© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 1 Chapter 12 Information Security Management.

Slides:



Advertisements
Similar presentations
Information Security Management Chapter “We Have to Design It for Privacy and Security.” Copyright © 2014 Pearson Education, Inc. Publishing.
Advertisements

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
1 MIS 2000 Class 22 System Security Update: Winter 2015.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Crime and Security in the Networked Economy Part 4.
Information Security Management Chapter “We Have to Design It for Privacy and Security. ” Tension between Maggie and Ajit regarding terminology.
Mr C Johnston ICT Teacher
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
© Pearson Prentice Hall Using MIS 2e Chapter 12 Information Security Management David Kroenke.
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Information Security Management
Security, Privacy, and Ethics Online Computer Crimes.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
1 Management Information Systems Information Security Management Chapter 12.
1 Using Management Information Systems David Kroenke Information Security Management Chapter 11.
Chapter 12 Information Security Management © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Computer Security 1 Keeping your computer safe. Computer Security 1 Computer Security 1 includes two lessons:  Lesson 1: An overview of computer security.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
TRACs Security Awareness FY2009 Office of Information Technology Security 1.
Security The Kingsway School. Accidental Data Loss Data can be lost or damaged by: Hardware failure such as a failed disk drive Operator error e.g. accidental.
Information Security Management
Information Security Technological Security Implementation and Privacy Protection.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 1 Chapter 12 Information Security Management.
PART THREE E-commerce in Action Norton University E-commerce in Action.
Introduction to Information and Computer Science Security Lecture b This material (Comp4_Unit8b) was developed by Oregon Health and Science University,
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies.
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,
BUSINESS B1 Information Security.
1.1 System Performance Security Module 1 Version 5.
Prepared by: Dinesh Bajracharya Nepal Security and Control.
Information Security Management
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
Information Security Management
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
C8- Securing Information Systems
Information Systems Security Operational Control for Information Security.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall
SECURITY OF DATA By: ADRIAN PERHAM. Issues of privacy; Threats to IT systems; Data integrity; Standard clerical procedures; Security measures taken to.
CPS ® and CAP ® Examination Review OFFICE SYTEMS AND TECHNOLOGY, Fifth Edition By Schroeder and Graf ©2005 Pearson Education, Inc. Pearson Prentice Hall.
Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,
Chap1: Is there a Security Problem in Computing?.
Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?
CONTROLLING INFORMATION SYSTEMS
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Computer Crime: Identity Theft, Misuse of Personal Information, and How to Protect Yourself (Tawny Walsh, Irina Lohina, Renair Jackson, Jahmele Betterson,
Protecting Data. Privacy Everyone has a right to privacy Data is held by many organisations –Employers –Shops –Banks –Insurance companies –etc.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Mr C Johnston ICT Teacher BTEC IT Unit 09 - Lesson 11 Network Security.
Computers Are Your Future Eleventh Edition Chapter 9: Privacy, Crime, and Security Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall1.
ANS File Security Chapter # 29 ( Prepared by : Mazhar Javed ) 1 Data Security “Protection against loss, corruption of, or unauthorized access of data”
Securing Information Systems
Chapter 12 Managing Information Security and Privacy
Securing Network Servers
IT Security  .
Using MIS 2e Chapter 12 Information Security Management
Business Risks of Insecure Networks
Securing Information Systems
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
Malware, Phishing and Network Policies
Presentation transcript:

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 1 Chapter 12 Information Security Management

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 2 Agenda 1.What are the sources and types of security threats? 2.What are the elements of a security program? 3.How can technical safeguards protect against security threats? 4.How can data safeguards protect against security threats? 5.How can human safeguards protect against security threats? 6.What is necessary for disaster preparedness? 7.How should organizations respond to security incidents?

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 3 In The News Facebook security lapse exposes pictures Patriot Act haunts Google service Many retailers easy to hack, study finds Heavy web downloaders face broadband fees Bell irks ISPs with new throttling policy Malware blamed for supermarket data breach

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 4 The Problem

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 5 Sources of Security Threats Human errors and mistakes Accidental problems Poorly written programs Poorly designed procedures Physical accidents Malicious human activity Intentional destruction of data Destroying system components Hackers Virus and worm writers Criminals Terrorists Natural events and disasters Fires, floods, hurricanes, earthquakes, tsunamis,avalanches, tornados Security Video

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 6 Types of Problems Unauthorized data disclosure Human error Posting private information in public place Placing restricted information on searchable Web sites Malicious release ( pretending to be some one else) Pretexting ( phone calls – 4537 visa cards) Phishing ( s) Spoofing ( IP spoofing – spoofing=Phishing) Sniffing ( easy with wireless) Breaking into networks and steal data

