Evaluation of Information System - PowerPoint Presentation

Slide1

Evaluation of Information System

Asset Safeguarding and Data Integrity

Effectiveness and Efficiency Drs. Haryono, Ak. M.Com & Dimas M. Widiantoro, SE., S.Kom., M.Sc.

Pics

from : http

://www.pragroup.ca/Services/InformationTechnology/tabid/70/Default.aspx

Slide2

Slide3

Intorduction

Lets strat from the video

http://www.youtube.com/user/Networking4all?v=iRoenMHx6LQ&feature=pyv&ad=7910976668&kw=network

Slide4

Definition

Explicitly or implicitly, safeguarding assets is an inescapable fiduciary obligation bestowed on managers; whether the entity exists for-profit or not-for-profit. Fiduciary duties are an inherent managerial responsibility correlated to accountability that can be conveyed through legislation, regulation, or expectation.

Foundationally, an operating entity’s very existence is usually heavily dependent on how well employees safeguard assets utilized in fulfilling the organizational mission.

Slide5

Assumption

Assumption for safeguarding assets should span the entity’s total tangible and intangible resources. Specifically, information and associated technologies are assets requiring appropriate investments in protective measures to retain intrinsic value.

Slide6

Requirement

Safeguarding IT resources usually requires an information security governance (ISG) framework rendering essential information asset coverage. An

entity’s management can adopt the Information Systems Audit and Control Association’s (ISACA’s) Control Objectives for Information and related Technology (COBIT) framework, promulgated by the Information Technology Governance Institute, to ensure adequate ISG and/or the International Organization for Standardization (ISO) 27002 methodology.

Slide7

Control Objectives for Information and Related Technology.

COBIT FRAMEWORK

Slide8

IT Resources From COBIT

Slide9

The Flow Chart of Information Syste,

Slide10

The Structure of The Audit

Slide11

The Flow Chart of IS Audit from COBIT

Slide12

Information, Application, and Infrastructure

Information encompasses utilizable objects, structured and non-structured data, and presentation formats. Applications

are deemed the sum of manual and programmed procedures. Whereas, the infrastructure is defined as hardware, operating systems, configuration systems, facilities, and support structure.

Slide13

The Cube

Slide14

COBIT AUDIT STEPS

Slide15

Acquisition and Implementation

Slide16

Delivery and Support

Slide17

Monitoring

Slide18

IT gov. = indispensable

With IT considered indispensable for providing processing efficiencies, communication expediency and information reliability, entities should govern safeguarding information assets through an ISG program. To accomplish this security necessity, management normally needs a governance framework enabling organizational alignment, adequate resource allotments, risk management, value delivery and performance measurement.

Slide19

Governance - subset

Whether information security governance is abstractively viewed as a distinct governance classification supporting entity governance or a subset of information technology governance, safeguarding IT normally mandates addressing responsibilities separation and ‘protection-of-information-assets’ to assure managerial due diligence.

Slide20

Example

Slide21

Control Environment Consideration

Slide22

Control Environment Consideration

Slide23

Information and Communication

Slide24

Risk Assessment Consideration

Slide25

Monitoring Consideration

Slide26

Monitoring Consideration

Slide27

Evaluating information system effectiveness

and efficiency

SECTION ONE - Why study effectiveness?

Problems have arisen or criticisms have been voiced

in

connection with

a

system;

Some indicators of the ineffectiveness of the

hardware

and software

being

used

may

prompt the

review;,

Management may wish to implement a system initially

developed

in

one

division

throughout

the

organization

, but may want to first establish its

effectiveness

;

Post-implementations review to determines whether

new

system is

meeting

its objectives

.

Slide28

Indicators of System Ineffectiveness

Slide29

Two approaches to measurement of system

effectiveness

Slide30

2 Types of Eval'ns for Sys. Effectiveness

Slide31

Task Accomplishment - an effective I/S

improves the task accomp. of its users.

Slide32

Quality of Working Life

Slide33

Operational Effectiveness Objectives

Slide34

Frequency and Nature of Use

Slide35

Ease of Use and User Satisfaction

Slide36

Technical Effectiveness Objectives -

Has the appropriate hardware and software technology

been used to support a system, or, whether a change in

the support hardware or software technology would

enable the system to meet its goals better.

Hardware performance can be measured using hardware monitors

or more gross measures such as system response time, down time.

Software effectiveness can be measured by examining

the history of program maintenance, modification and

run time resource consumption. The history of program

repair maintenance indicates the quality of logic existing

in a program; i.e., extensive error correction implies:

inappropriate design, coding or testing; failure to use

structured approaches, etc.

Major problem: hardware and software not independent

Slide37

Economic Effectiveness Objectives -

Requires the identification of costs and benefits and the

proper evaluation of costs and benefits - a difficult task since

costs and benefits depend on the nature of the IS.

For example, some of the benefits expected and derived from an IS

designed to support a social service environment

would differ significantly from a system designed to

support manufacturing activities. Some of the most

significant costs and benefits may be intangible and

difficult to identify, and next to impossible to value.

Slide38

SECTION TWO - Evaluating system efficiency

Slide39

Performance Indices

Slide40

Indices - Timeliness

Slide41

Indices - Throughput & Utilization

Slide42

Workload

Slide43

Workload Models

Slide44

SECTION 3- Comparison of 3 Audit

Approaches - Objectives

Slide45

Comparison of 3 Approaches - Planning

Slide46

Comparison of 3 Approaches - Execution

Slide47

Comparison of 3 Approaches - Reporting