Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 1 Chapter 12 Information Security Management.

Published byConrad McCoy Modified over 8 years ago

Similar presentations

Presentation on theme: "© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 1 Chapter 12 Information Security Management."— Presentation transcript:

1 © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 1 Chapter 12 Information Security Management

2 © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 2 Agenda 1.What are the sources and types of security threats? 2.What are the elements of a security program? 3.How can technical safeguards protect against security threats? 4.How can data safeguards protect against security threats? 5.How can human safeguards protect against security threats? 6.What is necessary for disaster preparedness? 7.How should organizations respond to security incidents?

3 © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 3 In The News Facebook security lapse exposes pictures Patriot Act haunts Google service Many retailers easy to hack, study finds Heavy web downloaders face broadband fees Bell irks ISPs with new throttling policy Malware blamed for supermarket data breach

4 © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 4 The Problem

5 © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 5 Sources of Security Threats Human errors and mistakes Accidental problems Poorly written programs Poorly designed procedures Physical accidents Malicious human activity Intentional destruction of data Destroying system components Hackers Virus and worm writers Criminals Terrorists Natural events and disasters Fires, floods, hurricanes, earthquakes, tsunamis,avalanches, tornados Security Video

6 © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 6 Types of Problems Unauthorized data disclosure Human error Posting private information in public place Placing restricted information on searchable Web sites Malicious release ( pretending to be some one else) Pretexting ( phone calls – 4537 visa cards) Phishing ( emails) Spoofing ( IP spoofing – Email spoofing=Phishing) Sniffing ( easy with wireless) Breaking into networks and steal data

7 © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 7 Types of Problems, continued Incorrect data modifications Human errors Incorrect entries and information Employees follow procedure incorrectly Incorrect data modifications Systems errors Hacking – Unauthorzed access to a computer system Faulty recovery actions after a disaster Faulty Service Incorrect systems operations- wrong item sent to wrong address- incorrect bill, … Usurpation ( unauthorized programs invade a system)

8 © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 8 Types of Problems, continued Denial of service Human error ( keeping servers busy with computation) Malicious Attacks ( Flood of server requests) Loss of infrastructure ( cutting fiber optic cables) Accidental Theft ( terminated employees) Terrorism Natural disasters ( 2004 tsunami and 2005 Katrina)

9 © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 9 MIS in Use: Phishing for Credit Card Accounts Phishing Operation that spoofs legitimate companies in an attempt to get credit card information, driver’s licenses, and other data Usually initiated by e-mail request Designed to cause you to click Asks for personal data May install spyware, malware, adware Defenses Know your purchases and deal directly with vendors Implausibility of e-mail Don’t be misled by legitimate-looking graphics, addresses

10 © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 10 Security Safeguards

11 © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 11 Technical Safeguards Involves hardware and software components User names and passwords Identification Authentication Smart cards Personal identification number (PIN with microchip inside) Biometric authentication Fingerprints, facial scans, retina scans Single sign-on for multiple systems

12 © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 12 Technical Safeguards

13 © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 13 Technical Safeguards, continued Malware Viruses Worms Trojan horses Spyware programs Adware Malware safeguards Antivirus and anti-spyware programs Scan hard drive and e-mail Update definitions Open e-mail attachments only from known sources Install updates promptly Browse only reputable Web sites

14 © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 14 Spyware and Adware Symptoms

15 © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 15 Security Threat Protection by Data Safeguards Data administration Organization-wide function Develops data policies Enforce data standards Database administration Database function Procedures for multi-user processing Change control to structure Protection of database

16 © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 16 Data Safeguards Encryption keys Backup copies Store off-premise Check recovery procedure and validity Physical security Lock and control access to facility Maintain entry log Third party contracts Safeguards are written into contracts Right to inspect premises and interview personnel

17 © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 17 Human Safeguards People and procedure component Access restriction requires authentication and account management User accounts considerations Define job tasks and responsibility Separate duties and authorities Grant least possible privileges Document security sensitivity Hiring and screening employees

