Download What is Beta Testing? - KV Institute of Management and Information

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
Document related concepts

Disaster recovery plan wikipedia , lookup

Information security wikipedia , lookup

Trusted Computing wikipedia , lookup

Carrier IQ wikipedia , lookup

Information privacy law wikipedia , lookup

Unix security wikipedia , lookup

Computer security wikipedia , lookup

Mobile security wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
SECURITY , CONTROL AND REPORTING
Security refers to the polices, procedures and technical
measures
used
to
prevent
unauthorized
access,
alteration, theft, or physical damage to information
systems.
Information security means protecting information and
information
systems
from
unauthorized
access, use,
disclosure, disruption, modification or destruction.
Need for Security

Maintaining information confidentiality.

Ensure the integrity and reliability of data
resources.

Ensure the uninterrupted availability of
data resources.
Threats to Information Systems
Accidents and
Malfunctions
Categories of
threats
Operator Error
Hardware Malfunctions
Software Bugs
Data Errors
Accidental disclosure of
information
Damage to physical facilities
Inadequate system performance
Liability for system failure
Computer
Crime
Hacking
Cyber theft
Unauthorized use
at work
Piracy
Computer viruses
and worms
IS Vulnerability

A security risk may be classified as a vulnerability.

System vulnerability is a weakness which allows
an attacker to reduces system information
assurance.

Vulnerability is the intersection of 3 elements

System weakness

Attacker access leads to flaw.

Attacker capability to exploit the data base.
Causes of system vulnerability
Various system vulnerability are caused by
•Hackers
Through
variety of tricks, access the data flowing over
networks.
Steel
valuable data during transmission.
Alter
messages without authorization.
Radiation.
•
Internet and other networks are vulnerable to
disruptions from radiation.
•
Intruders can launch denial of services attacks
or to disrupt the operation of websites.
•
It destroy or alter the corporate data stored in
databases or files.
Malfunctioning.
•
The major cause for the computer software to fail are:
•
Errors In Programming,
•
Improper Installation, or
•
Unauthorized changes
•
Other natural disasters can also disrupt computer systems
•
Power failures
•
Floods.
•
Fires.
Information on the network

Domestic or offshore partnering with
another
company
adds
to
system
vulnerability if valuable information resides
on networks and computer outside the
organizations control.
Internet vulnerabilities

Vulnerability has also increased from widespread use of e-mail and IM.

E-Mail

Employees may use e-mail messages to transmit valuable trade secrets,
financial data or confidential customer information to unauthorized
recipients.

Instant Messaging (IM)

Consumer do not use a secure layer for text messages, so they can be
intercepted and read by outsiders during transmission over the public
internet.
Disaster management

DMP is a plan of action to recover from the impact on the
information systems.

The objective of DMP is :

not only to start the system again but start properly from a
stage when it is stopped

with all data integrity maintained after recovery to ensure that
quality of output is not defective due to loss of data, incomplete
data or incorrect data.
DMP Process
Step 1 : Identify the critical business processes.
Step2: Access the business risk. (probability of risk occurrence,
risk exposure, time of exposure)
Step3 : Enlist the impact target of the damage for
attention to manage and recover.
Step4 : Identify the life saving data, files, software
applications, packages, hardware, servers, and database
linked to these process.

Step 5 : Segregate need into 2 classes
(i)
Switch to manual process.
(ii)
Work at offsite with data backup created
at offsite location.
Step 6 : prepare a plan of bridging pre - and
post- disaster scenario so that community
of data and information is maintained.

Step 7 : Ensure all risks are suitably covered
by appropriate insurance policies.

Step 8 : Authority, rights for decisions and
actions in the event of disaster should be
clear in DMP.

Step 9 : Test the DMP plan once a year in
simulated live model event.
Threats
and
management.
controls
for
disaster
1.
Threats to facilities and structure
i)
Earthquakes, fires, explosions, floods and other
events.
ii)
Power failures
iii)
Theft
iv)
Unauthorized use of IT structure.
v)
Damage by disgruntled employees.
Controls

Design buildings for the natural threats.

Store sensitive data, applications, offsite in a different
building.

Provide security training to employees.

Provide dedicated power lines with UPS.

Screen employees and usual visitors and get the
appropriate secrecy bonds signed from them.

Use biometric access controls and IDs.
Threats to communication system
Incorrect
Intrusion
input due to communication break down.
by unauthorized persons and damage to
communication system.
Insertion
of viruses.
Defective
network operations.
controls
Firewalls.
Error
deduction and correction methods
User IDs, passwords and PINs.
Encryption and decryption of key inputs/ outputs.
Threats to database and DBMS

Corruption of data

Theft of data.

