Enterprise manage information systems 6th by laudon ch15

Bugs and DefectsComplete testing not possible The Maintenance Nightmare Maintenance costs high due to organizational change, software complexity, and faulty system analysis and design

Trang 1

Information System Security

and Control

Trang 2

1 Why are information systems so vulnerable to

destruction, error, abuse, and system quality

problems?

2 What types of controls are available for

information systems?

3 What special measures must be taken to ensure

the reliability, availability and security of

electronic commerce, and digital business

processes?

Trang 3

4 What are the most important software quality

assurance techniques?

5 Why are auditing information systems and

safeguarding data quality so important?

Trang 4

Management Challenges

1 Achieving a sensible balance between too little

control and too much.

.

2 Applying quality assurance standards in large

systems projects.

Trang 5

• Accessibility to electronic data

• Increasingly complex software, hardware

• Network access points

• Wireless vulnerability

• Internet

System Vulnerability and Abuse

Why Systems Are Vulnerable

Trang 6

• Telecommunication problems

Threats to Computerized Information Systems

Trang 7

Telecommunications networks vulnerabilities

Trang 8

Credit Card Fraud: Still on the Rise

• To what extent are Internet credit card thefts

management and organizational problems, and to

what extent are they technical problems?

• Address the technology and management issues

for both the credit card issuers and the retail

companies.

• Suggest possible ways to address the problem.

Window on Organizations

Trang 9

Why Systems Are Vulnerable

Trang 10

Smarter Worms and Viruses:

The Worst Is Yet to Come

• Why are worms so harmful?

• Describe their business and organizational impact.

Window on Technology

Trang 11

• Disaster

• Security

• Administrative error

• Cyberterrorism and Cyberwarfare

Concerns for System Builders and Users

Trang 12

Points in the processing cycle where errors can occur

Figure 15-2

Trang 13

Bugs and Defects

Complete testing not possible

The Maintenance Nightmare

Maintenance costs high due to organizational

change, software complexity, and faulty system

analysis and design

System Quality Problems: Software and Data

Trang 14

The cost of errors over the systems development cycle

Figure 15-3

Trang 15

Data Quality Problems

Caused by errors during data input or faulty

information system and database design

System Quality Problems: Software and Data

Trang 16

• Methods, policies, and procedures

• Protection of organization’s assets

• Accuracy and reliability of records

• Operational adherence to management standards

Creating a Control Environment

Trang 17

General Controls

• Govern design, security, use of computer

programs throughout organization

• Apply to all computerized applications

• Combination of hardware, software, manual

procedures to create overall control environment

General Controls and Application Controls

Trang 18

General Controls

• Software controls

• Hardware controls

• Computer operations controls

• Data security controls

• Implementation

• Administrative controls

Trang 19

Security profiles for a personnel system

Trang 20

Application Controls

• Automated and manual procedures that ensure

only authorized data are processed by application

• Unique to each computerized application

• Classified as (1) input controls, (2) processing

controls, and (3) output controls.

Trang 21

Application Controls

Computer matching: Input, processing

Run control totals: Processing, output

Trang 22

• High-availability computing

• Fault-tolerant computer systems

• Disaster recovery planning

• Business continuity planning

• Load balancing; mirroring; clustering

• Recovery-oriented computing

• Managed security service providers (MSSPs)

Protecting the Digital Firm

Trang 23

Internet Security Challenges

• Public, accessible network

• Abuses have widespread effect

• Fixed Internet addresses

Trang 24

Internet security challenges

Figure 15-5

Trang 25

• Firewall screening technologies

• Static packet filtering

• Stateful inspection

• Network address translation

• Application proxy filtering

• Intrusion detection systems

Trang 26

Security and Electronic Commerce

• Public key infrastructure (PKI)

Trang 27

Public key encryption

Trang 28

Digital certificates

Figure 15-7

Trang 29

Security for Wireless Internet Access

• Service set identifiers (SSID)

