Laudon - PowerPoint PPT Presentation

1 / 32
About This Presentation
Title:

Laudon

Description:

DEMONSTRATE WHY INFO SYSTEMS ARE VULNERABLE TO DESTRUCTION, ... JUNKIE: Infects files, boot sector, memory conflicts. RIPPER: Randomly corrupts hard drive files ... – PowerPoint PPT presentation

Number of Views:260
Avg rating:3.0/5.0
Slides: 33
Provided by: EFis78
Category:
Tags: junkie | laudon

less

Transcript and Presenter's Notes

Title: Laudon


1
16. INFORMATION SYSTEMS SECURITY CONTROL
2
LEARNING OBJECTIVES
  • DEMONSTRATE WHY INFO SYSTEMS ARE VULNERABLE TO
    DESTRUCTION, ERROR, ABUSE, QUALITY CONTROL
    PROBLEMS
  • COMPARE GENERAL AND APPLICATION CONTROLS
  • SELECT FACTORS FOR DEVELOPING CONTROLS

3
LEARNING OBJECTIVES
  • DESCRIBE IMPORTANT SOFTWARE QUALITY- ASSURANCE
    TECHNIQUES
  • DEMONSTRATE IMPORTANCE OF AUDITING INFO SYSTEMS
    SAFEGUARDING DATA QUALITY

4
MANAGEMENT CHALLENGES
  • SYSTEM VULNERABILITY ABUSE
  • CREATING A CONTROL ENVIRONMENT
  • ENSURING SYSTEM QUALITY

5
SYSTEM VULNERABILITY ABUSE
  • WHY SYSTEMS ARE VULNERABLE
  • HACKERS VIRUSES
  • CONCERNS FOR BUILDERS USERS
  • SYSTEM QUALITY PROBLEMS

6
THREATS TO INFORMATION SYSTEMS
  • HARDWARE FAILURE, FIRE
  • SOFTWARE FAILURE, ELECTRICAL PROBLEMS
  • PERSONNEL ACTIONS, USER ERRORS
  • ACCESS PENETRATION, PROGRAM CHANGES
  • THEFT OF DATA, SERVICES, EQUIPMENT
    TELECOMMUNICATIONS PROBLEMS

7
WHY SYSTEMS ARE VULNERABLE
  • SYSTEM COMPLEXITY
  • COMPUTERIZED PROCEDURES NOT ALWAYS READ OR
    AUDITED
  • EXTENSIVE EFFECT OF DISASTER
  • UNAUTHORIZED ACCESS POSSIBLE

8
VULNERABILITIES
  • RADIATION Allows recorders, bugs to tap system
  • CROSSTALK Can garble data
  • HARDWARE Improper connections, failure of
    protection circuits
  • SOFTWARE Failure of protection features, access
    control, bounds control
  • FILES Subject to theft, copying, unauthorized
    access

9
VULNERABILITIES
  • USER Identification, authentication, subtle
    software modification
  • PROGRAMMER Disables protective features reveals
    protective measures
  • MAINTENANCE STAFF Disables hardware devices
    uses stand-alone utilities
  • OPERATOR Doesnt notify supervisor, reveals
    protective measures

10
HACKERS COMPUTER VIRUSES
  • HACKER Person gains access to computer for
    profit, criminal mischief, personal pleasure
  • COMPUTER VIRUS Rouge program difficult to
    detect spreads rapidly destroys data disrupts
    processing memory

11
COMMON COMPUTER VIRUSES
  • CONCEPT Word documents, e-mail. Deletes files
  • FORM Makes clicking sound, corrupts data
  • ONE_HALF Corrupts hard drive, flashes its name
    on screen
  • MONKEY Windows wont run
  • JUNKIE Infects files, boot sector, memory
    conflicts
  • RIPPER Randomly corrupts hard drive files

12
ANTIVIRUS SOFTWARE
  • SOFTWARE TO DETECT
  • ELIMINATE VIRUSES
  • ADVANCED VERSIONS RUN IN MEMORY TO PROTECT
    PROCESSING, GUARD AGAINST VIRUSES ON DISKS, AND
    ON INCOMING NETWORK FILES

13
CONCERNS FOR BUILDERS USERS
  • DISASTER
  • BREACH OF SECURITY
  • ERRORS

14
DISASTER
  • LOSS OF HARDWARE, SOFTWARE, DATA BY FIRE, POWER
    FAILURE, FLOOD OR OTHER CALAMITY
  • FAULT-TOLERANT COMPUTER SYSTEMS BACKUP
    SYSTEMS TO PREVENT SYSTEM FAILURE (Particularly
    On-line Transaction Processing)

