Systems Analysis and Design in a Changing World, Fourth Edition
|
|
- Dulcie Doreen Francis
- 5 years ago
- Views:
Transcription
1 Systems Analysis and Design in a Changing World, Fourth Edition
2 Learning Objectives Discuss examples of system interfaces found in information systems Define system inputs and outputs based on the requirements of the application program Design printed and on-screen reports appropriate for recipients Systems Analysis and Design in a Changing World, 4th Edition 2
3 Learning Objectives (continued) Explain the importance of integrity controls Identify required integrity controls for inputs, outputs, data, and processing Discuss issues related to security that affect the design and operation of information systems Systems Analysis and Design in a Changing World, 4th Edition 3
4 Overview This chapter focuses on system interfaces, system outputs, and system controls that do not require much human interaction Many system interfaces are electronic transmissions or paper outputs to external agents System developers need to design and implement integrity and security controls to protect system and its data Outside threats from Internet and e-commerce are growing concern Systems Analysis and Design in a Changing World, 4th Edition 4
5 Identifying System Interfaces System interfaces are broadly defined as inputs or outputs with minimal or no human intervention Inputs from other systems (messages, EDI) Highly automated input devices such as scanners Inputs that are from data in external databases Outputs to external databases Outputs with minimal HCI Outputs to other systems Real-time connections (both input and output) Systems Analysis and Design in a Changing World, 4th Edition 5
6 Full Range of Inputs and Outputs Systems Analysis and Design in a Changing World, 4th Edition 6
7 extensible Markup Language (XML) Extension of HTML that embeds self-defined data structures in textual messages Transaction that contains data fields can be sent with XML codes to define meaning of data fields XML provides common system-to-system interface XML is simple and readable by people Web services is based on XML to send business transactions over Internet Systems Analysis and Design in a Changing World, 4th Edition 7
8 System-to-System Interface Based on XML Systems Analysis and Design in a Changing World, 4th Edition 8
9 Design of System Inputs Identify devices and mechanisms used to enter input High-level review of most up-to-date methods to enter data Identify all system inputs and develop list of data content for each Provide link between design of application software and design of user and system interfaces Determine controls and security necessary for each system input Systems Analysis and Design in a Changing World, 4th Edition 9
10 Input Devices and Mechanisms Capture data as close to original source as possible Use electronic devices and automatic entry whenever possible Avoid human involvement as much as possible Seek information in electronic form to avoid data re-entry Validate and correct information at entry point Systems Analysis and Design in a Changing World, 4th Edition 10
11 Prevalent Input Devices to Avoid Human Data Entry Magnetic card strip readers Bar code readers Optical character recognition readers and scanners Radio-frequency identification tags Touch screens and devices Electronic pens and writing surfaces Digitizers, such as digital cameras and digital audio devices Systems Analysis and Design in a Changing World, 4th Edition 11
12 Defining the Details of System Inputs Ensure all data inputs are identified and specified correctly Can use traditional structured models Identify automation boundary Use DFD fragments Segment by program boundaries Examine structure charts Analyze each module and data couple List individual data fields Systems Analysis and Design in a Changing World, 4th Edition 12
13 Automation Boundary on a System-Level DFD Systems Analysis and Design in a Changing World, 4th Edition 13
14 Create New Order DFD with an Automation Boundary Systems Analysis and Design in a Changing World, 4th Edition
15 List of Inputs for Customer Support System Systems Analysis and Design in a Changing World, 4th Edition 15
16 Structure Chart for Create New Order (Figure -6) Systems Analysis and Design in a Changing World, 4th Edition 16
17 Data Flows, Data Couples, and Data Elements Making Up Inputs (Figure -7) Systems Analysis and Design in a Changing World, 4th Edition 17
18 Using Object-Oriented Models Identifying user and system inputs with OO approach has same tasks as traditional approach OO diagrams are used instead of DFDs and structure charts System sequence diagrams identify each incoming message Design class diagrams and sequence diagrams identify and describe input parameters and verify characteristics of inputs Systems Analysis and Design in a Changing World, 4th Edition 18
19 Partial System Sequence Diagram for Payroll System Use Cases (Figure -8) Systems Analysis and Design in a Changing World, 4th Edition 19
20 System Sequence Diagram for Create New Order Systems Analysis and Design in a Changing World, 4th Edition 20
21 Input Messages and Data Parameters from RMO System Sequence Diagram (Figure -10) Systems Analysis and Design in a Changing World, 4th Edition 21
22 Designing System Outputs Determine each type of output Make list of specific system outputs required based on application design Specify any necessary controls to protect information provided in output Design and prototype output layout Ad hoc reports designed as needed by user Systems Analysis and Design in a Changing World, 4th Edition 22
