Managing Information Technology - PowerPoint PPT Presentation

1 / 14
About This Presentation
Title:

Managing Information Technology

Description:

On Feb. 6, 2000 - the biggest EC sites were hit by cyber crime. ... The attacker(s) used a method called denial of service (DOS) ... – PowerPoint PPT presentation

Number of Views:59
Avg rating:3.0/5.0
Slides: 15
Provided by: stevet1
Category:

less

Transcript and Presenter's Notes

Title: Managing Information Technology


1
Managing Information Technology
  • MBA820
  • Information Technology
  • for Decision Making

2
Case Cyber Crime
  • On Feb. 6, 2000 - the biggest EC sites were hit
    by cyber crime. (Yahoo!, eBay, Amazon.com,
    ETrade)
  • The attacker(s) used a method called denial of
    service (DOS).
  • By hammering a Web sites equipment with too many
    requests for information, an attacker can
    effectively clog a system.
  • The total damage worldwide was estimated at 5-10
    billion (U.S.).
  • The alleged attacker, from the Philippines, was
    not prosecuted because he did not break any law
    in the Philippines.

3
Lessons Learned from the Case
  • Protection of networked systems can be a complex
    issue.
  • Attackers can zero on a single company, or can
    attack many companies, without discrimination.
  • Attackers use different attack methods.
  • Although variations of the attack methods are
    known, the defence against them is difficult
    and/or expensive.

4
Vulnerability Abuse
  • Telecommunication Advances
  • Hackers
  • Viruses
  • Software Advances
  • Fourth Generation Languages
  • Multi-user databases
  • The Threat from Within

5
Concerns for System Builders
  • Disaster
  • Fault tolerant systems
  • Security
  • Facilities, consoles, logs, virus scans
  • Errors
  • Data entry, operations, hardware

6
System Controls
  • Implementation Controls
  • Software Controls
  • Security Reliability
  • Hardware Controls
  • Physical Security
  • Data Controls
  • Batch vs. on-line systems

7
Developing Control Structures
  • Importance of Standing Data
  • Efficiency, complexity, and expense of control
    structures
  • Statistical sampling for errors
  • Risk Assessment

8
Cost/Benefit Analysis
Cost
Cost of Security
Cost of Potential Damage
Optimal
Security
9
Auditing Information Systems
  • Auditing the Control Process
  • Review controls assess effectiveness
  • Data Quality Audits
  • Cross checks of files, data formats
  • Checking Standing Data

10
Organizing IT Resources
  • Fitting IT Within the Organization
  • Organization-wide perspective
  • Steering Committees
  • End-user Computing
  • Centralization vs. Decentralization

11
Steering Committees
  • The corporate steering committee is a group of
    managers and staff representing various
    organizational units. The committees major tasks
    are
  • ? Direction setting ? Staffing
  • ? Rationing ? Communication
  • ? Structuring ? Evaluating

12
End-User Computing
  • Let them sink or swim.
  • Dont do anythinglet the end-user beware.
  • Use the stick. Establish policies and procedures
    to control end-user computing so that corporate
    risks are minimized.
  • Use the carrot. Create incentives to encourage
    certain end-user practices that reduce
    organizational risks.
  • Offer support. Develop services to aid end-users
    in their computing activities.

13
Centralization
  • Centralize
  • Alleviates potential problems with system
    software differences
  • Control uniformity
  • Economies of Scale
  • Decentralize
  • IT staff aligned closer to end users
  • Responsiveness
  • Cost controls are enhanced when depts must budget
    for computing resources

14
Management Challenges
  • Controlling large, distributed databases
    (security)
  • Balancing control with efficiency and cost (risk
    analysis)
  • Centralization vs. Decentralization
  • End-user computing policies procedures
Write a Comment
User Comments (0)
About PowerShow.com