Managing Information Systems Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345.

Slides:

Advertisements

Similar presentations

There are different threats and impacts that affect an organisation. Threats are things that the organisation will get attacked by so for example viruses.

Advertisements

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Crime and Security in the Networked Economy Part 4.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

9 - 1 Computer-Based Information Systems Control.

4/15: Security & Controls in IS Systems Vulnerabilities Controls: what to use to guard against vulnerabilities –General controls –Application controls.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

IS Security Control & Management. Overview n Why worry? n Sources, frequency and severity of problems n Risks to computerized vs. manual systems n Purpose.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Saving Your Business from a Data Loss Randy Clark.

Copyright © 2015 Pearson Education, Inc. Processing Integrity and Availability Controls Chapter

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.

11.1 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality,

Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.

Data Security GCSE ICT.

Security The Kingsway School. Accidental Data Loss Data can be lost or damaged by: Hardware failure such as a failed disk drive Operator error e.g. accidental.

Author: Andy Reedftp://topsurf.co.uk/reed FdSc IT/Computer Networking & IT(e-commerce) Communications Network Management An Introduction to Security.

Protecting ICT Systems

Chapter 22 Systems Design, Implementation, and Operation Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 22-1.

Disaster Planning and Security Policies. Threats to data DeliberateTerrorism Criminal vandalism/sabotage White collar crime Accidental Floods and fire,

ISA Topic 9: Operations Security ISA 562 Internet Security Theory & Practice.

Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the.

Defining Security Issues

14. CONTROLLING INFORMATION SYSTEMS 14. CONTROLLING INFORMATION SYSTEMS 14.1.

PART THREE E-commerce in Action Norton University E-commerce in Action.

© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies.

1 I.Assets and Treats Information System Assets That Must Be Protected People People Hardware Hardware Software Software Operating systems Operating systems.

GCSE ICT Viruses, Security & Hacking. Introduction to Viruses – what is a virus? Computer virus definition - Malicious code of computer programming How.

The Utility Programs: The system programs which perform the general system support and maintenance tasks are known as utility programs. Tasks performed.

Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.

Prepared by: Dinesh Bajracharya Nepal Security and Control.

Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.

Information System Security and Control

Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.

Lecture 14 Overview. Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system 2 CS 450/650.

Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 - Databases, Controls, and Security.

CSCE 522 Lecture 12 Program Security Malicious Code.

System Security Chapter no 16. Computer Security Computer security is concerned with taking care of hardware, Software and data The cost of creating data.

Information Systems Security Operations Security Domain #9.

1 Chpt. 12: INFORMATION SYSTEM QUALITY, SECURITY, AND CONTROL.

SESSION 14 INFORMATION SYSTEMS SECURITY AND CONTROL.

Data protection This means ensuring that stored data does not get changed, removed or accessed accidentally or by unauthorised people. Data can be corrupted,

SECURITY OF DATA By: ADRIAN PERHAM. Issues of privacy; Threats to IT systems; Data integrity; Standard clerical procedures; Security measures taken to.

Learning Objectives Demonstrate why info systems are vulnerable to destruction, error, abuse, quality control problemsDemonstrate why info systems are.

CPS ® and CAP ® Examination Review OFFICE SYTEMS AND TECHNOLOGY, Fifth Edition By Schroeder and Graf ©2005 Pearson Education, Inc. Pearson Prentice Hall.

Viewing Information Systems Security. The basic objectives of Information Security are the same as the basic objectives of EDP auditing. They are: 1.To.

Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,

Business Continuity Management Rikus Matthyser Executive: Telkom Business Integration Services.

Catholic University College of Ghana Fiapre-Sunyani INFORMATION TECHNOLOGY I Audrey Asante, Faculty of ICST Data Protection and Security Computers and.

Information Systems Security and Control Chapter 14.

CONTROLLING INFORMATION SYSTEMS

Storage, Communication & Disposal of data & information Threats to data & Information Deliberate, accidental & technical failure.

Protecting Data. Privacy Everyone has a right to privacy Data is held by many organisations –Employers –Shops –Banks –Insurance companies –etc.

Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.

ANS File Security Chapter # 29 ( Prepared by : Mazhar Javed ) 1 Data Security “Protection against loss, corruption of, or unauthorized access of data”

Information Systems Security

INFORMATION SYSTEMS SECURITY AND CONTROL.

INFORMATION SYSTEMS SECURITY & CONTROL

Processing Integrity and Availability Controls

Unit 11 Task #1 Read the unit specification and create a glossary which defines each of the words / terms you don’t know.

