Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ch.5 It Security, Crime, Compliance, and Continuity

Published byAnnabella Lynch Modified over 9 years ago

Similar presentations

Presentation on theme: "Ch.5 It Security, Crime, Compliance, and Continuity"— Presentation transcript:

1 Ch.5 It Security, Crime, Compliance, and Continuity
Lecture 4 Ch.5 It Security, Crime, Compliance, and Continuity

2 5.1 Protecting Data and Business Operations
IT security: the protection of data, systems, networks, and operations. Technology defenses are necessary, but they’re not suff icient because protecting data and business operations also involves: Implementing and enforcing acceptable use policies (AUPs). Complying with government regulations and laws. Making data available 24x7 while restricting access. Promoting secure and legal sharing of information.

3 IT Security Principles

4 Know Your Enemy and Your Risks
IT security risks are business risks Threats range from high-tech exploits to gain acce ss to a company’s networks to non-tech tactics su ch as stealing laptops or items of value. Common examples: Malware (malicious software): viruses, worms, trojan hors es, spyware, and disruptive or destructive programs insider error or action, either intentional or unintentional. Fraud Fire, flood, or other natural disasters

5 IT at Work 5.1 $100 Million Data Breach
May 2006: a laptop and external hard drive belo nging to the U.S. Dept of Veterans Affairs (VA) w ere stolen during a home burglary. Data on 26.5 million veterans and spouses had b een stored in plaintext. VA Secretary Jim Nicholson testified before Cong ress that it would cost at least $10 million just to inform veterans of the security breach. Total cost of data breach: $100 million

6 Risks Cloud computing Social networks Phishing
Search engine manipulation Money laundering Organized crime Terrorist financing

7 IT Security Defense-in-Depth Model

8 5.2 IS Vulnerabilities and Threats
Unintentional human error environmental hazards computer system failure Intentional hacking malware manipulation

9 Figure 5.4 How a computer virus can spread

10 Malware and Botnet Defenses
Anti-virus software Firewalls Intrusion detection systems (IDS) Intrusion prevention systems (IPS)

11 5.4 IT and Network Security
Objectives of a defense strategy Prevention and deterrence Detection Containment (minimize loses, damage control) Recovery Correction Awareness and compliance

12 Major categories of general controls
physical controls access controls biometric controls communication network controls administrative controls application controls endpoint security and control

13 Figure 5.7 Intelligent agents

14 Figure 5.8 Three layers of network security measures

15 Ethical issues Implementing security programs raises many ethical iss ues. Handling the privacy versus security dilemma is tough. Ethical and legal obligations that may require compani es to “invade the privacy” of employees and monitor t heir actions. Under the doctrine of duty of care, senior managers a nd directors have a obligation to use reasonable care t o protect the company’s business operations.

Download ppt "Ch.5 It Security, Crime, Compliance, and Continuity"

Similar presentations

Let’s Talk About Cyber Security

Let’s Talk About Cyber Security
4 Information Security.

4 Information Security.
Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
Information Security EDU 5815 1. IT Security Terms EDU 5815 2.

Information Security EDU IT Security Terms EDU
Information Security Jim Cusson, CISSP. Largest Breaches 110,000 2009-11-27 NorthgateArinso, Verity Trustees 6,400 2009-11-25 Aurora St. Luke's Medical.

Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.

Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
IT Security, Crime, Compliance, and Continuity C hapter 5 5-1 Copyright 2012 John Wiley & Sons, Inc. Course Part II. Data and Network Infrastructure.

IT Security, Crime, Compliance, and Continuity C hapter Copyright 2012 John Wiley & Sons, Inc. Course Part II. Data and Network Infrastructure.
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 

11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
Professor Michael J. Losacco CIS 1150 – Introduction to Computer Information Systems Privacy, Security, and Ethics Chapter 9.

Professor Michael J. Losacco CIS 1150 – Introduction to Computer Information Systems Privacy, Security, and Ethics Chapter 9.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
1 McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved. Ethical Challenges Ethics Principles of right and wrong that.

1 McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved. Ethical Challenges Ethics Principles of right and wrong that.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
E-Commerce Security and Fraud Issues and Protections

E-Commerce Security and Fraud Issues and Protections
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Similar presentations

Ads by Google