23 Defining the Details of System Outputs Type of reports Printed reports Electronic displays Turnaround documents Can use traditional structured models to identify outputs Data flows crossing automation boundary Data couples and report data requirements on structure chart Systems Analysis and Design in a Changing World, 4th Edition 23
24 Table of System Outputs Based on Traditional Structured Approach (Figure -11) Systems Analysis and Design in a Changing World, 4th Edition 24
25 Using Object-Oriented Models Outputs indicated by messages in sequence diagrams Originate from internal system objects Sent to external actors or another external system Output messages based on an individual object are usually part of methods of that class object To report on all objects within a class, class-level method is used that works on entire class Systems Analysis and Design in a Changing World, 4th Edition 25
26 Table of System Outputs Based on OO Messages (Figure -12) Systems Analysis and Design in a Changing World, 4th Edition 26
27 Designing Reports, Statements, and Turnaround Documents Printed versus electronic Types of output reports Detailed Summary Exception Executive Internal versus external Graphical and multimedia presentation Systems Analysis and Design in a Changing World, 4th Edition 27
28 RMO Summary Report with Drill Down to the Detailed Report Systems Analysis and Design in a Changing World, 4th Edition 28
29 Sample Bar Chart and Pie Chart Reports Systems Analysis and Design in a Changing World, 4th Edition 29
30 Formatting Reports What is objective of report? Who is the intended audience? What is media for presentation? Avoid information overload Format considerations include meaningful headings, date of information, date report produced, page numbers Systems Analysis and Design in a Changing World, 4th Edition 30
31 Designing Integrity Controls Mechanisms and procedures built into a system to safeguard it and information contained within Integrity controls Built into application and database system to safeguard information Security controls Built into operating system and network Systems Analysis and Design in a Changing World, 4th Edition 31
32 Objectives of Integrity Controls Ensure that only appropriate and correct business transactions occur Ensure that transactions are recorded and processed correctly Protect and safeguard assets of the organization Software Hardware Information Systems Analysis and Design in a Changing World, 4th Edition 32
33 Points of Security and Integrity Controls Systems Analysis and Design in a Changing World, 4th Edition 33
34 Input Integrity Controls Used with all input mechanisms Additional level of verification to help reduce input errors Common control techniques Field combination controls Value limit controls Completeness controls Data validation controls Systems Analysis and Design in a Changing World, 4th Edition 34
35 Database Integrity Controls Access controls Data encryption Transaction controls Update controls Backup and recovery protection Systems Analysis and Design in a Changing World, 4th Edition 35
36 Output Integrity Controls Ensure output arrives at proper destination and is correct, accurate, complete, and current Destination controls - output is channeled to correct people Completeness, accuracy, and correctness controls Appropriate information present in output Systems Analysis and Design in a Changing World, 4th Edition 36
37 Integrity Controls to Prevent Fraud Three conditions are present in fraud cases Personal pressure, such as desire to maintain extravagant lifestyle Rationalizations, including I will repay this money or I have this coming Opportunity, such as unverified cash receipts Control of fraud requires both manual procedures and computer integrity controls Systems Analysis and Design in a Changing World, 4th Edition 37
38 Fraud Risks and Prevention Techniques Systems Analysis and Design in a Changing World, 4th Edition 38
39 Designing Security Controls Security controls protect assets of organization from all threats External threats such as hackers, viruses, worms, and message overload attacks Security control objectives Maintain stable, functioning operating environment for users and application systems (24 x 7) Protect information and transactions during transmission outside organization (public carriers) Systems Analysis and Design in a Changing World, 4th Edition 39
40 Security for Access to Systems Used to control access to any resource managed by operating system or network User categories Unauthorized user no authorization to access Registered user authorized to access system Privileged user authorized to administrate system Organized so that all resources can be accessed with same unique ID/password combination Systems Analysis and Design in a Changing World, 4th Edition 40
41 Users and Access Roles to Computer Systems Systems Analysis and Design in a Changing World, 4th Edition 41
42 Managing User Access Most common technique is user ID / password Authorization Is user permitted to access? Access control list users with rights to access Authentication Is user who they claim to be? Smart card computer-readable plastic card with embedded security information Biometric devices keystroke patterns, fingerprinting, retinal scans, voice characteristics Systems Analysis and Design in a Changing World, 4th Edition 42
