Managing Information Systems - PowerPoint PPT Presentation

About This Presentation
Title:

Managing Information Systems

Description:

Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345 Objectives Demonstrate that Information System ... – PowerPoint PPT presentation

Number of Views:274
Avg rating:3.0/5.0
Slides: 24
Provided by: staffFit4
Category:

less

Transcript and Presenter's Notes

Title: Managing Information Systems


1
Managing Information Systems
Information Systems Security and Control Part
2 Dr. Stephania Loizidou Himona ACSC 345
2
Objectives
  • Demonstrate that Information System
    vulnerabilities can be controlled
  • Demonstrate the ways in which Information Systems
    can be controlled in an organisation
  • Demonstrate some of the technologies that can be
    used to control Information Systems
    vulnerabilities

3
Controlling Information Systems
  • Recall there are numerous threats to Information
    Systems
  • Hardware failures
  • Software failures
  • Upgrade issues
  • Disasters
  • Malicious intent

4
Controlling Information Systems
  • To minimise likelihood of threats, must control
    the environment in which Information Systems are
    developed and deployed
  • Controls put in place to
  • Manually control environment of Information
    Systems
  • Automatically add controls to Information Systems

5
Controlling Information Systems
  • Implemented through
  • Policies
  • Procedures
  • Standards
  • Control must be thought about through all stages
    of Information Systems analysis, construction,
    deployment operations and maintenance

6
Controlling Information Systems
  • What sort of controls can be put in place?

7
Controls
  • General controls
  • Controls for design, security and use of
    Information Systems throughout the organisation
  • Application controls
  • Specific controls for each application
  • User functionality specific

8
General Controls
  • Implementation controls
  • Audit system development
  • Ensure properly managed and controlled
  • Ensure user involvement
  • Ensure procedures and standards are in use
  • Software controls
  • Authorised access to systems

9
General Controls
  • Hardware controls
  • Physically secure hardware
  • Monitor for and fix malfunction
  • Environmental systems and protection
  • Backup of disk-based data

10
General Controls
  • Computer operations controls
  • Day-to-day operations of Information Systems
  • Procedures
  • System set-up
  • Job processing
  • Backup and recovery procedures

11
General Controls
  • Data security controls
  • Prevent unauthorised access, change or
    destruction
  • When data is in use or being stored
  • Physical access to terminals
  • Password protection
  • Data level access controls

12
General Controls
  • Administrative controls
  • Ensure organisational policies, procedures and
    standards and enforced
  • Segregation of functions to reduce errors and
    fraud
  • Supervision of personal to ensure policies and
    procedures are being adhered to

13
Application Controls
  • Input controls
  • Data is accurate and consistent on entry
  • Direct keying of data, double entry or automated
    input
  • Data conversion, editing and error handling
  • Field validation on entry
  • Input authorisation and auditing
  • Checks on totals to catch errors

14
Application Controls
  • Processing controls
  • Data is accurate and complete on processing
  • Checks on totals to catch errors
  • Compare to master records to catch errors
  • Field validation on update

15
Application Controls
  • Output controls
  • Data is accurate, complete and properly
    distributed on output
  • Checks on totals to catch errors
  • Review processing logs
  • Track recipients of data

16
Protecting Information Systems
  • What sorts of technology can we use to implement
    Information Systems controls?

17
Protecting Information Systems
  • Information Systems, especially TPS, require high
    degrees of availability
  • Technology is available to ensure systems are
    available and contain accurate information

18
High Availability Computing
  • Systems available for most of the time (some
    downtime allowed)
  • Recover quickly from crash / downtime
  • Redundant servers and clustering
  • Mirroring of data and networked storage
  • Load balancing
  • Scalable and robust infrastructure
  • Disaster recovery planning

19
Fault Tolerant Computing
  • Systems available all the time (no downtime
    allowed)
  • Specialist hardware
  • HP NonStop (Tandem), Stratos
  • Detect and correct faults in hardware and
    software to keep processing

20
Network Security
  • Permanent (open) network connectivity Internet,
    Extranet, wireless
  • Firewall proxy or stateful inspection
  • Firewalls must be managed and part of security
    policy
  • Encryption public key, SSL of S-HTTP
  • Authentication and integrity
  • Digital signatures and certificates

21
Developing Control
  • Lots of threats to Information Systems
  • Lots of controls required
  • Decision on which controls to use based upon
    likelihood of threat and cost
  • Risk assessment
  • Likely frequency of threat
  • Cost of damage
  • Cost of implementation

22
HOMEWORK
23
HOMEWORK
Write a Comment
User Comments (0)
About PowerShow.com