Professional Documents
Culture Documents
Chapter 15 Information System Security and Control
Chapter 15 Information System Security and Control
15.1
Objectives
15.2
Objectives
15.3
Management Challenges
15.4
15.5
Hardware failure
Software failure
Personnel actions
Terminal access
penetration
Theft of data, services,
equipment
15.6
Fire
Electrical problems
User errors
Unauthorized program
changes
Telecommunication
problems
Figure 15-1
15.7
15.8
15.9
Hacker
Trojan horse
Denial of service (DoS) attacks
Computer viruses
Worms
Antivirus software
2005 by Prentice Hall
15.10
Disaster
Security
Administrative error
Cyberterrorism and Cyberwarfare
15.11
Figure 15-2
15.12
15.13
Figure 15-3
15.14
15.15
Controls
Methods, policies, and procedures
Protection of organizations assets
Accuracy and reliability of records
Operational adherence to management standards
15.16
General Controls
Govern design, security, use of computer
programs throughout organization
Apply to all computerized applications
Combination of hardware, software, manual
procedures to create overall control environment
15.17
General Controls
Software controls
Hardware controls
Computer operations controls
Data security controls
Implementation
Administrative controls
15.18
Figure 15-4
15.19
Application Controls
Automated and manual procedures that ensure
only authorized data are processed by application
Unique to each computerized application
Classified as (1) input controls, (2) processing
controls, and (3) output controls.
15.20
Application Controls
Control totals:
Edit checks:
Computer matching:
Run control totals:
Report distribution logs:
15.21
Input, processing
Input
Input, processing
Processing, output
Output
High-availability computing
Fault-tolerant computer systems
Disaster recovery planning
Business continuity planning
Load balancing; mirroring; clustering
Recovery-oriented computing
Managed security service providers (MSSPs)
15.22
15.23
Figure 15-5
15.24
15.25
Encryption
Authentication
Message integrity
Digital signatures
Digital certificates
Public key infrastructure (PKI)
15.26
Figure 15-6
15.27
Figure 15-7
15.28
15.29
Figure 15-8
15.30
15.31
15.32
MIS Audit
Identifies all controls that govern individual
information systems and assesses their
effectiveness
Lists and ranks all control weaknesses and
estimates the probability of their occurrence
15.33
Figure 15-9
15.34
Development Methodology
Collection of methods
One or more method for every activity in every
phase of development project
15.35
Structured Methodologies
15.36
Structured Analysis
15.37
Figure 15-10
15.38
Structured Design
Set of design rules and techniques
Promotes program clarity and simplicity
Design from top-down; main functions and
subfunctions
Structure chart
15.39
Figure 15-11
15.40
Structured Programming
Organizes and codes programs to simplify control
paths for easy use and modification
Independent modules with one entry and exit point
Three basic control constructs:
Simple sequence
Selection
Iteration
15.41
Figure 15-12
15.42
15.43
15.44
UML Components
Things:
Structural things
Behavioral things
Grouping things
Annotational things
15.45
Classes, interfaces,
collaborations, use cases, active
classes, components, nodes
Interactions, state machines
Packages
Notes
UML Components
Relationships
Structural
Behavioral
Dependencies, aggregations,
associations, generalizations
Communicates, includes, extends,
generalizes
Diagrams
Structural
Behavioral
15.46
Figure 15-13
15.47
Figure 15-14
15.48
15.49
15.50
Data Cleansing
Correcting errors and inconsistencies in data between
business units
15.51
15.52
15.53