43 Data Security Data and files themselves must be secure Encryption primary security method Altering data so unauthorized users cannot view Decryption Altering encrypted data back to its original state Symmetric key same key encrypts and decrypts Asymmetric key different key decrypts Public key public encrypts; private decrypts Systems Analysis and Design in a Changing World, 4th Edition 43
44 Symmetric Key Encryption Systems Analysis and Design in a Changing World, 4th Edition 44
45 Asymmetric Key Encryption Systems Analysis and Design in a Changing World, 4th Edition 45
46 Digital Signatures and Certificates Encryption of messages enables secure exchange of information between two entities with appropriate keys Digital signature encrypts document with private key to verify document author Digital certificate is institution s name and public key that is encrypted and certified by third party Certifying authority VeriSign or Equifax Systems Analysis and Design in a Changing World, 4th Edition 46
47 Using a Digital Certificate Systems Analysis and Design in a Changing World, 4th Edition 47
48 Secure Transactions Standard set of methods and protocols for authentication, authorization, privacy, integrity Secure Sockets Layer (SSL) renamed as Transport Layer Security (TLS) protocol for secure channel to send messages over Internet IP Security (IPSec) newer standard for transmitting Internet messages securely Secure Hypertext Transport Protocol (HTTPS or HTTP-S) standard for transmitting Web pages securely (encryption, digital signing, certificates) Systems Analysis and Design in a Changing World, 4th Edition 48
49 Summary System interfaces include all inputs and outputs except those that are part of GUI Designing inputs to system is three-step process Identify devices/mechanisms used to enter input Identify system inputs; develop list of data content Determine controls and security necessary for each system input Traditional approach to design inputs and outputs DFDs, data flow definitions, structure charts Systems Analysis and Design in a Changing World, 4th Edition 49
50 Summary (continued) OO approach to design inputs and outputs Sequence diagrams, class diagrams Integrity controls and security designed into system Ensure only appropriate and correct business transactions occur Ensure transactions are recorded and processed correctly Protect and safeguard assets of the organization Control access to resources Systems Analysis and Design in a Changing World, 4th Edition 50
SMart esolutions Information Security
Information Security Agenda What are SMart esolutions? What is Information Security? Definitions SMart esolutions Security Features Frequently Asked Questions 12/6/2004 2 What are SMart esolutions? SMart
More informationتاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم
بنام خدا تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم امنیت بخشی به سیستمهای فناوری اطالعات Securing Information Systems 1 Learning Objectives Describe the business value of security and control.
More informationSyllabus: The syllabus is broadly structured as follows:
Syllabus: The syllabus is broadly structured as follows: SR. NO. TOPICS SUBTOPICS 1 Foundations of Network Security Principles of Network Security Network Security Terminologies Network Security and Data
More informationSecurity & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of
Contents Security & Privacy Contents Web Architecture and Information Management [./] Spring 2009 INFO 190-02 (CCN 42509) Erik Wilde, UC Berkeley School of Information Abstract 1 Security Concepts Identification
More informationAuthentication. Chapter 2
Authentication Chapter 2 Learning Objectives Create strong passwords and store them securely Understand the Kerberos authentication process Understand how CHAP works Understand what mutual authentication
More informationInformation Security in Corporation
Information Security in Corporation System Vulnerability and Abuse Software Vulnerability Commercial software contains flaws that create security vulnerabilities. Hidden bugs (program code defects) Zero
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 6 Release 1 System i Security Digital Certificate Manager Version 6 Release 1 Note Before using this information and the product it supports, be sure
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationIBM. Security Digital Certificate Manager. IBM i 7.1
IBM IBM i Security Digital Certificate Manager 7.1 IBM IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in
More informationIT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)
Page 1 of 6 IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT) I. Understanding the need for privacy in the IT environment A. Evolving
More informationMargret Amatayakul, MBA, RHIA, CHPS, CPHIT, CPEHR, FHIMSS. Margret\A Consulting, LLC
Technical Security Challenges in Earning Meaningful Use Incentives for EHR Margret Amatayakul, MBA, RHIA, CHPS, CPHIT, CPEHR, FHIMSS Margret\A Consulting, LLC Agenda What is required for M.U. Measures
More informationIBM i Version 7.2. Security Digital Certificate Manager IBM
IBM i Version 7.2 Security Digital Certificate Manager IBM IBM i Version 7.2 Security Digital Certificate Manager IBM Note Before using this information and the product it supports, read the information
More informationLesson 13 Securing Web Services (WS-Security, SAML)
Lesson 13 Securing Web Services (WS-Security, SAML) Service Oriented Architectures Module 2 - WS Security Unit 1 Auxiliary Protocols Ernesto Damiani Università di Milano element This element
More informationIntroduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable?
