Chapter 15 Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control Information System Security and Control 15.1 © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control Objectives Why are information systems so vulnerable to destruction, error, abuse, and system quality problems? What types of controls are available for information systems? What special measures must be taken to ensure the reliability, availability and security of electronic commerce, and digital business processes? 15.2 © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control Objectives What are the most important software quality assurance techniques? Why are auditing information systems and safeguarding data quality so important? 15.3 © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control Management Challenges Achieving a sensible balance between too little control and too much Applying quality assurance standards in large systems projects 15.4 © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control System Vulnerability and Abuse Why Systems Are Vulnerable • • • • • 15.5 Accessibility to electronic data Increasingly complex software, hardware Network access points Wireless vulnerability Internet © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control System Vulnerability and Abuse Threats to Computerized Information Systems • • • • Hardware failure Software failure Personnel actions Terminal access penetration • Theft of data, services, equipment 15.6 • • • • Fire Electrical problems User errors Unauthorized program changes • Telecommunication problems © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control System Vulnerability and Abuse Telecommunications networks vulnerabilities Figure 15-1 15.7 © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control System Vulnerability and Abuse Window on Organizations Credit Card Fraud: Still on the Rise • To what extent are Internet credit card thefts management and organizational problems, and to what extent are they technical problems? • Address the technology and management issues for both the credit card issuers and the retail companies • Suggest possible ways to address the problem 15.8 © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control System Vulnerability and Abuse Why Systems Are Vulnerable • • • • • • 15.9 Hacker Trojan horse Denial of service (DoS) attacks Computer viruses Worms Antivirus software © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control System Vulnerability and Abuse Window on Technology Smarter Worms and Viruses: The Worst Is Yet to Come • Why are worms so harmful? • Describe their business and organizational impact 15.10 © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control Ensuring System Quality: Software and Data Software Quality Assurance Methodologies and Tools Structured Design • Set of design rules and techniques • Promotes program clarity and simplicity • Design from top-down; main functions and subfunctions • Structure chart 15.39 © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control Ensuring System Quality: Software and Data High-level structure chart for a payroll system Figure 15-11 15.40 © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control Ensuring System Quality: Software and Data Software Quality Assurance Methodologies and Tools Structured Programming • Organizes and codes programs to simplify control paths for easy use and modification • Independent modules with one entry and exit point • Three basic control constructs: – Simple sequence – Selection – Iteration 15.41 © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control Ensuring System Quality: Software and Data Basic program control constructs Figure 15-12 15.42 © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control Ensuring System Quality: Software and Data Software Quality Assurance Methodologies and Tools • • • • Limitations of Traditional Methods Can be inflexible and time-consuming Programming depends on completion of analysis and design phases Specification changes require changes in analysis and design documents first Function-oriented 15.43 © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control Ensuring System Quality: Software and Data Software Quality Assurance Methodologies and Tools Unified Modeling Language (UML) • Industry standard for analysis and design of object-oriented systems • Represents different views using graphical diagrams • Underlying model integrates views for consistency during analysis, design, and implementation 15.44 © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control Ensuring System Quality: Software and Data Software Quality Assurance Methodologies and Tools UML Components • Things: – Structural things – Behavioral things – Grouping things – Annotational things 15.45 Classes, interfaces, collaborations, use cases, active classes, components, nodes Interactions, state machines Packages Notes © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control Ensuring System Quality: Software and Data Software Quality Assurance Methodologies and Tools UML Components • Relationships – Structural – Behavioral Dependencies, aggregations, associations, generalizations Communicates, includes, extends, generalizes • Diagrams – Structural – Behavioral 15.46 Class, object, component, and deployment diagrams Use case, sequence, collaboration, stateschart, and activity diagrams © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control Ensuring System Quality: Software and Data A UML use-case diagram Figure 15-13 15.47 © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control Ensuring System Quality: Software and Data A UML sequence diagram Figure 15-14 15.48 © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control Ensuring System Quality: Software and Data Software Quality Assurance Methodologies and Tools Computer-Aided Software Engineering (CASE) • • • • • • Automation of step-by-step methodologies Reduce repetitive development work Support documentation creation and revisions Organize design components; design repository Support code generation Require organizational discipline 15.49 © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control Ensuring System Quality: Software and Data Software Quality Assurance Methodologies and Tools • Resource Allocation: Assigning costs, time, personnel to different development phases • Software Metrics: Quantified measurements of systems performance • Testing: Walkthroughs, debugging 15.50 © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control Ensuring System Quality: Software and Data Data Quality Audits and Data Cleansing • Data Quality Audit – Survey end users for perceptions of data quality – Survey entire data files – Survey samples from data files • Data Cleansing – Correcting errors and inconsistencies in data between business units 15.51 © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control Chapter 15 Case Study Could a Missing Hard Drive Create Canada’s Biggest Identity Theft? Summarize the ISM security problem and its impact on ISM and its clients Describe the control weaknesses of ISM and those of its clients that made it possible for this problem to occur What management, organization, and technology factors contributed to those weaknesses? 15.52 © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control Chapter 15 Case Study Could a Missing Hard Drive Create Canada’s Biggest Identity Theft? Was the disappearance of the hard drive a management problem, an organization problem, or a technical problem? Explain your answer If you were responsible for designing security at ISM and its client companies, what would you have done differently? How would you have solved their control problems? 15.53 © 2005 by Prentice Hall ... information systems and safeguarding data quality so important? 15.3 © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control Management... large systems projects 15.4 © 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control System Vulnerability and Abuse Why Systems. .. 2005 by Prentice Hall Essentials of Management Information Systems, 6e Chapter 15 Information System Security and Control System Vulnerability and Abuse Threats to Computerized Information Systems