Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Management David Kroenke Using MIS 3e Chapter 12.

Published byCalvin Blair Modified over 8 years ago

Similar presentations

Presentation on theme: "Information Security Management David Kroenke Using MIS 3e Chapter 12."— Presentation transcript:

1 Information Security Management David Kroenke Using MIS 3e Chapter 12

2 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-2 Chapter Preview This chapter describes common sources of security threats and explains management’s role in addressing those threats. It defines the major elements of an organizational security policy. It presents the most common types of technical, data, and human security safeguards. We then discuss how organizations should respond to security incidents, and, finally, examine common types of computer crime. Primary focus is on management’s responsibility for the organization’s security policy and for implementing human security safeguards. We approach this topic from the standpoint of a major organization that has professional staff in order to learn the tasks that need to be accomplished. Both MRV and FlexTime need to adapt the full-scale security program to their smaller requirements and more limited budget.

3 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-3 Study Questions Q1What are the threats to information security? Q2What is senior management’s security role? Q3What technical safeguards are available? Q4What data safeguards are available? Q5What human safeguards are available? Q6How should organizations respond to security incidents? Q7What is the extent of computer crime? Q82020?

4 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-4 What Are the Sources of Threats? (Tutorial video) Security threats arise from three sources: 1. Human error and mistakes, 2. Malicious human activity, and 3. Natural events and disasters.

5 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-5 Human Errors and Mistakes Human errors and mistakes include:  Accidental problems caused by both employees and nonemployees. An employee misunderstands operating procedures and accidentally deletes customer records. An employee, while backing up a database, inadvertently installs an old database on top of the current one.  Category also includes poorly written application programs and poorly designed procedures.  Physical accidents, such as driving a forklift through the wall of a computer room.

6 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-6 Malicious Human Activity Employees and former employees who intentionally destroy data or other system components Hackers who break into a system; virus and worm writers who infect computer systems Outside criminals who break into a system to steal for financial gain Terrorism

7 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-7 Natural Events and Disasters Fires, floods, hurricanes, earthquakes, tsunamis, avalanches, and other acts of nature Includes the initial loss of capability and service, and losses stemming from actions to recover from the initial problem

8 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-8 What Are the Types of Security Problems?

9 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-9 What Are the Components of an Organization’s Security Program? Three Components of a Security Program 1.Senior-management involvement, 2.Safeguards of various kinds, and 3.Incident response. Senior-management involvement has two critical security functions: 1.Senior management must establish security policy. This policy sets the stage for organization’s response to security threats. However, because no security program is perfect, there is always risk. 2.Manage risk by balancing the costs and benefits of security program.

10 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-10 Safeguards

11 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-11 Study Questions Q1What are the threats to information security ? Q2What is senior management’s security role? Q3 What technical safeguards are available? Q4What data safeguards are available? Q5What human safeguards are available? Q6How should organizations respond to security incidents? Q7What is the extent of computer crime? Q82020?

12 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-12 NIST Handbook of Security Elements

13 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-13 What Are the Elements of a Security Policy? Security policy has three elements: 1.A general statement of organization’s security program. This statement becomes the foundation for more specific security measures. Management specifies the goals of security program and assets to be protected. Statement designates a department for managing security program and documents. In general terms, it specifies how the organization will ensure enforcement of security programs and policies. 2.Issue-specific policy. Personal use of computers at work and email privacy. 3.System-specific policy. What customer data from order-entry system will be sold or shared with other organizations? Or, what policies govern the design and operation of systems that process employee data? Addressing such policies are part of standard systems development process.

14 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-14 How Is Risk Managed? Risk—likelihood of an adverse occurrence  Management cannot manage threats directly, but can limit security consequences by creating a backup processing facility at a remote location.  Companies can reduce risks, but always at a cost. It is management’s responsibility to decide how much to spend, or stated differently, how much risk to assume. Uncertainty refers to lack of knowledge especially about chance of occurrence or risk of an outcome or event.  An earthquake could devastate a corporate data center built on a fault that no one knew about.  An employee finds a way to steal inventory using a hole in the corporate Web site that no expert knew existed.

