Presentation is loading. Please wait.

Presentation is loading. Please wait.

7.1 © 2007 by Prentice Hall 7 Chapter Securing Information Systems.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "7.1 © 2007 by Prentice Hall 7 Chapter Securing Information Systems."— Presentation transcript:

1 7.1 © 2007 by Prentice Hall 7 Chapter Securing Information Systems

2 7.2 © 2007 by Prentice Hall STUDENT OBJECTIVES Essentials of Business Information Systems Chapter 7 Securing Information Systems Analyze why information systems need special protection from destruction, error, and abuse. Assess the business value of security and control. Design an organizational framework for security and control. Evaluate the most important tools and technologies for safeguarding information resources.

3 7.3 © 2007 by Prentice Hall Phishing: A Costly New Sport for Internet Users Problem: Large number of vulnerable users of online financial services, ease of creating bogus Web sites. Solutions: Deploy anti-phishing software and services and a multilevel authentication system to identify threats and reduce phishing attempts. Deploying new tools, technologies, and security procedures, along with educating consumers, increases reliability and customer confidence. Demonstrates IT’s role in combating cyber crime. Illustrates digital technology as part of a multilevel solution as well as its limitations in overcoming discouraged consumers. Essentials of Business Information Systems Chapter 7 Securing Information Systems

4 7.4 © 2007 by Prentice Hall Discuss suspicious e-mails that members of the class have received: What made you suspicious of a particular e-mail? Did you open the e-mail? Were there any consequences to this action? Did you report the suspicious e-mail to anyone? What measures have you taken to protect yourself from phishing scams? Interactive Session: Phishing Phishing: A Costly New Sport for Internet Users Essentials of Business Information Systems Chapter 7 Securing Information Systems

5 7.5 © 2007 by Prentice Hall System Vulnerability and Abuse An unprotected computer connected to the Internet may be disabled within a few seconds Security: policies, procedures and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems Controls: methods, policies, and organizational procedures that ensure the safety of the organization’s assets; the accuracy and reliability of its accounting records; and operational adherence to management standards Essentials of Business Information Systems Chapter 7 Securing Information Systems

6 7.6 © 2007 by Prentice Hall Why Systems Are Vulnerable Hardware problems (breakdowns, configuration errors, damage from improper use or crime) Software problems (programming errors, installation errors, unauthorized changes) Disasters (power failures, flood, fires, etc.) Internet vulnerabilities Wireless security challenges System Vulnerability and Abuse Essentials of Business Information Systems Chapter 7 Securing Information Systems

7 7.7 © 2007 by Prentice Hall Contemporary Security Challenges and Vulnerabilities Figure 7-1 The architecture of a Web-based application typically includes a Web client, a server, and corporate information systems linked to databases. Each of these components presents security challenges and vulnerabilities. Floods, fires, power failures, and other electrical problems can cause disruptions at any point in the network. System Vulnerability and Abuse Essentials of Business Information Systems Chapter 7 Securing Information Systems

8 7.8 © 2007 by Prentice Hall Malicious Software: Viruses, Worms, Trojan Horses, and Spyware Malware Viruses Worms Trojan horses Spyware Key loggers System Vulnerability and Abuse Essentials of Business Information Systems Chapter 7 Securing Information Systems

9 7.9 © 2007 by Prentice Hall Interactive Session: Malicious Software Visit the Web site of Panda Software at www.pandasoftware.com What are the top viruses in terms of rate of infection? What are the latest virus threats? Read descriptions of the top viruses and latest threats What downloads does Panda Software offer to help users protect and repair their computers? Compare and contrast the content available from Panda Software’s Web site with the offerings on Symantec’s Web site, www.symantec.com System Vulnerability and Abuse Essentials of Business Information Systems Chapter 7 Securing Information Systems

10 7.10 © 2007 by Prentice Hall Hackers and Cybervandalism System Vulnerability and Abuse Essentials of Business Information Systems Chapter 7 Securing Information Systems Hackers vs. crackers Cybervandalism Spoofing Sniffing Denial-of-service (DoS) attack Distributed denial-of-service (DDoS) attack Botnets

11 7.11 © 2007 by Prentice Hall Read the Focus on Organizations and then discuss the following questions: What problem faced the companies in this discussion? How did they detect the problem? How did the problem affect their business? What solutions were available to the companies to help solve the problem? What other solutions might they have considered? How did people, organization, and technology issues factor into the problem? Cyber Blackmail and Network Zombies: New Threats from DoS Attacks System Vulnerability and Abuse Essentials of Business Information Systems Chapter 7 Securing Information Systems

12 7.12 © 2007 by Prentice Hall Computer Crime and Cyberterrorism Computer crime: “any violations of criminal law that involve knowledge of computer technology for their perpetration, investigation, or prosecution” –U.S. Department of Justice U.S. companies lose $14 billion annually to cybercrime Identity theft (phishing, evil twins, pharming, computer abuse [spamming]) Cyberterrorism and cyberwarfare System Vulnerability and Abuse Essentials of Business Information Systems Chapter 7 Securing Information Systems

13 7.13 © 2007 by Prentice Hall Worldwide Damage from Digital Attacks Figure 7-3 This chart shows estimates of the average worldwide damage from hacking, malware, and spam since 1998. These figures are based on data from mi2G and the authors. System Vulnerability and Abuse Essentials of Business Information Systems Chapter 7 Securing Information Systems

14 7.14 © 2007 by Prentice Hall Internal Threats: Employees Security threats often originate inside an organization Social engineering System Vulnerability and Abuse Essentials of Business Information Systems Chapter 7 Securing Information Systems Software Vulnerability Commercial software contains flaws that create security vulnerabilities Patches

