• Home

  • Documents

  • 14. CONTROLLING INFORMATION SYSTEMS 14. CONTROLLING INFORMATION SYSTEMS 14.1
26
14. CONTROLLING INFORMATION SYSTEMS 14.1

14. CONTROLLING INFORMATION SYSTEMS 14. CONTROLLING INFORMATION SYSTEMS 14.1

Tags:

Embed Size (px)

Citation preview

Page 1: 14. CONTROLLING INFORMATION SYSTEMS 14. CONTROLLING INFORMATION SYSTEMS 14.1

14. CONTROLLING

INFORMATION

SYSTEMS

14. CONTROLLING

INFORMATION

SYSTEMS

14.1

Page 2: 14. CONTROLLING INFORMATION SYSTEMS 14. CONTROLLING INFORMATION SYSTEMS 14.1

THREATS TO INFORMATION SYSTEMS

THREATS TO INFORMATION SYSTEMS

HARDWARE FAILURE, FIREHARDWARE FAILURE, FIRE

SOFTWARE FAILURE, ELECTRICAL PROBLEMSSOFTWARE FAILURE, ELECTRICAL PROBLEMS

PERSONNEL ACTIONS, USER ERRORSPERSONNEL ACTIONS, USER ERRORS

ACCESS PENETRATION, PROGRAM CHANGESACCESS PENETRATION, PROGRAM CHANGES

THEFT OF DATA, SERVICES, EQUIPMENTTHEFT OF DATA, SERVICES, EQUIPMENT

TELECOMMUNICATIONS PROBLEMSTELECOMMUNICATIONS PROBLEMS

**

14.2

Page 3: 14. CONTROLLING INFORMATION SYSTEMS 14. CONTROLLING INFORMATION SYSTEMS 14.1

WHY SYSTEMS ARE VULNERABLEWHY SYSTEMS ARE VULNERABLE

• SYSTEM COMPLEXITYSYSTEM COMPLEXITY

• COMPUTERIZED PROCEDURES NOT COMPUTERIZED PROCEDURES NOT ALWAYS READ OALWAYS READ ORR AUDITEDAUDITED

• EXTENSIVE EFFEEXTENSIVE EFFECTCT OF DISASTEROF DISASTER

• UNAUTHORIZED UNAUTHORIZED ACCESS POSSIBLEACCESS POSSIBLE

**

14.3

Page 4: 14. CONTROLLING INFORMATION SYSTEMS 14. CONTROLLING INFORMATION SYSTEMS 14.1

VULNERABILITIESVULNERABILITIES

• RADIATION: Allows Recorders, Bugs to Tap SystemRADIATION: Allows Recorders, Bugs to Tap System• CROSSTALK: Can GCROSSTALK: Can Garble Dataarble Data

• HARDWARE: ImpropHARDWARE: Improperer Connections, Connections, Failure of Failure of ProtectiProtectionon CircuitsCircuits

• SOFTWARE: Failure SOFTWARE: Failure ofof Protection Features, Protection Features, Access Access Control, BouControl, Boundsnds ControlControl

• FILES: Subject to ThFILES: Subject to Theft,eft, Copying, Copying, Unauthorized Unauthorized AccessAccess

**

14.4

Page 5: 14. CONTROLLING INFORMATION SYSTEMS 14. CONTROLLING INFORMATION SYSTEMS 14.1

VULNERABILITIESVULNERABILITIES

• USER: Identification, Authentication, Subtle USER: Identification, Authentication, Subtle Software ModificationSoftware Modification

• PROGRAMMER: DisaPROGRAMMER: Disablesbles ProtectiveProtective Features; Reveals PrFeatures; Reveals Protectiveotective MeasuresMeasures

• MAINTENANCE STAFMAINTENANCE STAFF:F: DisablesDisables Hardware Hardware Devices; UDevices; Usesses Stand-aloneStand-alone Utilities Utilities

• OPERATOR: Doesn’t OPERATOR: Doesn’t Notify Supervisor, Notify Supervisor, Reveals Protective MReveals Protective Measureseasures

