Laudon - PowerPoint PPT Presentation

1 / 51
About This Presentation
Title:

Laudon

Description:

... Software stores credit card, electronic cash, owner ID, address for ... ELECTRONIC CASH: Digital currency. ELECTRONIC CHECK: Encrypted digital signature ... – PowerPoint PPT presentation

Number of Views:82
Avg rating:3.0/5.0
Slides: 52
Provided by: EFis71
Category:

less

Transcript and Presenter's Notes

Title: Laudon


1
14
INFORMATION SYSTEMS SECURITY CONTROL
2
LEARNING OBJECTIVES
  • DEMONSTRATE WHY INFO SYSTEMS ARE VULNERABLE TO
    DESTRUCTION, ERROR, ABUSE, QUALITY CONTROL
    PROBLEMS
  • COMPARE GENERAL AND APPLICATION CONTROLS

3
LEARNING OBJECTIVES
  • DESCRIBE MEASURES TO ENSURE RELIABILITY,
    AVAILABILITY, SECURITY OF E-COMMERCE, DIGITAL
    BUSINESS PROCESSES

4
LEARNING OBJECTIVES
  • DESCRIBE IMPORTANT SOFTWARE QUALITY- ASSURANCE
    TECHNIQUES
  • DEMONSTRATE IMPORTANCE OF AUDITING INFO SYSTEMS
    SAFEGUARDING DATA QUALITY

5
MANAGEMENT CHALLENGES
  • SYSTEM VULNERABILITY ABUSE
  • CREATING A CONTROL ENVIRONMENT
  • ENSURING SYSTEM QUALITY

6
SYSTEM VULNERABILITY ABUSE
  • WHY SYSTEMS ARE VULNERABLE
  • HACKERS VIRUSES
  • CONCERNS FOR BUILDERS USERS
  • SYSTEM QUALITY PROBLEMS

7
THREATS TO INFORMATION SYSTEMS
  • HARDWARE FAILURE, FIRE
  • SOFTWARE FAILURE, ELECTRICAL PROBLEMS
  • PERSONNEL ACTIONS, USER ERRORS
  • ACCESS PENETRATION, PROGRAM CHANGES
  • THEFT OF DATA, SERVICES, EQUIPMENT
    TELECOMMUNICATIONS PROBLEMS

8
WHY SYSTEMS ARE VULNERABLE
  • SYSTEM COMPLEXITY
  • COMPUTERIZED PROCEDURES NOT ALWAYS READ OR
    AUDITED
  • EXTENSIVE EFFECT OF DISASTER
  • UNAUTHORIZED ACCESS POSSIBLE

9
VULNERABILITIES
  • RADIATION Allows recorders, bugs to tap system
  • CROSSTALK Can garble data
  • HARDWARE Improper connections, failure of
    protection circuits
  • SOFTWARE Failure of protection features, access
    control, bounds control
  • FILES Subject to theft, copying, unauthorized
    access

10
VULNERABILITIES
  • USER Identification, authentication, subtle
    software modification
  • PROGRAMMER Disables protective features reveals
    protective measures
  • MAINTENANCE STAFF Disables hardware devices
    uses stand-alone utilities
  • OPERATOR Doesnt notify supervisor, reveals
    protective measures

11
HACKERS COMPUTER VIRUSES
  • HACKER Person gains access to computer for
    profit, criminal mischief, personal pleasure
  • COMPUTER VIRUS Rogue program difficult to
    detect spreads rapidly destroys data disrupts
    processing memory

12
COMMON COMPUTER VIRUSES
  • CONCEPT, MELISSA Word documents, e-mail.
    Deletes files
  • FORM Makes clicking sound, corrupts data
  • EXPLORE.EXE Attached to e-mail, tries to e-mail
    to others, destroys files
  • MONKEY Windows wont run
  • CHERNOBYL Erases hard drive, ROM BIOS
  • JUNKIE Infects files, boot sector, memory
    conflicts

13
ANTIVIRUS SOFTWARE
  • SOFTWARE TO DETECT
  • ELIMINATE VIRUSES
  • ADVANCED VERSIONS RUN IN MEMORY TO PROTECT
    PROCESSING, GUARD AGAINST VIRUSES ON DISKS, AND
    ON INCOMING NETWORK FILES