15
SECURITY
  • POLICIES, PROCEDURES, TECHNICAL MEASURES TO
    PREVENT UNAUTHORIZED ACCESS, ALTERATION, THEFT,
    PHYSICAL DAMAGE TO INFORMATION SYSTEMS

16
WHERE ERRORS OCCUR
  • DATA PREPARATION
  • TRANSMISSION
  • CONVERSION
  • FORM COMPLETION
  • ON-LINE DATA ENTRY
  • KEYPUNCHING SCANNING OTHER INPUTS

17
WHERE ERRORS OCCUR
  • VALIDATION
  • PROCESSING / FILE MAINTENANCE
  • OUTPUT
  • TRANSMISSION
  • DISTRIBUTION

18
SYSTEM QUALITY PROBLEMS
  • SOFTWARE DATA
  • BUGS Program code defects or errors
  • MAINTENANCE Modifying a system in production
    use can take up to 50 of analysts time
  • DATA QUALITY PROBLEMS Finding, correcting
    errors costly tedious

19
COST OF ERRORS DURING SYSTEMS DEVELOPMENT CYCLE
6.00
5.00
4.00
3.00
COSTS
2.00
1.00
ANALYSIS PROGRAMMING POSTIMPLEMENTATION
DESIGN
CONVERSION
20
CREATING A CONTROL ENVIRONMENT
  • CONTROLS METHODS, POLICIES, PROCEDURES TO
    PROTECT ASSETS ACCURACY RELIABILITY OF
    RECORDS ADHERENCE TO MANAGEMENT STANDARDS
  • GENERAL
  • APPLICATION

21
GENERAL CONTROLS
  • IMPLEMENTATION Audit system development to
    assure proper control, management
  • SOFTWARE Ensure security, reliability of
    software
  • PHYSICAL HARDWARE Ensure physical security,
    performance of computer hardware

22
GENERAL CONTROLS
  • COMPUTER OPERATIONS Ensure procedures
    consistently, correctly applied to data storage,
    processing
  • DATA SECURITY Ensure data disks, tapes protected
    from wrongful access, change, destruction
  • ADMINISTRATIVE Ensure controls properly
    executed, enforced
  • SEGREGATION OF FUNCTIONS Divide
    responsibility from tasks

23
APPLICATION CONTROLS
  • INPUT
  • PROCESSING
  • OUTPUT

24
INPUT CONTROLS
  • INPUT AUTHORIZATION Record, monitor source
    documents
  • DATA CONVERSION Transcribe data properly from
    one form to another
  • BATCH CONTROL TOTALS Count transactions prior to
    and after processing
  • EDIT CHECKS Verify input data, correct errors

25
PROCESSING CONTROLS
  • ESTABLISH THAT DATA IS COMPLETE, ACCURATE
    DURING PROCESSING
  • RUN CONTROL TOTALS Generate control totals
    before after processing
  • COMPUTER MATCHING Match input data to master
    files

26
OUTPUT CONTROLS
  • ESTABLISH THAT RESULTS ARE ACCURATE, COMPLETE,
    PROPERLY DISTRIBUTED
  • BALANCE INPUT, PROCESSING, OUTPUT TOTALS
  • REVIEW PROCESSING LOGS
  • ENSURE ONLY AUTHORIZED RECIPIENTS GET RESULTS

27
SECURITY AND THE INTERNET
  • ENCRYPTION Coding scrambling messages to deny
    unauthorized access
  • AUTHENTICATION Ability to identify another party
  • MESSAGE INTEGRITY
  • DIGITAL SIGNATURE
  • DIGITAL CERTIFICATE

28
SECURITY AND THE INTERNET
  • SECURE ELECTRONIC TRANSACTION Standard for
    securing credit card transactions on Internet
  • ELECTRONIC CASH Currency represented in
    electronic form, preserving user anonymity

29
DEVELOPING A CONTROL STRUCTURE
  • COSTS Can be expensive to build complicated to
    use
  • BENEFITS Reduces expensive errors, loss of time,
    resources, good will
  • RISK ASSESSMENT Determine frequency of
    occurrence of problem, cost, damage if it were to
    occur

30
MIS AUDIT
  • IDENTIFIES CONTROLS OF INFORMATION SYSTEMS,
    ASSESSES THEIR EFFECTIVENESS
  • TESTING Early, regular controlled efforts to
    detect, reduce errors
  • WALKTHROUGH
  • DEBUGGING
  • DATA QUALITY AUDIT Survey samples of files for
    accuracy, completeness

31
Connect to the INTERNET
PRESS LEFT MOUSE BUTTON ON ICON TO CONNECT TO
LAUDON LAUDON WEB SITE FOR MORE INFORMATION IN
THIS CHAPTER
32
16. INFORMATION SYSTEMS SECURITY CONTROL
Write a Comment
User Comments (0)
About PowerShow.com