McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.

Slides:



Advertisements
Similar presentations
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Advertisements

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
1 MIS 2000 Class 22 System Security Update: Winter 2015.
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
CHAPTER OVERVIEW SECTION 4.1 – Ethics
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Sarbanes-Oxley: Where Information Technology, Finance, and Ethics Meet
BUSINESS PLUG-IN B6 Information Security.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Business Plug-In B6 Information Security.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS
2 An Overview of Telecommunications and Networks Telecommunications: the _________ transmission of signals for communications (home net) (home net)
Chapter 12 Network Security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved ETHICS SECTION 4.1.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
4-1 Chapter Four Overview SECTION ETHICS –Ethics –Information Ethics –Developing Information Management Policies –Ethics in the Workplace SECTION.
Lecture 11 Reliability and Security in IT infrastructure.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
CSUN Information Systems IS312 Information Systems for Business Lecture 9 Ethic & Information Security.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
CHAPTER FOUR ETHICS AND INFORMATION SECURITY MIS BUSINESS CONCERNS
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.
1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module E Network Basics.
1 Pertemuan 10 Understanding Computers Security Matakuliah: J0282 / Pengantar Teknologi Informasi Tahun: 2005 Versi: 02/02.
Protecting People and Information: Threats and Safeguards
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.
BUS1MIS Management Information Systems Semester 1, 2012 Week 7 Lecture 1.
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,
BUSINESS B1 Information Security.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
C8- Securing Information Systems
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved ETHICS Business Plug-In 7.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Today’s Lecture Covers < Chapter 6 - IS Security
Chapter 4 McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.
Chapter 8 Computers and Society, Security, Privacy, and Ethics
Types of Electronic Infection
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,
McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Business Plug-In B6 Information Security.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Security and Ethics Safeguards and Codes of Conduct.
Matt Broman Kodiac Gamble Devin Nichol SECTION 4.2 INFORMATION SECURITY.
Topic 8 – Security Methods 1)TechMed scenario covers Security methods and devices, including biometrics In the scenario: Implied.
CPT 123 Internet Skills Class Notes Internet Security Session B.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Definition s a set of actions taken to prevent or minimize adverse consequences to assets an entity of importance a weakness in the security system to.
Information Systems Design and Development Security Precautions Computing Science.
BUSINESS DRIVEN TECHNOLOGY
CHAPTER FOUR OVERVIEW SECTION ETHICS
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Sarbanes-Oxley: Where Information Technology, Finance, and Ethics Meet
Operating Systems Security
INFORMATION SYSTEMS SECURITY and CONTROL
CHAPTER FOUR OVERVIEW SECTION ETHICS
Protection Mechanisms in Security Management
Presentation transcript:

McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2

4-2 PROTECTING INTELLECTUAL ASSETS Organizational information is intellectual capital - it must be protected Information security – the protection of information from accidental or intentional misuse by persons inside or outside an organization E-business automatically creates tremendous information security risks for organizations

4-3 PROTECTING INTELLECTUAL ASSETS

4-4 PROTECTING INTELLECTUAL ASSETS

4-5 THE FIRST LINE OF DEFENSE - PEOPLE Organizations must enable employees, customers, and partners to access information electronically The biggest issue surrounding information security is not a technical issue, but a people issue 33% of security incidents originate within the organization –Insiders – legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident

4-6 THE FIRST LINE OF DEFENSE - PEOPLE The first line of defense an organization should follow to help combat insider issues is to develop information security policies and an information security plan –Information security policies – identify the rules required to maintain information security –Information security plan – details how an organization will implement the information security policies

4-7 THE FIRST LINE OF DEFENSE - PEOPLE Five steps to creating an information security plan: 1.Develop the information security policies 2.Communicate the information security policies 3.Identify critical information assets and risks 4.Test and reevaluate risks 5.Obtain stakeholder support

4-8 THE SECOND LINE OF DEFENSE - TECHNOLOGY There are three primary information technology security areas 1.Authentication and authorization 2.Prevention and resistance 3.Detection and response

4-9 Authentication and Authorization Authentication – a method for confirming users’ identities Authorization – the process of giving someone permission to do or have something The most secure type of authentication involves: 1.Something the user knows such as a user ID and password 2.Something the user has such as a smart card or token 3.Something that is part of the user such as a fingerprint or voice signature

4-10 Something the User Knows Such As a User ID and Password This is the most common way to identify individual users and typically contains a user ID and a password This is also the most ineffective form of authentication Over 50 percent of help-desk calls are password related

4-11 Smart cards and tokens are more effective than a user ID and a password –Tokens – small electronic devices that change user passwords automatically –Smart card – a device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing Something the User Knows Such As a User ID and Password

4-12 Something That Is Part Of The User Such As a Fingerprint or Voice Signature This is by far the best and most effective way to manage authentication –Biometrics – the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting Unfortunately, this method can be costly and intrusive

4-13 Content Filtering Organizations can use content filtering technologies to filter and prevent e- mails containing sensitive information from transmitting and stop spam and viruses from spreading. –Content filtering – occurs when organizations use software that filters content to prevent the transmission of unauthorized information –Spam – a form of unsolicited –Corporate losses caused by Spam

4-14 Encryption If there is an information security breach and the information was encrypted, the person stealing the information would be unable to read it –Encryption – scrambles information into an alternative form that requires a key or password to decrypt the information –Public key encryption (PKE) – an encryption system that uses two keys: a public key for everyone and a private key for the recipient

4-15 Firewalls One of the most common defenses for preventing a security breach is a firewall –Firewall – hardware and/or software that guards a private network by analyzing the information leaving and entering the network

4-16 Firewalls Sample firewall architecture connecting systems located in Chicago, New York, and Boston

4-17 Detection and Response If prevention and resistance strategies fail and there is a security breach, an organization can use detection and response technologies to mitigate the damage Antivirus software is the most common type of detection and response technology

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.