Reliability and Security. Security How big a problem is security? Perfect security is unattainable Security in the context of a socio- technical system.

Slides:



Advertisements
Similar presentations
Cyber Crime and Technology
Advertisements

Introduction and Overview of Digital Crime and Digital Terrorism
Ethics, Privacy and Information Security
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Crime and Security in the Networked Economy Part 4.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL.
Lecture 1: Overview modified from slides of Lawrie Brown.
7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
1 Telstra in Confidence Managing Security for our Mobile Technology.
Bruce Schneier Lanette Dowell November 25, Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Chapter 1 Introduction to Security
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.
Lecture 11 Reliability and Security in IT infrastructure.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Information Security By Bhupendra Ratha, Lecturer School of Library & Information Science D.A.V.V., Indore
Securing Information Systems
SEC835 Database and Web application security Information Security Architecture.
1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.
Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall
CHAPTER 4 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate.
Computer Crime and Information Technology Security
Network Security Overview Ali Shayan Network Security Management’s Perspective Dangers: – Negligence – Dereliction of duty – Liable for damaged.
PART THREE E-commerce in Action Norton University E-commerce in Action.
Lesson 2 The Business Landscape Threats to E-Commerce.
“Assuring Reliable and Secure IT Services”. IT Redundancy: Its Value How much reliability to buy? Customer Service impacted as a result of 15 minutes.
Cyber crime & Security Prepared by : Rughani Zarana.
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.
Prepared by: Dinesh Bajracharya Nepal Security and Control.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
C8- Securing Information Systems
8.1 © 2007 by Prentice Hall Minggu ke 6 Chapter 8 Securing Information Systems Chapter 8 Securing Information Systems.
Security Management Practices General overview of good security management processes. Introduces topics used in several other sections.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
Security in Computer System 491 CS-G(172) By Manesh T
Management Information Systems Chapter Eight Securing Information Systems Md. Golam Kibria Lecturer, Southeast University.
Threat Modeling and Risk Management John R Durrett January 2003 Primarily from Building Secure Linux Servers ( ) and Secrets and Lies ( )
1 Chpt. 12: INFORMATION SYSTEM QUALITY, SECURITY, AND CONTROL.
1 Policy Types l Program l Issue Specific l System l Overall l Most Generic User Policies should be publicized l Internal Operations Policies should be.
McGraw-Hill/Irwin © 2013 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 11 Computer Crime and Information Technology Security.
CS 4001Mary Jean Harrold1 Class 25 ŸComputer crime ŸAssign ŸTerm paper—due 11/20.
Chap1: Is there a Security Problem in Computing?.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
Information Warfare Playgrounds to Battlegrounds.
MANAGING RISK. CYBER CRIME The use of the internet and developments in IT bring with it a risk of cyber crime. Credit card details are stolen, hackers.
Computer Security By Duncan Hall.
ESTABLISHING AND MANAGING IT SECURITY Prepared by : Siti Mahani Mahmud Yong Azua Mat Zaliza Azan.
ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
S ECURE E-S YSTEMS AS A COMPETITIVE ADVANTAGE IN A GLOBAL MARKETS By Cade Zvavanjanja Cybersecurity Strategist By Cade Zvavanjanja Cybersecurity Strategist.
Securing Information Systems
Securing Information Systems
CMIT100 Chapter 15 - Information.
CHAPTER 4 Information Security.
Securing Information Systems
Chapter 9 E-Commerce Security and Fraud Protection
INFORMATION SYSTEMS SECURITY and CONTROL
MIS650 Introduction.
Presentation transcript:

Reliability and Security

Security How big a problem is security? Perfect security is unattainable Security in the context of a socio- technical system Disaster planning Security is a process, not a product

Internet Security What’s different about the Internet and computerized attacks? Complexity Automation Action at a distance Propagation of techniques Class breaks

Is IT Security a Technical Problem? Socio-technical systems view of IT security –Technical system includes hardware software, networks, data –Social system includes people, processes, organization, work design, objectives –Socio-technical solution is the best total solution, may not optimize either social or technical solution

Is IT Security a Technical Problem? Schneier – security is provided within a context. –An asset is secured from a particular type of attack from a particular type of attacker –Assets and attacks exist in contexts –Context (especially the social part) matters more than technology

Types of Attack What’s the same Theft Embezzlement Vandalism Exploitation Fraud Extortion Threat of harm Privacy violations

Attack Types Schneier’s classification –Criminal attacks –Privacy violations –Publicity attacks By attacker motive –Financial or other gain –To damage others –Privacy violations

Gain Motivated Attacks Fraud Intellectual Property Theft Identity Theft Brand Theft Publicity Attacks

Privacy Violations Stalking Surveillance Databases Traffic Analysis Broad Scale Electronic Monitoring

Attacks aimed at damaging others Denial-of Service attacks Defacing web sites Viruses and their ilk

Adversaries Those classified as criminals Hackers Lone Criminals Malicious Insiders Organized Crime Terrorists

Adversaries Those with claims of legitimacy Industrial spies The press The police National Intelligence Organizations Infowarriors

Phishing

Antiphishing.org

Microsoft Vulnerabilities Sharp increase in attacks on Windows based PCs in 1 st half of 2004 –1237 new vulnerabilities or 48/week Increase in number of bot networks –30,000 from 2,000 in previous 6 months Increase in percent of e-commerce attacks from 4% to 16% 450% increase in new Windows viruses – 4,496

Risk Components Magnitude of loss Likelihood of loss Exposure to loss

Management of Risk Control Information Time

Miscellaneous Defensive Measures Security policies Firewalls Intrusion detection Encryption Authentication

Liability Argument Who should be held liable? –Software vendors, e.g. Microsoft –Network owner, e.g. ISP (Comcast) –Person who wrote the attack tool –Person who used the attack tool –The public The ATM example

Three Steps to Improving IT Security 1)Enforce liability 2)Permit parties to transfer liability 3)Provide mechanisms to reduce risk

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.