Presentation is loading. Please wait.

Presentation is loading. Please wait.

MIS PROTECTING INFORMATION RESOURCES Biometrics Identity theft

Published byMaryann Smith Modified over 9 years ago

Similar presentations

Presentation on theme: "MIS PROTECTING INFORMATION RESOURCES Biometrics Identity theft"— Presentation transcript:

1 MIS PROTECTING INFORMATION RESOURCES Biometrics Identity theft
CHAPTER 5 PROTECTING INFORMATION RESOURCES Hossein BIDGOLI Biometrics Identity theft

2 Chapter 5 Protecting Information Resources
l e a r n i n g o u t c o m e s LO1 Describe basic safeguards in computer and network security. LO2 Explain the major security threats. LO3 Describe security and enforcement measures. LO4 Summarize the guidelines for a comprehensive security system, including business continuity planning.

3 Computer and Network Security: Basic Safeguards
_____________ for most organizations Especially in recent years, with “hackers” becoming more numerous and adept at stealing and altering private information 1. Comprehensive security system 2. Threats:

4 Computer and Network Security: Basic Safeguards
Comprehensive security system Includes hardware, software, procedures, and personnel that collectively protect information resources A. Confidentiality System must not allow disclosing information to anyone who isn’t authorized to access it B. ____________ Ensures the accuracy of information resources in an organization C. Availability Ensures that computers and networks are operating

5 Computer and Network Security: Basic Safeguards
Fault-tolerant systems Combination of hardware and software for improving reliability Uninterruptible power supply (UPS) Redundant array of independent disks (RAID) Mirror disks

6 Security Threats: An Overview
Some threats can be controlled completely or partially, but some can’t be controlled Categories Unintentional Intentional

7 Intentional Threats Viruses Worms ___________________ Logic bombs
Backdoors Blended threats (e.g., worm launched by Trojan) Rootkits Denial-of-service attacks Social engineering

8 Viruses Type of malware
In 2008, the # of computer viruses in existence exceeded one million Consists of self-propagating program code that’s triggered by a specified time or event Seriousness of viruses varies Transmitted through a network & attachments Indications of a computer infected by a virus Best measure against viruses Installing and updating antivirus programs

9 Worms Travels from computer to computer in a network
Does not usually erase data Independent programs that can spread themselves without having to be attached to a host program Replicates into a full-blown version that eats up computing resources Well-known worms Code Red, Melissa, and Sasser

10 Trojan Programs Named after the Trojan horse the Greeks used to enter Troy during the Trojan Wars Contains code intended to disrupt a computer, network, or Web site Usually hidden inside a popular program

11 Logic Bombs Type of Trojan program used to release a virus, worm, or other destructive code Triggered at a certain time or by an event

12 Backdoors Programming routine built into a system by its designer or programmer Enables the designer or programmer to bypass system security and sneak back into the system later to access programs or files System users aren’t aware a backdoor has been activated

13 Denial-of-Service Attacks
Floods a network or server with service requests Prevent legitimate users’ access to the system Target Internet servers Distributed denial-of-service (DDoS) attack Hundreds or thousands of computers work together to bombard a Web site with thousands of requests for information in a short period Difficult to trace

14 Social Engineering Using “________________” to trick others into revealing private information Takes advantage of the human element of security systems Commonly used social-engineering techniques “Dumpster diving” and “shoulder surfing” Use the private information they’ve gathered to break into servers and networks and steal data

15 Security Measures and Enforcement: An Overview
Biometric security measures Nonbiometric security measures Physical security measures Access controls Virtual private networks Data encryption E-commerce transaction security measures Computer Emergency Response Team

16 Biometric Security Measures
Use a physiological element to enhance security measures Devices and measures Facial recognition Fingerprints Hand geometry Iris analysis Palmprints Retinal scanning Signature analysis Vein analysis Voice recognition

17 Nonbiometric Security Measures
Main security measures: Callback modems Firewalls Intrusion detection systems

18 ___________________ Combination of hardware and software
Acts as a filter or barrier between a private network and external computers or networks Network administrator defines rules for access Examine data passing into or out of a private network

19 Firewall Capability Firewall can Firewall can not
Focus for security decisions Enforce security policy Log internet activity Limit exposure keeps one section of intranet separate from another Firewall can not Protect against malicious insiders Protect against connections that do not go through it Protect against new threats Protect against viruses

20 Intrusion Detection Systems
Protect against both external and internal access Placed in front of a firewall Prevent against DoS attacks Monitor network traffic “Prevent, detect, and react” approach Require a lot of processing power and can affect network performance

21 Physical Security Measures
Primarily control access to computers and networks Include Cable shielding Corner bolts Electronic trackers Identification (ID) badges Proximity-release door openers Room shielding Steel encasements

22 Lost and Stolen Laptops
Recommendations: Install cable locks and use biometric measures Only store confidential data when necessary Use passwords Encrypt data Install security chips

23 Access Controls Terminal resource security Password
Software feature that erases the screen and signs the user off automatically after a specified length of inactivity Password Combination of numbers, characters, and symbols that’s entered to allow access to a system Length and complexity determines its vulnerability to discovery Guidelines for strong passwords

24 Virtual private network
Virtual private network (VPN): a secure connection between two points across the Internet Tunneling: the process by which VPNs transfer information by encapsulating traffic in IP packets over the Internet

25

26 How Encryption Works

27 E-commerce Transaction Security Measures
Three factors are critical for security: Authentication Confirmation Nonrepudiation Transaction security Confidentiality Integrity Nonrepudiation of origin Nonrepudiation of receipt

28 Guidelines for Comprehensive Security System
Train employees Guidelines and steps involved: People Procedures Equipment and technology

29 Business Continuity Planning
Outlines procedures for keeping an organization operational Prepare for disaster Plan steps for resuming normal operations as soon as possible

30 Summary Types of threat Basic safeguards Fault-tolerance
Biometric Nonbiometric Fault-tolerance Establish comprehensive security system and business continuity plan

Download ppt "MIS PROTECTING INFORMATION RESOURCES Biometrics Identity theft"

Similar presentations

What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.

What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.
1 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning PROTECTING INFORMATION RESOURCES CHAPTER 5 Hossein BIDGOLI MIS.

1 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning PROTECTING INFORMATION RESOURCES CHAPTER 5 Hossein BIDGOLI MIS.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Chapter 9: Privacy, Crime, and Security

Chapter 9: Privacy, Crime, and Security
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Similar presentations

Ads by Google