**

14.5

Page 6: 14. CONTROLLING INFORMATION SYSTEMS 14. CONTROLLING INFORMATION SYSTEMS 14.1

HACKERS & COMPUTER VIRUSES

HACKERS & COMPUTER VIRUSES

• HACKER: Person Gains Access to HACKER: Person Gains Access to Computer for Profit, Criminal Computer for Profit, Criminal Mischief, Personal PleasureMischief, Personal Pleasure

• COMPUTER VIRUS: Rouge Program; COMPUTER VIRUS: Rouge Program; Difficult to Detect; Spreads Rapidly; Difficult to Detect; Spreads Rapidly; Destroys Data; Disrupts Processing Destroys Data; Disrupts Processing & Memory& Memory

**14.6

Page 7: 14. CONTROLLING INFORMATION SYSTEMS 14. CONTROLLING INFORMATION SYSTEMS 14.1

ANTIVIRUS SOFTWAREANTIVIRUS SOFTWARE

• SOFTWARE TO DETECTSOFTWARE TO DETECT• ELIMINATE VIRUSESELIMINATE VIRUSES• ADVANCED VERSIONS RUN IN ADVANCED VERSIONS RUN IN

MEMORY TO PROTECT MEMORY TO PROTECT PROCESSING, GUARD AGAINST PROCESSING, GUARD AGAINST VIRUSES ON DISKS, AND ON VIRUSES ON DISKS, AND ON INCOMING NETWORK FILESINCOMING NETWORK FILES

**14.7

Page 8: 14. CONTROLLING INFORMATION SYSTEMS 14. CONTROLLING INFORMATION SYSTEMS 14.1

EFFECTS OF VIRUSESEFFECTS OF VIRUSES

62

41

38

30

24

23

20

9

4

3

0 10 20 30 40 50 60 70

LOSS OF PRODUCTIVITYLOSS OF PRODUCTIVITY

INTERFERENCE, LOCKUPINTERFERENCE, LOCKUP

CORRUPTED FILESCORRUPTED FILES

LOST DATALOST DATA

UNRELIABLE UNRELIABLE APPLICATIONSAPPLICATIONS

SYSTEM CRASHSYSTEM CRASH

LOSS OF CONFIDENCELOSS OF CONFIDENCE

LOST E-MAILLOST E-MAIL

CORRUPTED E-MAILCORRUPTED E-MAIL

THREAT OF JOB LOSSTHREAT OF JOB LOSS

PER CENT EFFECTEDPER CENT EFFECTED

BASED ON 600,000 MULTIPLE EFFECTS REPORTS

Source: Computerworld (1993)

14.8

Page 9: 14. CONTROLLING INFORMATION SYSTEMS 14. CONTROLLING INFORMATION SYSTEMS 14.1

CONCERNS FOR BUILDERS & USERS

CONCERNS FOR BUILDERS & USERS

DISASTERDISASTER

BREACH OF SECURITYBREACH OF SECURITY

ERRORSERRORS**

14.9

Page 10: 14. CONTROLLING INFORMATION SYSTEMS 14. CONTROLLING INFORMATION SYSTEMS 14.1

DISASTERDISASTER

• LOSS OF HARDWARE, SOFTWARE, LOSS OF HARDWARE, SOFTWARE, DATA BY FIRE, POWER FAILURE, DATA BY FIRE, POWER FAILURE, FLOOD OR OTHER CALAMITYFLOOD OR OTHER CALAMITY

FAULT-TOLERANT COMPUTER FAULT-TOLERANT COMPUTER SYSTEMS: BACKUP SYSTEMS TO SYSTEMS: BACKUP SYSTEMS TO PREVENT SYSTEM FAILURE PREVENT SYSTEM FAILURE (Particularly On-line Transaction (Particularly On-line Transaction Processing)Processing)

**14.10

Page 11: 14. CONTROLLING INFORMATION SYSTEMS 14. CONTROLLING INFORMATION SYSTEMS 14.1

SECURITYSECURITY

POLICIES, PROCEDURES, POLICIES, PROCEDURES, TECHNICAL MEASURES TO TECHNICAL MEASURES TO

PREVENT UNAUTHORIZED ACCESS, PREVENT UNAUTHORIZED ACCESS, ALTERATION, THEFT, PHYSICAL ALTERATION, THEFT, PHYSICAL

DAMAGE TO INFORMATION DAMAGE TO INFORMATION SYSTEMSSYSTEMS

**

14.11

Page 12: 14. CONTROLLING INFORMATION SYSTEMS 14. CONTROLLING INFORMATION SYSTEMS 14.1

WHERE ERRORS OCCURWHERE ERRORS OCCUR

• DATA PREPARATIONDATA PREPARATION• TRANSMISSIONTRANSMISSION• CONVERSIONCONVERSION• FORM COMPLETIONFORM COMPLETION• ON-LINE DATA ENTRYON-LINE DATA ENTRY• KEYPUNCHING; SCANNING; OTHER KEYPUNCHING; SCANNING; OTHER

