CHAPTER 13' INFORMATION SYSTEMS - PowerPoint PPT Presentation

Loading...

PPT – CHAPTER 13' INFORMATION SYSTEMS PowerPoint presentation | free to view - id: 532eb-OTBmM



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

CHAPTER 13' INFORMATION SYSTEMS

Description:

... Software stores credit card, electronic cash, owner ID, address for ... ELECTRONIC CASH: Digital currency. ELECTRONIC CHECK: Encrypted digital signature ... – PowerPoint PPT presentation

Number of Views:116
Avg rating:3.0/5.0
Slides: 36
Provided by: EFis7
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: CHAPTER 13' INFORMATION SYSTEMS


1
CHAPTER 13. INFORMATION SYSTEMS CONTROL
2
LEARNING OBJECTIVES
  • DEMONSTRATE WHY INFO SYSTEMS ARE VULNERABLE TO
    DESTRUCTION, ERROR, ABUSE, QUALITY CONTROL
    PROBLEMS
  • COMPARE GENERAL AND APPLICATION CONTROLS
  • SELECT FACTORS FOR DEVELOPING CONTROLS

3
LEARNING OBJECTIVES
  • DESCRIBE TECHNOLOGIES FOR INTERNET SECURITY AND
    MAJOR SECURE ELECTRONIC PAYMENT SYSTEMS FOR
    E-COMMERCE

4
LEARNING OBJECTIVES
  • DESCRIBE IMPORTANT SOFTWARE QUALITY- ASSURANCE
    TECHNIQUES
  • DEMONSTRATE IMPORTANCE OF AUDITING INFO SYSTEMS
    SAFEGUARDING DATA QUALITY

5
MANAGEMENT CHALLENGES
  • SYSTEM VULNERABILITY ABUSE
  • CREATING A CONTROL ENVIRONMENT
  • ENSURING SYSTEM QUALITY

6
SYSTEM VULNERABILITY ABUSE
  • WHY SYSTEMS ARE VULNERABLE
  • HACKERS VIRUSES
  • CONCERNS FOR BUILDERS USERS
  • SYSTEM QUALITY PROBLEMS

7
THREATS TO INFORMATION SYSTEMS
  • HARDWARE FAILURE, FIRE
  • SOFTWARE FAILURE, ELECTRICAL PROBLEMS
  • PERSONNEL ACTIONS, USER ERRORS
  • ACCESS PENETRATION, PROGRAM CHANGES
  • THEFT OF DATA, SERVICES, EQUIPMENT
    TELECOMMUNICATIONS PROBLEMS

8
WHY SYSTEMS ARE VULNERABLE
  • SYSTEM COMPLEXITY
  • COMPUTERIZED PROCEDURES NOT ALWAYS READ OR
    AUDITED
  • EXTENSIVE EFFECT OF DISASTER
  • UNAUTHORIZED ACCESS POSSIBLE

9
VULNERABILITIES
  • RADIATION Allows recorders, bugs to tap system
  • CROSSTALK Can garble data
  • HARDWARE Improper connections, failure of
    protection circuits
  • SOFTWARE Failure of protection features, access
    control, bounds control
  • FILES Subject to theft, copying, unauthorized
    access

10
VULNERABILITIES
  • USER Identification, authentication, subtle
    software modification
  • PROGRAMMER Disables protective features reveals
    protective measures
  • MAINTENANCE STAFF Disables hardware devices
    uses stand-alone utilities
  • OPERATOR Doesnt notify supervisor, reveals
    protective measures

11
HACKERS COMPUTER VIRUSES
  • HACKER Person gains access to computer for
    profit, criminal mischief, personal pleasure
  • COMPUTER VIRUS Rouge program difficult to
    detect spreads rapidly destroys data disrupts
    processing memory

12
COMMON COMPUTER VIRUSES
  • CONCEPT, MELISSA, I-LOVE-YOU
  • Word documents, e-mail. Deletes files
  • FORM Makes clicking sound, corrupts data
  • EXPLORE.EXE Attached to e-mail, tries to e-mail
    to others, destroys files
  • MONKEY Windows wont run
  • CHERNOBYL Erases hard drive, ROM BIOS
  • JUNKIE Infects files, boot sector, memory
    conflicts

13
ANTIVIRUS SOFTWARE
  • SOFTWARE TO DETECT
  • ELIMINATE VIRUSES
  • ADVANCED VERSIONS RUN IN MEMORY TO PROTECT
    PROCESSING, GUARD AGAINST VIRUSES ON DISKS, AND
    ON INCOMING NETWORK FILES

14
CONCERNS FOR BUILDERS USERS
  • DISASTER
  • BREACH OF SECURITY
  • ERRORS

15
DISASTER
  • LOSS OF HARDWARE, SOFTWARE, DATA BY FIRE, POWER
    FAILURE, FLOOD OR OTHER CALAMITY
  • FAULT-TOLERANT COMPUTER SYSTEMS Backup
    systems to prevent system failure (particularly
    On-line Transaction Processing)

