Designing Dependable Information Systems.

Abstract

The increasing dependency of organizations upon computerized systems dem and s a control design procedure which assures the reliability, security and dependability of these systems. This dissertation analyzes the process of designing such systems and the procedures needed to support it. Two major conclusions are drawn. First, it is doubtful that a list of principles for the design of controls can be identified; and , moreover, principles alone would not be sufficient to ensure the design of adequately controlled systems. Generally there are different but equally effective methods for achieving any given control objective and the effectiveness of any control strategy is conditional on situational factors. Second, quantitative procedures for assuring adequate control can be devised. Such procedures are applied here to a realistic design example and are shown to be computationally feasible. The procedure takes situational contingencies into account by allowing knowledgeable individuals concerned with control adequacy to assess model parameters. Several contributions result from this research. The most significant is the development of a descriptive model of computer-based information systems which can be used to assure the adequacy of system controls. This model is grounded in management theory and is a refinement and extension of the control evaluation matrix concept. In addition, a computable form of the model based upon multiple objective decision theory and reliability theory was developed. Other contributions include (1) a demonstration that known optimization procedures can be used to manipulate the model to find an optimal set of controls; (2) development of heuristic computational procedures for manipulating the model to find a useful set of controls; (3) development of aids for practical implementation of the control selection and evaluation procedures; and (4) development of a comprehensive example involving the application of the procedures.