INPUTSINPUTS

**14.12

Page 13: 14. CONTROLLING INFORMATION SYSTEMS 14. CONTROLLING INFORMATION SYSTEMS 14.1

WHERE ERRORS OCCURWHERE ERRORS OCCUR

• VALIDATION VALIDATION

• PROCESSING / FILE MAINTENANCEPROCESSING / FILE MAINTENANCE

• OUTPUTOUTPUT

• TRANSMISSIONTRANSMISSION

• DISTRIBUTIONDISTRIBUTION

**

14.13

Page 14: 14. CONTROLLING INFORMATION SYSTEMS 14. CONTROLLING INFORMATION SYSTEMS 14.1

SYSTEM QUALITY PROBLEMSSYSTEM QUALITY PROBLEMS

• SOFTWARE & DATASOFTWARE & DATA• BUGS: Program Code Defects or ErrorsBUGS: Program Code Defects or Errors• MAINTENANCE: Modifying a System in MAINTENANCE: Modifying a System in

Production Use; Can take up to 85% of Production Use; Can take up to 85% of Analysts’ TimeAnalysts’ Time

• DATA QUALITY PROBLEMS: Finding, DATA QUALITY PROBLEMS: Finding, Correcting Errors; Costly; TediousCorrecting Errors; Costly; Tedious

**

14.14

Page 15: 14. CONTROLLING INFORMATION SYSTEMS 14. CONTROLLING INFORMATION SYSTEMS 14.1

COST OF ERRORS DURING SYSTEMS DEVELOPMENT CYCLE

COST OF ERRORS DURING SYSTEMS DEVELOPMENT CYCLE

1.001.00

2.002.00

3.003.00

4.004.00

5.005.00

6.006.00

CO

ST

SC

OS

TS

ANALYSIS PROGRAMMING POSTIMPLEMENTATION ANALYSIS PROGRAMMING POSTIMPLEMENTATION & DESIGN CONVERSION & DESIGN CONVERSION

14.15

Page 16: 14. CONTROLLING INFORMATION SYSTEMS 14. CONTROLLING INFORMATION SYSTEMS 14.1

CREATING A CONTROL ENVIRONMENT

CREATING A CONTROL ENVIRONMENT

CONTROLS: Methods, Policies, CONTROLS: Methods, Policies, Procedures to Protect Assets; Procedures to Protect Assets; Accuracy & Reliability of Records; Accuracy & Reliability of Records; Adherence to Management StandardsAdherence to Management Standards

• GENERALGENERAL• APPLICATIONAPPLICATION

**

14.16

Page 17: 14. CONTROLLING INFORMATION SYSTEMS 14. CONTROLLING INFORMATION SYSTEMS 14.1

GENERAL CONTROLSGENERAL CONTROLS• IMPLEMENTATION: Audit System Development IMPLEMENTATION: Audit System Development

to Assure Proper Control, Managementto Assure Proper Control, Management• SOFTWARE: Ensure Security, Reliability of SOFTWARE: Ensure Security, Reliability of

SoftwareSoftware• PROGRAM SECURITY: Prevent Unauthorized PROGRAM SECURITY: Prevent Unauthorized

Changes to ProgramsChanges to Programs• HARDWARE: Ensure Physical Security, HARDWARE: Ensure Physical Security,

Performance of Computer HardwarePerformance of Computer Hardware

**

14.17

Page 18: 14. CONTROLLING INFORMATION SYSTEMS 14. CONTROLLING INFORMATION SYSTEMS 14.1

GENERAL CONTROLSGENERAL CONTROLS• COMPUTER OPERATIONS: Ensure Procedures COMPUTER OPERATIONS: Ensure Procedures

