IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 7-1 Chapter 10 Information Systems Security.

Slides:



Advertisements
Similar presentations
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Advertisements

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
Information Systems Today: Managing in the Digital World Chapter Securing Information Systems “66 percent of all Webroot-scanned personal computers.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
1 MIS 2000 Class 22 System Security Update: Winter 2015.
Crime and Security in the Networked Economy Part 4.
Chapter 9 Information Systems Ethics, Computer Crime, and Security
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Security, Privacy, and Ethics Online Computer Crimes.
Security+ Guide to Network Security Fundamentals
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Internet & Security Information Systems Today Jessup & Valacich, Chapter.6.
Chapter 9 Information Systems Ethics, Computer Crime, and Security
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
1 Senn, Information Technology, 3 rd Edition © 2004 Pearson Prentice Hall James A. Senn’s Information Technology, 3 rd Edition Chapter 14 Issues in Information.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
New Data Regulation Law 201 CMR TJX Video.
Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =
6-1 6 Chapter Securing Information Systems “66 percent of all Webroot-scanned personal computers are infected with at least 25 spyware programs.” Webroot.
IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 8/26/ Benjamin Franklin “Any society that would.
1 Pertemuan 10 Understanding Computers Security Matakuliah: J0282 / Pengantar Teknologi Informasi Tahun: 2005 Versi: 02/02.
Chapter 11 Security and Privacy: Computers and the Internet.
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 8/30/ Accessories for “war driving” can.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Data Security.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
ISNE101 Dr. Ken Cosh Week 14. This Week  Challenges (still) facing Modern IS  Reliability  Security.
© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies.
© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies.
BUSINESS B1 Information Security.
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
C8- Securing Information Systems
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Information Systems Today: Managing in the Digital World Chapter Securing Information Systems “66 percent of all Webroot-scanned personal computers.
Caring for Technology Malware. Malware In this Topic we examine: v Viruses (or Malware) v Virus Detection Techniques v When a Virus is Detected v Updating.
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 10/15/ Accessories for “war driving” can.
Chapter 8 Computers and Society, Security, Privacy, and Ethics
Types of Electronic Infection
Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Educational Computing David Goldschmidt, Ph.D. Computer Science The College of Saint Rose CIS 204 Spring 2009.
IT in Business Issues in Information Technology Lecture – 13.
CPS ® and CAP ® Examination Review OFFICE SYTEMS AND TECHNOLOGY, Fifth Edition By Schroeder and Graf ©2005 Pearson Education, Inc. Pearson Prentice Hall.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Chap1: Is there a Security Problem in Computing?.
Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?
1 UNIT 19 Data Security 2. Introduction 2 AGENDA Hardware and Software protect ion Network protect ion Some authentication technologies :smart card Storage.
1 UNIT 19 Data Security 2 Lecturer: Ghadah Aldehim.
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Computers Are Your Future Eleventh Edition Chapter 9: Privacy, Crime, and Security Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall1.
PCs ENVIRONMENT and PERIPHERALS Lecture 10. Computer Threats: - Computer threats: - It means anything that has the potential to cause serious harm to.
LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.
Securing Information Systems
Instructor Materials Chapter 7 Network Security
UNIT 19 Data Security 2.
Securing Information Systems
Chapter 9 E-Commerce Security and Fraud Protection
INFORMATION SYSTEMS SECURITY and CONTROL
Chapter # 3 COMPUTER AND INTERNET CRIME
Presentation transcript:

IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/ Chapter 10 Information Systems Security and Controls

IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Information Systems Security 7-2 Information systems security: Precautions taken to keep all aspect of IS safe from unauthorized access and use. All aspects include all hardware, software, network equipments, and data. Increased need for good computer security with increased use of the Internet. Many computer system no longer stand-alone but parts of a networks. All systems connected to a network are at risk from Internal and external threats. Sources of threats: accidents and natural disasters, employees and consultants, links to outside business contacts, and outsiders. IS are most compromised via: unauthorized access, info modification, denial of services, virus, spam, spy-ware and cookies.

IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Sources of Primary Threats to Information Systems Security 7-3 1) Accidents and natural disasters: Power outages, cats walking across keyboards 2) Employees and consultants 3) Links to outside business contacts: Travel between business affiliates 4) Outsiders: hackers, crackers & Viruses

IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Unauthorized Access 7-4 IS security breach where an unauthorized user sees, manipulates, or otherwise handles electronically stored info. Seeing by: Looking through electronic data, Peeking at monitors, Intercepting electronic communication Theft of computers or storage media to access the data Determined hackers try to gain administrator status to access the data

IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Information Modification 7-5 An IS security attack by unauthorized users where electronic info is intentionally changed for ideological, political or criminal purposes. Ex: User changes information to give himself a raise, hacker deface website, student hack and change grade to ‘A’.

IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Computer Viruses 7-6 Destructive programs that disrupts the normal functioning of computer systems. Ex: Erase a hard drive, Seize control of a computer Require a lot of effort, time and money to repair the damage done by them. Worms: a Variation of a virus, that is designed to copy and send itself throughout internal networked computers or Internet. This leads to the Servers’ crash

IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Denial of Service Attack 7-7 Attacks by unauthorized users, often by zombie computers, that makes a network resource (e.g. website) unavailable to legitimate users or available with only a poor degree of services Zombie computers: computers that are infected with virus or worms that lunch attacks, in form of service requests, on websites.

IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Spyware 7-8 Software that covertly gathers info about a users through an Internet connection without the users knowledge. It usually comes in as part of a freeware or shareware. Sometimes embedded within a Web site and downloaded into the users computer without his knowledge. Freeware: software that is available for free, usually through the Internet Shareware: copyrighted software that is free of charge on trial basis, usually a users pay for a fee for continued use. Gathers information about a user. E.g. Credit card information; Behavior tracking for marketing purposes Eats up computer’s memory and network bandwidth Adware: special kind of spy-ware that collects information for banner ad customization

IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Spam 7-9 Electronic junk mail Advertisements of products and services Eats up storage space Compromises network bandwidth Spim  Spam over IM

IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Phishing 710 Attempts to trick users into giving away credit card numbers Phony messages Duplicates of legitimate Web sites E.g., eBay, PayPal have been used

IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Cookies 7-11 Messages passed to a Web browser from a Web server Used for Web site customization Cookies may contain sensitive information Cookie management and cookie killer software Internet Explorer Web browser settings

IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/ Other Threats to IS Security 1. Employees writing passwords on paper 2. No installation of antivirus software 3. Use of default network passwords 4. Letting outsiders view monitors 5. Organizations fail to limit access to some files 6. Organizations fail to install firewalls 7. Not doing proper background checks 8. Lack of employee monitoring 9. Fired employees who are resentful 7-12

IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Safeguarding Information Systems Resources 7-13 Begin with a through Information systems audits on those systems (hardware, software, data networks, business processes) All to determine which aspects of the systems are most vulnerable Next step is to design & implement a security plan. IT dept responsible to implement plans (or technology safeguards) One important aspect of audit is risk analysis. Risk analysis: Process of assessing the value of protected assets. It try to determine the Cost of loss vs. cost of protection Analysis involves three results: 1) Risk reduction: Measures taken to protect the system, 2) Risk acceptance: Measures taken to absorb the damages, 3) Risk transfer: Transferring the absorption of risk to a third party Technology safeguards: 1) physical access restrictions, 2) firewalls, encryptions, 4) virus monitoring/prevention, 5) audit-control software, 6) facilities

IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Physical Access Restrictions (1) 714 Authentication- verifying the identity of a user  Use of passwords  Photo ID cards, smart cards  Keys to unlock a computer  Combination Authentication limited to  Something you have  Something you know  Something you are

IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Physical Access Restrictions (2) 7-15 Biometrics: one Form of authentication  Fingerprints  Retinal patterns  Body weight  Etc. Fast authentication: take few seconds for system to authenticate High security: difficult to replicate body parts

IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Physical Access Restrictions (3) 7-16 Access-Control Software: Special software that can be used to help keep stored data to authorized users only. Requires the use of ID and password Restriction can be in forms of: 1) Access only to files required for work, 2) Read-only access, 3) Certain time periods for allowed access Build in design for most Business systems applications

IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Physical Access Restrictions (4) 7-17 Wireless LAN (Control): A computer network that spans in a relatively small area, allow all computer to be connected to each others using wireless transmission protocol cheap and easy to install Use on the rise Signal transmitted through the air but Susceptible to being intercepted or Drive-by hacking Control is through access point configuration (only allow access by registered computers via preauthorized wireless NIC)

IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Physical Access Restrictions (5) 7-18 Virtual Private Network: A network Connection that is constructed dynamically within an existing network, often called a Secure tunnel, in order to securely connect remote users or nodes to an organization networks Rely on the use of Encryption and authentication

IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Firewall 7-19 Systems that are designed to detect intrusion and prevent unauthorized access to or from a private network Implementation  Hardware, software, mixed

IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Encryption 7-20 Process of encoding messages before they enter an network or airwaves, then decoding them at the receiving end of the transfer, so that the intended recipients can read or hear them.

IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Anti-Virus software & Recommended Virus Precautions 7-21 Purchase and install antivirus software  Update frequently Do not download data from unknown sources  Flash drives, disks, Web sites Delete (without opening) e- mail from unknown source Warn people if you get a virus  Your department  People on list

IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Audit-Control Software 7-22 Software that helps to Keep track of computer activity so that auditors can spot suspicious activity and take actions. Allow to record users (authorized and unauthorized) to electronic footprints, a.k.a Audit trail  Record of users  Record of activities IT department or Info security dept needs to monitor this activity and interpret results.

IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Facilities 7-23 Specialized facilities to create a reliable and secure IS infrastructure Provides Technical Requirements (Power and Cooling systems) Designed to protects IS from floods, seismic activity, blackouts, hurricanes and potential criminal activities

IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Other Technological Safeguards 7-24 Backups  Secondary storage devices  Regular intervals Closed-circuit television (CCTV)  Monitoring for physical intruders  Video cameras display and record all activity  Digital video recording Uninterruptible power supply (UPS)  Protection against power surges

IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Non-technical Safeguards 7-25 Securing IS also involves Non-technical safeguards  use of the country laws and internal IS policies (e.g. Acceptable use policies) and educate employees about them Also making sure only Trustworthy employees are hired and treating the employees well

IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Developing an Information Systems Security Plan 7-26 Ongoing five-step process 1) Risk analysis- determine the Cost of loss vs. cost of protection a.Determine value of electronic information b.Assess threats to confidentiality, integrity and availability of information c.Identify most vulnerable computer operations d.Assess current security policies e.Recommend changes to existing practices to improve computer security

IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Security Plan: Step ) Policies and procedures—actions to be taken if security is breached a.Information Policy—handling of sensitive information b.Security Policy—technical controls on organizational computers c.Use Policy—appropriate use of in-house IS d.Backup Policy e.Account Management Policy—procedures for adding new users f.Incident Handling Procedures—handling security breach g.Disaster Recovery Plan—restoration of computer operations

IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Security Plan: Remaining Steps ) Implementation- carrying out policies and procedures a.Implementation of network security hardware and software b.IDs and smart cards dissemination c.Responsibilities of the IS department 4) Training – organization’s personnel so that they know about and how to carry out the policies and procedures 5) Auditing – evaluate the effectiveness of step (1) to (4) a.Assessment of policy adherence b.Penetration tests

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.