1 MIS 2000 Class 22 System Security Update: Winter 2015.

Slides:



Advertisements
Similar presentations
Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
Advertisements

POSSIBLE THREATS TO DATA
Ethics, Privacy and Information Security
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Crime and Security in the Networked Economy Part 4.
Chapter 9 Information Systems Ethics, Computer Crime, and Security
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Business Data Communications, Fourth Edition Chapter 10: Network Security.
Chapter 9 Information Systems Ethics, Computer Crime, and Security
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.
Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =
Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
1 Pertemuan 10 Understanding Computers Security Matakuliah: J0282 / Pengantar Teknologi Informasi Tahun: 2005 Versi: 02/02.
Security. Introduction to Security Why do we need security? What happens if data is lost? –Wrong business decisions through lack of information –Long-term.
Securing Information Systems
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
ISNE101 Dr. Ken Cosh Week 14. This Week  Challenges (still) facing Modern IS  Reliability  Security.
PART THREE E-commerce in Action Norton University E-commerce in Action.
Introduction to Information and Computer Science Security Lecture b This material (Comp4_Unit8b) was developed by Oregon Health and Science University,
© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies.
© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies.
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,
BUSINESS B1 Information Security.
1.1 System Performance Security Module 1 Version 5.
Internet Security facilities for secure communication.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.
Prepared by: Dinesh Bajracharya Nepal Security and Control.
IT security By Tilly Gerlack.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
C8- Securing Information Systems
8.1 © 2007 by Prentice Hall Minggu ke 6 Chapter 8 Securing Information Systems Chapter 8 Securing Information Systems.
Caring for Technology Malware. Malware In this Topic we examine: v Viruses (or Malware) v Virus Detection Techniques v When a Virus is Detected v Updating.
 A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. It is deliberately.
Chapter 8 Computers and Society, Security, Privacy, and Ethics
Types of Electronic Infection
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,
3.05 Protect Your Computer and Information Unit 3 Internet Basics.
Chap1: Is there a Security Problem in Computing?.
Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.
Internet Security. 2 Computers on the Internet are almost constantly bombarded with viruses, other malware and other threats.
Computer Security By Duncan Hall.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Security and Ethics Safeguards and Codes of Conduct.
Matt Broman Kodiac Gamble Devin Nichol SECTION 4.2 INFORMATION SECURITY.
Cybersecurity Test Review Introduction to Digital Technology.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
The Internet = A World of Opportunities Look what’s at your fingertips A way to communicate with friends, family, colleagues Access to information and.
Primary/secondary data sources Health and safety Security of Data Data Protection Act.
Unit 1 Understanding computer systems: How legal, ethical, safety and security issues affect how computers should be used OCR Cambridge Nationals in ICT.
Securing Information Systems
Network security threats
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Securing Information Systems
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
CHAPTER 2: OPERATING SYSTEMS (Part 2) COMPUTER SKILLS.
HOW DO I KEEP MY COMPUTER SAFE?
Security in mobile technologies
Presentation transcript:

1 MIS 2000 Class 22 System Security Update: Winter 2015

Outline Security threats concept Sniffing Encryption defense Malware Data theft Intrusion detections system, password & firewall defenses Internet threats and defenses Internal threats & defenses Summary 2

3 Information Systems’ Vulnerability Network-related challenges: Access to local and wide area networks (Internet) brings risks. Anyone from inside/outside the organization can attempt to infiltrate information systems. The risks of unauthorized access to data, stealing and destruction is greater than with paper that exists in one original form and can be securely locked. Digital data can also be changed, while the fraud is not easily detected. One of disadvantages in comparison with paper.*

Security Threats - External 4 Data theft Malware (virus, worm…) False identity (spoofing/phishing) Power failure, Natural disaster Sniffing

Sniffing refers to listening to a communication channel performed by an uninvited party. Sniffing is a version of unauthorized access. Conversations on cell phones can easily be sniffed.* WiFi channels are also vulnerable. Defense: Encryption of the data transferred. The content is jammed into illegible format by using some programming method. Example: “Hi, how are you?” can be encrypted into something like “xy&*z-&8w4}”. See next slide. 5

6 Encryption Encryption = Scrambling of a message to prevent unauthorized parties from reading it. Encryption is a defense against sniffing communication channel. Single key encryption – Sender and receiver use the same private key for encryption and decryption. Double key encryption – Sender and Receiver use a combination of a public and a private key: Digital Certificate - public key and a proof of its validity issued by a certificate authority (e.g., VeriSign); licensed annually. Critical for e-commerce; important in other Internet communications Encrypt with Recipient’s Public Key Decrypt with Recipient’s Private Key Digital Certificate Digital Signature can be applied Certificate Authority

77 Malware Malware = malicious software that can harm data, and/or computer software and even hardware. Virus (a legend about their origin) – destructive to data & software Warm – replicates itself taking computing resources and impairing computer functioning (e.g., speed, and screen freeze). Trojan – blocks system security functions, so opening doors for other malware. Adware – presents unwanted ads in pop-up or pop-under windows. Spyware – observes user's activities and reports it to external party. Defenses: Anti-virus software. Automatic and continuously updated online by vendor. Critical for Internet. * Firewall (see later slide)

Data Theft Data theft is stealing data by hackers. This is also internal threat in organizations when unauthorized person accesses data. Also, data storage devices or mobile tech. can be stolen or lost. Defenses: Firewall: a whole security-tasked IS for guarding access 8

More Defenses from Data Theft Intrusion Detection System (IDS). Automatically detects suspicious network traffic. Passwords for access Physical: Locking up computers and storage devices. Mobile tech. methods: Combining passwords, storage encryption*, locks, remote data wipes. 9 Supports Firewall Rules defining suspicious moves Monitoring internal traffic as well

False Identity Also called spoofing, phishing, social engineering…* A malevolent party pretends to be a company or a person they really are not, and tries to get personal data (credit card numbers etc.). Defense: Vigilance and caution! Never go to Web sites your are invited to via or on social media, unless you are absolutely sure the site/invitation is real.** Never engage in “money transfer” schemes unknown persons offer you via or texting. 10

11 Internal Security Threats & Defenses Within organizations. Threats are bigger as people are closer to technologies and data storage. Unauthorized access, change and copying of data; also, stealing data storage. Unauthorized access to data: when a user does not have a particular privilege (read, write, change, delete) but gets it somehow. Human errors: leaving data unprotected, poor & lost passwords, not locking data/hardware/software. Defenses: Physical securing; passwords; biometric methods (fingertip readers). Managing access to data (system administrators) Training, supervision

Power failure & Natural disasters 12 Power failure can be internal or external threat. Defense: Have backup electricity generators ready to take over. Natural disasters belong to external threats. Defense: Have disaster management plans Extra computing facilities off-site (can be rented). Keep backup data off-site. Run regular checks to assess preparedness.

Summary Security threats are external and internal, and include malware, false identity, sniffing, data theft, and unauthorized access and change of data tempering. Mobile phones and devices and wireless channels are very vulnerable. Internet increases security risks. Defenses include data encryption, intrusion detections system, passwords, firewalls, physical means, and managing system access. 13

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.