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 7 Types of Problems, continued Incorrect data modifications Human errors Incorrect entries and information Employees follow procedure incorrectly Incorrect data modifications Systems errors Hacking – Unauthorzed access to a computer system Faulty recovery actions after a disaster Faulty Service Incorrect systems operations- wrong item sent to wrong address- incorrect bill, … Usurpation ( unauthorized programs invade a system)

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 8 Types of Problems, continued Denial of service Human error ( keeping servers busy with computation) Malicious Attacks ( Flood of server requests) Loss of infrastructure ( cutting fiber optic cables) Accidental Theft ( terminated employees) Terrorism Natural disasters ( 2004 tsunami and 2005 Katrina)

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 9 MIS in Use: Phishing for Credit Card Accounts Phishing Operation that spoofs legitimate companies in an attempt to get credit card information, driver’s licenses, and other data Usually initiated by request Designed to cause you to click Asks for personal data May install spyware, malware, adware Defenses Know your purchases and deal directly with vendors Implausibility of Don’t be misled by legitimate-looking graphics, addresses

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 10 Security Safeguards

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 11 Technical Safeguards Involves hardware and software components User names and passwords Identification Authentication Smart cards Personal identification number (PIN with microchip inside) Biometric authentication Fingerprints, facial scans, retina scans Single sign-on for multiple systems

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 12 Technical Safeguards

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 13 Technical Safeguards, continued Malware Viruses Worms Trojan horses Spyware programs Adware Malware safeguards Antivirus and anti-spyware programs Scan hard drive and Update definitions Open attachments only from known sources Install updates promptly Browse only reputable Web sites

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 14 Spyware and Adware Symptoms

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 15 Security Threat Protection by Data Safeguards Data administration Organization-wide function Develops data policies Enforce data standards Database administration Database function Procedures for multi-user processing Change control to structure Protection of database

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 16 Data Safeguards Encryption keys Backup copies Store off-premise Check recovery procedure and validity Physical security Lock and control access to facility Maintain entry log Third party contracts Safeguards are written into contracts Right to inspect premises and interview personnel

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 17 Human Safeguards People and procedure component Access restriction requires authentication and account management User accounts considerations Define job tasks and responsibility Separate duties and authorities Grant least possible privileges Document security sensitivity Hiring and screening employees

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 18 Human Safeguards, continued Employees need to be made aware of policies and procedures Employee security training Enforcement of policies Define responsibilities Hold employees accountable Encourage compliance Management attitude is crucial Create policies and procedures for employee termination Protect against malicious actions in unfriendly terminations Remove user accounts and passwords

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 19 STFX Do not tell anyone your password. Do not write down your password. Do not use a simple word as a password. Do not use personal information as a password. Do not reuse an old password. Use a phrase as a password. Use numbers and special characters in a password. Change your password often.

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 20 Non-Employee Personnel Temporary personnel and vendors (US passport office) Screen personnel Training and compliance Contract should include specific security provisions Provide accounts and passwords with the least privileges Public users Harden Web site and facility Take extraordinary measures to reduce system’s vulnerability Partners and public that receive benefits from system Protect these users from internal company security problems

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 21 Account Administration Account management procedures Creation of new accounts, modification of existing accounts, removal of terminated accounts Password management Acknowledgment forms Change passwords frequently Help-desk policies Authentication of users who have lost password Password should not be ed

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 22 Information Systems Safety Procedures Procedure types Normal operations Use system to perform lob tasks, with security appropriate to sensitivity Backup Prepare for loss of system functionality Recovery Accomplish job tasks during failure Should be standardized for each procedure type

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 23 Security Monitoring Activity log analyses Firewall logs DBMS log-in records Web server logs Security testing In-house and external security professionals Investigation of incidents How did the problem occur? Lessons learned Indication of potential vulnerability and corrective actions

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 24 Disaster Preparedness Disaster Substantial loss of infrastructure caused by acts of nature, crime, or terrorism (9/11, Katrina) Best safeguard is location of infrastructure Backup processing centers in geographically removed site Create backups for critical resources Hot and cold sites Train and rehearse cutover of operations

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 25 Incident Response Organization must have plan Detail reporting and response Centralized reporting of incidents Allows for application of specialized expertise Speed is of the essence Preparation pays off Identify critical employees and contact numbers Training is vital Practice incidence response

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 26 Public Relations Monster.com took 5 days to disclose data theft August 24, 2007 at 9:48 AM EDT onse/weblog/2007/08/post_3.html

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 27 Additional Material Microsoft Videos on Phishing Microsoft Videos Phishing Video CBC Report CBC Video ID Theft Hackers

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.