15 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-15 Factors to Consider in Risk Assessment

16 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-16 Factors to Consider in Risk Assessment Safeguard is any action, device, procedure, technique, or other measure that reduces a system’s vulnerability to a threat.  No safeguard is ironclad; there is always a residual risk that it will not protect the assets in all circumstances. Vulnerability is an opening or a weakness in security system. Some vulnerabilities exist because there are no safeguards or because existing safeguards are ineffective. Consequences are damages that occur when an asset is compromised. Consequences can be tangible or intangible.  Tangible consequences, those whose financial impact can be measured.  Intangible consequences, such as the loss of customer goodwill due to an outage, cannot be measured.

17 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-17 Final Two Factors in Risk Assessment Likelihood is the probability that a given asset will be compromised by a given threat, despite the safeguards. Probable loss is the “bottom line” of risk assessment.  To obtain a measure of probable loss, companies multiply likelihood by cost of the consequences. Probable loss also includes a statement of intangible consequences.

18 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-18 Risk-Management Decisions Given the probable loss from the risk assessment just described, senior management must decide what to do. Some assets can be protected by inexpensive and easily implemented safeguards. Some vulnerabilities can be expensive to eliminate, and management must determine if costs of safeguard are worth the benefit of probable loss reduction.

19 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-19 Study Questions Q1What are the threats to information security? Q2What is senior management’s security role? Q3What technical safeguards are available? Q4What data safeguards are available? Q5What human safeguards are available? Q6How should organizations respond to security incidents? Q7What is the extent of computer crime? Q82020?

20 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-20 List of Primary Technical Safeguards (Tutorial video)

21 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-21 Single Sign-on for Multiple Systems Operating systems authenticate you to networks and other servers. You sign on to your local computer and provide authentication data; from that point on, your operating system authenticates you to another network or server, which can authenticate you to yet another network and server, and so forth. Kerberos is a system protocol that authenticates users without sending their passwords across the computer network.Kerberos  Uses a complicated system of “tickets” to enable users to obtain services from networks and other servers. Windows, Linux, Unix, and other operating systems employ kerberos and thus can authenticate user requests across networks of computers using a mixture of these operating systems. Protect your passwords!

22 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-22 Wireless Access Drive-by sniffers can walk or drive around business or residential neighborhoods with a wireless computer and locate dozens, or even hundreds, of wireless networks. Businesses with sophisticated communications equipment use elaborate techniques—techniques that require support of highly trained communications specialists. Common protections use VPNs and special security servers. IEEE 802.11 committee developed a wireless security standard called Wired Equivalent Privacy (WEP). Unfortunately, WEP has serious flaws.Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) and WPA2 developed and improved wireless security standards that newer wireless devices use.Wi-Fi Protected Access (WPA)WPA2 Search Web for latest on wireless network securitywireless network security

23 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-23 Encryption

24 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-24 Digital Signatures Most messages, such as email, are sent over Internet as plaintext.  “Please deliver shipment 1000 to our Oakdale facility.” It is possible for a third party to intercept the email, remove the words “our Oakdale facility,” substitute its own address, and send the message on to its destination. Digital signatures are a technique for ensuring that plaintext messages are received without alteration.Digital signatures  Plaintext message is first hashed. Hashing is a method of mathematically creating a string of bits (message digest) that characterize the message. According to one popular standard, message digests are 160 bits long.message digest

25 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-25 Using Digital Signatures

26 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-26 Digital Certificates: How Does Receiver Obtain True Party’s Public Key? Trusted, independent third-party companies, called certificate authorities (CAs), supply public keys.certificate authorities For your browser to obtain the public key for Bank of America, either to conduct a secure session using SSL/TLS or to authenticate a digital signature, your browser will obtain Bank of America’s public key from a CA. CA will respond with a digital certificate that contains the name “Bank of America” and Bank of America’s public key. Your browser will verify the name and then use that public key. A digital certificate is sent as plaintext, so there is possibility an entity can intercept the digital certificate sent by the CA and substitute its own public key. To prevent that possibility, the CA signs the digital certificate with its digital signature.