Introduction Controlling Information Systems When computer systems fail to work as required, firms that depend heavily on them experience a serious loss of business function. M7011 Peter Lo 2005 1 M7011
More informationNetwork Security and Cryptography. 2 September Marking Scheme
Network Security and Cryptography 2 September 2015 Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers to the questions,
More informationMU2a Authentication, Authorization & Accounting Questions and Answers with Explainations
98-367 MU2a Authentication, Authorization & Accounting Questions and Answers with Explainations Which are common symptoms of a virus infection? (Lesson 5 p 135-136) Poor system performance. Unusually low
More informationHow Managed File Transfer Addresses HIPAA Requirements for ephi
How Managed File Transfer Addresses HIPAA Requirements for ephi INTRODUCTION These new requirements have effectively made traditional File Transfer Protocol (FTP) file sharing ill-advised, if not obsolete.
More informationIT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)
Page 1 of 6 IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT) I. Understanding the need for privacy in the IT environment A. Evolving
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationLBI Public Information. Please consider the impact to the environment before printing this.
LBI Public Information. Please consider the impact to the environment before printing this. DGPC Framework People Executive management commitment Engaged management team Integrated governance organization
More informationISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :
ISACA CISA ISACA CISA ( Certified Information Systems Auditor ) Download Full Version : http://killexams.com/pass4sure/exam-detail/cisa QUESTION: 390 Applying a digital signature to data traveling in a
More informationAnswer: D. Answer: B. Answer: B
1. Management information systems (MIS) A. create and share documents that support day-today office activities C. capture and reproduce the knowledge of an expert problem solver B. process business transactions
More informationDefine information security Define security as process, not point product.
CSA 223 Network and Web Security Chapter One What is information security. Look at: Define information security Define security as process, not point product. Define information security Information is
More informationNetwork Security and Cryptography. December Sample Exam Marking Scheme
Network Security and Cryptography December 2015 Sample Exam Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers
More informationPoint ipos Implementation Guide. Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core
PCI PA - DSS Point ipos Implementation Guide Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core Version 1.02 POINT TRANSACTION SYSTEMS AB Box 92031,
More informationPrinciples of Information Security, Fourth Edition. Chapter 8 Cryptography
Principles of Information Security, Fourth Edition Chapter 8 Cryptography Learning Objectives Upon completion of this material, you should be able to: Chronicle the most significant events and discoveries
More informationCompTIA Security+ (Exam SY0-401) Course 01 Security Fundamentals
CompTIA Security+ (Exam SY0-401) Course 01 Security Fundamentals This course contains copyrighted material used by permission of Logical Operations, Inc. Slide 1 Course 01: Security Fundamentals The Information
More informationHOST Authentication Overview ECE 525
Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication in real-time
More informationIntroduction and Overview. Why CSCI 454/554?
