Managing Information Resources and Security - PowerPoint PPT Presentation

1 / 15
About This Presentation
Title:

Managing Information Resources and Security

Description:

Hardware. Software. Network. Data (entry) Areas of Threats. How to Protect? ... Disaster Recovery (restoration) Creating a Controlled Environment. Security Controls ... – PowerPoint PPT presentation

Number of Views:188
Avg rating:3.0/5.0
Slides: 16
Provided by: ginag
Category:

less

Transcript and Presenter's Notes

Title: Managing Information Resources and Security


1
Managing Information Resources and Security
  • Chapter 15

2
Learning Objectives
  • Role of CIO in managing and securing IT resources
  • Understand IT End User relationships
  • Understand threats to IS operations
  • Understand actions to
  • Create secure IS environments
  • Recover ISs from disasters

3
Emerging CIO Roles in the Web-Based Economy
  • Helping to define the strategic future
  • Become a business visionary who can help drive
    business strategy and help develop new business
    models
  • Lead in the exploration of new computing
    environments, like mobile enterprises and utility
    computing
  • Help others understand that the web-based era is
    more about business change than technology
  • Improvement of the IT asset-acquisition process

4
Emerging CIO Roles in the Web-Based Economy, cont
  • Help avoid disillusionment with IT as it becomes
    more prevalent in the firm
  • Argue for a greater measure of central control
  • Protecting the ever-increasing IT assets against
    ever-increasing hazards

5
Issues
  • IS End User Relationships
  • Ensuring IT integrity through controls
  • Protecting IT Assets

6
The IS End User Relationship
  • The ISD is a service organization that manages
    the IT infrastructure needed to carry on end-user
    IT applications.
  • It is extremely important to have a good
    relationship with the end users.
  • The development of end-user computing and
    outsourcing was motivated in part by the poor
    service that end users felt they received.

7
The IS End-User Relationship, cont
The ISD and Four Approaches to End User
Relationships
  • Let them sink or swim. Dont do anything let the
    end user beware.
  • Use the stick. Establish policies and procedures
    to control end-user computing so that corporate
    risks are minimized, and try to enforce them.
  • Use the carrot. Create incentives to encourage
    certain end-user practices that reduce
    organizational risks.
  • Offer support. Develop services to aid end users
    in their computing activity

8
The IS End-User Relationship, cont
  • To improve collaboration, the ISD and end users
    may employ three common arrangements
  • the steering committee
  • service-level agreements
  • the information center

9
Threats and Vulnerabilities
  • Security
  • Protection / recovery from (un) authorized access
  • Disasters
  • Protection / recovery from (un)natural disasters
  • System Quality
  • Hardware
  • Software
  • Network
  • Data (entry)

10
Areas of Threats
11
How to Protect?
  • Security Controls (prevention)
  • Disaster Recovery (restoration)

12
Creating a Controlled Environment
  • Security Controls
  • Technology, methods, policies, procedures
  • Ensure
  • Safety of assets
  • Accuracy, reliability of hw/sw/information
  • Adherence to standards
  • Types
  • General
  • Application

13
General Controls
  • System-wide controls
  • Physical
  • Protects physical access to and damage from IT
  • Access
  • Controls who has access to system resources
  • Data Security
  • Controls who has what access to organization data
  • Network/Communication
  • Secure access to network, data traveling on
    network
  • Administrative
  • Includes policies governing IT use
  • Other
  • SDLC controls (quality assurance)

14
Application Controls
  • Application-specific control over access and use
  • Input _______________________
  • User authorization
  • Edit checks
  • Processing ___________________
  • Control totals
  • Consistency checks
  • Output ______________________
  • Logging

15
Business Continuity Plan
  • aka Disaster Recovery Plan
  • Plan to restore systems to use after natural
    disaster
  • Includes
  • Backing up critical hw/data
  • Off-site storage of data
  • Backup data center ("hot sites")
  • Backup manual procedures
  • Should be included in SDLC activities
Write a Comment
User Comments (0)
About PowerShow.com