Asset Safeguarding and Data Integrity Effectiveness and Efficiency Drs Haryono Ak MCom amp Dimas M Widiantoro SE SKom MSc Pics from http wwwpragroupcaServicesInformationTechnologytabid70Defaultaspx ID: 777845
Download The PPT/PDF document "Evaluation of Information System" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Evaluation of Information System
Asset Safeguarding and Data Integrity
Effectiveness and Efficiency Drs. Haryono, Ak. M.Com & Dimas M. Widiantoro, SE., S.Kom., M.Sc.
Pics
from : http
://www.pragroup.ca/Services/InformationTechnology/tabid/70/Default.aspx
Slide2Slide3Intorduction
Lets strat from the video
http://www.youtube.com/user/Networking4all?v=iRoenMHx6LQ&feature=pyv&ad=7910976668&kw=network
Slide4Definition
Explicitly or implicitly, safeguarding assets is an inescapable fiduciary obligation bestowed on managers; whether the entity exists for-profit or not-for-profit. Fiduciary duties are an inherent managerial responsibility correlated to accountability that can be conveyed through legislation, regulation, or expectation.
Foundationally, an operating entity’s very existence is usually heavily dependent on how well employees safeguard assets utilized in fulfilling the organizational mission.
Slide5Assumption
Assumption for safeguarding assets should span the entity’s total tangible and intangible resources. Specifically, information and associated technologies are assets requiring appropriate investments in protective measures to retain intrinsic value.
Slide6Requirement
Safeguarding IT resources usually requires an information security governance (ISG) framework rendering essential information asset coverage. An
entity’s management can adopt the Information Systems Audit and Control Association’s (ISACA’s) Control Objectives for Information and related Technology (COBIT) framework, promulgated by the Information Technology Governance Institute, to ensure adequate ISG and/or the International Organization for Standardization (ISO) 27002 methodology.
Slide7Control Objectives for Information and Related Technology.
COBIT FRAMEWORK
Slide8IT Resources From COBIT
Slide9The Flow Chart of Information Syste,
Slide10The Structure of The Audit
Slide11The Flow Chart of IS Audit from COBIT
Slide12Information, Application, and Infrastructure
Information encompasses utilizable objects, structured and non-structured data, and presentation formats. Applications
are deemed the sum of manual and programmed procedures. Whereas, the infrastructure is defined as hardware, operating systems, configuration systems, facilities, and support structure.
Slide13The Cube
Slide14COBIT AUDIT STEPS
Slide15Acquisition and Implementation
Slide16Delivery and Support
Slide17Monitoring
Slide18IT gov. = indispensable
With IT considered indispensable for providing processing efficiencies, communication expediency and information reliability, entities should govern safeguarding information assets through an ISG program. To accomplish this security necessity, management normally needs a governance framework enabling organizational alignment, adequate resource allotments, risk management, value delivery and performance measurement.
Slide19Governance - subset
Whether information security governance is abstractively viewed as a distinct governance classification supporting entity governance or a subset of information technology governance, safeguarding IT normally mandates addressing responsibilities separation and ‘protection-of-information-assets’ to assure managerial due diligence.
Slide20Example
Slide21Control Environment Consideration
Slide22Control Environment Consideration
Slide23Information and Communication
Slide24Risk Assessment Consideration
Slide25Monitoring Consideration
Slide26Monitoring Consideration
Slide27Evaluating information system effectiveness
and efficiency
SECTION ONE - Why study effectiveness?
Problems have arisen or criticisms have been voiced
in
connection with
a
system;
Some indicators of the ineffectiveness of the
hardware
and software
being
used
may
prompt the
review;,
Management may wish to implement a system initially
developed
in
one
division
throughout
the
organization
, but may want to first establish its
effectiveness
;
Post-implementations review to determines whether
new
system is
meeting
its objectives
.
Slide28Indicators of System Ineffectiveness
Slide29Two approaches to measurement of system
effectiveness
Slide302 Types of Eval'ns for Sys. Effectiveness
Slide31Task Accomplishment - an effective I/S
improves the task accomp. of its users.
Slide32Quality of Working Life
Slide33Operational Effectiveness Objectives
Slide34Frequency and Nature of Use
Slide35Ease of Use and User Satisfaction
Slide36Technical Effectiveness Objectives -
Has the appropriate hardware and software technology
been used to support a system, or, whether a change in
the support hardware or software technology would
enable the system to meet its goals better.
Hardware performance can be measured using hardware monitors
or more gross measures such as system response time, down time.
Software effectiveness can be measured by examining
the history of program maintenance, modification and
run time resource consumption. The history of program
repair maintenance indicates the quality of logic existing
in a program; i.e., extensive error correction implies:
inappropriate design, coding or testing; failure to use
structured approaches, etc.
Major problem: hardware and software not independent
Slide37Economic Effectiveness Objectives -
Requires the identification of costs and benefits and the
proper evaluation of costs and benefits - a difficult task since
costs and benefits depend on the nature of the IS.
For example, some of the benefits expected and derived from an IS
designed to support a social service environment
would differ significantly from a system designed to
support manufacturing activities. Some of the most
significant costs and benefits may be intangible and
difficult to identify, and next to impossible to value.
Slide38SECTION TWO - Evaluating system efficiency
Slide39Performance Indices
Slide40Indices - Timeliness
Slide41Indices - Throughput & Utilization
Slide42Workload
Slide43Workload Models
Slide44SECTION 3- Comparison of 3 Audit
Approaches - Objectives
Slide45Comparison of 3 Approaches - Planning
Slide46Comparison of 3 Approaches - Execution
Slide47Comparison of 3 Approaches - Reporting