information system security and control
DESCRIPTION
Information System Security and Control. Information System Security and Control. Threat of Project Failure Threat of Accidents and Malfunctions Threat of Computer Crime Factors That Increase the Risks Methods for Minimizing Risks. Introductory Case: London Ambulance Service. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Information System Security and Control](https://reader030.vdocument.in/reader030/viewer/2022032605/56812b5e550346895d8f81a9/html5/thumbnails/1.jpg)
Information System Security and Control
![Page 2: Information System Security and Control](https://reader030.vdocument.in/reader030/viewer/2022032605/56812b5e550346895d8f81a9/html5/thumbnails/2.jpg)
Information System Security and Control Threat of Project Failure Threat of Accidents and Malfunctions Threat of Computer Crime Factors That Increase the Risks Methods for Minimizing Risks
![Page 3: Information System Security and Control](https://reader030.vdocument.in/reader030/viewer/2022032605/56812b5e550346895d8f81a9/html5/thumbnails/3.jpg)
Introductory Case: London Ambulance Service Wow, what a mess! What did they do wrong? Did they do anything right? Was this a system that should have even
been attempted?
![Page 4: Information System Security and Control](https://reader030.vdocument.in/reader030/viewer/2022032605/56812b5e550346895d8f81a9/html5/thumbnails/4.jpg)
Threat of Project Failure
When can projects fail?INITIATION• The reasons for building the system have too little support.• The system seems too expensive.
DEVELOPMENT• It is too difficult to define the requirements.• The system is not technically feasible.• The project is too difficult is too difficult for technical staff assigned.
IMPLEMENTATION• The system requires too great a change from existing work practices.• Potential users dislike the system or resist using it.• Too little effort is put into the implementation.
OPERATION AND MAINTENANCE• System controls are insufficient.• Too little effort goes into supporting effective use.• The system is not updated as business needs change.
![Page 5: Information System Security and Control](https://reader030.vdocument.in/reader030/viewer/2022032605/56812b5e550346895d8f81a9/html5/thumbnails/5.jpg)
Threat of Project Failure
Remember this? What do you think the curve would look
like for cost of failure?
![Page 6: Information System Security and Control](https://reader030.vdocument.in/reader030/viewer/2022032605/56812b5e550346895d8f81a9/html5/thumbnails/6.jpg)
Threat of Accidents and Malfunctions Operator error Hardware malfunction
– Intel Pentium bug– Was like the embedded chip issue for Y2K
Software bugs Data errors Damage to physical facilities
– We’ll talk more about this for disaster recovery Inadequate system performance
– London ambulance case
![Page 7: Information System Security and Control](https://reader030.vdocument.in/reader030/viewer/2022032605/56812b5e550346895d8f81a9/html5/thumbnails/7.jpg)
Threat of Computer Crime
Theft– Physical (esp. laptops)
• Case of a laptop taken from the Pentagon in a conference room…• Recently heard about Silicon Valley exec who lost laptop• CCI insurance
– Logical• Unauthorized use• Fraudulent data entry• Unauthorized use/modification of data
Sabotage and Vandalism– Trap door, Trojan Horse, Virus
![Page 8: Information System Security and Control](https://reader030.vdocument.in/reader030/viewer/2022032605/56812b5e550346895d8f81a9/html5/thumbnails/8.jpg)
Factors that Increase Risk
Nature of Complex Systems Human Limitations Pressures in the Business Environment
![Page 9: Information System Security and Control](https://reader030.vdocument.in/reader030/viewer/2022032605/56812b5e550346895d8f81a9/html5/thumbnails/9.jpg)
Methods for Minimizing Risks
Controlling System Development and Modifications Providing Security Training Maintaining Physical Security Controlling Access to Data, Computers, and
Networks Controlling Transaction Processing Motivating Efficient and Effective Operation Auditing the Information System Preparing for Disasters
![Page 10: Information System Security and Control](https://reader030.vdocument.in/reader030/viewer/2022032605/56812b5e550346895d8f81a9/html5/thumbnails/10.jpg)
Minimize Risks…
![Page 11: Information System Security and Control](https://reader030.vdocument.in/reader030/viewer/2022032605/56812b5e550346895d8f81a9/html5/thumbnails/11.jpg)
Build the system correctly…
Software change control
![Page 12: Information System Security and Control](https://reader030.vdocument.in/reader030/viewer/2022032605/56812b5e550346895d8f81a9/html5/thumbnails/12.jpg)
Train the users about security…
![Page 13: Information System Security and Control](https://reader030.vdocument.in/reader030/viewer/2022032605/56812b5e550346895d8f81a9/html5/thumbnails/13.jpg)
Maintain physical security…
![Page 14: Information System Security and Control](https://reader030.vdocument.in/reader030/viewer/2022032605/56812b5e550346895d8f81a9/html5/thumbnails/14.jpg)
Prevent unauthorized access to hardware and software… Manual data handling Access privileges Access control
– What you know– What you have– Where you are– Who you are
![Page 15: Information System Security and Control](https://reader030.vdocument.in/reader030/viewer/2022032605/56812b5e550346895d8f81a9/html5/thumbnails/15.jpg)
Prevent unauthorized access to hardware and software… Be aware of network issues
– Encrypt if necessary
![Page 16: Information System Security and Control](https://reader030.vdocument.in/reader030/viewer/2022032605/56812b5e550346895d8f81a9/html5/thumbnails/16.jpg)
Perform transactions correctly…
Segregation of duties Data validation Error correction Backup & recovery
![Page 17: Information System Security and Control](https://reader030.vdocument.in/reader030/viewer/2022032605/56812b5e550346895d8f81a9/html5/thumbnails/17.jpg)
Innovate for efficiency…
Monitor systems Look for opportunities Look for incentives Look for disincentives
![Page 18: Information System Security and Control](https://reader030.vdocument.in/reader030/viewer/2022032605/56812b5e550346895d8f81a9/html5/thumbnails/18.jpg)
Audit your system…
Trust but verify…
![Page 19: Information System Security and Control](https://reader030.vdocument.in/reader030/viewer/2022032605/56812b5e550346895d8f81a9/html5/thumbnails/19.jpg)
Prepare for disasters…
Remember Murphy's Law