17' MANAGING CONTEMPORARY INFORMATION SYSTEMS - PowerPoint PPT Presentation

1 / 21
About This Presentation
Title:

17' MANAGING CONTEMPORARY INFORMATION SYSTEMS

Description:

COMPUTER VIRUS: Difficult to Detect; Spreads Rapidly; Destroys Data; Disrupts ... LIST, RANK WEAKNESSES. ESTIMATE PROBABILITIES, IMPACT. REPORT TO MANAGEMENT. 17.27 ... – PowerPoint PPT presentation

Number of Views:18
Avg rating:3.0/5.0
Slides: 22
Provided by: EFis79
Category:

less

Transcript and Presenter's Notes

Title: 17' MANAGING CONTEMPORARY INFORMATION SYSTEMS


1
  • 17. MANAGING CONTEMPORARY INFORMATION SYSTEMS

17.1
2
SYSTEM VULNERABILITY ABUSE
  • WHY SYSTEMS ARE VULNERABLE
  • HACKERS VIRUSES
  • CONCERNS FOR BUILDERS USERS
  • SYSTEM QUALITY PROBLEMS

17.3
3
THREATS TO INFORMATION SYSTEMS
  • HARDWARE FAILURE, FIRE
  • SOFTWARE FAILURE, ELECTRICAL PROBLEMS
  • PERSONNEL ACTIONS, USER ERRORS
  • ACCESS PENETRATION, PROGRAM CHANGES
  • THEFT OF DATA, SERVICES, EQUIPMENT
  • TELECOMMUNICATIONS PROBLEMS

17.4
4
WHY SYSTEMS ARE VULNERABLE
  • SYSTEM COMPLEXITY
  • COMPUTERIZED PROCEDURES NOT ALWAYS READ OR
    AUDITED
  • EXTENSIVE EFFECT OF DISASTER
  • UNAUTHORIZED ACCESS POSSIBLE

17.5
5
VULNERABILITIES
  • RADIATION Allows Recorders, Bugs to Tap System
  • CROSSTALK Can Garble Data
  • HARDWARE Improper Connections, Failure of
    Protection Circuits
  • SOFTWARE Failure of Protection Features, Access
    Control, Bounds Control
  • FILES Subject to Theft, Copying, Unauthorized
    Access

17.6
6
VULNERABILITIES
  • USER Identification, Authentication, Subtle
    Software Modification
  • PROGRAMMER Disables Protective Features Reveals
    Protective Measures
  • MAINTENANCE STAFF Disables Hardware Devices
    Uses Stand-alone Utilities
  • OPERATOR Doesnt Notify Supervisor, Reveals
    Protective Measures

17.7
7
HACKERS COMPUTER VIRUSES
  • HACKER Person Gains Access to Computer for
    Profit, Criminal Mischief, Personal Pleasure
  • COMPUTER VIRUS Difficult to Detect Spreads
    Rapidly Destroys Data Disrupts Processing
    Memory

17.8
8
CONCERNS FOR BUILDERS USERS
  • DISASTER
  • BREACH OF SECURITY
  • ERRORS

17.11
9
DISASTER
  • LOSS OF HARDWARE, SOFTWARE, DATA BY FIRE, POWER
    FAILURE, FLOOD OR OTHER CALAMITY
  • FAULT-TOLERANT COMPUTER SYSTEMS BACKUP
    SYSTEMS TO PREVENT SYSTEM FAILURE (Particularly
    On-line Transaction Processing)

17.12
10
SECURITY
  • POLICIES, PROCEDURES, TECHNICAL MEASURES TO
    PREVENT UNAUTHORIZED ACCESS, ALTERATION, THEFT,
    PHYSICAL DAMAGE TO INFORMATION SYSTEMS

17.13
11
WHERE ERRORS OCCUR
  • DATA PREPARATION
  • TRANSMISSION
  • CONVERSION
  • FORM COMPLETION
  • ON-LINE DATA ENTRY
  • KEYPUNCHING SCANNING OTHER INPUTS

17.14
12
WHERE ERRORS OCCUR
  • VALIDATION
  • PROCESSING / FILE MAINTENANCE
  • OUTPUT
  • TRANSMISSION
  • DISTRIBUTION

17.15
13
CREATING A CONTROL ENVIRONMENT
  • CONTROLS Methods, Policies, Procedures to
    Protect Assets Accuracy Reliability of
    Records Adherence to Management Standards
  • GENERAL CONTROLS
  • APPLICATION CONTROLS

17.18
14
GENERAL CONTROLS
  • IMPLEMENTATION Audit System Development to
    Assure Proper Control, Management
  • SOFTWARE Ensure Security, Reliability of
    Software
  • PROGRAM SECURITY Prevent Unauthorized Changes to
    Programs
  • HARDWARE Ensure Physical Security, Performance
    of Computer Hardware

17.19
15
GENERAL CONTROLS
  • COMPUTER OPERATIONS Ensure Procedures
    Consistently, Correctly Applied to Data Storage,
    Processing
  • DATA SECURITY Ensure Data Disks, Tapes Protected
    from Wrongful Access, Change, Destruction
  • ADMINISTRATIVE Ensure Controls Properly
    Executed, Enforced
  • SEGREGATION OF FUNCTIONS Divide Tasks to
    Minimize Risks
  • POLICIESPROCEDURES accountability,
    responsibility
  • SUPERVISION

17.20
16
APPLICATION CONTROLS
  • INPUT
  • PROCESSING
  • OUTPUT

17.21
17
PROCESSING CONTROLS
  • ESTABLISH THAT DATA IS COMPLETE, ACCURATE
    DURING PROCESSING
  • RUN CONTROL TOTALS Generate Control Totals
    Before After Processing
  • COMPUTER MATCHING Match Input Data to Master
    Files
  • EDIT CHECKS

17.23
18
OUTPUT CONTROLS
  • ESTABLISH THAT RESULTS ARE ACCURATE, COMPLETE,
    PROPERLY DISTRIBUTED
  • BALANCE INPUT, PROCESSING, OUTPUT TOTALS
  • REVIEW PROCESSING LOGS
  • ENSURE ONLY AUTHORIZED RECIPIENTS GET RESULTS

17.24
19
SECURITY ELECTRONIC COMMERCE
  • ENCRYPTION Coding Decoding
  • AUTHENTICATION Check Passwords, Change
    Frequently
  • MESSAGE INTEGRITY Minor Changes Could Indicate
    Tampering

17.25
20
DEVELOPING A CONTROL STRUCTURE
  • COSTS Can be Expensive to Build Complicated to
    Use
  • BENEFITS Reduces Expensive Errors, Loss of Time,
    Resources, Good Will
  • RISK ASSESSMENT Determine Frequency of
    Occurrence of Problem, Cost, Damage if it Were to
    Occur

17.26
21
MIS AUDIT
  • IDENTIFIES CONTROLS OF INFORMATION SYSTEMS,
    ASSESSES THEIR EFFECTIVENESS
  • TRACE FLOW OF SAMPLE TRANSACTIONS NOTE HOW
    CONTROLS WORK
  • LIST, RANK WEAKNESSES
  • ESTIMATE PROBABILITIES, IMPACT
  • REPORT TO MANAGEMENT

17.27
Write a Comment
User Comments (0)
About PowerShow.com