Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 5 Securing the Enterprise and Business Continuity Information Technology for Management Improving Performance in the Digital Economy 7 th edition.

Similar presentations


Presentation on theme: "Chapter 5 Securing the Enterprise and Business Continuity Information Technology for Management Improving Performance in the Digital Economy 7 th edition."— Presentation transcript:

1 Chapter 5 Securing the Enterprise and Business Continuity Information Technology for Management Improving Performance in the Digital Economy 7 th edition John Wiley & Sons, Inc. Slides contributed by Dr. Sandra Reid Chair, Graduate School of Business & Professor, Technology Dallas Baptist University Turban and Volonino 5-1Copyright 2010 John Wiley & Sons, Inc.

2 Chapter Outline 5.1 Data and Enterprise Security Incidents 5.2 IS Vulnerabilities and Threats 5.3 Fraud and Computer-Mediated Crimes 5.4 IT Security Management Practices 5.5 Network Security 5-2Copyright 2010 John Wiley & Sons, Inc.

3 Chapter Outline (cont’d) 5.6 Internal Control and Compliance Management 5.7 Business Continuity and Disaster Recovery Planning 5.8 Auditing and Risk Management 5.9 Managerial Issues Copyright 2010 John Wiley & Sons, Inc.5-3

4 Learning Objectives 1.Recognize the business and financial value of information security. 2.Recognize IS vulnerabilities, threats, attack methods, and cybercrime symptoms. 3.Describe the factors that contribute to risk exposure and methods to mitigate them. 4.Explain key methods of defending information systems, networks, and wireless devices. 5.Describe internal control and fraud and related legislation. 5-4Copyright 2010 John Wiley & Sons, Inc.

5 Learning Objectives cont’d 6. Understand business continuity and disaster recovery planning methods. 7.Discuss the role of IT in defending critical infrastructures. Copyright 2010 John Wiley & Sons, Inc.5-5

6 Copyright 2010 John Wiley & Sons, Inc.5-6 Figure IT7eU

7 ChoicePoint Problem – Personal & financial data of 145,000 individuals compromised * Perpetrator sentenced & fined * $55M loss to company in fines, compensation to victims, lawsuits, & legal fees * Public loss of goodwill causes serious revenue losses Copyright 2010 John Wiley & Sons, Inc.5-7

8 Figure 5.1 Copyright 2010 John Wiley & Sons, Inc.5-8 Impact of data breach on ChoicePoint’s stock price.

9 ChoicePoint (cont’d) Solution – Implement new procedures to ensure that consumers are protected from illegitimate access to personal data. * Establish & maintain comprehensive information security program. * Obtain audits by independent third-party security professionals. Copyright 2010 John Wiley & Sons, Inc.5-9

10 ChoicePoint (cont’d) Results – Business practices reformed. * Security policies gained national attention. * Improved corporate governance. * Increased laws & government involvement. * Need for more improvement. Copyright 2010 John Wiley & Sons, Inc.5-10

11 ChoicePoint Suffers…. Dramatically with Data Breach Copyright 2010 John Wiley & Sons, Inc.5-11 ChoicePoint data leak losses exceed $55M ChoicePoint's data breach losses reach $26.4M Relatively big breaches and one huge but not confirmed

12 Copyright 2010 John Wiley & Sons, Inc Data and Enterprise Security Incidents

13 Table 5.1 Copyright 2010 John Wiley & Sons, Inc.5-13

14 Internal Threats Copyright 2010 John Wiley & Sons, Inc.5-14 Veterans Affairs Data Theft TJX says 45.7 million customer records were compromised Bank Group Sues TJX over Data Breach.(Massachusetts Bankers Association, TJX Companies Inc.) Data Breach Reported at Walter Reed Medical Center Staten Island University Hospital Patients Personal Records Stolen In December University Of California At San Francisco Patients Records Exposed $100 Million Data Breach at US Department of Veterans Affairs

15 Internal IT Threats – cont’d Copyright 2010 John Wiley & Sons, Inc.5-15 The Top 5 Internal Security Threats The 25 Most Common Mistakes in Security Deconstructing a 20 Billion Message Spam Attack Positive Security: Worth The Work? Insider Threats: Beware the Enemy from Within Change Management: A Required Element of Business Transformation

16 IT Governance Copyright 2010 John Wiley & Sons, Inc.5-16 Information Governance: The Cost, The Risk, The Value Information Governance: Strategy, Best Practices, Results IT Governance Trends

17 Government Regulation Copyright 2010 John Wiley & Sons, Inc.5-17 The Sarbanes-Oxley Act Gramm-Leach-Bliley Act Federal Information Security Management Act USA Patriot Act Canada’s Personal Information Protection and Electronic Documents Act

18 Industry Standards Copyright 2010 John Wiley & Sons, Inc.5-18 Summary of “Information Security: A CompTIA Analysis of IT Security and the Workforce

19 Breakdowns Beyond Company Control Copyright 2010 John Wiley & Sons, Inc.5-19 E-Payment Provider Hit With Denial-Of-Service BOMA honors Verizon for actions taken on Sept World Trade Center

20 Figure 5.2 Copyright 2010 John Wiley & Sons, Inc.5-20 Lower Manhattan, the most communications-intensive real estate in the world. (Photo courtesy of Verizon Communications. Used with permission.)

