zulhizam bin ebrahim 4092007721 mohd shamir bin abd azia 4092007261 muhammad salehin bin suhaimi...

Zulhizam Bin Ebrahim 4092007721Mohd Shamir Bin Abd Azia 4092007261Muhammad Salehin Bin Suhaimi 4123014302

Management Information Systems, Sixth Edition 2

Controls: constraints and restrictions imposed on a user or a system◦ Controls can be used to secure against risks◦ Controls are also used to ensure that nonsensical

data is not entered

Controls can reduce damage caused to systems, application, and data

Management Information Systems, Sixth Edition 3

Management Information Systems, Sixth Edition 4

A reliable application is one that can resist inappropriate usage such as incorrect data entry or processing◦ The application should provide clear messages

when errors or deliberate misuses occur

Controls also translate business policies into system features

Management Information Systems, Sixth Edition 5

Backup: periodic duplication of all data

Redundant Arrays of Independent Disks (RAID): set of disks programmed to replicate stored data

Data must be routinely transported off-site as protection from a site disaster

Some companies specialize in data backup services or backup facilities for use in the event of a site disaster

Management Information Systems, Sixth Edition 6

Access controls: measures taken to ensure only authorized users have access to a computer, network, application, or data◦ Physical locks: lock the equipment in a secure

facility◦ Software locks: determine who is authorized

Three types of access controls:◦ What you know: access codes, such as user ID

and password◦ What you have: requires special devices◦ Who you are: unique physical characteristics

Management Information Systems, Sixth Edition 7

Access codes and passwords are usually stored in the OS or in a database

Security card is more secure than a password◦ Allows two-factor access

Biometric: uses unique physical characteristics such as fingerprints, retinal scans, or voiceprints

Up to 50% of help desk calls are from people who have forgotten their passwords◦ Biometrics can eliminate these kinds of calls

Management Information Systems, Sixth Edition 8

Atomic transaction: a set of indivisible transactions◦ All of the transactions in the set must be

completely executed, or none can be◦ Ensures that only full entry occurs in all the

appropriate files to guarantee integrity of the data◦ Is also a control against malfunction and fraud

Management Information Systems, Sixth Edition 9

Management Information Systems, Sixth Edition 10

Audit trail: a series of documented facts that help detect who recorded which transactions, at what time, and under whose approval◦ Sometimes automatically created using data and

timestamps

Certain policy and audit trail controls are required in some countries

Information systems auditor: a person whose job is to find and investigate fraudulent cases