Zulhizam Bin Ebrahim 4092007721Mohd Shamir Bin Abd Azia 4092007261Muhammad Salehin Bin Suhaimi 4123014302

Management Information Systems, Sixth Edition 2

Controls: constraints and restrictions imposed on a user or a system◦ Controls can be used to secure against risks◦ Controls are also used to ensure that nonsensical

data is not entered

Controls can reduce damage caused to systems, application, and data

Management Information Systems, Sixth Edition 3

Management Information Systems, Sixth Edition 4

A reliable application is one that can resist inappropriate usage such as incorrect data entry or processing◦ The application should provide clear messages

when errors or deliberate misuses occur

Controls also translate business policies into system features

Management Information Systems, Sixth Edition 5

Backup: periodic duplication of all data

Redundant Arrays of Independent Disks (RAID): set of disks programmed to replicate stored data

Data must be routinely transported off-site as protection from a site disaster

Some companies specialize in data backup services or backup facilities for use in the event of a site disaster

Management Information Systems, Sixth Edition 6

Access controls: measures taken to ensure only authorized users have access to a computer, network, application, or data◦ Physical locks: lock the equipment in a secure

facility◦ Software locks: determine who is authorized

Three types of access controls:◦ What you know: access codes, such as user ID

and password◦ What you have: requires special devices◦ Who you are: unique physical characteristics

Management Information Systems, Sixth Edition 7

Access codes and passwords are usually stored in the OS or in a database

Security card is more secure than a password◦ Allows two-factor access

Biometric: uses unique physical characteristics such as fingerprints, retinal scans, or voiceprints

Up to 50% of help desk calls are from people who have forgotten their passwords◦ Biometrics can eliminate these kinds of calls

Management Information Systems, Sixth Edition 8

Atomic transaction: a set of indivisible transactions◦ All of the transactions in the set must be

completely executed, or none can be◦ Ensures that only full entry occurs in all the

appropriate files to guarantee integrity of the data◦ Is also a control against malfunction and fraud

Management Information Systems, Sixth Edition 9

Management Information Systems, Sixth Edition 10

Audit trail: a series of documented facts that help detect who recorded which transactions, at what time, and under whose approval◦ Sometimes automatically created using data and

timestamps

Certain policy and audit trail controls are required in some countries

Information systems auditor: a person whose job is to find and investigate fraudulent cases