Tải bản đầy đủ

Enterprise manage information systems 6th by laudon ch15

Chapter 15

Essentials of Management Information Systems, 6e
Chapter 15 Information System Security and Control

Information System Security
and Control

15.1

© 2005 by Prentice Hall


Essentials of Management Information Systems, 6e
Chapter 15 Information System Security and Control

Objectives

1. Why are information systems so vulnerable to
destruction, error, abuse, and system quality
problems?

2. What types of controls are available for
information systems?
3. What special measures must be taken to ensure
the reliability, availability and security of
electronic commerce, and digital business
processes?
15.2

© 2005 by Prentice Hall


Essentials of Management Information Systems, 6e
Chapter 15 Information System Security and Control

Objectives

4. What are the most important software quality
assurance techniques?
5. Why are auditing information systems and
safeguarding data quality so important?

15.3

© 2005 by Prentice Hall


Essentials of Management Information Systems, 6e
Chapter 15 Information System Security and Control

Management Challenges

1. Achieving a sensible balance between too little
control and too much.
.
2. Applying quality assurance standards in large
systems projects.

15.4

© 2005 by Prentice Hall



Essentials of Management Information Systems, 6e
Chapter 15 Information System Security and Control

System Vulnerability and Abuse
Why Systems Are Vulnerable







15.5

Accessibility to electronic data
Increasingly complex software, hardware
Network access points
Wireless vulnerability
Internet

© 2005 by Prentice Hall


Essentials of Management Information Systems, 6e
Chapter 15 Information System Security and Control

System Vulnerability and Abuse
Threats to Computerized Information Systems






Hardware failure
Software failure
Personnel actions
Terminal access
penetration
• Theft of data, services,
equipment

15.6






Fire
Electrical problems
User errors
Unauthorized program
changes
• Telecommunication
problems

© 2005 by Prentice Hall


Essentials of Management Information Systems, 6e
Chapter 15 Information System Security and Control

System Vulnerability and Abuse
Telecommunications networks vulnerabilities

Figure 15-1
15.7

© 2005 by Prentice Hall


Essentials of Management Information Systems, 6e
Chapter 15 Information System Security and Control

System Vulnerability and Abuse
Window on Organizations

Credit Card Fraud: Still on the Rise
• To what extent are Internet credit card thefts
management and organizational problems, and to
what extent are they technical problems?
• Address the technology and management issues
for both the credit card issuers and the retail
companies.
• Suggest possible ways to address the problem.

15.8

© 2005 by Prentice Hall


Essentials of Management Information Systems, 6e
Chapter 15 Information System Security and Control

System Vulnerability and Abuse
Why Systems Are Vulnerable








15.9

Hacker
Trojan horse
Denial of service (DoS) attacks
Computer viruses
Worms
Antivirus software

© 2005 by Prentice Hall


Essentials of Management Information Systems, 6e
Chapter 15 Information System Security and Control

System Vulnerability and Abuse
Window on Technology

Smarter Worms and Viruses:
The Worst Is Yet to Come
• Why are worms so harmful?
• Describe their business and organizational impact.

15.10

© 2005 by Prentice Hall


Essentials of Management Information Systems, 6e
Chapter 15 Information System Security and Control

System Vulnerability and Abuse
Concerns for System Builders and Users

• Disaster
• Security
• Administrative error
• Cyberterrorism and Cyberwarfare

15.11

© 2005 by Prentice Hall


Essentials of Management Information Systems, 6e
Chapter 15 Information System Security and Control

System Vulnerability and Abuse
Points in the processing cycle where errors can occur

Figure 15-2
15.12

© 2005 by Prentice Hall


Essentials of Management Information Systems, 6e
Chapter 15 Information System Security and Control

System Vulnerability and Abuse
System Quality Problems: Software and Data

Bugs and Defects
Complete testing not possible
The Maintenance Nightmare
Maintenance costs high due to organizational
change, software complexity, and faulty system
analysis and design

15.13

© 2005 by Prentice Hall


Essentials of Management Information Systems, 6e
Chapter 15 Information System Security and Control

System Vulnerability and Abuse
The cost of errors over the systems development cycle

Figure 15-3
15.14

© 2005 by Prentice Hall


Essentials of Management Information Systems, 6e
Chapter 15 Information System Security and Control

System Vulnerability and Abuse
System Quality Problems: Software and Data

Data Quality Problems
Caused by errors during data input or faulty
information system and database design

15.15

© 2005 by Prentice Hall


Essentials of Management Information Systems, 6e
Chapter 15 Information System Security and Control

Creating a Control Environment

Controls
• Methods, policies, and procedures
• Protection of organization’s assets
• Accuracy and reliability of records
• Operational adherence to management standards

15.16

© 2005 by Prentice Hall


Essentials of Management Information Systems, 6e
Chapter 15 Information System Security and Control

Creating a Control Environment
General Controls and Application Controls

General Controls
• Govern design, security, use of computer
programs throughout organization
• Apply to all computerized applications
• Combination of hardware, software, manual
procedures to create overall control environment

15.17

© 2005 by Prentice Hall


Essentials of Management Information Systems, 6e
Chapter 15 Information System Security and Control

Creating a Control Environment
General Controls and Application Controls

General Controls







Software controls
Hardware controls
Computer operations controls
Data security controls
Implementation
Administrative controls

15.18

© 2005 by Prentice Hall


Essentials of Management Information Systems, 6e
Chapter 15 Information System Security and Control

Creating a Control Environment
Security profiles for a personnel system

Figure 15-4
15.19

© 2005 by Prentice Hall


Essentials of Management Information Systems, 6e
Chapter 15 Information System Security and Control

Creating a Control Environment
General Controls and Application Controls

Application Controls
• Automated and manual procedures that ensure
only authorized data are processed by application
• Unique to each computerized application
• Classified as (1) input controls, (2) processing
controls, and (3) output controls.

15.20

© 2005 by Prentice Hall


Essentials of Management Information Systems, 6e
Chapter 15 Information System Security and Control

Creating a Control Environment
General Controls and Application Controls

Application Controls
Control totals:
Edit checks:
Computer matching:
Run control totals:
Report distribution logs:

15.21

Input, processing
Input
Input, processing
Processing, output
Output

© 2005 by Prentice Hall


Essentials of Management Information Systems, 6e
Chapter 15 Information System Security and Control

Creating a Control Environment
Protecting the Digital Firm









High-availability computing
Fault-tolerant computer systems
Disaster recovery planning
Business continuity planning
Load balancing; mirroring; clustering
Recovery-oriented computing
Managed security service providers (MSSPs)

15.22

© 2005 by Prentice Hall


Essentials of Management Information Systems, 6e
Chapter 15 Information System Security and Control

Creating a Control Environment
Protecting the Digital Firm

Internet Security Challenges
• Public, accessible network
• Abuses have widespread effect
• Fixed Internet addresses
• Corporate systems extended outside organization

15.23

© 2005 by Prentice Hall


Essentials of Management Information Systems, 6e
Chapter 15 Information System Security and Control

Creating a Control Environment
Internet security challenges

Figure 15-5
15.24

© 2005 by Prentice Hall


Essentials of Management Information Systems, 6e
Chapter 15 Information System Security and Control

Creating a Control Environment
Protecting the Digital Firm

• Firewall screening technologies





Static packet filtering
Stateful inspection
Network address translation
Application proxy filtering

• Intrusion detection systems
• Scanning software
• Monitoring software

15.25

© 2005 by Prentice Hall


Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Tải bản đầy đủ ngay

×