Introduction and Overview CSCI 454/554 Why CSCI 454/554? Get Credits and Graduate Security is important More job opportunities More research funds 1 Workload Five homework assignments Two exams (open book
More informationCPET 499/ITC 250 Web Systems Chapter 16 Security. Topics
CPET 499/ITC 250 Web Systems Chapter 16 Security Text Book: * Fundamentals of Web Development, 2015, by Randy Connolly and Ricardo Hoar, published by Pearson Paul I-Hai, Professor http://www.etcs.ipfw.edu/~lin
More informationIS Today: Managing in a Digital World 9/17/12
IS Today: Managing in a Digital World Chapter 10 Securing Information Systems Worldwide losses due to software piracy in 2005 exceeded $34 billion. Business Software Alliance, 2006 Accessories for war
More informationDiscovering Computers Living in a Digital World
Discovering Computers 2011 Living in a Digital World Objectives Overview See Page 257 for Detailed Objectives 2 Objectives Overview See Page 257 for Detailed Objectives 3 What Is Input? Inputis any data
More informationCHAPTER 8 SECURING INFORMATION SYSTEMS
CHAPTER 8 SECURING INFORMATION SYSTEMS BY: S. SABRAZ NAWAZ SENIOR LECTURER IN MANAGEMENT & IT SEUSL Learning Objectives Why are information systems vulnerable to destruction, error, and abuse? What is
More informationChapter 4: Networking and the Internet. Network Classifications. Network topologies. Network topologies (continued) Connecting Networks.
Chapter 4: Networking and the 4.1 Network Fundamentals 4.2 The 4.3 The World Wide Web 4.4 Protocols 4.5 Security Network Classifications Scope Local area network (LAN) Metropolitan area (MAN) Wide area
More informationBiometrics. Overview of Authentication
May 2001 Biometrics The process of verifying that the person with whom a system is communicating or conducting a transaction is, in fact, that specific individual is called authentication. Authentication
More informationPCI PA-DSS Implementation Guide
PCI PA-DSS Implementation Guide For Atos Worldline Banksys XENTA, XENTEO, XENTEO ECO, XENOA ECO YOMANI and YOMANI XR terminals using the Point BKX Payment Core Software Versions A05.01 and A05.02 Version
More informatione-commerce Study Guide Test 2. Security Chapter 10
e-commerce Study Guide Test 2. Security Chapter 10 True/False Indicate whether the sentence or statement is true or false. 1. Necessity refers to preventing data delays or denials (removal) within the
More informationPOLICY FOR DATA AND INFORMATION SECURITY AT BMC IN LUND. October Table of Contents
POLICY FOR DATA AND INFORMATION SECURITY AT BMC IN LUND October 2005 Table of Contents Introduction... 1 Purpose Of This Policy... 1 Responsibility... 1 General Policy... 2 Data Classification Policy...
More informationCYBER SECURITY MADE SIMPLE
CYBER SECURITY MADE SIMPLE Author: Christopher Gorog www.logiccentral.org www.newcyberfrontier.com Christopher Gorog, MBA, PMP, CISSP Lead Faculty for Cybersecurity at Colorado Technical University; Published
More informationRevised (10/17) Overview Transmission Toolkit
Revised (10/17) Overview Transmission Toolkit Copyright 2017 by KeyBank, N.A. Overview Transmission Toolkit All rights reserved. Reproduction of any part of this work beyond that permitted by Section 107
More information19.1. Security must consider external environment of the system, and protect it from:
Module 19: Security The Security Problem Authentication Program Threats System Threats Securing Systems Intrusion Detection Encryption Windows NT 19.1 The Security Problem Security must consider external
More informationPCI PA - DSS. Point Vx Implementation Guide. Version For VeriFone Vx520, Vx680, Vx820 terminals using the Point Vx Payment Core (Point VxPC)
PCI PA - DSS Point Vx Implementation Guide For VeriFone Vx520, Vx680, Vx820 terminals using the Point Vx Payment Core (Point VxPC) Version 2.02 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm,
More informationprinteract, Xerox Remote Services A step in the right direction
printeract, Xerox Remote Services A step in the right direction Diagnose Problems Assess Machine Data Troubleshooting Customer Security Assured 701P42950 PrInteract, Xerox Remote Services Overview About
More informationE-Commerce Security Pearson Prentice Hall, Electronic Commerce 2008, Efraim Turban, et al.