21 Figure 5.3 Copyright 2010 John Wiley & Sons, Inc.5-21 Verizon’s Central Office (CO) at 140 West St., harpooned by steel girders. (Photo courtesy of Verizon Communications. Used with permission.)

22 Cybercrime Copyright 2010 John Wiley & Sons, Inc.5-22 Cyber Crime Growing Global Threat The New Face of Cybercrime Cyber Crime Toolkits FBI on fighting cyber crime Fight against cyber crime intensifies - 27 Apr 08

23 Figure 5.4 Copyright 2010 John Wiley & Sons, Inc.5-23 Enterprise wide information security and internal control model.

24 Table 5.2 Copyright 2010 John Wiley & Sons, Inc.5-24

25 Copyright 2010 John Wiley & Sons, Inc IS Vulnerabilities and Threats

26 Unintentional or not – IT Security Threats? Copyright 2010 John Wiley & Sons, Inc.5-26 Hunting The Hackers Stolen data on 'crime server' Top 5 Social Engineering Techniques Hacker Speak Hackers - A Brief Look Into Their World

27 Methods of Attack Copyright 2010 John Wiley & Sons, Inc.5-27 A Brief History of Malware and Cybercrime How You Can Fight Cybercrime How Organized Crime Uses Technology to Make Money Top 10 Security Stories Of 2008 Computer virus

28 Figure How a computer virus can spread. Copyright 2010 John Wiley & Sons, Inc.5-28 THE HISTORY OF COMPUTER VIRUSESTHE HISTORY OF COMPUTER VIRUSES – for chronology….

29 Copyright 2010 John Wiley & Sons, Inc Fraud and Computer-Mediated Crimes

30 Table 5.3 Copyright 2010 John Wiley & Sons, Inc.5-30

31 Fraud Copyright 2010 John Wiley & Sons, Inc.5-31 ANALYZING Organizational Fraud Adelphia founder John Rigas found guilty Ex-Tyco executives get up to 25 years in prison

32 Table 5.4 Copyright 2010 John Wiley & Sons, Inc.5-32

33 Fraud Trends Copyright 2010 John Wiley & Sons, Inc.5-33 Top Ten Cyber Security Menaces for 2008

34 Copyright 2010 John Wiley & Sons, Inc IT Security Management Practices

35 Figure 5.6 Copyright 2010 John Wiley & Sons, Inc.5-35 Major defense controls.

36 Table 5.5 Copyright 2010 John Wiley & Sons, Inc.5-36

37 Figure 5.7 Copyright 2010 John Wiley & Sons, Inc.5-37 Intelligent agents. (Source: Courtesy of Sandia National Laboratories.)

38 Copyright 2010 John Wiley & Sons, Inc Network Security

39 Figure 5.8 Copyright 2010 John Wiley & Sons, Inc.5-39 Three layers of network security measures.

40 Network Authentication & Authorization Copyright 2010 John Wiley & Sons, Inc.5-40 How Firewalls Work How Phishing Works Protection from Phishers

41 Figure 5.9 Copyright 2010 John Wiley & Sons, Inc.5-41 Where the defense mechanisms are located.

42 War Driving Copyright 2010 John Wiley & Sons, Inc.5-42 War Driving (hacking WiFi) Wardriving Documentary Wireless Hack Data Breach

43 Copyright 2010 John Wiley & Sons, Inc Internal Control & Compliance Management

44 Figure 5.10 Copyright 2010 John Wiley & Sons, Inc.5-44 Increasing role of IT in internal control.

45 Table 5.6 Copyright 2010 John Wiley & Sons, Inc.5-45

46 WorldWide Anti-Fraud Regulations Copyright 2010 John Wiley & Sons, Inc.5-46 Financial Services Authority U.S. Securities and Exchange Commission Basel II Accord

47 Copyright 2010 John Wiley & Sons, Inc Business Continuity & Disaster Recovery Planning

48 Figure 5.11 Copyright 2010 John Wiley & Sons, Inc.5-48 Business continuity services managed by IBM. (Courtesy of IBM)

49 Copyright 2010 John Wiley & Sons, Inc Managerial Issues

50 Managerial Issues Value to business of IT security & internal control? Legal obligations? Important to management beginning at top? Acceptable use policies & security awareness training? Digital assets relied upon for competitive advantage? What does risk management involve? Impacts of IT security breaches? Federal & state regulations. Internal control. Copyright 2010 John Wiley & Sons, Inc.5-50

51 Copyright 2010 John Wiley & Sons, Inc. All rights reserved. Reproduction or translation of this work beyond that permitted in section 117 of the 1976 United States Copyright Act without express permission of the copyright owner is unlawful. Request for further information should be addressed to the Permission Department, John Wiley & Sons, Inc. The purchaser may make back-up copies for his/her own use only and not for distribution or resale. The Publisher assumes no responsibility for errors, omissions, or damages caused by the use of these programs or from the use of the Information herein. Copyright 2010 John Wiley & Sons, Inc.5-51


Download ppt "Chapter 5 Securing the Enterprise and Business Continuity Information Technology for Management Improving Performance in the Digital Economy 7 th edition."

Similar presentations


Ads by Google