Chapter 14: Security and Control

1
Chapter 14 Security and Control
Security and Control
Systems Vulnerabilities
Disaster
Hackers
Viruses
Security
Errors
Controls
MIS Audit
Internet Security
Application
General
Disaster Recovery Plan
Systems Quality
CASE
Top down
Structured
Testing
2
System Vulnerability

• Brokerage site down for 8 hours lose 5 million
  dollars
• Amazon lost 244,000 per hour when it was down
• Down for a few days, may go out of business
• What are systems vulnerable to?

3
Visa International

• Estimate if down for 5-minutes, would block 55
  million in transactions!
• Theyve had 98 minutes of down time in 12 years
• How do they do it?
• 4 major data centers
• In McLean, VA secret data center
• Fireproof, earthquake proof
• 5000-pound doors
• Backups (and backups for the backups)

4
Visa

• Backups for computers, for power
• UPS (uninterruptible power supply)
• Diesel power generators
• Testing including all life cycle testing (600,000
  carefully selected transactions) plus full volume
  testing compared to real results
• Change management rank all changes as to risk
  and uses risk portfolio management

5
Virus

• Computer Virus
• Control antivirus software -- software designed
  to detect and eliminate viruses
• Be sure to update antivirus software frequently
• Beware of hoaxes
• http//hoaxbuster.ciac.org

6
Backup

• Making a copy onto another storage medium
• If you only have one copy.
• You are at risk!

7
Bugs -- defects in program code

• Where do errors come from?
• How can we reduce errors?

8
Bugs and Defects

• All systems have bugs
• Must test to remove as many as we can
• Maintenance nightmare
• Data quality problems

9
Cost of fixing errors
10
Two kinds of controls

• General controls -- throughout the organization
• Application controls -- unique to each application

11
(No Transcript)
12
Application controls

• Input controls check data as its entered
• Edit checks routines performed to edit data
• Reasonableness
• Format
• Computer matching check input data to data on
  database

13
Protections against disaster

• Fault-tolerant computer systems
• High-availability computing

14
Disaster Recovery Plan

• Plan for running the business in case of a
  disaster
• Can include
• Backup computers at another site
• Disaster recovery sites (hot sites)
• Test plan frequently

15
Other backup techniques

• Load balancing across multiple servers
• Mirroring a backup server that duplicates all
  processes on the primary server
• Clustering link two computers together so that
  first can serve as backup

16
Internet Security

• Firewalls -- between Internet and internal
  network
• Examine credentials before entering

17
Encryption

• Scramble messages before sending them
• Need key to interpret them

Sender
Scrambled Message
Recipient
Encrypt with public key
Decrypt with private key
18
MIS Audit

• Identify all controls
• Assess their effectiveness

19
System quality

• Development methodology
• a collection of methods
• one for each activity
• for each phase of the project

20
Structured top down method of analysis.

• Structured
• techniques that are carefully drawn up,
• often step-by-step,
• with each step building upon a previous one.
• Top Down
• an approach that goes from the highest most
  abstract level
• to the lowest level of detail.

21
Structured analysis

• Define systems inputs, processes, outputs.
• Graphical model
• Partition system into pieces

22
(No Transcript)
23
Other structured techniques

• Structured design
• Structured programming

24
CASE

• Computer-aided Software Engineering
• Automation of step-by-step methodologies for
  systems development
• Enforces methods
• Improves communications
• Automates the tedious part of systems analysis
  and design
• Automate code generation and testing

25
Testing

• Walkthrough review by a group
• Design specifications
• Programs

26
World Trade Center Disaster

• Read case pages 480-482
• What kinds of information systems problems did
  WTC companies have to deal with?
• How well prepared were companies described in the
  case prepared for the problems?
• Contrast BONY and Nasdaq in terms of
• Advance preparedness
• Problems they had to cope with
• Creative solutions