Presentation is loading. Please wait.

Presentation is loading. Please wait.

Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.

Published byPatrick Griffin Modified over 8 years ago

Similar presentations

Presentation on theme: "Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9."— Presentation transcript:

1 Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9

2 Prepared by Natalie Rose2 Risks to Information Systems Risks to Hardware –Natural disasters –Blackouts and brownouts –Vandalism

3 Prepared by Natalie Rose3 Risks to Information Systems (Cont.) Risks to Applications and Data –Theft of information –Social engineering and identity theft –Data alteration, data destruction, and Web defacement –Computer viruses, worms, and logic bombs –Nonmalicious mishaps

4 Prepared by Natalie Rose4 Denial of service Hijacking Spoofing Risks to Online Operations

5 Prepared by Natalie Rose5 Risks to Online Operations

6 Prepared by Natalie Rose6 Controls

7 Prepared by Natalie Rose7 Controls (Cont.) Program Robustness and Data Entry Controls –Provide a clear and sound interface with the user –Menus and limits Backup –Periodic duplication of all data Access Controls –Ensure that only authorized people can gain access to systems and files –Access codes and passwords

8 Prepared by Natalie Rose8 Controls (Cont.)

9 Prepared by Natalie Rose9 Controls (Cont.) Atomic Transactions –Ensures that transaction data are recorded properly in all the pertinent files to ensure integrity Audit Trails –Built into an IS so that transactions can be traced to people, times, and authorization information

10 Prepared by Natalie Rose10 Controls (Cont.)

11 Prepared by Natalie Rose11 Security Measures Firewalls –Defense against unauthorized access to systems over the Internet –Controls communication between a trusted network and the “untrusted” Internet –Proxy Server: represents another server for all information requests and acts as a buffer

12 Prepared by Natalie Rose12 Security Measures (Cont.)

13 Prepared by Natalie Rose13 Keeps communications secret Authentication: the process of ensuring the identity of the person sending the message Encryption: coding a message into a form unreadable to an interceptor Authentication and Encryption

14 Prepared by Natalie Rose14 Authentication and Encryption (Cont.)

15 Prepared by Natalie Rose15 Encryption Strength Distribution Restrictions Public-key Encryptions –Symmetric and asymmetric encryption Secure Sockets Layer and Secure Hypertext Transport Protocol Pretty Good Privacy Authentication and Encryption (Cont.)

16 Prepared by Natalie Rose16 Authentication and Encryption (Cont.)

17 Prepared by Natalie Rose17 Authentication and Encryption (Cont.)

18 Prepared by Natalie Rose18 Electronic Signatures Digital Signatures Digital Certificates Digital Signatures and Digital Certificates

19 Prepared by Natalie Rose19 Digital Signatures and Digital Certificates (Cont.)

20 Prepared by Natalie Rose20 Digital Signatures and Digital Certificates (Cont.)

21 Prepared by Natalie Rose21 Obtain management’s commitment to the plan Establish a planning committee Perform risk assessment and impact analysis Prioritize recovery needs: critical, vital, sensitive, noncritical The business recovery plan

22 Prepared by Natalie Rose22 Select a recovery plan Select vendors Develop and implement the plan Test the plan Continually test and evaluate The business recovery plan (Cont.)

23 Prepared by Natalie Rose23 Companies that specialize in either disaster recovery planning or provision of alternate sites Small companies can opt for Web-based services Recovery plan providers

24 Prepared by Natalie Rose24 The IS Security Budget

25 Prepared by Natalie Rose25 How much security is enough security? Calculating downtime The IS Security Budget (Cont.)

26 Prepared by Natalie Rose26 The IS Security Budget (Cont.)

27 Prepared by Natalie Rose27 Ethical and Societal Issues Terrorism, Carnivores, and Echelons Carnivorous methods –FBI developed Carnivore Device is attached to the ISP servers to monitor email Top Echelon –Surveillance system

Download ppt "Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9."

Similar presentations

Management Information Systems, Sixth Edition

Management Information Systems, Sixth Edition
Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Chapter 9 Information Systems Ethics, Computer Crime, and Security.

Chapter 9 Information Systems Ethics, Computer Crime, and Security.
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
E-Business Risks Chapter Seven. E-Business Models EDI Web pages The online environment Distributed e-business and intranets Supply chain linkage Collaborative.

E-Business Risks Chapter Seven. E-Business Models EDI Web pages The online environment Distributed e-business and intranets Supply chain linkage Collaborative.
Chapter 17 Controls and Security Measures

Chapter 17 Controls and Security Measures
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
Lecture 10 Security and Control.

Lecture 10 Security and Control.
Lecture 10 Security and Control.

Lecture 10 Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Risks, Controls and Security Measures

Risks, Controls and Security Measures
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Similar presentations

Ads by Google