INFORMATION SYSTEMS SECURITY and CONTROL

Slides:



Advertisements
Similar presentations
Security and Control Soetam Rizky. Why Systems Are Vulnerable ?
Advertisements

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
14.1 © 2004 by Prentice Hall INFORMATIONSYSTEMS SECURITY AND CONTROL.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.
4/15: Security & Controls in IS Systems Vulnerabilities Controls: what to use to guard against vulnerabilities –General controls –Application controls.
Chapter 17 Controls and Security Measures
Security+ Guide to Network Security Fundamentals
Lecture 10 Security and Control.
Lecture 10 Security and Control.
10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
14.1 © 2004 by Prentice Hall Management Information Systems 8/e Chapter 14 Information Systems Security and Control 14 INFORMATIONSYSTEMS SECURITY AND.
Lecture 11 Reliability and Security in IT infrastructure.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
11.1 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality,
Misbahuddin Azzuhri SE. MM. CPHR.
Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =
Chapter 8 Security and Control.
10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.
Securing Information Systems
7.1 © 2007 by Prentice Hall 10 Chapter Securing Information Systems.
Defining Security Issues
7.1 © 2007 by Prentice Hall 7 Chapter Securing Information Systems.
1 I.Assets and Treats Information System Assets That Must Be Protected People People Hardware Hardware Software Software Operating systems Operating systems.
BUSINESS B1 Information Security.
Prepared by: Dinesh Bajracharya Nepal Security and Control.
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
C8- Securing Information Systems
8.1 © 2007 by Prentice Hall Minggu ke 6 Chapter 8 Securing Information Systems Chapter 8 Securing Information Systems.
Pertemuan-14.1 © 2008 by Abdul Hayat Information Systems Security and Control INFORMATIONSYSTEMS SECURITY AND CONTROL Pertemuan 14.
11.1 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality,
Management Information Systems Chapter Eight Securing Information Systems Md. Golam Kibria Lecturer, Southeast University.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
1 Chpt. 12: INFORMATION SYSTEM QUALITY, SECURITY, AND CONTROL.
SESSION 14 INFORMATION SYSTEMS SECURITY AND CONTROL.
Learning Objectives Demonstrate why info systems are vulnerable to destruction, error, abuse, quality control problemsDemonstrate why info systems are.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Chap1: Is there a Security Problem in Computing?.
Chapter 7 1Artificial Intelligent. OBJECTIVES Explain why information systems need special protection from destruction, error, and abuse Assess the business.
CONTROLLING INFORMATION SYSTEMS
Management Information Systems 8/e Chapter 14 Information Systems Security and Control BUILDING INFORMATION SYSTEMS SECURITY AND CONTROL.
8.1 © 2010 by Prentice Hall 8 Chapter Securing Information Systems.
ESTABLISHING AND MANAGING IT SECURITY Prepared by : Siti Mahani Mahmud Yong Azua Mat Zaliza Azan.
14.1 © 2003 by Prentice Hall 14 INFORMATIONSYSTEMS SECURITY AND CONTROL Chapter.
10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.
Securing Information Systems
Information Systems Security
CS457 Introduction to Information Security Systems
Securing Information Systems
INFORMATION SYSTEMS SECURITY AND CONTROL.
Controlling Computer-Based Information Systems, Part II
INFORMATION SYSTEMS SECURITY & CONTROL
APPLICATION RISK AND CONTROLS
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Securing Information Systems
Security in Networking
Chapter 10 Security and Control.
Planning and Security Policies
Control , Audit & Security of Information
Chapter # 3 COMPUTER AND INTERNET CRIME
Information Systems Security and Control
Mohammad Alauthman Computer Security Mohammad Alauthman
Presentation transcript:

INFORMATION SYSTEMS SECURITY and CONTROL

What is security? The quality or state of being secure to be free from danger Security is achieved using several strategies simultaneously or used in combination with one another Security is recognized as essential to protect vital processes and the systems that provide those processes Security is not something you buy, it is something you do

Vulnerability, Threat and Attack A vulnerability:- is a weakness in security system Can be in design, implementation, etc. Can be hardware, or software A threat:- is a set of circumstances that has the potential to cause loss or harm Or it’s a potential violation of security Threat can be: Accidental (natural disasters, human error, …) Malicious (attackers, insider fraud, …) An attack:- is the actual violation of security

Why Systems are Vulnerable? Hardware problems- Breakdowns, configuration errors, damage from improper use or crime Software problems- Programming errors, installation errors, unauthorized changes) Disasters- Power failures, flood, fires, etc. Use of networks and computers outside of firm’s control - E.g. with domestic or offshore outsourcing vendors

SYSTEM VULNERABILITY AND ABUSE Concerns for System Builders and Users Disaster Destroys computer hardware, programs, data files, and other equipment Security Prevents unauthorized access, alteration, theft, or physical damage

SYSTEM VULNERABILITY AND ABUSE Concerns for System Builders and Users Errors- Cause computers to disrupt or destroy organization’s record-keeping and operations Bugs- Program code defects or errors Maintenance - Maintenance costs high due to organizational change, software complexity, and faulty system analysis and design

RISKS & THREATS Virus Attacks Systems & Network Failure Theft, Sabotage, Misuse High User Knowledge of IT Systems Natural Calamities & Fire Lack Of Documentation Lapse in Physical Security

BUSINESS VALUE OF SECURITY AND CONTROL Inadequate security and control may create serious legal liability. Businesses must protect not only their own information assets but also those of customers, employees, and business partners. Failure to do so can lead to costly litigation for data exposure or theft. A sound security and control framework that protects business information assets can thus produce a high return on investment.

ESTABLISHING A MANAGEMENT FRAMEWORK FOR SECURITY AND CONTROL General controls: Establish framework for controlling design, security, and use of computer programs Software controls Hardware controls Computer operations controls Data security controls Implementation controls

Application controls: Unique to each computerized application Input Processing Output

CREATING A CONTROL ENVIRONMENT Controls:- Methods, policies, and procedures Ensures protection of organization’s assets Ensures accuracy and reliability of records, and operational adherence to management standards

CREATING A CONTROL ENVIRONMENT Mirroring: Duplicating all processes and transactions of server on backup server to prevent any interruption Clustering: Linking two computers together so that a second computer can act as a backup to the primary computer or speed up processing

CREATING A CONTROL ENVIRONMENT Internet Security Challenges Firewalls:- Hardware and software controlling flow of incoming and outgoing network traffic Prevent unauthorized users from accessing private networks Intrusion Detection System:- Monitors vulnerable points in network to detect and deter unauthorized intruders

CREATING A CONTROL ENVIRONMENT Internet Security Challenges Encyption: - Coding and scrambling of messages to prevent their access without authorization Authentication: - Ability of each party in a transaction to ascertain identity of other party Message integrity: - Ability to ascertain that transmitted message has not been copied or altered

CREATING A CONTROL ENVIRONMENT Internet Security Challenges Digital signature: -Digital code attached to electronically transmitted message to uniquely identify contents and sender Digital certificate: -Attachment to electronic message to verify the sender and to provide receiver with means to encode reply Secure Electronic Transaction (SET): -Standard for securing credit card transactions over Internet and other networks

MANAGEMENT CHALLENGES Implementing an effective security policy Applying quality assurance standards in large systems projects What are the most important software quality assurance techniques? Why are auditing information systems and safeguarding data quality so important?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.