enabling system to recover from a crash • Disaster recovery plan: Plan for running business in event of computer outage • Load balancing: Distributes large number of requests for access among multiple servers

  14. Protecting the Digital Firm • Mirroring: Duplicating all processes and transactions of server on backup server to prevent any interruption • Clustering: Linking two computers together so that a second computer can act as a backup to the primary computer or speed up processing

  15. Internet Security Challenges Figure 15-5

  16. Internet Security Challenges • Firewalls • Prevent unauthorized users from accessing private networks • Two types: proxies and stateful inspection • Intrusion Detection System • Monitors vulnerable points in network to detect and deter unauthorized intruders

  17. Security and Electronic Commerce • Encryption: Coding and scrambling of messages to prevent their being accessed without authorization • Authentication: Ability of each party in a transaction to ascertain identity of other party • Message integrity: Ability to ascertain that transmitted message has not been copied or altered

  18. Figure 15-6 Public Key Encryption

  19. Security and Electronic Commerce • Digital signature: Digital code attached to electronically transmitted message to uniquely identify contents and sender • Digital certificate:Attachment to electronic message to verify the sender and to provide receiver with means to encode reply

  20. Figure 15-7 Digital Certificates

  21. Developing a Control Structure: Costs and Benefits • Criteria for determining control • structure • Importance of data • Efficiency, complexity, and expense of each control technique • Level of risk if a specific activity or process is not properly controlled

  22. The Role of Auditing in the Control Process • MIS audit • Identifies all controls that govern individual information systems and assesses their effectiveness

  23. Data Quality Audit and Data Cleansing • Data quality audit • Survey and/or sample of files • Determines accuracy and completeness of data • Data cleansing • Correcting errors and inconsistencies in data to increase accuracy

More Related