Chapter 12 MIS Management Processes: Process Management, Systems Development, and Security Copyright © 2013 Pearson Education, Inc. Publishing as Prentice.

Chapter 12

MIS Management Processes: Process Management, Systems Development,

and Security

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 12-1

Learning Objectives

Q1. What are the activities of business process management?Q2. What are the activities in the systems development life cycle (SDLC) development process?Q3. Which comes first: process or systems development?Q4. What is information systems security?


Learning Objectives

Q5. What are the components of an organization’s security program?Q6. What technical security safeguards are available?Q7. What human security safeguards are available?


What Are the Activities of Business Process Management?

• BPMProcess

Figure 12-1Four Activities in theBPM Process Copyright © 2013 Pearson Education, Inc.

Publishing as Prentice Hall 12-4


• BPM Monitoring Activity– Monitoring for Performance on its Objectives• COBIT (Control Objectives for Information related

Technology)

– Monitoring for Changes in the Process Environment



• BPM Modeling Activity– Three types of process change• Increase or decrease resources• Change the structure of the process• Change the process’s resource AND structure



• BPM Create Components Activity– Create new IS components based on new process

• BPM Implement Process Activity– Make process change operational


What Are the Activities of the Systems Development Life Cycle (SDLC)

Development Process?

• SDLC – Define the system– Determine requirements– Design system components– Create, test, and implement– Maintain the system (assess process results)




• SDLC

Figure 12-5 BPM Provides Requirements forSystems Development

Copyright © 2013 Pearson Education, Inc.


8/22/2011 Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 10



• Define the system

Figure 12-6 SDLC: SystemDefinition Activity




• Determine requirements

Figure 12-8 SDLC: RequirementsAnalysis Activity




• Design components

Figure 12-9 SDLC: ComponentDesign Activity




• Implement the system

Figure 12-10 SDLC: ImplementationActivity




• System conversion– Pilot installation– Phased installation– Parallel installation– Plunge installation





• Maintain the system

Figure 12-12 SDLC: SystemMaintenance Activity



Which Comes First: Process or Systems Development?

• Business Process First

Figure 12-13Process-FirstDevelopment



• Information System First

Figure 12-14Classic Five-StepSystems DevelopmentLife Cycle



• Another Factor: Off-the-Shelf Software

• And the Answer Is…– Business processes first– Both + Project Mgmt Iterating


What Is Information Systems Security?

• Information Systems Security– Process of protecting information systems

vulnerabilities from threats by creating appropriate safeguards

• What Are the Sources of Vulnerabilities?• What Are the Types of Security Threats?



• What Are the Sources of Vulnerabilities?– Human error and mistakes– Malicious human activity– Natural events and disasters



• What Are the Types of Security Threats?

Figure 12-15Security Threatsand Source



• Information Systems Security– Process of protecting information systems

vulnerabilities from threats by creating appropriate safeguards

• What Are the Sources of Vulnerabilities?• What Are the Types of Security Threats?


What Are the Components of an Organization’s Security Program?• Security program– Senior-management involvement– Safeguards Figure 12-19 Security Safeguards as They Relate to the Five IS Components

– Planned response to security incidents


What Technical Safeguards Are Available?

• Technical Safeguards

Figure 12-21Technical Safeguards

• Data Safeguards



• Identification and Authorization– Passwords– Smart Cards• Personal Identification Number (PINs)

– Biometric Authentication



• Encryption– Keys

Figure 12-22Basic Encryption Techniques



• Firewalls

• Malware Protection– Viruses, Trojan Horses, and Worms– Spyware and Adware– Malware Safeguards– Bots, Botnets, and Bot Herders



• Design Secure Applications– Code injection– SQL injection attacks– Cross-site scripting (XSS)



• Data Safeguards

Figure 12-25 Data Safeguards



• Technical Safeguards

Figure 12-21Technical Safeguards

• Data Safeguards


What Human Security Safeguards Are Available?

• Human Safeguards– Human Resources– Account administration– Systems procedures– Security monitoring



• Human Resources– Position Definitions – Hiring and Screening Processes– Dissemination and Enforcement– Termination Processes



• Account Administration– Account Management; Password Management;

and Help-Desk Policies• Systems Procedures

Figure 12-28 SystemsProcedures



• Security Monitoring– Activity logs– Organization Response to Security Incidents • Disaster Recovery Backup Sites• Incident-Response Plan


Ethics Guide

• Security Privacy


Conclusion

Q1. What are the activities of business process management?Q2. What are the activities in the systems development life cycle (SDLC) development process?Q3. Which comes first: process or systems development?Q4. What is information systems security?


Conclusion

Q5. What are the components of an organization’s security program?Q6. What technical security safeguards are available?Q7. What human security safeguards are available?



Chapter 12 MIS Management Processes: Process Management, Systems Development, and Security Copyright © 2013 Pearson Education, Inc. Publishing as Prentice.

Documents

pearson education

prentice hall12

process environment

process results copyright

sdlc figure

security copyright

structure copyright

prentice hall10