SECURING INFORMATION SYSTEM
Digital data are
vulnerable to destruction, misuse, error, fraud, and hardware or software
failures. The Internet is designed to be an open system and makes internal
corporate systems more vulnerable to actions from outsiders. Hackers can
unleash denial-of-service (DoS) attacks or penetrate corporate networks,
causing serious system disruptions. Wi-Fi networks can easily be penetrated by intruders
using sniffer programs to obtain an address to access the resources of the
network.
Computer viruses and worms can disable systems and Web
sites. The dispersed nature of cloud computing makes it difficult to track
unauthorized activity or to apply controls from afar. Software presents problems
because software bugs may be impossible to eliminate and because software
vulnerabilities can be exploited by hackers and malicious software. End users
often introduce errors.
Lack of sound security and control can cause firms
relying on computer systems for their core business functions to lose sales and
productivity. Information assets, such as confidential employee records, trade
secrets, or business plans, lose much of their value if they are revealed to
outsiders or if they expose the firm to legal liability. New laws, such as
HIPAA, the Sarbanes-Oxley Act, and the Gramm-Leach-Bliley Act, require
companies to practice stringent electronic records management and adhere to
strict standards for security, privacy, and control. Legal actions requiring
electronic evidence and computer forensics also require firms to pay more
attention to security and electronic records management.
Firms need to establish a good set of both general and
application controls for their information systems. A risk assessment evaluates
information assets, identifies control points and control weaknesses, and
determines the most cost-effective set of controls. Firms must also develop a
coherent corporate security policy and plans for continuing business operations
in the event of disaster or disruption. The security policy includes policies
for acceptable use and identity management. Comprehensive and systematic MIS
auditing helps organizations determine the effectiveness of security and
controls for their information systems
Firewalls prevent unauthorized users from accessing a
private network when it is linked to the Internet. Intrusion detection systems
monitor private networks from suspicious network traffic and attempts to access
corporate systems. Passwords, tokens, smart cards, and biometric authentication
are used to authenticate system users. Antivirus software checks computer
systems for infections by viruses and worms and often eliminates the malicious
software, while antispyware software combats intrusive and harmful spyware
programs. Encryption, the coding and scrambling of messages, is a widely used
technology for securing electronic transmissions over unprotected networks.
Digital
certificates combined with public key encryption provide further protection of electronic
transactions by authenticating a user’s identity. Companies can use
fault-tolerant computer systems or create high-availability computing
environments to make sure that their information systems are always available.
Use of software metrics and rigorous software testing help improve software
quality and reliability.
Software metrics are objective
assessments of the system in the form of quantified measurements. Ongoing use
of metrics allows the information systems department and end users to jointly
measure the performance of the system and identify problems as they occur.
Examples of software metrics include the number of transactions that can be
processed in a specified unit of time, online response time, the number of
payroll checks printed per hour, and the number of known bugs per hundred lines
of program code. For metrics to be successful, they must be carefully designed,
formal, objective, and used consistently. Early, regular, and thorough testing
will contribute significantly to system quality. Many view testing as a way to
prove the correctness of work they havedone. In fact, we know that all sizable
software is riddled with errors, and we must test to uncover these errors.
Good testing begins before a
software program is even written by using a walkthrough—a review of a
specification or design document by a small group of people carefully selected
based on the skills needed for the particular objectives being tested. Once
developers start writing software programs, coding walkthroughs also can be
used to review program code. However, code must be tested by computer runs.
When errors are discovered, the source is found and eliminated through a
process called debugging. You can find out more about the various stages
of testing required to put an information system into operation.
Sources:
Kenneth C. Laudon and Jane P. Laudon. 2012. Management Information Systems: Managing the Digital Firm. Twelfth Edition:
Pearson.
Tidak ada komentar:
Posting Komentar