14
CONCERNS FOR BUILDERS USERS
  • DISASTER
  • BREACH OF SECURITY
  • ERRORS

15
DISASTER
  • LOSS OF HARDWARE, SOFTWARE, DATA BY FIRE,
    POWER FAILURE, FLOOD OR OTHER CALAMITY
  • FAULT-TOLERANT COMPUTER SYSTEMS Backup systems
    to prevent system failure (particularly On-line
    Transaction Processing)

16
SECURITY
  • POLICIES, PROCEDURES, TECHNICAL MEASURES TO
    PREVENT UNAUTHORIZED ACCESS, ALTERATION, THEFT,
    PHYSICAL DAMAGE TO INFORMATION SYSTEMS

17
WHERE ERRORS OCCUR
  • DATA PREPARATION
  • TRANSMISSION
  • CONVERSION
  • FORM COMPLETION
  • ON-LINE DATA ENTRY
  • KEYPUNCHING SCANNING OTHER INPUTS

18
WHERE ERRORS OCCUR
  • VALIDATION
  • PROCESSING / FILE MAINTENANCE
  • OUTPUT
  • TRANSMISSION
  • DISTRIBUTION

19
SYSTEM QUALITY PROBLEMS
  • SOFTWARE DATA
  • BUGS Program code defects or errors
  • MAINTENANCE Modifying a system in production
    use can take up to 50 of analysts time
  • DATA QUALITY PROBLEMS Finding, correcting
    errors costly tedious

20
COST OF ERRORS DURING SYSTEMS DEVELOPMENT CYCLE
21
CREATING A CONTROL ENVIRONMENT
  • CONTROLS Methods, policies, procedures to
    protect assets accuracy reliability of
    records adherence to management standards
  • GENERAL CONTROLS
  • APPLICATION CONTROLS

22
GENERAL CONTROLS
  • IMPLEMENTATION Audit system development to
    assure proper control, management
  • SOFTWARE Ensure security, reliability of
    software
  • PHYSICAL HARDWARE Ensure physical security,
    performance of computer hardware

23
GENERAL CONTROLS
  • COMPUTER OPERATIONS Ensure procedures
    consistently, correctly applied to data storage,
    processing
  • DATA SECURITY Ensure data disks, tapes protected
    from wrongful access, change, destruction
  • ADMINISTRATIVE Ensure controls properly
    executed, enforced
  • SEGREGATION OF FUNCTIONS Divide
    responsibility from tasks

24
APPLICATION CONTROLS
  • INPUT
  • PROCESSING
  • OUTPUT

25
INPUT CONTROLS
  • INPUT AUTHORIZATION Record, monitor source
    documents
  • DATA CONVERSION Transcribe data properly from
    one form to another
  • BATCH CONTROL TOTALS Count transactions prior to
    and after processing
  • EDIT CHECKS Verify input data, correct errors

26
PROCESSING CONTROLS
  • ESTABLISH THAT DATA IS COMPLETE, ACCURATE
    DURING PROCESSING
  • RUN CONTROL TOTALS Generate control totals
    before after processing
  • COMPUTER MATCHING Match input data to master
    files

27
OUTPUT CONTROLS
  • ESTABLISH THAT RESULTS ARE ACCURATE, COMPLETE,
    PROPERLY DISTRIBUTED
  • BALANCE INPUT, PROCESSING, OUTPUT TOTALS
  • REVIEW PROCESSING LOGS
  • ENSURE ONLY AUTHORIZED RECIPIENTS GET RESULTS

28
SECURITY AND THE INTERNET
  • ENCRYPTION Coding scrambling messages to deny
    unauthorized access
  • AUTHENTICATION Ability to identify another party
  • MESSAGE INTEGRITY
  • DIGITAL SIGNATURE
  • DIGITAL CERTIFICATE

29
SECURITY AND THE INTERNET
PUBLIC KEY ENCRYPTION
30
SECURITY AND THE INTERNET
  • DIGITAL WALLET Software stores credit card,
    electronic cash, owner ID, address for e-commerce
    transactions
  • SECURE ELECTRONIC TRANSACTION Standard for
    securing credit card transactions on Internet

31
SECURITY AND THE INTERNET
ELECTRONIC PAYMENT SYSTEMS
  • CREDIT CARD-SET Protocol for payment security
  • ELECTRONIC CASH Digital currency
  • ELECTRONIC CHECK Encrypted digital signature
  • SMART CARD Chip stores e-cash
  • ELECTRONIC BILL PAYMENT Electronic funds
    transfer