15 7.15 © 2007 by Prentice Hall Failed computer systems can lead to a significant or total loss of business function Firms are now more vulnerable than they have ever been A security breach may cut into a firm’s market value almost immediately Inadequate security and controls also bring forth issues of liability Business Value of Security and Control Essentials of Business Information Systems Chapter 7 Securing Information Systems

16 7.16 © 2007 by Prentice Hall Legal and Regulatory Requirements for Electronic Records Management Business Value of Security and Control Essentials of Business Information Systems Chapter 7 Securing Information Systems Electronic records management (ERM): policies, procedures, and tools for managing the retention, destruction, and storage of electronic records HIPAA Gramm-Leach-Bliley Act Sarbanes-Oxley Act

17 7.17 © 2007 by Prentice Hall Electronic Evidence and Computer Forensics Evidence for legal actions often found in digital form Proper control of data can save money when responding to a discovery request Computer forensics: scientific collection, examination, authentication, preservation, and analysis of data from computer storage media for use as evidence in a court of law Ambient data Business Value of Security and Control Essentials of Business Information Systems Chapter 7 Securing Information Systems

18 7.18 © 2007 by Prentice Hall Establishing a Framework for Security and Control ISO 17799 Risk assessment Security policy Chief security officer (CSO) Acceptable use policy (AUP) Authorization policies Authorization management systems Essentials of Business Information Systems Chapter 7 Securing Information Systems

19 7.19 © 2007 by Prentice Hall Ensuring Business Continuity Establishing a Framework for Security and Control Essentials of Business Information Systems Chapter 7 Securing Information Systems Downtime Fault-tolerant computer systems High-availability computing Recovery-oriented computing Disaster recovery planning Business continuity planning Security outsourcing (managed security service providers)

20 7.20 © 2007 by Prentice Hall Establishing a Framework for Security and Control Essentials of Business Information Systems Chapter 7 Securing Information Systems The Role of Auditing MIS audit Identifies the controls that govern information systems and assesses their effectiveness Auditor conducts interviews with key individuals Examines security, application controls, overall integrity controls, and control disciplines

21 7.21 © 2007 by Prentice Hall Access Control Technologies and Tools for Security Authentication Tokens Smart cards Biometric authentication Essentials of Business Information Systems Chapter 7 Securing Information Systems

22 7.22 © 2007 by Prentice Hall New Solutions for Identity Management Read the Focus on Technology and then discuss the following questions: What problems were Monsanto, Clarian, and others having with identity management? What was the impact of those problems? What alternative solutions were available? What people, organization, and technology issues had to be addressed in developing solutions? Do you think the solutions chosen are effective? Why or why not? Technologies and Tools for Security Essentials of Business Information Systems Chapter 7 Securing Information Systems

23 7.23 © 2007 by Prentice Hall Firewall: a combination of hardware and software that prevents unauthorized users from accessing private networks Intrusion detection systems monitor hot spots on corporate networks to detect and deter intruders Antivirus and antispyware software checks computers for the presence of malware and can often eliminate it as well Firewalls, Intrusion Detection Systems, and Antivirus Software Technologies and Tools for Security Essentials of Business Information Systems Chapter 7 Securing Information Systems

24 7.24 © 2007 by Prentice Hall A Corporate Firewall Figure 7-6 The firewall is placed between the firm’s private network and the public Internet or another distrusted network to protect against unauthorized traffic. Technologies and Tools for Security Essentials of Business Information Systems Chapter 7 Securing Information Systems

25 7.25 © 2007 by Prentice Hall WEP security can be improved by using it with VPN technology Wi-Fi Alliance/Wi-Fi Protected Access (WPA) specifications Extensible Authentication Protocol (EAP) Protection from rogue networks Securing Wireless Networks Technologies and Tools for Security Essentials of Business Information Systems Chapter 7 Securing Information Systems

26 7.26 © 2007 by Prentice Hall Do you use wireless technology? If so, what kinds of information do you transmit over the wireless network? What kinds of information do you avoid sending over the wireless network? What are your concerns related to sending these kinds of information? If you do not have access to a wireless network, is it by choice due to security concerns? Interactive Session: Securing Wireless Networks Technologies and Tools for Security Essentials of Business Information Systems Chapter 7 Securing Information Systems

27 7.27 © 2007 by Prentice Hall Encryption: transforming text or data into cipher text that cannot be read by unintended recipients Secure Sockets Layer (SSL) Transport Layer Security (TLS) Secure Hypertext Transfer Protocol (S-HTTP) Public key encryption Digital signature Digital certificate Public key infrastructure (PKI) Encryption and Public Key Infrastructure Technologies and Tools for Security Essentials of Business Information Systems Chapter 7 Securing Information Systems

Download ppt "7.1 © 2007 by Prentice Hall 7 Chapter Securing Information Systems."

Similar presentations

Lecture 14 Securing Information Systems

Lecture 14 Securing Information Systems
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.

7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
7.1 Copyright © 2011 Pearson Education, Inc. publishing as Prentice Hall 7 Chapter Securing Information Systems.

7.1 Copyright © 2011 Pearson Education, Inc. publishing as Prentice Hall 7 Chapter Securing Information Systems.
Lecture 10 Security and Control.

Lecture 10 Security and Control.
Lecture 10 Security and Control.

Lecture 10 Security and Control.
10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.

10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
7.1 © 2007 by Prentice Hall 7 Chapter Securing Information Systems.

7.1 © 2007 by Prentice Hall 7 Chapter Securing Information Systems.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.

1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.

Similar presentations

Ads by Google