Design and implementation of a prototype to include security activities as part of application systems design

M.Com. (Information systems)This study has its origin in the growing need for information systems to be classified as 'secure'. With the increasing use of Computer Aided Software Engineering (CASE) tools in the design of application systems for commercial use, the risks that exist in terms of information security have become more prominent. The importance of considering security during the analysis and design of an information system, in other words, on a logical level, is increasing daily. Usually security features are added to existing application systems on an ad hoc basis. Security design activities should become such an integrated part of systems analysis and design activities on a logical level, that a complete integration of the two fields, security and computer aided software engineering, can be achieved. The aim of this dissertation is to study the literature to discover existing approaches to this integration, and to extract the strengths from them and expand on those strengths in order to compile an approach that is completely implementable in the form of a prototype data flow design tool (DFD tool). The proposed approach to the secure analysis and design of an application system of a logical level, which is presented in Chapter 4, is designed in conjunction with H.A.S. Booysen [Booysen, Kasselman, Eloff - 1994]. Existing CASE-tools have also been studied by the author to determine their current capabilities, especially in terms of security definition activities, but also in terms of their support to the systems analyst during the analysis and design phases of the project life cycle when developing a target application system

Analisis Sistem Informasi Akuntansi Terhadap Kinerja Perusahaan Pada Hotel Pantai Mutiara Pelabuhan Ratu Sukabumi

Accounting is explained as the process of recording, categorizing, summarizing, and reporting the company's transaction activities. Therefore, accounting information systems are used to facilitate individuals in their tasks and enable better company performance. This study aims to evaluate the effect of the application of accounting information systems on company performance, taking into account the utilization, quality, security, and supporting facilities of accounting information systems. The method used in this research is a quantitative method with an associative approach (questionnaire method). Questionnaires are used to assess managers' perceptions of information system utilization, information system quality, information system security, and means of supporting accounting information systems, as well as their influence on company performance. From this study it was found that the application of accounting information systems has a positive and significant effect on company performance. Utilization, quality, security, and means of supporting accounting information systems have a positive and significant effect on company performance. Therefore, increasing the application of accounting information systems in hotels can improve the performance of management companies. In addition, managers' perceptions of the usefulness of accounting information systems greatly influence the utilization of these systems. Therefore, companies should pay attention to managers' and employees' perceptions of the usefulness of accounting information systems to ensure effective use of these systems

Security Requirements Elicitation from Airline Turnaround Processes

Security risk management is an important part of system development. Given that a majority of modern organizations rely heavily on information systems, security plays a big part in ensuring smooth operations of business processes. For example, many people rely on e-services offered by banks and medical establishments. Inadequate security measures in information systems have unwanted effects on an organization’s reputation and on people’s lives. This case study paper targets the secure system development problem by suggesting the application of security requirements elicitation from business processes (SREBP). This approach provides business analysts with means to elicit and introduce security requirements to business processes through the application of the security risk-oriented patterns (SRPs). These patterns help find security risk occurrences in business processes and present mitigations for these risks. At the same time, they reduce the efforts needed for risk analysis. In this paper, the authors report their experience to derive security requirements for mitigating security risks in the distributed airline turnaround Systems

Probabilistic Analysis of the Influence of Staff Qualification and Information-Psychological Conditions on the Level of Systems Information Security

Taking into account the criticality of the “human factor,” the probabilistic approach for analysis is proposed, including: a model for predicting and assessing the level of systems information security, considering random events, including dependent events; model of information-psychological impact on staff; methodical approach for analyzing an influence of staff qualifications and psychological conditions on the level of system information security. The effectiveness of the application is demonstrated by examples

Changing Places: The Need to Alter the Start Point for Information Security Design

Information security is a necessary requirement of information sharing within an electronic health system because without it confidentiality, availability, or integrity controls are absent. Research shows that the application of security in this setting is subject to workarounds partly because of resistance to security controls from clinicians who feel that their voice is excluded from the security design process. Heeks\u27 explored the nature of health system design and referred to the distance between system designer and practitioner as the \u27design-reality gap\u27. To reduce this gap, systems designers typically deploy usercentred, participatory approaches to design. They use various forms of consultation and engagement to ensure that the needs of users are responded to within the design and that users understand the design process and constraints. Whilst there is evidence to suggest that the overall electronic health records (EHR) system design has increasingly used elements of a participatory, human-centred design approach, the security elements of design are still technology-focused. This discussion paper characterises the problem, outlines the principles of Heeks\u27 Information, Technology, Processes, Objectives, Skills, Management Systems, Other Resources (ITPOSMO) framework, and then uses this framework to evaluate security dimensions of both the UK and Australian EHR programmes. The resulting proposal for a \u27communities of practice\u27 approach as an alternative start-point to healthcare systems security design, provides a basis for reconceptualising the integration of security practices into EHR systems. In the increasingly distributed and complex environment of healthcare delivery, this new approach can help to address the fundamental challenges experienced in healthcare security practice today

Information flow analysis using data-dependent logical propositions

Dissertação para obtenção do Grau de Mestre em Engenharia InformáticaA significant number of today’s software systems are designed around database systems that store business information, as well as data relevant to access control enforcement, such as user profiles and permissions. Thus, the code implementing security mechanisms is scattered across the application code, often replicated at different architectural layers, each one written in its own programming language and with its own data format. Several approaches address this problem by integrating the development of all application layers in a single programming language. For instance, languages like Ur/Web and LiveWeb/lDB provide static verification of security policies related to access control, ensuring that access control code is correctly placed. However, these approaches provide limited support to the task of ensuring that information is not indirectly leaked because of implementation errors. In this thesis, we present a type-based information-flow analysis for a core language based in lDB, whose security levels are logical propositions depending on actual data. This approach allows for an accurate tracking of information throughout a databasebacked software system, statically detecting the information leaks that may occur, with precision at the table-cell level. In order to validate our approach, we discuss the implementation of a proof of-concept extension to the LiveWeb framework and the concerns involved in the development of a medium-sized application in our language

RESEARCH OF TRANSIENT RESPONSES IN AUTOMATIC MOBILE CONTROL SYSTEMS OF DISTILLATION PROCESS

In modern conditions of growth of informatization, to ensure the reliability of the functioning of distributed computer information-diagnostic and control systems, which are mandatory for consideration, there are problems of assessing security and implementing protection of operational information. The state of information protection and the reliability of computer systems for corporate monitoring and diagnosis of the railway power supply system are analyzed. The main tasks in the intellectualization of component systems are defined, namely traction electric network. The principles of information protection are proposed, which include: active protection of information; convincing protection of information, consisting in the justification of the design and measures to protect the conditions and circumstances. Such a principle as the continuity of the information protection process provides for the organization of the protection of objects at all stages of the development and operation life cycle. A variety of information protection tools provides for the exclusion of patterns at the stage of selecting cover objects and various ways to implement protection, not excluding the use of standard solutions. The combination of the above principles in the work is called an integrated approach to information security, which is the basis for the creation of computer information protection systems. According to the sphere of information security, this approach complies with international ISO standards, and for the technical protection of information and state standards it complies with the requirements of existing national legislative and regulatory documents. To ensure the security of information stored and processed in computer systems, the coordinated application of various security measures is necessary