Escolar Documentos
Profissional Documentos
Cultura Documentos
14
INFORMATION
SYSTEMS SECURITY AND
CONTROL
14.1
2003 by Prentice Hall
Why are information systems so vulnerable to destruction, error, abuse, and system quality problems? What types of controls are available for information systems? What special measures must be taken to ensure the reliability, availability and security of electronic commerce and digital business processes?
14.2
2003 by Prentice Hall
What are the most important software quality assurance techniques? Why are auditing information systems and safeguarding data quality so important?
14.3
Designing systems that are neither overcontrolled nor under-controlled Applying quality assurance standards in large systems projects
14.4
Figure 14-1
14.6
2003 by Prentice Hall
Disaster
Destroys computer hardware, programs, data files, and other equipment
Security
Prevents unauthorized access, alteration, theft, or physical damage
14.7
2003 by Prentice Hall
Errors
Cause computers to disrupt or destroy organizations record-keeping and operations
14.8
Bugs
Program code defects or errors
Maintenance Nightmare
Maintenance costs high due to organizational change, software complexity, and faulty system analysis and design
14.9
2003 by Prentice Hall
14.10
Figure 14-2
14.11
Figure 14-3
14.12
2003 by Prentice Hall
Overview
Controls
Methods, policies, and procedures Ensures protection of organizations assets Ensures accuracy and reliability of records, and operational adherence to management standards
14.13
2003 by Prentice Hall
General controls
Establish framework for controlling design, security, and use of computer programs
Include software, hardware, computer operations, data security, implementation, and administrative controls
14.14
2003 by Prentice Hall
14.15
Figure 14-4
2003 by Prentice Hall
Application controls
Unique to each computerized application Include input, processing, and output controls
14.16
14.17
14.19
Firewalls
Prevent unauthorized users from accessing private networks Two types: proxies and stateful inspection
Figure 14-5
14.21
2003 by Prentice Hall
14.23
14.24
Figure 14-6
14.25
Digital Certificates
14.26
Figure 14-7
Efficiency, complexity, and expense of each control technique Level of risk if a specific activity or process is not properly controlled
14.27
2003 by Prentice Hall
MIS audit
Identifies all controls that govern individual information systems and assesses their effectiveness
14.28
Figure 14-8
14.29
2003 by Prentice Hall
14.30
14.31
Figure 14-9
14.32
2003 by Prentice Hall
Figure 14-10
14.34
2003 by Prentice Hall
14.35
Figure 14-11
14.36
Figure 14-12
Inflexible
Time-consuming
14.37
Organizes and correlates design components Automates tedious and error-prone portion of analysis and design, code generation, testing, and control rollout
14.39
Resource allocation
Determines how costs, time, and personnel are assigned to different phases of systems development project
14.40
Software Metrics
14.41
Testing
14.42
Data cleansing
Correcting errors and inconsistencies in data to increase accuracy
14.43
2003 by Prentice Hall
Chapter
14
INFORMATION
SYSTEMS SECURITY AND
CONTROL
14.44
2003 by Prentice Hall