Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control INFORMATION SYSTEMS SECURITY, QUALITY, AND CONTROL 11.1 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control OBJECTIVES • Why are information systems so vulnerable ? • What special measures must be taken to ensure the reliability, availability, and security of electronic commerce ? • Why are auditing information systems and safeguarding data quality so important? 11.2 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control 11.1 SYSTEM VULNERABILITY AND ABUSE Why Systems are Vulnerable • Unauthorized access – by Hackers or Employees – to destroy, steal or alter data, hardware or software • Denial of Service (DOS) Attack – Flooding a server with bogus requests in order to crash the network • Computer Viruses – self-replicating, malicious code • Disasters – flood, fire, power loss etc. • Errors – in Data Entry, Hardware or Software 11.3 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control 11.1 SYSTEM VULNERABILITY AND ABUSE Why Systems are Vulnerable 11.4 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control 11.1 SYSTEM VULNERABILITY AND ABUSE Concerns for System Builders and Users 11.5 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control OBJECTIVES • Why are information systems so vulnerable ? • What special measures must be taken to ensure the reliability, availability, and security of electronic commerce ? • Why are auditing information systems and safeguarding data quality so important? 11.6 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control 11. 2 CREATING A CONTROL ENVIRONMENT General Controls and Application Controls 11.7 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control 11. 2 CREATING A CONTROL ENVIRONMENT General Controls and Application Controls 11.8 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control 11. 2 CREATING A CONTROL ENVIRONMENT General Controls and Application Controls 11.9 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control 11. 2 CREATING A CONTROL ENVIRONMENT Protecting the Digital Firm • Fault-Tolerant Computer Systems: • Contain extra hardware, power supply etc. to ensure uninterrupted service • Disaster Recovery Plan: • Data backup, recovery procedures etc. to keep business running in event of computer outage • Mirroring: • Duplicating data on backup server to prevent any interruption in service • Clustering: • Linking two computers together so one can backup the other or speed up processing 11.10 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control 11. 2 CREATING A CONTROL ENVIRONMENT Protecting the Digital Firm Internet Security • Firewalls – Prevent unauthorized users from accessing private networks • Intrusion Detection System – Monitors vulnerable points in network to detect and deter unauthorized intruders 11.11 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control 11. 2 CREATING A CONTROL ENVIRONMENT Protecting the Digital Firm 11.12 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control 11. 2 CREATING A CONTROL ENVIRONMENT • Security and E-Commerce Encryption: • Coding messages to prevent unauthorized access • Digital Signature: • Digital code attached to message to uniquely identify sender • Digital Certificate: • Attachment to electronic message to verify the sender and to provide receiver with means to encode reply 11.13 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control 11. 2 CREATING A CONTROL ENVIRONMENT Protecting the Digital Firm Figure 11.8: Digital Certificates 11.14 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control 11. 2 CREATING A CONTROL ENVIRONMENT Developing a Control Structure: Costs and Benefits Criteria for Determining Control Structure • Importance of data • Efficiency and expense of each control technique • Level of risk if a specific activity or process is not properly controlled 11.15 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control 11. 2 CREATING A CONTROL ENVIRONMENT Developing a Control Structure: Costs and Benefits 11.16 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control OBJECTIVES • Why are information systems so vulnerable ? • What special measures must be taken to ensure the reliability, availability, and security of electronic commerce ? • Why are auditing information systems and safeguarding data quality so important? 11.17 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control 11. 2 CREATING A CONTROL ENVIRONMENT The Role of Auditing in the Control Process MIS Audit • Identifies all controls that govern individual information systems and assesses their effectiveness 11.18 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control 11. 2 CREATING A CONTROL ENVIRONMENT The Role of Auditing in the Control Process 11.19 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control 11.3 ENSURING SYSTEM QUALITY • Software Walkthrough: • Review of software design by small group of people • Software Debugging: • Process of discovering and eliminating defects (bugs) • Data Quality Audit: • Determines accuracy of data • via survey of end users for their perceptions of data quality or survey of samples from data files • Data Cleansing: • Correcting errors in data to increase accuracy 11.20 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality, and Control INFORMATION SYSTEMS SECURITY, QUALITY, AND CONTROL 11.21 Copyright © 2005 Pearson Education Canada Inc.
© Copyright 2026 Paperzz