FIT2001 Lecture Notes - Lecture 11: Encryption Software, Data Conversion, Acceptance Testing
L11 - Securing, implementing and maintaining the system
Security
Why?
Information systems need to be secure in order to be reliable. They are at risk from:
●Human error (the shits that enter the wrong data, delete things by accident)
●Technical errors (hardware failures, software crashes
●Accident and disasters (flood, earthquakes, basically any time mother nature decides to
come down on earth like a ton of bricks)
●Fraud
●Malicious damage
CIA Model for Evaluating Security
●Confidentiality - preventing intentional or unintentional unauthorized disclosure
●Integrity - Prevent unauthorized data modifications
●Availability - Ensures reliable and timely access to data
Security Controls
●Physical controls - walls, locked doors, guards
●Procedural controls
○managerial oversight
○staff training, defined emergency response processes
○Fraud controls
●Regulatory controls - legislation, policy, rules of conduct
●Integrity controls
○Input controls
○Access controls
○Transaction logging
○Update controls
○Output controls
○Fraud controls
●Redundancy, backup & recovery controls
●Technical controls
○Cryptographic software
○Authentication and authorisation systems
○Secure protocols
Implementing the System
1. Implementation Planning
○Review acceptance Checklist
○Prepare implementation Schedule
2. Build the System or Buy the System
○Will result in a varied implementation
3. Test the System
○System Testing (functional and performance), Acceptance testing
4. Finalise Documentation
○System documentation
■Used to facilitate communication during development
■Documentation has to be kept up to date
■Required for the day-to-day running, maintenance and enhancement of the
system after deployment
○User documentation
■Description of how to use the system for end users
5. Get ready for System to go into production
○Data conversion / migration
■Process of getting data ready for the new system
■Critical
■Can be complex and costly
○Configure the production environment
■Ensure all facilities are set up and are suitable
○Conduct training
■To ensure users have the training to use the new system
■Training aids must be easy to use and reliable
■On-going training needs after installation: Online help, resident expert,
help desk
6. Deploy the System
○Install/ Deploy the System
■The method of installation/deployment depends on:
●Cost
●System criticality : if the system fails, would it be terrible? What’s
the safest approach?
●Disruption to business: what level of disruption to the company
●User computer experience: the more experience the users have,
the less necessary it is to delay changeover
Document Summary
L11 - securing, implementing and maintaining the system. Information systems need to be secure in order to be reliable. Human error (cid:840)the shits that enter the wrong data, delete things by accident(cid:841) Accident and disasters (cid:840)flood, earthquakes, basically any time mother nature decides to come down on earth like a ton of bricks(cid:841) Confidentiality - preventing intentional or unintentional unauthori ed disclosure. Availability - ensures reliable and timely access to data. Physical controls - walls, locked doors, guards. Regulatory controls - legislation, policy, rules of conduct. Prepare implementation schedule: build the system or buy the system. )ill result in a varied implementation: test the system. System testing (cid:840)functional and performance(cid:841), acceptance testing: finalise documentation. Documentation has to be kept up to date. Required for the day-to-day running, maintenance and enhancement of the system after deployment. Description of how to use the system for end users: get ready for system to go into production.