27 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-27 Firewalls Firewall is a computing device that prevents unauthorized network access. A firewall can be a special-purpose computer or it can be a program on a general-purpose computer or on a router.Firewall Malware Protection:  Spyware—resides in background, unknown to user; observes user’s actions and keystrokes, monitors computer activity, and reports user’s activities to sponsoring organizations. Some captures keystrokes to obtain user names, passwords, account numbers, and other sensitive information. Some support marketing analyses, observing what users do, Web sites visited, products examined and purchased, and so forth. Spyware  Adware—does not perform malicious acts or steal data. It watches user activity and produces pop-up ads. Adware can change user’s default window or modify search results and switch user’s search engine. Adware

28 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-28 Symptoms of Adware and Spyware

29 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-29 Malware Safeguards 1.Install antivirus and antispyware programs on your computer 2.Set up your antimalware programs to scan your computer frequently 3.Update malware definitions 4.Open email attachments only from known sources 5.Promptly install software updates from legitimate sources 6.Browse only in reputable Internet neighborhoods

30 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-30 AOL and the National Cyber Security Alliance Malware Study

31 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-31 Bots, BotNets, and Bot Herders Bot—a computer program surreptitiously installed and that takes actions unknown and uncontrolled by computer’s owner or administratorBot Botnet—a network of bots created and managed by an individual or organization that infects networks with a bot programBotnet Bot herder—individual or organization that controls the botnetBot herder Serious problems to commerce and national security. It is believed that a unit of the North Korean Army served as a bot herder for a botnet that caused denial of service attacks on Web servers in South Korea and in the United States in July, 2009.

32 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-32 Design Secure Applications You should ensure that any information system developed for you and your department includes security as one of the application requirements.

33 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-33 Study Questions Q1What are the threats to information security? Q2What is senior management’s security role? Q3What technical safeguards are available? Q4What data safeguards are available? Q5What human safeguards are available? Q6How should organizations respond to security incidents? Q7What is the extent of computer crime? Q82020?

34 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-34 Some Important Data Safeguards

35 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-35 Some Important Data Safeguards Should protect sensitive data by storing it in encrypted form  When data are encrypted, a trusted party should have a copy of encryption key. This safety procedure is called key escrow key escrow Periodically create backup copies of database contents DBMS and all devices that store database data should reside in locked, controlled-access facilities  Physical security was a problem that MRV had when it lost its data. Organizations may contract with other companies to manage their databases, inspect their premises, and interview its personnel to make sure they practice proper data protections.

36 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-36 Study Questions Q1What are the threats to information security? Q2What is senior management’s security role? Q3What technical safeguards are available? Q4What data safeguards are available? Q5What human safeguards are available? Q6How should organizations respond to security incidents? Q7What is the extent of computer crime? Q82020?

37 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-37 Human Safeguards for Employees Security considerations for employees

38 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-38 Human Safeguards for Nonemployee Personnel Temporary personnel, vendors, partner personnel (employees of business partners), and the public Contracts that govern activity should list security measures appropriate for sensitive data and IS resources involved. Require vendors and partners to perform appropriate screening and security training Specify security responsibilities for work to be performed Provide computer accounts and passwords with least privilege and remove those accounts as soon as possible

39 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-39 Best Safeguard to Protect from Threats from Public Users “Harden” Web site or other facility against attack Hardening a site means to take extraordinary measures to reduce a system’s vulnerability.Hardening Hardened sites use special versions of operating system, and lock down or eliminate operating systems features and functions that are not required.

40 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-40 Protect Ourselves from Us Safeguards need to protect users from internal company security problems. A disgruntled employee who maliciously changes prices on a Web site potentially damages both public users and business partners.