Consistently, Correctly Applied to Data Storage, Consistently, Correctly Applied to Data Storage, ProcessingProcessing

• DATA SECURITY: Ensure Data Disks, Tapes DATA SECURITY: Ensure Data Disks, Tapes Protected from Wrongful Access, Change, Protected from Wrongful Access, Change, DestructionDestruction

• ADMINISTRATIVE: Ensure Controls Properly ADMINISTRATIVE: Ensure Controls Properly Executed, EnforcedExecuted, Enforced

• SEGREGATION OF FUNCTIONS: Divide Tasks to SEGREGATION OF FUNCTIONS: Divide Tasks to Minimize RisksMinimize Risks

**

14.18

Page 19: 14. CONTROLLING INFORMATION SYSTEMS 14. CONTROLLING INFORMATION SYSTEMS 14.1

APPLICATION CONTROLSAPPLICATION CONTROLS

• INPUTINPUT

• PROCESSINGPROCESSING

• OUTPUTOUTPUT

**

14.19

Page 20: 14. CONTROLLING INFORMATION SYSTEMS 14. CONTROLLING INFORMATION SYSTEMS 14.1

INPUT CONTROLSINPUT CONTROLS

• INPUT AUTHORIZATION: Record, Monitor INPUT AUTHORIZATION: Record, Monitor Source DocumentsSource Documents

• DATA CONVERSION: Transcribe Data DATA CONVERSION: Transcribe Data Properly from one Form to AnotherProperly from one Form to Another

• BATCH CONTROL TOTALS: Count BATCH CONTROL TOTALS: Count Transactions Prior to and After ProcessingTransactions Prior to and After Processing

• EDIT CHECKS: Verify Input Data, Correct EDIT CHECKS: Verify Input Data, Correct ErrorsErrors

**

14.20

Page 21: 14. CONTROLLING INFORMATION SYSTEMS 14. CONTROLLING INFORMATION SYSTEMS 14.1

PROCESSING CONTROLSPROCESSING CONTROLS

ESTABLISH THAT DATA IS COMPLETE, ESTABLISH THAT DATA IS COMPLETE, ACCURATE DURING PROCESSINGACCURATE DURING PROCESSING

• RUN CONTROL TOTALS: Generate RUN CONTROL TOTALS: Generate Control Totals Before & After ProcessingControl Totals Before & After Processing

• COMPUTER MATCHING: Match Input Data COMPUTER MATCHING: Match Input Data to Master Filesto Master Files

**

14.21

Page 22: 14. CONTROLLING INFORMATION SYSTEMS 14. CONTROLLING INFORMATION SYSTEMS 14.1

OUTPUT CONTROLSOUTPUT CONTROLS

ESTABLISH THAT RESULTS ARE ESTABLISH THAT RESULTS ARE ACCURATE, COMPLETE, PROPERLY ACCURATE, COMPLETE, PROPERLY DISTRIBUTED DISTRIBUTED

• BALANCE INPUT, PROCESSING, OUTPUT BALANCE INPUT, PROCESSING, OUTPUT TOTALSTOTALS

• REVIEW PROCESSING LOGSREVIEW PROCESSING LOGS• ENSURE ONLY AUTHORIZED RECIPIENTS ENSURE ONLY AUTHORIZED RECIPIENTS

GET RESULTSGET RESULTS

**14.22

Page 23: 14. CONTROLLING INFORMATION SYSTEMS 14. CONTROLLING INFORMATION SYSTEMS 14.1

DEVELOPING A CONTROL STRUCTURE

DEVELOPING A CONTROL STRUCTURE

• COSTS: Can be Expensive to Build; COSTS: Can be Expensive to Build; Complicated to UseComplicated to Use

• BENEFITS: Reduces Expensive Errors, BENEFITS: Reduces Expensive Errors, Loss of Time, Resources, Good WillLoss of Time, Resources, Good Will

RISK ASSESSMENT: Determine RISK ASSESSMENT: Determine Frequency of Occurrence of Problem, Frequency of Occurrence of Problem, Cost, Damage if it Were to OccurCost, Damage if it Were to Occur

