INFORMATION SYSTEMS STANDARDS<BR> for Control, Security, and Quality Assurance

California State University, Los Angeles
Center for Newly Independent States Studies (CNISS)
offers a Distance Learning course
INFORMATION SYSTEMS STANDARDS
for Control, Security, and Quality Assurance
By Dr. Paul Rosenthal
1 9 9 7

Course ID: ITS

COURSE DESCRIPTION

This one quarter course uses as a text the Information Systems Standards for Control, Security, and Quality Assurance (second edition, 1993) monograph prepared by Professor Paul Rosenthal of California State University, Los Angeles. The course is designed for managers and professionals with an introductory knowledge of IS technology and applications development methodologies..

OBJECTIVE OF COURSE

The objective of the course is to train both IS and user managers and professionals in how to implement high quality and productive enterprise and department level IS applications and operations. The standards document on which the course is based was produced as the result of a consulting assignment with a multi-billion dollar multi-national corporation. It serves them as a performance contract between the information systems (IS) organizations in the firm and its executives and both internal and external auditors. The standards define the policy level principals which all levels of IS organizations must follow in developing their development and operating procedures and standards.

INSTRUCTOR

The instructor for the course is Dr. Paul Rosenthal, Chair of the Information Systems Department and Professor in the School of Business and Economics at California State University, Los Angeles. In addition to teaching graduate and undergraduate Information Systems classes, Dr. Rosenthal has responsibility for CSULA's Computer Professional Internship Program. He is also an active management consultant in the areas of systems and architecture planning, business resumption planning, and business process re-engineering feasibility studies.

Prior to joining CSULA, he was with Coopers & Lybrand as Director of Information Technology consulting for South East Asia, and as Manager, Information Systems Planning for the Los Angeles Region. Previous positions included: Director of Civil Systems consulting for Systems Development Corporation; Vice President of system planning and development for Information Technology and Systems Inc., a minicomputer systems and software company; Senior Consultant for Computer Sciences Corporation; and various managerial and technical positions with Sperry Information Systems including Director of the Los Angeles Data Center and Manager of Generalized Applications.

He has taught information systems and management science at the University of Southern California, the University of California at Los Angeles, and at CSU Northridge. He has served as a member of ICCP's CDP Certification Council, and as vice president of the ADAPSO Software Industries Association. He has a BS in Education and an MA in Applied Mathematics from Temple University, an MBA from UCLA, and a DBA from USC. He was awarded the CDP and CSP certifications by ICCP.

COURSE ORGANIZATION

The course is divided into ten sessions as follows:

TEXT

Introduction
Chapter 1: Codes of Conduct and Practice
Chapter 2: Organizational Standards
Chapter 3:Application Systems Standards
Chapter 4: Data Center Operations Standards
Chapter 5: Application Development Standards
Chapter 6:Quality Assurance Standards
Chapter 7:Management Standards of Good Practice
Chapter 8:Contingency Planning Standards of Good Practice
Chapter 9: User Standards of Good Practice

SYLLABUS

The following paragraphs briefly overview each of the sections of the course.

Introduction Session

A 40 minute video tape by Professor Rosenthal presents an overview of the course and the text material. He presents the organization of a typical enterprise level data center and relates how each IS related organization function relates to each chapter of the monograph.

Codes of Conduct and Practice Session

All managers and professionals involved with information systems have a responsibility to their organization and to the public to comply with those Standards and Codes of Practice and Ethics accepted by their fellow practitioners. Chapter 1, presents sample codes of professional conduct and practice based on the ICCP codes. Information Systems Professional Practice Standards are then presented that concern themselves with: (a) the professional knowledge and qualities, (b) the procedures to be performed, and the judgements exercised by the Information Systems Professional in the planning, development, testing, and operational monitoring of computer-based information systems. The chapter also presents guidelines concerning the administration and applicability of the standards in the monograph.

Organizational Standards Session

The effectiveness of IS security and quality assurance depends on the activities of responsible personnel. For this reason, well-structured and properly functioning information systems and user organizations are an important factor in information systems control. Chapter 2 therefore, presents Information system organizational standards that encompass: - Segregation of functions between IS and User organizations, - Segregation of functions within IS and user organizations, and - Controls over IS organizations initiating or authorizing transactions.

