1 / 21

14. INFORMATION SYSTEMS SECURITY & CONTROL

14. INFORMATION SYSTEMS SECURITY & CONTROL. Learning Objectives. Demonstrate why info systems are vulnerable to destruction, error, abuse, quality control problems Compare general and application controls Select factors for developing controls *. Learning Objectives.

paul
Télécharger la présentation

14. INFORMATION SYSTEMS SECURITY & CONTROL

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 14. INFORMATION SYSTEMS SECURITY & CONTROL

  2. Learning Objectives • Demonstrate why info systems are vulnerable to destruction, error, abuse, quality control problems • Compare general and application controls • Select factors for developing controls *

  3. Learning Objectives • Describe important software quality-assurance techniques • Demonstrate importance of auditing info systems & safeguarding data quality *

  4. System Vulnerability & Abuse • Why systems are vulnerable • Hackers & viruses • Concerns for builders & users • System quality problems *

  5. Threats to Information Systems • Hardware failure, fire • Software failure, electrical problems • Personnel actions, user errors • Access penetration, program changes • Theft of data, services, equipment • Telecommunications problems *

  6. System Vulnerability • System complexity • Computerized procedures not always read or audited • Extensive effect of disaster • Unauthorized access possible *

  7. Vulnerabilities • RADIATION:Allows recorders, bugs to tap system • CROSSTALK:Can garble data • HARDWARE:Improper connections, failure of protection circuits • SOFTWARE:Failure of protection features,access control, bounds control • FILES:Subject to theft, copying,unauthorized access *

  8. VULNERABILITIES • USER: Identification, authentication, subtle software modification • PROGRAMMER: Disables protective features; reveals protective measures • MAINTENANCE STAFF: Disables hardware devices; uses stand-alone utilities • OPERATOR: Doesn’t Notify supervisor, reveals protective measures *

  9. HACKERS & COMPUTER VIRUSES • HACKER:Person gains access to computer for profit, criminal mischief, personal pleasure • COMPUTER VIRUS:Rouge program; difficult to detect; spreads rapidly; destroys data; disrupts processing & memory *

  10. Antivirus Software • Software to detect • Eliminate viruses • Advanced versions run in memory to protect processing, guard against viruses on disks, and on incoming network files *

  11. Concerns For Builders & Users • Disaster • Breach of security • Errors *

  12. Disaster • Loss of hardware, software, data by fire, power failure, flood or other calamity • Fault-tolerant computer systems: backup systems to prevent system failure (particularly on-line transaction processing) *

  13. Security Policies, procedures, technical measures to prevent unauthorized access, alteration, theft, physical damage to information systems *

  14. System Quality Problems Software & data • Bugs:program code defects or errors • Maintenance:modifying a system in production use; Can take up to 85% of analysts’ time • Data quality problems:finding, correcting errors; costly; tedious (do it right the first time!) *

  15. Cost Of Errors During Systems Development Cycle 6.00 5.00 4.00 3.00 COSTS 2.00 1.00 Analysis & design Programming Conversion POST- Implementation

  16. Creating A Control Environment Controls:methods, policies, procedures to protect assets; Accuracy & reliability of records; Adherence to management standards • General • Application *

  17. General Controls • Implementation: audit system development to assure proper control, management • Software:ensure security, reliability of software • Program security:prevent unauthorized changes to programs • Hardware:ensure physical security, performance of computer hardware *

  18. General controls • Computer operations:ensure procedures consistently, correctly applied to data storage, processing • Data security:ensure data disks, tapes protected from wrongful access, change, destruction • Administrative:ensure controls properly executed, enforced • Segregation of functions:divide tasks to minimize risks *

  19. Application Controls • Input • Processing • Output *

  20. Input Controls • Input authorization:record, monitor source documents • Data conversion:transcribe data properly from one form to another • Batch control totals:count transactions prior to and after processing • Edit checks:verify input data, correct errors *

  21. Developing A Control Structure • Costs:Can be expensive to build; complicated to use • Benefits:Reduces expensive errors, loss of time, resources, good will • Risk assessment:Determine frequency of occurrence of problem, cost, damage if it were to occur *

More Related