Unauthorized access.

Data inconsistency.

Controls:

Use of antivirus software

Backup copies

Restricted authority to update and delete

Limited, authorized access to database.

Dedicated to DB administrator.
Testing

When a system is developed, it is hoped that it
performs properly.

However, some errors always occur.

The main purpose of testing information
systems is to find the errors and correct
them.

A successful test is one which finds error.
Objectives of testing

To ensure that during operation the system will
perform as per specifications.

To make sure that the system meets your
requirements during operation.

To see that when correct inputs are fed to the
system so that the outputs are also correct.

To make sure that during operations, incorrect
input
, processing
detected.
and
outputs
will
be
Classification of information system tests

The
test
should
include
both
manual
computerized operations.

Information system testing are :

comprehensive evaluation of the programs

Manual procedures

Computer operations and controls
operations
and
1.Unit Testing
•
It is a method by which individual units of
source code are tested to determine if they are
fit for use.
2.Integration Testing
•
It is systematic technique for constructing the
program structure while at the same time
conducting tests to uncover errors associated
with interfacing.
Types of integration testing
Big bang integration testing
•All
components or modules is integrated simultaneously, after
which everything is tested as a whole.
Top down integration testing
•It
takes place from top to bottom, following the control flow
or architectural structure.
•Bottom
up
Testing takes place from the bottom of the control flow
upward. Components or systems are substituted by drivers.
Mixed Integration testing

It is also called as sandwiched testing.

It follows a combination of top- down and
bottom – up testing approaches.

Top- down approach can start only after
the top- levels modules have been coded
and unit tested.

Bottom – up testing can start only after the
bottom – up modules are ready.

Mixed approach overcomes this shortcomings
as in it, testing can start as and when modules
became unavailable.
3.Validation Testing

After integration testing, software is assembled as a
package where interfacing errors have been uncovered and
corrected, and then validation testing begins.

Validation succeeds when software functions as expected
by the customers.
•
The types of validation testing are
•
Alpha testing
•
Beta testing
What is Alpha Testing ?

Alpha testing is a type of acceptance testing; performed to identify all
possible issues/bugs before releasing the product to everyday users
or public.

Alpha testing is carried out in a lab environment and usually the
testers are internal employees of the organization.

To put it as simple as possible, this kind of testing is called alpha only
because it is done early on, near the end of the development of the
software, and before beta testing.
What is Beta Testing?

Beta Testing of a product is performed by "real users" of the software
application in a "real environment" and can be considered as a form of
external user acceptance testing.

Beta version of the software is released to a limited number of end-users
of the product to obtain feedback on the product quality. Beta testing
reduces product failure risks and provides increased quality of the
product through customer validation.

It is the final test before shipping a product to the customers. Direct
feedback from customers is a major advantage of Beta Testing. This testing
helps to tests the product in real time environment.
4.System testing
•
The behavior of whole system/product is tested as
defined by the scope of the development project or
product.
•
It is the final test to verify that the system to be
delivered meets the specifications and its purpose.
•
Test – carried out by specialist’s testers.
•
It investigate both functional and non- functional
requirement of the testing.
Error Detection

Software errors are inescapable and they are easily
permeable into programs.

The first is to prevent the introduction of errors and the
second is to deduct the errors or bugs hidden in the codes.


Software error analysis includes the techniques, used to
locate,

Analyze, and

Estimate errors and data relating to errors.
Static Testing
Dynamic Testing
Testing done without executing the program
Testing done by executing the program
This testing does verification process
Dynamic testing does validation process
Static testing is about prevention of defects
Dynamic testing is about finding and fixing the
defects
Static testing gives assessment of code and
documentation
Dynamic testing gives bugs/bottlenecks in the
software system.
Cost of finding defects and fixing is less
Cost of finding and fixing defects is high
Return on investment will be high as this
process involved at early stage
Return on investment will be low as this
process involves after the development phase
More reviews comments are highly
recommended for good quality
More defects are highly recommended for
good quality.
Error Detection in phases of Lifecycle

Requirements

Design

Implementation

Test

Installation and Checkout

Operation and Maintenance
Controls

Controls are constraints and other restrictions imposed on a
user or a system and they can be used to secure system
against the risk or to reduce caused to systems, application
and data.