E-Commerce Security 2008 Pearson Prentice Hall, Electronic Commerce 2008, Efraim Turban, et al. Learning Objectives 1. Explain EC-related crimes and why they cannot be stopped. 2. Describe an EC security
More informationSRM ARTS AND SCIENCE COLLEGE SRM NAGAR, KATTANKULATHUR
SRM ARTS AND SCIENCE COLLEGE SRM NAGAR, KATTANKULATHUR 603203 DEPARTMENT OF COMPUTER SCIENCE & APPLICATIONS QUESTION BANK 2017-18 Course / Branch : M.Sc.(CST) Semester / Year : VIII / IV Subject Name :
More informationTypes of Peripheral Devices
DSB International Public School Rishikesh Class VII Computer Science L1 - More Peripherals A computer peripheral is a device that is connected to a computer but is not part of the core computer architecture.
More informationSecurity Specification
Security Specification Security Specification Table of contents 1. Overview 2. Zero-knowledge cryptosystem a. The master password b. Secure user authentication c. Host-proof hosting d. Two-factor authentication
More informationCSC 474 Network Security. Authentication. Identification
Computer Science CSC 474 Network Security Topic 6. Authentication CSC 474 Dr. Peng Ning 1 Authentication Authentication is the process of reliably verifying certain information. Examples User authentication
More informationIT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)
Page 1 of 6 IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT) I. Understanding the need for privacy in the IT environment A. Evolving
More informationThe World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to
1 The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to compromises of various sorts, with a range of threats
More informationGISF. GIAC Information Security Fundamentals.
GIAC GISF GIAC Information Security Fundamentals TYPE: DEMO http://www.examskey.com/gisf.html Examskey GIAC GISF exam demo product is here for you to test the quality of the product. This GIAC GISF demo
More informationIntroduction to Information Security Dr. Rick Jerz
Introduction to Information Security Dr. Rick Jerz 1 Goals Explain the various types of threats to the security of information Discuss the different categorizations of security technologies and solutions
More informationSecuring Information Systems
Chapter 7 Securing Information Systems 7.1 2007 by Prentice Hall STUDENT OBJECTIVES Analyze why information systems need special protection from destruction, error, and abuse. Assess the business value
More informationelc International School
Subject: COMPUTER SCIENCE (0478) Syllabus 2016 Topics to be covered Section 1: Theory of Computer Science Theory: At the end of the section candidates should be able to Practical: At the end of the section
More informationBut where'd that extra "s" come from, and what does it mean?
SSL/TLS While browsing Internet, some URLs start with "http://" while others start with "https://"? Perhaps the extra "s" when browsing websites that require giving over sensitive information, like paying
More informationACS / Computer Security And Privacy. Fall 2018 Mid-Term Review
ACS-3921-001/4921-001 Computer Security And Privacy Fall 2018 Mid-Term Review ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified
More informationExam : Title : Security Solutions for Systems Engineers. Version : Demo
Exam : 642-566 Title : Security Solutions for Systems Engineers Version : Demo 1. Which one of the following elements is essential to perform events analysis and correlation? A. implementation of a centralized
More informationSecuring Information Systems
Introduction to Information Management IIM, NCKU System Vulnerability and Abuse (1/6) Securing Information Systems Based on Chapter 8 of Laudon and Laudon (2010). Management Information Systems: Managing
More informationMost Common Security Threats (cont.)
Most Common Security Threats (cont.) Denial of service (DoS) attack Distributed denial of service (DDoS) attack Insider attacks. Any examples? Poorly designed software What is a zero-day vulnerability?
More informationSymmetric Key Services Markup Language Use Cases
Symmetric Key Services Markup Language Use Cases Document Version 1.1 - February 28, 2007 The OASIS Symmetric Key Services Markup Language (SKSML) is the proposed language/protocol that defines how a client
More informationIndicate whether the statement is true or false.
Indicate whether the statement is true or false. 1. Packet-filtering firewalls scan network data packets looking for compliance with the rules of the firewall s database or violations of those rules. 2.
More informationE-commerce security: SSL/TLS, SET and others. 4.1
E-commerce security: SSL/TLS, SET and others. 4.1 1 Electronic payment systems Purpose: facilitate the safe and secure transfer of monetary value electronically between multiple parties Participating parties:
More informationSYSTEM AND METHOD FOR FACILITATING SECURE TRANSACTIONS
FCOOK.001PR PATENT SYSTEM AND METHOD FOR FACILITATING SECURE TRANSACTIONS BRIEF DESCRIPTION OF THE DRAWINGS [0001] Embodiments of various inventive features will now be described with reference to the
More informationHIPAA Compliance Checklist
HIPAA Compliance Checklist Hospitals, clinics, and any other health care providers that manage private health information today must adhere to strict policies for ensuring that data is secure at all times.