**

14.23

Page 24: 14. CONTROLLING INFORMATION SYSTEMS 14. CONTROLLING INFORMATION SYSTEMS 14.1

MIS AUDITMIS AUDIT

IDENTIFIES CONTROLS OF INFORMATION IDENTIFIES CONTROLS OF INFORMATION SYSTEMS, ASSESSES THEIR SYSTEMS, ASSESSES THEIR EFFECTIVENESSEFFECTIVENESS

• TRACE FLOW OF SAMPLE TRANSACTIONS; TRACE FLOW OF SAMPLE TRANSACTIONS; NOTE HOW CONTROLS WORKNOTE HOW CONTROLS WORK

• LIST, RANK WEAKNESSESLIST, RANK WEAKNESSES• ESTIMATE PROBABILITIES, IMPACTESTIMATE PROBABILITIES, IMPACT• REPORT TO MANAGEMENTREPORT TO MANAGEMENT

**

14.24

Page 25: 14. CONTROLLING INFORMATION SYSTEMS 14. CONTROLLING INFORMATION SYSTEMS 14.1

SOFTWARE QUALITY ASSURANCESOFTWARE QUALITY ASSURANCE

• USE PROVEN DEVELOPMENT METHODOLOGIESUSE PROVEN DEVELOPMENT METHODOLOGIES• RESOURCES ALLOCATION: How are Costs, Time, RESOURCES ALLOCATION: How are Costs, Time,

People Assigned During Development?People Assigned During Development?• SOFTWARE METRICS: Quantifiable System SOFTWARE METRICS: Quantifiable System

Measurements for Objective Software AssessmentMeasurements for Objective Software Assessment• TESTING: Walkthrough of Design Documentation, TESTING: Walkthrough of Design Documentation,

Debugging to Discover, Eliminate Defects, Data Debugging to Discover, Eliminate Defects, Data Quality Audit to Sample, Measure Accuracy, Quality Audit to Sample, Measure Accuracy, Completeness of DataCompleteness of Data

**

14.25

Page 26: 14. CONTROLLING INFORMATION SYSTEMS 14. CONTROLLING INFORMATION SYSTEMS 14.1

MANAGEMENT CHALLENGESMANAGEMENT CHALLENGES

• LARGE MULTI-USER NETWORKS LARGE MULTI-USER NETWORKS DIFFICULT TO SECUREDIFFICULT TO SECURE

• BALANCE DEGREE OF CONTROL, MAIN BALANCE DEGREE OF CONTROL, MAIN THREAT IS EXTERNALTHREAT IS EXTERNAL

• APPLY QUALITY ASSURANCE APPLY QUALITY ASSURANCE STANDARDSSTANDARDS

**

14.26


S7-300 Automation Systems CPU 317T-2 DP: Controlling a ... · SIMATIC S7 300 Automation Systems SIMATIC S7 300 Automation Systems CPU 317T-2 DP: Controlling a SINAMICS S120 _____

S7-300 Automation Systems CPU 317T-2 DP: Controlling a ... · SIMATIC S7 300 Automation Systems SIMATIC S7 300 Automation Systems CPU 317T-2 DP: Controlling a SINAMICS S120 _____

Documents
Factors Controlling Cathodic Protection Systems

Factors Controlling Cathodic Protection Systems

Documents
Controlling Information Systems: Introduction to Internal Control

Controlling Information Systems: Introduction to Internal Control

Documents
“Redox Phenomena Controlling Systems” EURATOM EC 7th

“Redox Phenomena Controlling Systems” EURATOM EC 7th

Documents
Controlling Information Systems: Business Process Controls

Controlling Information Systems: Business Process Controls

Documents
Swimming pool dosing and controlling systems

Swimming pool dosing and controlling systems

Engineering
Systems of Transition Metal Dichalcogenides : Controlling

Systems of Transition Metal Dichalcogenides : Controlling

Documents
CONTROLLING YOUR BANKING AND PAYMENT SYSTEMS

CONTROLLING YOUR BANKING AND PAYMENT SYSTEMS

Documents
Controlling Information Systems: IT Processes

Controlling Information Systems: IT Processes

Documents
Controlling Management EGN 5622 Enterprise Systems Integration Spring, 2014 Controlling Management EGN 5622 Enterprise Systems Integration Spring, 2014

