Chapter 12 MIS Management Processes: Process Management, Systems Development, and Security Copyright © 2013 Pearson Education, Inc. Publishing as Prentice.

Chapter 12

MIS Management Processes: Process Management, Systems Development,

and Security

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-1

Learning Objectives

Q1. What are the activities of business process management?Q2. What are the activities in the systems development life cycle (SDLC) development process?Q3. Which comes first: process or systems development?Q4. What is information systems security?

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-2

Learning Objectives

Q5. What are the components of an organization’s security program?Q6. What technical security safeguards are available?Q7. What human security safeguards are available?

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-3

What Are the Activities of Business Process Management?

• BPMProcess

Figure 12-1Four Activities in theBPM Process Copyright © 2013 Pearson Education, Inc.

Publishing as Prentice Hall 12-4

What Are the Activities of Business Process Management?

• BPM Monitoring Activity– Monitoring for Performance on its Objectives• COBIT (Control Objectives for Information related

Technology)

– Monitoring for Changes in the Process Environment

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-5

What Are the Activities of Business Process Management?

• BPM Modeling Activity– Three types of process change• Increase or decrease resources• Change the structure of the process• Change the process’s resource AND structure

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-6

What Are the Activities of Business Process Management?

• BPM Create Components Activity– Create new IS components based on new process

• BPM Implement Process Activity– Make process change operational

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-7

What Are the Activities of the Systems Development Life Cycle (SDLC)

Development Process?

• SDLC – Define the system– Determine requirements– Design system components– Create, test, and implement– Maintain the system (assess process results)

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-8

What Are the Activities of the Systems Development Life Cycle (SDLC)

Development Process?

• SDLC

Figure 12-5 BPM Provides Requirements forSystems Development

Copyright © 2013 Pearson Education, Inc.

Publishing as Prentice Hall 12-9

8/22/2011 Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 10

What Are the Activities of the Systems Development Life Cycle (SDLC)

Development Process?

• Define the system

Figure 12-6 SDLC: SystemDefinition Activity

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-11

What Are the Activities of the Systems Development Life Cycle (SDLC)

Development Process?

• Determine requirements

Figure 12-8 SDLC: RequirementsAnalysis Activity

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-12

What Are the Activities of the Systems Development Life Cycle (SDLC)

Development Process?

• Design components

Figure 12-9 SDLC: ComponentDesign Activity

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-13

What Are the Activities of the Systems Development Life Cycle (SDLC)

Development Process?

• Implement the system

Figure 12-10 SDLC: ImplementationActivity

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-14

What Are the Activities of the Systems Development Life Cycle (SDLC)

Development Process?

• System conversion– Pilot installation– Phased installation– Parallel installation– Plunge installation

Copyright © 2013 Pearson Education, Inc.

Publishing as Prentice Hall 12-15

What Are the Activities of the Systems Development Life Cycle (SDLC)

Development Process?

• Maintain the system

Figure 12-12 SDLC: SystemMaintenance Activity

Copyright © 2013 Pearson Education, Inc.

Publishing as Prentice Hall 12-16

Which Comes First: Process or Systems Development?

• Business Process First

Figure 12-13Process-FirstDevelopment

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-17

Which Comes First: Process or Systems Development?

• Information System First

Figure 12-14Classic Five-StepSystems DevelopmentLife Cycle

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-18

Which Comes First: Process or Systems Development?

• Another Factor: Off-the-Shelf Software

• And the Answer Is…– Business processes first– Both + Project Mgmt Iterating

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-19

What Is Information Systems Security?

• Information Systems Security– Process of protecting information systems

vulnerabilities from threats by creating appropriate safeguards

• What Are the Sources of Vulnerabilities?• What Are the Types of Security Threats?

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-20

What Is Information Systems Security?

• What Are the Sources of Vulnerabilities?– Human error and mistakes– Malicious human activity– Natural events and disasters

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-21

What Is Information Systems Security?

• What Are the Types of Security Threats?

Figure 12-15Security Threatsand Source

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-22

What Is Information Systems Security?

• Information Systems Security– Process of protecting information systems

vulnerabilities from threats by creating appropriate safeguards

• What Are the Sources of Vulnerabilities?• What Are the Types of Security Threats?

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-23

What Are the Components of an Organization’s Security Program?• Security program– Senior-management involvement– Safeguards Figure 12-19 Security Safeguards as They Relate to the Five IS Components

– Planned response to security incidents

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-24

What Technical Safeguards Are Available?

• Technical Safeguards

Figure 12-21Technical Safeguards

• Data Safeguards

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-25

What Technical Safeguards Are Available?

• Identification and Authorization– Passwords– Smart Cards• Personal Identification Number (PINs)

– Biometric Authentication

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-26

What Technical Safeguards Are Available?

• Encryption– Keys

Figure 12-22Basic Encryption Techniques

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-27

What Technical Safeguards Are Available?

• Firewalls

• Malware Protection– Viruses, Trojan Horses, and Worms– Spyware and Adware– Malware Safeguards– Bots, Botnets, and Bot Herders

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-28

What Technical Safeguards Are Available?

• Design Secure Applications– Code injection– SQL injection attacks– Cross-site scripting (XSS)

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-29

What Technical Safeguards Are Available?

• Data Safeguards

Figure 12-25 Data Safeguards

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-30

What Technical Safeguards Are Available?

• Technical Safeguards

Figure 12-21Technical Safeguards

• Data Safeguards

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-31

What Human Security Safeguards Are Available?

• Human Safeguards– Human Resources– Account administration– Systems procedures– Security monitoring

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-32

What Human Security Safeguards Are Available?

• Human Resources– Position Definitions – Hiring and Screening Processes– Dissemination and Enforcement– Termination Processes

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-33

What Human Security Safeguards Are Available?

• Account Administration– Account Management; Password Management;

and Help-Desk Policies• Systems Procedures

Figure 12-28 SystemsProcedures

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-34

What Human Security Safeguards Are Available?

• Security Monitoring– Activity logs– Organization Response to Security Incidents • Disaster Recovery Backup Sites• Incident-Response Plan

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-35

Ethics Guide

• Security Privacy

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-36

Conclusion

Q1. What are the activities of business process management?Q2. What are the activities in the systems development life cycle (SDLC) development process?Q3. Which comes first: process or systems development?Q4. What is information systems security?

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-37

Conclusion

Q5. What are the components of an organization’s security program?Q6. What technical security safeguards are available?Q7. What human security safeguards are available?

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-38

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-39