More information# ROLE DESCRIPTION / BENEFIT ISSUES / RISKS
As SharePoint has proliferated across the landscape there has been a phase shift in how organizational information is kept secure. In one aspect, business assets are more secure employing a formally built
More informationSimple and Powerful Security for PCI DSS
Simple and Powerful Security for PCI DSS The regulations AccessEnforcer helps check off your list. Most merchants think they are too small to be targeted by hackers. In fact, their small size makes them
More informationIntroduction to Computer Science. William Hsu Department of Computer Science and Engineering National Taiwan Ocean University
Introduction to Computer Science William Hsu Department of Computer Science and Engineering National Taiwan Ocean University Chapter 4: Networking and the Internet No one owns the Internet, and only one
More informationTrusted Computing Group
Trusted Computing Group Backgrounder May 2003 Copyright 2003 Trusted Computing Group (www.trustedcomputinggroup.org.) All Rights Reserved Trusted Computing Group Enabling the Industry to Make Computing
More informationTelemetry Data Sharing Using S/MIME
Telemetry Data Sharing Using S/MIME Item Type text; Proceedings Authors Kalibjian, Jeffrey R. Publisher International Foundation for Telemetering Journal International Telemetering Conference Proceedings
More informationHY-457 Information Systems Security
HY-457 Information Systems Security Recitation 1 Panagiotis Papadopoulos(panpap@csd.uoc.gr) Kostas Solomos (solomos@csd.uoc.gr) 1 Question 1 List and briefly define categories of passive and active network
More informationImplementation Guide for Delivery Notification in Direct
Implementation Guide for Delivery Notification in Direct Contents Change Control... 2 Status of this Guide... 3 Introduction... 3 Overview... 3 Requirements... 3 1.0 Delivery Notification Messages... 4
More informationContent and Purpose of This Guide... 1 User Management... 2
Contents Introduction--1 Content and Purpose of This Guide........................... 1 User Management........................................ 2 Security--3 Security Features.........................................
More informationWHITE PAPER. Authentication and Encryption Design
WHITE PAPER Authentication and Encryption Design Table of Contents Introduction Applications and Services Account Creation Two-step Verification Authentication Passphrase Management Email Message Encryption
More informationInformation Security & Privacy
IS 2150 / TEL 2810 Information Security & Privacy James Joshi Associate Professor, SIS Lecture 8 Feb 24, 2015 Authentication, Identity 1 Objectives Understand/explain the issues related to, and utilize
More informationBoundary control : Access Controls: An access control mechanism processes users request for resources in three steps: Identification:
Application control : Boundary control : Access Controls: These controls restrict use of computer system resources to authorized users, limit the actions authorized users can taker with these resources,
More informationitexamdump 최고이자최신인 IT 인증시험덤프 일년무료업데이트서비스제공
itexamdump 최고이자최신인 IT 인증시험덤프 http://www.itexamdump.com 일년무료업데이트서비스제공 Exam : CISA Title : Certified Information Systems Auditor Vendor : ISACA Version : DEMO Get Latest & Valid CISA Exam's Question and
More informationSystems Analysis and Design in a Changing World, Fourth Edition
Systems Analysis and Design in a Changing World, Fourth Edition Learning Objectives Describe the difference between user interfaces and system interfaces Explain why the user interface is the system to
More informationCSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More informationHIPAA Regulatory Compliance
Secure Access Solutions & HIPAA Regulatory Compliance Privacy in the Healthcare Industry Privacy has always been a high priority in the health profession. However, since the implementation of the Health
More informationIT Auditing, Hall, 3e
IT Auditing, an economic event that affects the assets and equities of the firm, is reflected in its accounts, and is measured in monetary terms. similar types of transactions are grouped together into
More informationDiscovering Computers Living in a Digital World
Discovering Computers 2011 Living in a Digital World Objectives Overview Define input and differentiate among a program, command, and user response Identify the keys and buttons commonly found on desktop
More informationSecurity issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.
