Professional Documents
Culture Documents
Chapter 5
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
51
Learning Objective 1
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
52
Overview
The information security system is the subsystem of the organization that controls the special risks associated with computer-based information systems.
The information security system has the basic elements of any information system, such as hardware, databases, procedures, and reports.
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 53
Analyze system vulnerabilities Systems analysis in terms of relevant threats and their associated loss exposure. Systems design Design security measures and contingency plans to control the identified loss exposures.
54
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
56
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
57
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
58
Identifying the relevant costs per loss and the associated likelihoods can be difficult.
Estimating the likelihood of a given failure requires predicting the future, which is very difficult.
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 59
The systems vulnerabilities and threats are subjectively ranked in order of their contribution to the companys total loss exposure.
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
5 10
business interruption loss of software loss of data loss of hardware loss of facilities loss of service and personnel
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 11
Learning Objective 2
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
5 12
Active threats
Passive threats
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
5 14
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
5 15
computer maintenance persons programmers network operators information systems administrative personnel data control clerks
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 16
An intruder is anyone who accesses equipment, electronic data, or files without proper authorization.
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
5 17
Program alteration
Direct file alteration Data theft
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
5 19
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
5 20
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
5 23
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
5 24
Learning Objective 3
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
5 25
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
5 26
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
5 27
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
5 28
Site-access controls
System-access controls File-access controls
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 29
The objective of site-access controls is to physically separate unauthorized individuals from computer resources.
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
5 30
TV monitor
Telephone
Locked door
LOBBY
Intercom to vault
Scanner
Magnet detector
INNER VAULT
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
5 31
These controls authenticate users by using such means as user IDs, passwords, IP addresses, and hardware devices. It is often desirable to withhold administrative rights from individual PC users.
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 32
The most fundamental file-access control is the establishment of authorization guidelines and procedures for accessing and altering files.
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
5 33
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
5 34
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
5 35
Internet Security
Internet-related vulnerabilities may arise from weaknesses in five areas. 1. 2. 3. 4. 5. the operating system or its configuration the Web server or its configuration the private network and its configuration various server programs general security procedures
5 36
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Learning Objective 4
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
5 37
Disaster risk management is essential to ensure continuity of operations in the event of a catastrophe.
Prevention planning
Contingency planning
5 38
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
5 40
End of Chapter 5
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
5 43