6.2信息安全【荐】.ppt

Information Systems Security and Control  SYSTEM VULNERABILITY AND ABUSE Why Systems are Vulnerable Advances in telecommunications and computer software Unauthorized access, abuse, or fraud Hackers Denial of service attack Computer viruses SYSTEM VULNERABILITY AND ABUSE SYSTEM VULNERABILITY AND ABUSE Concerns for System Builders and Users Disaster Destroys computer hardware, programs, data files, and other equipment Security Prevents unauthorized access, alteration, theft, or physical damage Errors Cause computers to disrupt or destroy organization’s record-keeping and operations SYSTEM VULNERABILITY AND ABUSE System Quality Problems: Software and Data Bugs Program code defects or errors Maintenance Nightmare Maintenance costs high due to organizational change, software complexity, and faulty system analysis and design SYSTEM VULNERABILITY AND ABUSE System Quality Problems: Software and Data Points in the Processing Cycle where Errors Can Occur Data Quality Problems Caused due to errors during data input or faulty information system and database design SYSTEM VULNERABILITY AND ABUSE The Cost of Errors over the Systems Development Cycle CREATING A CONTROL ENVIRONMENT Overview: Controls Methods, policies, and procedures that ensure protection of organization’s assets Ensure accuracy and reliability of records, and operational adherence to management standards CREATING A CONTROL ENVIRONMENT General Controls and Application Controls General controls Establish framework for controlling design, security, and use of computer programs Include software, hardware, computer operations, data security, implementation, and administrative controls Application controls Unique to each computerized application Include input, processing, and output controls CREATING A CONTROL ENVIRONMENT Protecting the Digital Firm On-line transaction processing: Transactions entered online are immediately processed by computer Fault-tolerant computer systems: Contain extra ha