Post on 04-Jan-2016
Zulhizam Bin Ebrahim 4092007721Mohd Shamir Bin Abd Azia 4092007261Muhammad Salehin Bin Suhaimi 4123014302
Management Information Systems, Sixth Edition 2
Controls: constraints and restrictions imposed on a user or a system◦ Controls can be used to secure against risks◦ Controls are also used to ensure that nonsensical
data is not entered
Controls can reduce damage caused to systems, application, and data
Management Information Systems, Sixth Edition 3
Management Information Systems, Sixth Edition 4
A reliable application is one that can resist inappropriate usage such as incorrect data entry or processing◦ The application should provide clear messages
when errors or deliberate misuses occur
Controls also translate business policies into system features
Management Information Systems, Sixth Edition 5
Backup: periodic duplication of all data
Redundant Arrays of Independent Disks (RAID): set of disks programmed to replicate stored data
Data must be routinely transported off-site as protection from a site disaster
Some companies specialize in data backup services or backup facilities for use in the event of a site disaster
Management Information Systems, Sixth Edition 6
Access controls: measures taken to ensure only authorized users have access to a computer, network, application, or data◦ Physical locks: lock the equipment in a secure
facility◦ Software locks: determine who is authorized
Three types of access controls:◦ What you know: access codes, such as user ID
and password◦ What you have: requires special devices◦ Who you are: unique physical characteristics
Management Information Systems, Sixth Edition 7
Access codes and passwords are usually stored in the OS or in a database
Security card is more secure than a password◦ Allows two-factor access
Biometric: uses unique physical characteristics such as fingerprints, retinal scans, or voiceprints
Up to 50% of help desk calls are from people who have forgotten their passwords◦ Biometrics can eliminate these kinds of calls
Management Information Systems, Sixth Edition 8
Atomic transaction: a set of indivisible transactions◦ All of the transactions in the set must be
completely executed, or none can be◦ Ensures that only full entry occurs in all the
appropriate files to guarantee integrity of the data◦ Is also a control against malfunction and fraud
Management Information Systems, Sixth Edition 9
Management Information Systems, Sixth Edition 10
Audit trail: a series of documented facts that help detect who recorded which transactions, at what time, and under whose approval◦ Sometimes automatically created using data and
timestamps
Certain policy and audit trail controls are required in some countries
Information systems auditor: a person whose job is to find and investigate fraudulent cases