Planning and Security Policies

INFORMATION SYSTEMS SECURITY and CONTROL

Ensuring the Quality and Best Use of Information

Information Systems Security and Control

Presentation transcript:

Managing Information Systems Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345

Dr. S. Loizidou - ACSC3452 Objectives  Demonstrate the differences in vulnerability between traditional systems and Information Systems  Demonstrate the impact of Information System vulnerability  Demonstrate why Information Systems are vulnerable

Dr. S. Loizidou - ACSC3453 Protecting Information Systems  Information Systems are now very important within organisations  Disabling or corrupting these Information Systems can lead to significant loss –Financial impact –Loss of life / health and safety issues

Dr. S. Loizidou - ACSC3454 On-line Auction Site 8 Hour Downtime Type of Loss Value Direct revenue loss $341,652 Compensatory loss $943,521 Depreciation costs $6,279 Lost future revenues $1,024,95 5 Worker downtime loss $46,097 Contract labour loss $52,180 Delay-to-market loss $358,734 Total $2,773,41 8 Technology Spotlight: The Financial Impact of Site Outages. The Industry Standard, 1999

Dr. S. Loizidou - ACSC3455 Vulnerability  Why are Information Systems more vulnerable than paper-based systems?

Dr. S. Loizidou - ACSC3456 Vulnerability  Paper-based systems –Documents / data stored in filing cabinets –Secured by physical access  Information systems: –Data stored electronically –Logical, rather than physical, access

Dr. S. Loizidou - ACSC3457 Vulnerability  Information Systems open to more vulnerabilities than paper-based systems

Dr. S. Loizidou - ACSC3458 Security  What examples of threats to Information Systems can you think of?

Dr. S. Loizidou - ACSC3459 Malicious Intent  Hackers –Person who gains unauthorised access to a system for profit, criminal purpose or pleasure –Trojan horse  Program that has hidden, secondary purpose –Denial of service  Overwhelm server with requests to disable  (Partially) countered by security procedures

Dr. S. Loizidou - ACSC34510 Malicious Intent  Viruses –Software that is difficult to detect, spreads rapidly, destroys data, processing and memory –Logic bomb  Timed virus  (Partially) countered by anti-virus software

Dr. S. Loizidou - ACSC34511 Malicious Intent?  The vulnerability of Information Systems is not just restricted to external security threats

Dr. S. Loizidou - ACSC34512 Vulnerability  What other types of vulnerability do Information Systems have?

Dr. S. Loizidou - ACSC34513 Vulnerability  Threats: –Hardware failure (disk crash, Pentium bug) –Software failure (bugs, design flaws) –Personal actions (accidental, malicious) –Terminal access penetration (hacking) –Theft of data, services or equipment (virus)

Dr. S. Loizidou - ACSC34514 Vulnerability  Threats: –Fire (also true of paper-based systems) –Electrical problems (downtime) –User errors (wrong data) –Program changes (upgrades, assumptions) –Telecommunications (Internet, wireless)

Dr. S. Loizidou - ACSC34515 Concerns  Disaster: –Hardware, software, data destroyed by fire, flood, power failures, etc. –Software and data may not be replaceable –Significant (financial) loss  Backup, fault tolerance  Disaster recovery planning –Standby sites, equipment, personnel

Dr. S. Loizidou - ACSC34516 Concerns  Security –Policies, procedures, technical measures –Prevent unauthorised access, theft, damage  Errors –Software bugs can cause significant loss –Financial: rounding errors? –Life: missile systems

Dr. S. Loizidou - ACSC34517 Data Quality  Data quality problems: –Data preparation –Conversion –Input –Form completion –On-line data entry –Keypunching –Scanning –Validation –Processing –File maintenance –Output –Transmission –Distribution

Dr. S. Loizidou - ACSC34518 Software Quality  What types of problems may a software system have?

Dr. S. Loizidou - ACSC34519 Software Quality  Software problems –Bugs –Defects (wrong requirements) –Misinterpretation of requirements –Incorrect assumptions

Dr. S. Loizidou - ACSC34520 Software Quality  The more complex a system is, the less likely it is to be bug free  Impractical to test all paths of complex code –Difficult to test –Too much time required  Total Quality Management –Can only improve quality, not eliminate bugs –Uncertain what bugs remain and their impact

Dr. S. Loizidou - ACSC34521 Maintenance  Maintenance of software systems should be built into the design  Maintenance is the most expensive phase of a system –Complexity –Associated organisational changes –(Regression) testing overheads  More expensive to fix bugs as implementation proceeds