chapter 12 mis management processes: process management, systems development, and security copyright...
TRANSCRIPT
Chapter 12
MIS Management Processes: Process Management, Systems Development,
and Security
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-1
Learning Objectives
Q1. What are the activities of business process management?Q2. What are the activities in the systems development life cycle (SDLC) development process?Q3. Which comes first: process or systems development?Q4. What is information systems security?
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-2
Learning Objectives
Q5. What are the components of an organization’s security program?Q6. What technical security safeguards are available?Q7. What human security safeguards are available?
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-3
What Are the Activities of Business Process Management?
• BPMProcess
Figure 12-1Four Activities in theBPM Process Copyright © 2013 Pearson Education, Inc.
Publishing as Prentice Hall 12-4
What Are the Activities of Business Process Management?
• BPM Monitoring Activity– Monitoring for Performance on its Objectives• COBIT (Control Objectives for Information related
Technology)
– Monitoring for Changes in the Process Environment
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-5
What Are the Activities of Business Process Management?
• BPM Modeling Activity– Three types of process change• Increase or decrease resources• Change the structure of the process• Change the process’s resource AND structure
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-6
What Are the Activities of Business Process Management?
• BPM Create Components Activity– Create new IS components based on new process
• BPM Implement Process Activity– Make process change operational
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-7
What Are the Activities of the Systems Development Life Cycle (SDLC)
Development Process?
• SDLC – Define the system– Determine requirements– Design system components– Create, test, and implement– Maintain the system (assess process results)
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-8
What Are the Activities of the Systems Development Life Cycle (SDLC)
Development Process?
• SDLC
Figure 12-5 BPM Provides Requirements forSystems Development
Copyright © 2013 Pearson Education, Inc.
Publishing as Prentice Hall 12-9
8/22/2011 Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 10
What Are the Activities of the Systems Development Life Cycle (SDLC)
Development Process?
• Define the system
Figure 12-6 SDLC: SystemDefinition Activity
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-11
What Are the Activities of the Systems Development Life Cycle (SDLC)
Development Process?
• Determine requirements
Figure 12-8 SDLC: RequirementsAnalysis Activity
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-12
What Are the Activities of the Systems Development Life Cycle (SDLC)
Development Process?
• Design components
Figure 12-9 SDLC: ComponentDesign Activity
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-13
What Are the Activities of the Systems Development Life Cycle (SDLC)
Development Process?
• Implement the system
Figure 12-10 SDLC: ImplementationActivity
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-14
What Are the Activities of the Systems Development Life Cycle (SDLC)
Development Process?
• System conversion– Pilot installation– Phased installation– Parallel installation– Plunge installation
Copyright © 2013 Pearson Education, Inc.
Publishing as Prentice Hall 12-15
What Are the Activities of the Systems Development Life Cycle (SDLC)
Development Process?
• Maintain the system
Figure 12-12 SDLC: SystemMaintenance Activity
Copyright © 2013 Pearson Education, Inc.
Publishing as Prentice Hall 12-16
Which Comes First: Process or Systems Development?
• Business Process First
Figure 12-13Process-FirstDevelopment
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-17
Which Comes First: Process or Systems Development?
• Information System First
Figure 12-14Classic Five-StepSystems DevelopmentLife Cycle
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-18
Which Comes First: Process or Systems Development?
• Another Factor: Off-the-Shelf Software
• And the Answer Is…– Business processes first– Both + Project Mgmt Iterating
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-19
What Is Information Systems Security?
• Information Systems Security– Process of protecting information systems
vulnerabilities from threats by creating appropriate safeguards
• What Are the Sources of Vulnerabilities?• What Are the Types of Security Threats?
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-20
What Is Information Systems Security?
• What Are the Sources of Vulnerabilities?– Human error and mistakes– Malicious human activity– Natural events and disasters
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-21
What Is Information Systems Security?
• What Are the Types of Security Threats?
Figure 12-15Security Threatsand Source
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-22
What Is Information Systems Security?
• Information Systems Security– Process of protecting information systems
vulnerabilities from threats by creating appropriate safeguards
• What Are the Sources of Vulnerabilities?• What Are the Types of Security Threats?
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-23
What Are the Components of an Organization’s Security Program?• Security program– Senior-management involvement– Safeguards Figure 12-19 Security Safeguards as They Relate to the Five IS Components
– Planned response to security incidents
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-24
What Technical Safeguards Are Available?
• Technical Safeguards
Figure 12-21Technical Safeguards
• Data Safeguards
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-25
What Technical Safeguards Are Available?
• Identification and Authorization– Passwords– Smart Cards• Personal Identification Number (PINs)
– Biometric Authentication
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-26
What Technical Safeguards Are Available?
• Encryption– Keys
Figure 12-22Basic Encryption Techniques
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-27
What Technical Safeguards Are Available?
• Firewalls
• Malware Protection– Viruses, Trojan Horses, and Worms– Spyware and Adware– Malware Safeguards– Bots, Botnets, and Bot Herders
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-28
What Technical Safeguards Are Available?
• Design Secure Applications– Code injection– SQL injection attacks– Cross-site scripting (XSS)
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-29
What Technical Safeguards Are Available?
• Data Safeguards
Figure 12-25 Data Safeguards
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-30
What Technical Safeguards Are Available?
• Technical Safeguards
Figure 12-21Technical Safeguards
• Data Safeguards
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-31
What Human Security Safeguards Are Available?
• Human Safeguards– Human Resources– Account administration– Systems procedures– Security monitoring
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-32
What Human Security Safeguards Are Available?
• Human Resources– Position Definitions – Hiring and Screening Processes– Dissemination and Enforcement– Termination Processes
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-33
What Human Security Safeguards Are Available?
• Account Administration– Account Management; Password Management;
and Help-Desk Policies• Systems Procedures
Figure 12-28 SystemsProcedures
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-34
What Human Security Safeguards Are Available?
• Security Monitoring– Activity logs– Organization Response to Security Incidents • Disaster Recovery Backup Sites• Incident-Response Plan
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-35
Ethics Guide
• Security Privacy
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-36
Conclusion
Q1. What are the activities of business process management?Q2. What are the activities in the systems development life cycle (SDLC) development process?Q3. Which comes first: process or systems development?Q4. What is information systems security?
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-37
Conclusion
Q5. What are the components of an organization’s security program?Q6. What technical security safeguards are available?Q7. What human security safeguards are available?
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-38
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-39