Controlling Management EGN 5622 Enterprise Systems Integration Spring, 2014 Controlling Management EGN 5622 Enterprise Systems Integration Spring, 2014

Documents
Introduction to Embedded Systems Chapter 14 Reachability Analysis (14.1, 14.2.1 – 14.2-2)

Introduction to Embedded Systems Chapter 14 Reachability Analysis (14.1, 14.2.1 – 14.2-2)

Documents
Controlling Anisotropy In Mass-Spring Systems

Controlling Anisotropy In Mass-Spring Systems

Technology
A Novel Technique for Controlling CNC Systems

A Novel Technique for Controlling CNC Systems

Documents
A novel robust generalized backstepping controlling … · SYSTEMS & CONTROL | RESEARCH ARTICLE A novel robust generalized backstepping controlling ... General Systems Keywords: nonlinear

A novel robust generalized backstepping controlling … · SYSTEMS & CONTROL | RESEARCH ARTICLE A novel robust generalized backstepping controlling ... General Systems Keywords: nonlinear

Documents
Light Controlling at Subwavelength Scales in Nanophotonic Systems

Light Controlling at Subwavelength Scales in Nanophotonic Systems

Documents
MODELLING AND CONTROLLING FC SYSTEMS USING AN ADAPTIVE …

MODELLING AND CONTROLLING FC SYSTEMS USING AN ADAPTIVE …

Documents
Controlling Collaborative Systems

Controlling Collaborative Systems

Documents
Controlling Constraint Violations - OITshinkai/Viewgraphs/0306pennstate_slide.pdf · Controlling Constraint Violations — Asymptotically Constrained Systems via Constraint Propagation

Controlling Constraint Violations - OITshinkai/Viewgraphs/0306pennstate_slide.pdf · Controlling Constraint Violations — Asymptotically Constrained Systems via Constraint Propagation

Documents
Busch usa Controlling vacuum systems

Busch usa Controlling vacuum systems

Documents
INFORMATION SYSTEMS DEVELOPMENT · PDF fileCHAPTER PREVIEW 14.1 Information Systems Planning ... tems for its major businesses, ... What We Learned from This Case 14.1

INFORMATION SYSTEMS DEVELOPMENT · PDF fileCHAPTER PREVIEW 14.1 Information Systems Planning ... tems for its major businesses, ... What We Learned from This Case 14.1

Documents
Controlling Management EGN 5622 Enterprise Systems Integration Spring, 2015 Controlling Management EGN 5622 Enterprise Systems Integration Spring, 2015

Controlling Management EGN 5622 Enterprise Systems Integration Spring, 2015 Controlling Management EGN 5622 Enterprise Systems Integration Spring, 2015

Documents
Controlling Technology Systems

Controlling Technology Systems

Documents
Controlling Minimum Ventilation Volume In VAV Systems

Controlling Minimum Ventilation Volume In VAV Systems

Documents
Controlling Complex Technical Systems: The Control Room

Controlling Complex Technical Systems: The Control Room

Documents
Smart Controlling in Hydraulic Systems

Smart Controlling in Hydraulic Systems

Documents
Controlling Information Systems: Introduction to Internal Control

Controlling Information Systems: Introduction to Internal Control

Documents
A2.3 Controlling and Mitigating NRW in Distribution Systems

A2.3 Controlling and Mitigating NRW in Distribution Systems

Documents
Controlling underwater robots with electronic nervous systems

Controlling underwater robots with electronic nervous systems

Documents
AUTOMATIC SYSTEMS FOR CONTROLLING FRUIT MOVEMENT, …

AUTOMATIC SYSTEMS FOR CONTROLLING FRUIT MOVEMENT, …

Documents
VR14 Round Series...14.1 in 14.1 in 14.1 in 6.2 in 14.1 in 6.7 in 14.1 in 14.1 in 14.1 in 6.2 in 14.1 in 5.7 in M USA & VR14 Round Series SPECIFICATIONS V R | 14 R S M APPLICATIONS:

VR14 Round Series...14.1 in 14.1 in 14.1 in 6.2 in 14.1 in 6.7 in 14.1 in 14.1 in 14.1 in 6.2 in 14.1 in 5.7 in M USA & VR14 Round Series SPECIFICATIONS V R | 14 R S M APPLICATIONS:

Documents