1 / 21

Managing Information Systems

Managing Information Systems. Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345. Objectives. Demonstrate the differences in vulnerability between traditional systems and Information Systems Demonstrate the impact of Information System vulnerability

heatherroberts
Download Presentation

Managing Information Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Managing Information Systems Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345

  2. Objectives • Demonstrate the differences in vulnerability between traditional systems and Information Systems • Demonstrate the impact of Information System vulnerability • Demonstrate why Information Systems are vulnerable Dr. S. Loizidou - ACSC345

  3. Protecting Information Systems • Information Systems are now very important within organisations • Disabling or corrupting these Information Systems can lead to significant loss • Financial impact • Loss of life / health and safety issues Dr. S. Loizidou - ACSC345

  4. On-line Auction Site8 Hour Downtime Dr. S. Loizidou - ACSC345 Technology Spotlight: The Financial Impact of Site Outages. The Industry Standard, 1999

  5. Vulnerability • Why are Information Systems more vulnerable than paper-based systems? Dr. S. Loizidou - ACSC345

  6. Vulnerability • Paper-based systems • Documents / data stored in filing cabinets • Secured by physical access • Information systems: • Data stored electronically • Logical, rather than physical, access Dr. S. Loizidou - ACSC345

  7. Vulnerability • Information Systems open to more vulnerabilities than paper-based systems Dr. S. Loizidou - ACSC345

  8. Security • What examples of threats to Information Systems can you think of? Dr. S. Loizidou - ACSC345

  9. Malicious Intent • Hackers • Person who gains unauthorised access to a system for profit, criminal purpose or pleasure • Trojan horse • Program that has hidden, secondary purpose • Denial of service • Overwhelm server with requests to disable • (Partially) countered by security procedures Dr. S. Loizidou - ACSC345

  10. Malicious Intent • Viruses • Software that is difficult to detect, spreads rapidly, destroys data, processing and memory • Logic bomb • Timed virus • (Partially) countered by anti-virus software Dr. S. Loizidou - ACSC345

  11. Malicious Intent? • The vulnerability of Information Systems is not just restricted to external security threats Dr. S. Loizidou - ACSC345

  12. Vulnerability • What other types of vulnerability do Information Systems have? Dr. S. Loizidou - ACSC345

  13. Vulnerability • Threats: • Hardware failure (disk crash, Pentium bug) • Software failure (bugs, design flaws) • Personal actions (accidental, malicious) • Terminal access penetration (hacking) • Theft of data, services or equipment (virus) Dr. S. Loizidou - ACSC345

  14. Vulnerability • Threats: • Fire (also true of paper-based systems) • Electrical problems (downtime) • User errors (wrong data) • Program changes (upgrades, assumptions) • Telecommunications (Internet, wireless) Dr. S. Loizidou - ACSC345

  15. Concerns • Disaster: • Hardware, software, data destroyed by fire, flood, power failures, etc. • Software and data may not be replaceable • Significant (financial) loss • Backup, fault tolerance • Disaster recovery planning • Standby sites, equipment, personnel Dr. S. Loizidou - ACSC345

  16. Concerns • Security • Policies, procedures, technical measures • Prevent unauthorised access, theft, damage • Errors • Software bugs can cause significant loss • Financial: rounding errors? • Life: missile systems Dr. S. Loizidou - ACSC345

  17. Data quality problems: Data preparation Conversion Input Form completion On-line data entry Keypunching Scanning Validation Processing File maintenance Output Transmission Distribution Data Quality Dr. S. Loizidou - ACSC345

  18. Software Quality • What types of problems may a software system have? Dr. S. Loizidou - ACSC345

  19. Software Quality • Software problems • Bugs • Defects (wrong requirements) • Misinterpretation of requirements • Incorrect assumptions Dr. S. Loizidou - ACSC345

  20. Software Quality • The more complex a system is, the less likely it is to be bug free • Impractical to test all paths of complex code • Difficult to test • Too much time required • Total Quality Management • Can only improve quality, not eliminate bugs • Uncertain what bugs remain and their impact Dr. S. Loizidou - ACSC345

  21. Maintenance • Maintenance of software systems should be built into the design • Maintenance is the most expensive phase of a system • Complexity • Associated organisational changes • (Regression) testing overheads • More expensive to fix bugs as implementation proceeds Dr. S. Loizidou - ACSC345

More Related