41 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-41 Account Administration Account management Password management Help-desk policies

42 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-42 Systems Procedures

43 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-43 Security Monitoring Important monitoring functions Activity log analyses  Firewalls produce logs of their activities, including lists of all dropped packets, infiltration attempts, and unauthorized access attempts from within the firewall. DBMS products produce logs of successful and failed log ins. Web servers produce voluminous logs of Web activities.  Operating systems in personal computers can produce logs of log ins and firewall activities. Security testing  Use in-house personnel and outside security consultants to conduct testing Investigating and learning from security incident

44 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-44 Study Questions Q1What are the threats to information security? Q2What is senior management’s security role? Q3What technical safeguards are available? Q4What data safeguards are available? Q5What human safeguards are available? Q6How should organizations respond to security incidents? Q7What is the extent of computer crime? Q82020?

45 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-45 Major Disaster-Preparedness Tasks

46 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-46 Disaster-Recovery Backup Sites Hot site  Utility company that can take over another company’s processing with no forewarning. Hot sites are expensive; organizations pay $250,000 or more per month for such services. Cold sites  Provide computers and office space. They are cheaper to lease, but customers install and manage systems themselves. The total cost of a cold site, including all customer labor and other expenses, might not cost less than a hot site.

47 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-47 Incident-Response Plan

48 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-48 Study Questions Q1What are the threats to information security? Q2What is senior management’s security role? Q3What technical safeguards are available? Q4What data safeguards are available? Q5What human safeguards are available? Q6How should organizations respond to security incidents? Q7What is the extent of computer crime? Q82020?

49 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-49 What Is the Extent of Computer Crime? Computer Security Institute survey (2009)Computer Security Institute survey  http://gocsi.com (registration required) http://gocsi.com Only 144 of the 522 responding organizations provided cost of loss data (2009) Financial fraud had highest average incident cost of $463,100 and losses due to bots averaged $345,600 Some losses are difficult to quantify.  What is the loss of a denial of service attack on an organization’s Web site? If a company’s Web site is unavailable for 24 hours, what potential sales, prospects, or employees have been lost? What reputation problem was created for the organization?

50 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-50 Percentage of Security Incidents Insert Figure 12-16 here (new)

51 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-51 Study Questions Q1What are the threats to information security? Q2What is senior management’s security role? Q3What technical safeguards are available? Q4What data safeguards are available? Q5What human safeguards are available? Q6How should organizations respond to security incidents? Q7What is the extent of computer crime? Q82020?

52 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-52 2020? Skill level of cat and mouse activity is likely to increase substantially Increased security in operating systems and other software, improved security procedures and employee training will make it harder and harder for the lone hacker to find some vulnerability to exploit.

53 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-53 2020? Rise of professionals, primarily bot herders, who may be organized criminals, terrorists, or elements of governments inflicting a new type of cyber warfare on other nations We may see cyber warfare among nations. Number of computer security jobs is projected to increase by 27 percent by 2016

54 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-54 Ethics Guide: Security Privacy Legal requirements to protect the customer data they collect and store Gramm-Leach-Bliley (GLB) Act, passed by Congress in 1999, protects consumer financial data stored by financial institutions. Privacy Act of 1974 provides protections to individuals regarding records maintained by the U.S. government. Health Insurance Portability and Accountability Act (HIPAA) of 1996 gives individuals right to access health data created by doctors and other health-care providers. HIPAA also sets rules and limits on who can read and receive your health information. In Australia, Privacy Principles of the Australian Privacy Act of 1988 covers government, health-care data, and records maintained by businesses with revenues in excess of AU$3 million.

55 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-55 Ethics Guide: Security Privacy Do Dell, Amazon.com, the airlines, and other e-commerce businesses have a legal requirement to protect their customers’ credit card data? Apparently not—at least not in the United States. However, online retailers have an ethical requirement to protect a customer’s credit card and other data. Retailers have a strong business reason to protect customer data. A substantial loss of credit card data by any large online retailer would have detrimental effects on company sales and brand reputation. No federal law prohibits the U.S. Government from buying information products from the data accumulators.