Security issues: Threats Methods of attack Encryption algorithms Secret-key Public-key Hybrid protocols Lecture 15 Page 2 1965-75 1975-89 1990-99 Current Platforms Multi-user timesharing computers Distributed
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 6. Authentication Instructor: Dr. Kun Sun Authentication Authentication is the process of reliably verifying certain information. Examples User authentication
More informationAuthentication. Identification. AIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 6. Authentication Instructor: Dr. Kun Sun Authentication Authentication is the process of reliably verifying certain information. Examples User authentication
More informationAuthentication & Authorization
Authentication & Authorization Anuj Gupta 1, 1 M.Tech Scholar, Department of C.F.I.S, G.I.T.A.M, Kablana, Jhajjar Ashish Kumar Sharma 2 2 Assistant Professor, Department of C.F.I.S & C.S.E, G.I.T.A.M,
More informationIntegration of Agilent UV-Visible ChemStation with OpenLAB ECM
Integration of Agilent UV-Visible ChemStation with OpenLAB ECM Compliance with Introduction in Title 21 of the Code of Federal Regulations includes the US Federal guidelines for storing and protecting
More informationChapter 4: Networking and the Internet
Chapter 4: Networking and the Internet 2015 Pearson Education Limited 2015 Chapter 4: Networking and the Internet 4.1 Network Fundamentals 4.2 The Internet 4.3 The World Wide Web 4.4 Internet Protocols
More informationElectronic Signature Policy
Electronic Signature Policy Definitions The following terms are used in this policy. Term Definition Electronic Signature An electronic signature is a paperless method used to authorize or approve documents
More informationprinteract, Xerox Remote Services Overview
printeract, Xerox Remote Services Overview 701P27920 printeract, Xerox Remote Services Overview A step in the right direction Diagnose Problems Assess Machine Data Troubleshooting Customer Security Assured
More informationAuthentication Technologies
Authentication Technologies 1 Authentication The determination of identity, usually based on a combination of something the person has (like a smart card or a radio key fob storing secret keys), something
More informationChapter 4: Networking and the Internet. Figure 4.1 Network topologies. Network Classifications. Protocols. (continued)
Chapter 4: Networking and the Internet Computer Science: An Overview Eleventh Edition by J. Glenn Brookshear Chapter 4: Networking and the Internet 4.1 Network Fundamentals 4.2 The Internet 4.3 The World
More informationChapter 4: Networking and the Internet
Chapter 4: Networking and the Internet Computer Science: An Overview Eleventh Edition by J. Glenn Brookshear Copyright 2012 Pearson Education, Inc. Chapter 4: Networking and the Internet 4.1 Network Fundamentals
More informationExam : Title : Security Solutions for Systems Engineers(SSSE) Version : Demo
Exam : 642-565 Title : Security Solutions for Systems Engineers(SSSE) Version : Demo 1. SomeCompany, Ltd. wants to implement the the PCI Data Security Standard to protect sensitive cardholder information.
More informationSecuring Information Systems
Chapter 7 Securing Information Systems 7.1 Copyright 2011 Pearson Education, Inc. STUDENT LEARNING OBJECTIVES Why are information systems vulnerable to destruction, error, and abuse? What is the business
More informationLecture 9. Authentication & Key Distribution
Lecture 9 Authentication & Key Distribution 1 Where are we now? We know a bit of the following: Conventional (symmetric) cryptography Hash functions and MACs Public key (asymmetric) cryptography Encryption
More informationChapter Topics Part 1. Network Definitions. Behind the Scenes: Networking and Security
Chapter Topics Part 1 Behind the Scenes: Networking and Security CS10001 Computer Literacy Business Networks Network Advantages Client/Server Networks Network Classifications Servers Toplogies Chapter
More informationSAMPLE COURSE OUTLINE APPLIED INFORMATION TECHNOLOGY ATAR YEAR 12
SAMPLE COURSE OUTLINE APPLIED INFORMATION TECHNOLOGY ATAR YEAR 12 Copyright School Curriculum and Standards Authority, 2015 This document apart from any third party copyright material contained in it may
More informationCryptography and Network Security. Sixth Edition by William Stallings
Cryptography and Network Security Sixth Edition by William Stallings Chapter 19 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North to appear, the Board's access to other sources
More informationUnit-VI. User Authentication Mechanisms.
Unit-VI User Authentication Mechanisms Authentication is the first step in any cryptographic solution Authentication can be defined as determining an identity to the required level of assurance Passwords
More information