16
SECURITY
  • POLICIES, PROCEDURES, TECHNICAL MEASURES TO
    PREVENT UNAUTHORIZED ACCESS, ALTERATION, THEFT,
    PHYSICAL DAMAGE TO INFORMATION SYSTEMS

17
WHERE ERRORS OCCUR
  • DATA PREPARATION
  • TRANSMISSION
  • CONVERSION
  • FORM COMPLETION
  • ON-LINE DATA ENTRY
  • KEYPUNCHING SCANNING OTHER INPUTS

18
WHERE ERRORS OCCUR
  • VALIDATION
  • PROCESSING / FILE MAINTENANCE
  • OUTPUT
  • TRANSMISSION
  • DISTRIBUTION

19
SYSTEM QUALITY PROBLEMS
  • SOFTWARE DATA
  • BUGS Program code defects or errors
  • MAINTENANCE Modifying a system in production
    use can take up to 50 of analysts time
  • DATA QUALITY PROBLEMS Finding, correcting
    errors costly tedious

20
COST OF ERRORS DURING SYSTEMS DEVELOPMENT CYCLE
21
CREATING A CONTROL ENVIRONMENT
  • CONTROLS Methods, policies, procedures to
    protect assets accuracy reliability of
    records adherence to management standards
  • GENERAL CONTROLS
  • APPLICATION CONTROLS

22
GENERAL CONTROLS
  • IMPLEMENTATION Audit system development to
    assure proper control, management
  • SOFTWARE Ensure security, reliability of
    software
  • PHYSICAL HARDWARE Ensure physical security,
    performance of computer hardware

23
GENERAL CONTROLS
  • COMPUTER OPERATIONS Ensure procedures
    consistently, correctly applied to data storage,
    processing
  • DATA SECURITY Ensure data disks, tapes protected
    from wrongful access, change, destruction
  • ADMINISTRATIVE Ensure controls properly
    executed, enforced
  • SEGREGATION OF FUNCTIONS Divide
    responsibility from tasks

24
APPLICATION CONTROLS
  • INPUT
  • PROCESSING
  • OUTPUT

25
INPUT CONTROLS
  • INPUT AUTHORIZATION Record, monitor source
    documents
  • DATA CONVERSION Transcribe data properly from
    one form to another
  • BATCH CONTROL TOTALS Count transactions prior to
    and after processing
  • EDIT CHECKS Verify input data, correct errors

26
PROCESSING CONTROLS
  • ESTABLISH THAT DATA IS COMPLETE, ACCURATE
    DURING PROCESSING
  • RUN CONTROL TOTALS Generate control totals
    before after processing
  • COMPUTER MATCHING Match input data to master
    files

27
OUTPUT CONTROLS
  • ESTABLISH THAT RESULTS ARE ACCURATE, COMPLETE,
    PROPERLY DISTRIBUTED
  • BALANCE INPUT, PROCESSING, OUTPUT TOTALS
  • REVIEW PROCESSING LOGS
  • ENSURE ONLY AUTHORIZED RECIPIENTS GET RESULTS

28
SECURITY AND THE INTERNET
  • ENCRYPTION Coding scrambling messages to deny
    unauthorized access
  • AUTHENTICATION Ability to identify another party
  • MESSAGE INTEGRITY
  • DIGITAL SIGNATURE
  • DIGITAL CERTIFICATE

29
SECURITY AND THE INTERNET
PUBLIC KEY ENCRYPTION
30
SECURITY AND THE INTERNET
  • DIGITAL WALLET Software stores credit card,
    electronic cash, owner ID, address for e-commerce
    transactions
  • SECURE ELECTRONIC TRANSACTION Standard for
    securing credit card transactions on Internet

31
SECURITY AND THE INTERNET
ELECTRONIC PAYMENT SYSTEMS
  • CREDIT CARD-SET Protocol for payment security
  • ELECTRONIC CASH Digital currency
  • ELECTRONIC CHECK Encrypted digital signature
  • SMART CARD Chip stores e-cash
  • ELECTRONIC BILL PAYMENT Electronic funds
    transfer

32
DEVELOPING A CONTROL STRUCTURE
  • COSTS Can be expensive to build complicated to
    use
  • BENEFITS Reduces expensive errors, loss of time,
    resources, good will
  • RISK ASSESSMENT Determine frequency of
    occurrence of problem, cost, damage if it were to
    occur

33
MIS AUDIT
  • IDENTIFIES CONTROLS OF INFORMATION SYSTEMS,
    ASSESSES THEIR EFFECTIVENESS
  • TESTING Early, regular controlled efforts to
    detect, reduce errors
  • WALKTHROUGH
  • DEBUGGING
  • DATA QUALITY AUDIT Survey samples of files for
    accuracy, completeness

34
Connect to the INTERNET
Laudon/Laudon Web site http//www.prenhall.co
m/laudon Additional Internet Resources related
to this chapter gopher//gopher.vortex.com/priva
cy
35
CHAPTER 13. INFORMATION SYSTEMS CONTROL
About PowerShow.com