Controls are implementation not only for access but also to
implement policies and ensure that nonsensical data is not
entered in to corporate database.
Types of controls
General
controls
Physical
Biometric
Access
Application
controls
Input
Processing
Data Security
Output
communication
Administrative
Others
Storage
Software Audit
The
general definition of an audit is an evaluation of a person,
organization, system, process, enterprise, project or product.
A
software audit is the process of checking each computer in the
organization and listing the software packages installed.
The
purpose of software audit is to detect and rectify any anomalies
between the software register and software installed on the system.
Objectives of software audit

Organizations standards, processes, systems, and plans are
adequate to enable the organization

To meet its policies, requirements, and objectives.

During the execution of its wok activities.

Objectives are actually being met.

Resources and non- human resources are being effectively
utilized.
Audit Roles and Responsibilities

Client

Auditor Management

Lead auditor

Auditors

Auditee management.
Audit process

Initiation

Planning

Preparation

Execution

Reporting

Corrective action and follow up
Ethics in IT

Ethics is a study of the principles and practices, which
guides to decide whether the action taken is morally
right or wrong.

Ethics is about values and human behavior.

The values and human behavior is primarily regulated by
various legal provisions and can be enforced through
courts.
Technology Ethics

Ethics of technology referred into two basic
subdivisions.

Ethics in the development of new
technology.

Technological growth.
Ethics to overcome vulnerability

Vulnerability assessment.

It is a periodic process that works on a system to identify,
track, and manage the repair of vulnerabilities on the
system.

It does a health check of the system.
•
It is essential security process and best practice for the well
– being of the system.
Vulnerability scanning.

It identifies weakness in the network, the
type of weaknesses, and where they are, it is
up to the security team to fix the identified
loopholes.
Ethical Guidelines

Proportionality

Informed consent

Justice

Minimized risk.
User interface

An interface is the common boundary between the user
and the computer system application – the point where
the computer and the individual interact.

System model template
User interface processing
Input
processing
Process and
control
Maintenance
and testing
Output
processing

A user interface is a part of the system that
allows user to input data, to command the
operations and to receive outputs from the
system.

Purpose of interface

Interface tells the system what actions to take

Facilitates the use of system

Avoid users errors.
Types of interface

Natural language interface

It is designed to understand the user’s own
language.
•
These interfaces attempt to interpret what the user
means, and often they present back to the user a list of
interpretations from which they choose.
Eg. Microsoft’s office Assistant.
Question answer interface

Question answer interface are very popular
in web-based applications.

For eg. A car reservation system may ask a
series of questions to define what type of
car and rental agreement requires.
MENU DRIVEN INTERFACE

The
oldest
and
commonly
employed
dialogue strategy is menu selection.

Different types of menus cater to novice and
expert users.

Menu- driven strategies require that the
user select an action from a menu of
alternatives.
FORM FILL INTERFACE

If interface has to gather a lot of
information from user, then it often helps if
anyone provides a form to fill in.

Most form fill interfaces allow for easy
movement around the form and for some
fields to be let blank.
Command Language Interface

Instead of menus or in addition to menus,
some applications are designed using
a
dialogue based on command language
interface.(instruction driven interface)
Graphical user interface

A GUI is primary mechanism that enables
the user to interact with a collection of
elements, called screen objects that are
visible to the user and used by him/her to
perform tasks.They are executed by

Direct manipulation

Indirect manipulation
Reporting

Report is a business document that contain only
predefined data.

Good report design requires effort and attention in
detail.

To produce a well-designed report, the analyst must
consider design features such as report headers and
footers, column headings and alignment , column
spacing, field order, and grouping of detail lines.
Characteristics of Reports

Reports should be attractive and easy to
understand.

Report must include the information that a
user needs.

Report with too little information is of no
value.

Too much information can make a report
confusing and difficult to understand.
Types of reports
•Detail
reports
•Exception
report
•Summary
report
Related documents
Assessing vulnerability to climate change in South East Europe
Assessing vulnerability to climate change in South East Europe
GHG Inventory review - E-Learning Module
GHG Inventory review - E-Learning Module
Climate Change and Health A Framework for Discussion
Climate Change and Health A Framework for Discussion
Acronyms abbreviations
Acronyms abbreviations
Securing Information Systems
Securing Information Systems
E-Commerce and Bank Security
E-Commerce and Bank Security
This Article argues that intellectual property law stifles critical
This Article argues that intellectual property law stifles critical
Document 8513629
Document 8513629
6g_CCNet-coach-training-presentation
6g_CCNet-coach-training-presentation
Security Requirements
Security Requirements