– Identify access points in network

– Form of password for user’s radio network interface

card

– Broadcast multiple time per second

Trang 30

Wi-Fi security challenges

Figure 15-8

Trang 31

• Wired Equivalent Privacy (WEP):

– Initial security standard

– Call for access point and all users to share the same

40-bit encrypted password

• Wi-Fi Protected Access (WPA) specification

– 128-bit, non-static encryption key

Trang 32

Criteria for Determining Control Structure

Developing a Control Structure: Costs and Benefits

Trang 33

MIS Audit

• Identifies all controls that govern individual

information systems and assesses their

effectiveness

• Lists and ranks all control weaknesses and

The Role of Auditing in the Control Process

Trang 34

Sample auditor’s list of control weaknesses

Figure 15-9

Trang 35

Development Methodology

• Collection of methods

• One or more method for every activity in every

phase of development project

Ensuring System Quality: Software and Data

Software Quality Assurance Methodologies and Tools

Trang 36

Trang 37

Structured Analysis

• Defines system inputs, processes, outputs

• Logical graphic model of information flow

• Data flow diagram

• Data dictionary

Trang 38

Data flow diagram for mail-in university registration system

Figure 15-10

Trang 39

Structured Design

• Set of design rules and techniques

• Promotes program clarity and simplicity

• Design from top-down; main functions and

subfunctions

• Structure chart

Trang 40

High-level structure chart for a payroll system

Figure 15-11

Trang 41

Structured Programming

• Organizes and codes programs to simplify control

paths for easy use and modification

• Independent modules with one entry and exit point

• Three basic control constructs:

– Simple sequence

Trang 42

Basic program control constructs

Figure 15-12

Trang 43

Limitations of Traditional Methods

• Can be inflexible and time-consuming

• Programming depends on completion of analysis

and design phases

• Specification changes require changes in analysis

and design documents first

Trang 44

Unified Modeling Language (UML)

• Industry standard for analysis and design of

object-oriented systems

• Represents different views using graphical

diagrams

• Underlying model integrates views for consistency

during analysis, design, and implementation

Trang 45

UML Components

• Things:

collaborations, use cases, active classes, components, nodes

Trang 46

UML Components

• Relationships

– Structural Dependencies, aggregations,

associations, generalizations – Behavioral Communicates, includes, extends,

generalizes

• Diagrams

– Structural Class, object, component, and deployment

diagrams – Behavioral Use case, sequence, collaboration, stateschart,

and activity diagrams Ensuring System Quality: Software and Data

Trang 47

A UML use-case diagram

Trang 48

A UML sequence diagram

Figure 15-14

Trang 49

Computer-Aided Software Engineering (CASE)

• Automation of step-by-step methodologies

• Reduce repetitive development work

• Support documentation creation and revisions

• Organize design components; design repository

• Support code generation

• Require organizational discipline

Trang 50

• Resource Allocation: Assigning costs, time,

personnel to different development phases

• Software Metrics: Quantified measurements of

systems performance

• Testing: Walkthroughs, debugging

Trang 51

• Data Quality Audit

– Survey end users for perceptions of data quality

– Survey entire data files

– Survey samples from data files

• Data Cleansing

– Correcting errors and inconsistencies in data between

business units

Data Quality Audits and Data Cleansing

Trang 52

1 Summarize the ISM security problem and its

impact on ISM and its clients.

2 Describe the control weaknesses of ISM and

those of its clients that made it possible for this

problem to occur What management,

organization, and technology factors contributed

to those weaknesses?

Chapter 15 Case Study

Could a Missing Hard Drive Create Canada’s Biggest Identity Theft?

Trang 53

3 Was the disappearance of the hard drive a

management problem, an organization problem,

or a technical problem? Explain your answer.

4 If you were responsible for designing security at

ISM and its client companies, what would you

have done differently? How would you have

Chapter 15 Case Study

Could a Missing Hard Drive Create Canada’s Biggest Identity Theft?

Định dạng
Số trang	53
Dung lượng	594,5 KB