Application Systems Standards Session

The effectiveness of IS security and quality assurance depends on the activities of responsible personnel. For this reason, well-structured and properly functioning information systems and user organizations are an important factor in information systems control. Chapter 3 therefore, presents Information system organizational standards that encompass: - Segregation of functions between IS and User organizations, - Segregation of functions within IS and user organizations, and - Controls over IS organizations initiating or authorizing transactions.

Data Center Operations Standards Session

Chapter 4 presents both enterprise and departmental level data center's operation standards that encompass controls for: security of hardware, software, data and program documentation, and personnel resources; contingency planning in the event of interruptions or disasters; providing a high quality of service; and ensuring efficient utilization of resources.

Application Development Standards Session

The objectives of application development control standards are to assure the quality of an application system, and to assure that they contain appropriate Application Processing Controls. Chapter 5 therefore, presents development control standards based on a development methodology that utilize: a quality circle approach, a project management framework, and project management guidelines.

Quality Assurance Standards Session

The Quality Assurance function associated with an information systems organization, is often responsible for a wide variety of functions including:
- Development of Standards
- Administering the Software Implementation Process
- Administering the Quality Process

Chapter 6 therefore, presents standards for the administration of the application implementation and quality processes of various IS functions.

Management Standards of Good Practice Session

Chapter 7 presents how Information systems organizations should be organized and administered in order to effectively balance between their responsibility for:

- providing effective information systems,
- effective control of development projects,
- efficient use of human and material resources,
- following their organization's policies, and management reporting responsibilities, and
- establishing and maintaining a system of internal controls over development, processing, security and quality.

Contingency Planning Standards of Good Practice Session

Contingency planning is performed in order to assure the continued processing of critical operational information systems applications during the loss of normal information systems capability caused by man-made or natural failures and disasters.
Chapter 8 presents Standards of Good Practice guidelines showing how to meet this objective.

User Standards of Good Practice Session

Chapter 9 extracts information on user responsibilities and requirements from the prior sections and summarizes them into the areas of: managerial, system ownership, system operation, and quality assurance responsibilities. The guidelines in the chapter are therefore a restatement of the good management principals presented in earlier chapters as they apply to information systems-related activities by users. They serve as guidelines during user support of the development process and for the user aspects of information systems applications processing. In the final analysis, the user has ultimate responsibility for all information systems functions. They have the needs and ultimately pay for all information systems development and operations activities. Successful information systems activities, therefore, require a knowledgeable and involved user.

COURSE ADMINISTRATION

The course involves six major activities: registration, an initial class meeting, eight self-study sessions, obtaining and responding to eight examination questions, an interactive question-answer methodology, and obtaining a grade and completion certificate. Each of these is briefly discussed. Details on each will be supplied with the registration verification.

Registration

Announcements and registration forms will be obtained from sponsoring universities/
organizations. Completed registration forms with payment will be returned to the designated course coordinator at the sponsoring university/organization. Confirmation of registration with appropriate course materials will then be given to the student.

Initial Class Meeting

Course participants will meet as a group with the course coordinator at each participating sponsoring university/ organization. The introductory video will be shown; Internet, e-mail, and Internet material distributed and demonstrated; and self-study, testing, and grading approaches explained.

Self-Study Sessions

Each of the chapters will be studied and any questions sent to the instructor by e-mail. Both questions and answers will be posted on the course bulletin board giving all students at all locations full access.

Examination Questions

When a student is ready, they will request an examination question for a session via e-mail. The question will be answered by the student, and returned for grading by e-mail. The question's grade and any instructor comments will also be returned by e-mail.

Question-Answer Methodology

Students are encouraged to submit comments and questions via the course bulletin board, which will also include the instructor's and other students responses.

Grades and Completion Certificates

Course grades and completion certificates will be forwarded to the course coordinator who will distribute them to students.

To apply, please your e-mail to cniss@calstatela.edu

Return to:

COURSES