56 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-56 Ethics Guide: Security Privacy What requirements does your university have on the data it maintains about you?  State law or university policy may govern those records, but no federal law does. Most universities consider it their responsibility to provide public access to graduation records. Anyone can determine when you graduated, your degree, and your major.  What about your class work? What about the papers you write, the answers you give on exams? What about the emails you send to your professor? The data are not protected by federal law, and they are probably not protected by state law.  If your professor cites your work in research, it is subject to copyright law, but not privacy law. What you write is no longer your personal data; it belongs to the academic community.

57 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-57 Guide: Security Assurance, Hah! Employees who never change their password or use some simpleton word like “Sesame” or “MyDogSpot” or something equally absurd Notes with passwords in top drawer of desks If you enter a system with a readily available password, is that even breaking in? Or is it more like opening a door with a key you were given? Management should stop talking about security risk assurance and start talking about and enforcing real security.

58 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-58 Guide: The Final, Final Word Stay alert to new technology-based opportunities Watch for “second wave” opportunities Enroll in a database class or systems development class, security class, even if you’re not an IS major Look for novel applications of IS technology in emerging business environment

59 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-59 Active Review Q1What are the threats to information security? Q2What is senior management’s security role? Q3What technical safeguards are available? Q4What data safeguards are available? Q5What human safeguards are available? Q6How should organizations respond to security incidents? Q7What is the extent of computer crime? Q82020?

60 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-60 Phishing for Credit Card Accounts

61 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-61 Nonexistent Company, Entirely Fake

62 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-62 Case Study 12: The ChoicePoint Attack ChoicePoint provides motor vehicle reports, claims histories, and similar data to the automobile insurance industry, general business, and government agencies. Offers data for volunteer and job-applicant screening and data to assist in the location of missing children.ChoicePoint ChoicePoint has over 4,000 employees, and its 2007 revenue was $982 million. In 2004, ChoicePoint was the victim of a spoofing attack in which unauthorized individuals posed as legitimate customers and obtained personal data on more than 145,000 individuals. Example of a failure of authentication, not a network break in

63 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-63 The ChoicePoint Attack Firewalls and other safeguards were not overcome. Instead, criminals spoofed legitimate businesses by obtaining valid California business licenses. They appeared to be legitimate users. Undetected for months until unusual processing activity was detected ChoicePoint exposed itself to a public relations nightmare, considerable expense, a class-action lawsuit, a Senate investigation, and a 20-percent drop in its share price because it contacted police and cooperated in the attempt to apprehend the criminals.

64 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-64 The ChoicePoint Attack When ChoicePoint noticed the unusual account activity, had it simply shut down data access for the illegitimate businesses, no one would have known. Of course, the 145,000 customers whose identities had been compromised would have unknowingly been subject to identity theft, but it is unlikely that such thefts could have been tracked back to ChoicePoint.

65 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 12-65 All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher. Printed in the United States of America. Copyright © 2011 Pearson Education, Inc. Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

Download ppt "Information Security Management David Kroenke Using MIS 3e Chapter 12."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Information Security Management by David Kroenke

Information Security Management by David Kroenke
© Pearson Prentice Hall 2009 12-1 Using MIS 2e Chapter 12 Information Security Management If you don’t do security right, nothing else matters. David Kroenke.

© Pearson Prentice Hall Using MIS 2e Chapter 12 Information Security Management If you don’t do security right, nothing else matters. David Kroenke.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Information Security Management Chapter 12. 12-2 “We Have to Design It for Privacy and Security. ” Tension between Maggie and Ajit regarding terminology.

Information Security Management Chapter “We Have to Design It for Privacy and Security. ” Tension between Maggie and Ajit regarding terminology.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
© Pearson Prentice Hall 2009 12-1 Using MIS 2e Chapter 12 Information Security Management David Kroenke.

© Pearson Prentice Hall Using MIS 2e Chapter 12 Information Security Management David Kroenke.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Information Security Management

Information Security Management
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Chapter 12 Information Security Management

Chapter 12 Information Security Management
Information Security Policies and Standards

Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Similar presentations

Ads by Google