18 © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 18 Human Safeguards, continued Employees need to be made aware of policies and procedures Employee security training Enforcement of policies Define responsibilities Hold employees accountable Encourage compliance Management attitude is crucial Create policies and procedures for employee termination Protect against malicious actions in unfriendly terminations Remove user accounts and passwords

19 © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 19 Passwords @ STFX Do not tell anyone your password. Do not write down your password. Do not use a simple word as a password. Do not use personal information as a password. Do not reuse an old password. Use a phrase as a password. Use numbers and special characters in a password. Change your password often.

20 © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 20 Non-Employee Personnel Temporary personnel and vendors (US passport office) Screen personnel Training and compliance Contract should include specific security provisions Provide accounts and passwords with the least privileges Public users Harden Web site and facility Take extraordinary measures to reduce system’s vulnerability Partners and public that receive benefits from system Protect these users from internal company security problems

21 © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 21 Account Administration Account management procedures Creation of new accounts, modification of existing accounts, removal of terminated accounts Password management Acknowledgment forms Change passwords frequently Help-desk policies Authentication of users who have lost password Password should not be e-mailed

22 © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 22 Information Systems Safety Procedures Procedure types Normal operations Use system to perform lob tasks, with security appropriate to sensitivity Backup Prepare for loss of system functionality Recovery Accomplish job tasks during failure Should be standardized for each procedure type

23 © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 23 Security Monitoring Activity log analyses Firewall logs DBMS log-in records Web server logs Security testing In-house and external security professionals Investigation of incidents How did the problem occur? Lessons learned Indication of potential vulnerability and corrective actions

24 © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 24 Disaster Preparedness Disaster Substantial loss of infrastructure caused by acts of nature, crime, or terrorism (9/11, Katrina) Best safeguard is location of infrastructure Backup processing centers in geographically removed site Create backups for critical resources Hot and cold sites Train and rehearse cutover of operations

25 © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 25 Incident Response Organization must have plan Detail reporting and response Centralized reporting of incidents Allows for application of specialized expertise Speed is of the essence Preparation pays off Identify critical employees and contact numbers Training is vital Practice incidence response

26 © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 26 Public Relations Monster.com took 5 days to disclose data theft August 24, 2007 at 9:48 AM EDT http://www.symantec.com/enterprise/security_resp onse/weblog/2007/08/post_3.html

27 © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 27 Additional Material Microsoft Videos on Phishing Microsoft Videos Phishing Video CBC Report CBC Video ID Theft Hackers

Download ppt "© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 1 Chapter 12 Information Security Management."

Similar presentations

Information Security Management Chapter 12. 12-2 “We Have to Design It for Privacy and Security.” Copyright © 2014 Pearson Education, Inc. Publishing.

Information Security Management Chapter “We Have to Design It for Privacy and Security.” Copyright © 2014 Pearson Education, Inc. Publishing.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Information Security Management Chapter 12. 12-2 “We Have to Design It for Privacy and Security. ” Tension between Maggie and Ajit regarding terminology.

Information Security Management Chapter “We Have to Design It for Privacy and Security. ” Tension between Maggie and Ajit regarding terminology.
Mr C Johnston ICT Teacher

Mr C Johnston ICT Teacher
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
© Pearson Prentice Hall 2009 12-1 Using MIS 2e Chapter 12 Information Security Management David Kroenke.

© Pearson Prentice Hall Using MIS 2e Chapter 12 Information Security Management David Kroenke.
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 

11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Information Security Management

Information Security Management
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
1 Management Information Systems Information Security Management Chapter 12.

1 Management Information Systems Information Security Management Chapter 12.
1 Using Management Information Systems David Kroenke Information Security Management Chapter 11.

1 Using Management Information Systems David Kroenke Information Security Management Chapter 11.
Chapter 12 Information Security Management © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter 12 Information Security Management © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Similar presentations

Ads by Google