Lecture 14: Business Information Systems - ICT Security

Slides:



Advertisements
Similar presentations
Northside I.S.D. Acceptable Use Policy
Advertisements

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Factors to be taken into account when designing ICT Security Policies
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
New Data Regulation Law 201 CMR TJX Video.
Protecting ICT Systems
Program Objective Security Basics
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
General Awareness Training
CHAPTER 4 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
IT Security for Users By Matthew Moody.
1.1 System Performance Security Module 1 Version 5.
Prepared by: Dinesh Bajracharya Nepal Security and Control.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.
OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.
Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.
IT in Business Issues in Information Technology Lecture – 13.
Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,
Chap1: Is there a Security Problem in Computing?.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Bailey Ryan.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
CONTROLLING INFORMATION SYSTEMS
Computer Security By Duncan Hall.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Security and Ethics Safeguards and Codes of Conduct.
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Computer Security Sample security policy Dr Alexei Vernitski.
Welcome to the ICT Department Unit 3_5 Security Policies.
Securing Information Systems
Securing Information Systems
Slide Template for Module 4 Data Storage, Backup, and Security
EAST AFRICAN DATA HANDLERS DATA SECURITY/MOBILITY
Security Of Information Systems
ISSeG Integrated Site Security for Grids WP2 - Methodology
Unit 13 IT Systems Troubleshooting and Repair Anne Sewell
E&O Risk Management: Meeting the Challenge of Change
Data and database administration
Protection of CONSUMER information
Controlling Computer-Based Information Systems, Part II
Chapter 11 crime and security in the networked economy
Answer the questions to reveal the blocks and guess the picture.
CHAPTER 4 Information Security.
Computer Security Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Securing Information Systems
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
Cybersecurity compliance for attorneys
INFORMATION SYSTEMS SECURITY and CONTROL
12 STEPS TO A GDPR AWARE NETWORK
Unit 4 IT Security Kerris Davies.
Steppa Cyber Security Training Tips Your Business Was Seeking For With Cyber Security Training!
Lorenzo Biasiolo 3°AI INFORMATION SECURITY.
6. Application Software Security
Presentation transcript:

Lecture 14: Business Information Systems - ICT Security

Discussion point How would you plan the ultimate security of your HOME when you are building a house

Points of Vulnerability – An analogy External Threat Burglars Storms Rodents Snakes Crocodiles Mistress Internal Threat Maid Kids Fire Dirt/Clatter Television External/Internal Electricity Sewer Water Neighbourhood

What to protect The whole computing system: Hardware Software Network Systems Data Network People

Points of Vulnerability External Manufacturers: Backdoor software: this has been known to be put in active devices for example. Part of the reason why CISCO is deemed a threat in China. http://www.china.org.cn/business/2013-06/21/content_29186348.htm Quality of product Fit to purpose Vendors Are they in the channel Are they reliable What warranty do they give

Points of Vulnerability External Suppliers of Software Is it genuine What support do they have Reaction time; can they be reached and solve issues online How well established are they Backdoor (http://www.infoworld.com/article/2606776/hacking/155947-Biggest-baddest-boldest-software-backdoors-of-all-time.html#slide1)

Points of Vulnerability External Repair Companies Are they in the channel Are they reliable What warranty do they have What is their turn around Partners Coupled thorough the Intranet Software vulnerabilities Data vulnerabilities

Points of Vulnerability External Burglars Protection of the Sever Room Access points Controlled Access Controlled Conditions in the room General physical security Hackers Protection from without at network entry points Protection from within

Points of Vulnerability Internal ICT Staff Intentional or Accidental Users Intentional or Accidental Solutions Access levels (only access necessary data) Training Properly defined procedures

Points of Vulnerability Internal/External Internet Connection Greatest point of vulnerability Firewall with access rules External access rules including for employees Exchange of storage devices Lack of virus protection for the external devices (Bringing the external to the internal while bypassing the Firewall) Wireless network

What could go wrong Denial of services Virus attack Spam attack Antivirus Spam attack Emailing Policies Antispam Wrong Data Rules in the database for integrity check

What could go wrong Denial of Service Corrupt Data Loss of Data Manner in which data is stored Loss of Data Backup On site Off site Exposure of data By employees Regulatory By trusted third parties (e.g., your lawyers) Slow system Deny use of some services (webmail, social network sites etc.)

HR Role in ensuring security of bespoke systems Physical security – the persons to secure Access control linked to the financial system Background check on all employed staff Training In house training of IT staff In house training of non-IT staff Contracts for IT staff Unlimited liability in terms of execution of their duties, ability to sue if there is intentional malice Resource allocation, appropriate tools Code of conduct consequences of breaching ICT related policies Skills retention schemes

Computer Crime Unauthorized Use at work Hacking Cyber Theft List these and discuss these Software Piracy Piracy of Intellectual Property

Posed problems Give the security reasons why one should not use mobile/wireless networks for conducting business transactions How would you mitigate against these risks What security issues should one consider when using popular email systems like Gmail and Yahoo What are the security issues to consider when an organization issues a laptop to its executives? (elaborated on next slide)

Stolen with sensitive information What are the security issues to consider when an organization issues a laptop to its executives? Stolen with sensitive information Encryption Lock hard drive with password Limit the type of information on the laptop Physical damage of laptop  loss of data Data backup Should not access internet via wireless when off work  should access through VPN Restrict some of the uses of systems on the laptop

Discussion Point In an attempt to protect the ICT related assets we have decided to have a cocktail of policies. List the policies and briefly outline what would be in each policy What are the security issues that have to be considered at the following stages, National, Corporate, Personal, Global

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.