32
DEVELOPING A CONTROL STRUCTURE
  • COSTS Can be expensive to build complicated to
    use
  • BENEFITS Reduces expensive errors, loss of time,
    resources, good will
  • RISK ASSESSMENT Determine frequency of
    occurrence of problem, cost, damage if it were to
    occur

33
SYSTEM BUILDING APPROACHES
  • STRUCTURED METHODOLOGIES
  • COMPUTER AIDED SOFTWARE ENGINEERING (CASE)
  • SOFTWARE REENGINEERING

34
STRUCTURED METHODOLOGIES
  • TOP DOWN, STEP BY STEP, EACH STEP BUILDS ON
    PREVIOUS
  • STRUCTURED ANALYSIS
  • STRUCTURED DESIGN
  • STRUCTURED PROGRAMMING
  • FLOWCHARTS

35
STRUCTURED ANALYSIS
  • DEFINES SYSTEM INPUTS, PROCESSES, OUTPUTS
  • PARTITIONS SYSTEM INTO SUBSYSTEMS OR MODULES
  • LOGICAL, GRAPHICAL MODEL OF INFORMATION FLOW
  • DATA FLOW DIAGRAM Graphical display of component
    processes, flow of data

36
SYMBOLS FOR DATA FLOW DIAGRAMS (DFD)
DATA FLOW
PROCESS
SOURCE OR SINK
FILE
37
DATA FLOW DIAGRAM
38
STRUCTURED ANALYSIS
  • DATA DICTIONARY Controlled definitions of
    descriptions of all data, such as variable names
    types of data
  • PROCESS SPECIFICATIONS Describes logic of
    processes at module level

39
STRUCTURED DESIGN
  • DESIGN RULES / TECHNIQUES TO DESIGN SYSTEM,
    TOP DOWN IN HIERARCHICAL FASHION
  • STRUCTURE CHART
  • STRUCTURED PROGRAMMING
  • MODULE
  • SEQUENCE CONSTRUCT
  • SELECTION CONSTRUCT

40
HIGH LEVEL STRUCTURE CHART
HIGH LEVEL STRUCTURE CHART
41
STRUCTURED PROGRAMMING
  • DISCIPLINE TO ORGANIZE, CODE PROGRAMS
  • SIMPLIFIES CONTROL PATHS
  • EASY TO UNDERSTAND, MODIFY
  • MODULE HAS ONE INPUT, ONE OUTPUT

42
STRUCTURED PROGRAMMING
  • MODULE Logical unit of program. performs
    specific task(s)
  • SEQUENCE CONSTRUCT Sequential steps or actions
    in program logic streamlines flow
  • SELECTION CONSTRUCT IF condition R is True THEN
    action C ELSE action D
  • ITERATION CONSTRUCT WHILE Condition is True DO
    action E

43
PROGRAM FLOWCHART SYMBOLS
44
PROGRAM FLOWCHART
1
START
2
READ
PRINT
gt10,000
REPORT
PROCESS A
lt10,000
2
MORE?
PROCESS B
1
END
45
PROGRAM FLOWCHART
46
SYSTEM FLOWCHART SYMBOLS
47
SYSTEM FLOWCHART
48
COMPUTER AIDED SOFTWARE ENGINEERING (CASE)
  • AUTOMATION OF SOFTWARE METHODOLOGIES
  • PRODUCES CHARTS DIAGRAMS SCREEN REPORT
    GENERATORS DATA DICTIONARIES PROGRESS REPORTS
    ANALYSIS CHECKING TOOLS CODE DOCUMENTATION

CASE
49
COMPUTER AIDED SOFTWARE ENGINEERING (CASE)
  • INCREASES PRODUCTIVITY QUALITY
  • ENFORCES DEVELOPMENT DISCIPLINE
  • IMPROVES COMMUNICATION
  • DESIGN REPOSITORY FOR OBJECTS
  • AUTOMATES TEDIOUS TASKS
  • AUTOMATES TESTING CONTROL
  • REQUIRES ORGANIZATIONAL DISCIPLINE

CASE
50
MIS AUDIT
  • IDENTIFIES CONTROLS OF INFORMATION SYSTEMS,
    ASSESSES THEIR EFFECTIVENESS
  • SOFTWARE METRICS Objective measurements to
    assess system
  • TESTING Early, regular controlled efforts to
    detect, reduce errors
  • WALKTHROUGH
  • DEBUGGING
  • DATA QUALITY AUDIT Survey samples of files for
    accuracy, completeness

51
14
INFORMATION SYSTEMS SECURITY CONTROL
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Laudon" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!