Management Information Systems The Islamia University of Bahawalpur Delivered by: Tasawar Javed Lecture 16.

Slides:



Advertisements
Similar presentations
Security Presented by: Mark Davis & Shahein Moussavi.
Advertisements

CHAPTER 9 INFORMATION SECURITY
© 2007 by Prentice Hall Management Information Systems, 10/e Raymond McLeod and George Schell 1 Management Information Systems, 10/e Raymond McLeod Jr.
OCTAVESM Process 4 Create Threat Profiles
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Information Security EDU IT Security Terms EDU
1 Pertemuan 23 Information security Matakuliah: M0084/Sistem Informasi dalam Manajemen Tahun: 2005 Versi: 1/1.
COMP6005 An Introduction to Computing Session One: An Introduction to Computing Security Issues.
Auditing Computer Systems
Auditing Computer-Based Information Systems
Lecture 1: Overview modified from slides of Lawrie Brown.
The Islamic University of Gaza
Dr. Julian Lo Consulting Director ITIL v3 Expert
Security+ Guide to Network Security Fundamentals
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Lecture 11 Reliability and Security in IT infrastructure.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Chapter 7 Database Auditing Models
Internal Auditing and Outsourcing
Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.
Agenda  Introduce key concepts in information security from the practitioner’s viewpoint.  Discuss identifying and prioritizing information assets through.
Evolving IT Framework Standards (Compliance and IT)
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Overview Of Information Security Management By BM RAO Senior Technical Director National Informatics Centre Ministry of Communications and Information.
Protective Measures at NATO Headquarters Ian Davis Head, Information Systems Service NATO Headquarters Brussels, Belgium.
What does “secure” mean? Protecting Valuables
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
Information Security EDU IT Security Terms EDU
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.
Chapter 01: Introduction to Network Security. Network  A Network is the inter-connection of communications media, connectivity equipment, and electronic.
Enterprise Risk Management Chapter One Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
Definitions of Business, E- Business, and Risk  Business: An organization involved in trade of goods and/or services to the consumers  E-Business: Application.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Management Information Systems The Islamia University of Bahawalpur Delivered by: Tasawar Javed Lecture 19.
Malcolm Crompton APEC Information Privacy Framework: review, impact, & progress APEC Symposium on Information Privacy Protection in E Government & E Commerce.
Chap1: Is there a Security Problem in Computing?.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
ISO/IEC 27001:2013 Annex A.8 Asset management
IS 630 : Accounting Information Systems Auditing Computer-based Information Systems Lecture 10.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.
Safe’n’Sec IT security solutions for enterprises of any size.
Computer threats, Attacks and Assets upasana pandit T.E comp.
C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP
Overview of Database Security Introduction Security Problems Security Controls Designing Database Security.
Chapter 3-Auditing Computer-based Information Systems.
The Health Information Protection Act. What is the Health Information Protection Act (HIPA)? HIPA is legislation that speaks to access to, and protection.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Database Security Threats. Database An essential corporate resource Data is a valuable resource Must be strictly controlled, managed and secured May have.
Network security Vlasov Illia
Management Information Systems
Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.
Management Information Systems
Insiders are Today’s Biggest Security Threat
Network Security Basics: Malware and Attacks
COMPUTER SECURITY CONCEPTS
Lecture 8. Cyber Security, Ethics and Trust
Lecture 5. Security Threats
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
INFORMATION SYSTEMS SECURITY and CONTROL
DATABASE SECURITY For CSCL (BIM).
Chapter # 3 COMPUTER AND INTERNET CRIME
Presentation transcript:

Management Information Systems The Islamia University of Bahawalpur Delivered by: Tasawar Javed Lecture 16

Today’s talk  Information security Objectives of information security Management of information security  Information security management  Threats Internal and external threats Accidental and deliberate Acts  Types of Threats  Risks Information Security

 Information security System Security  Secure their information resources, attention was focused almost exclusively on protecting hard ware and data Information Security  This term was used to describe the protection of both computer and non computer equipment, facilities, data, and information from misuse by unauthorised parties. This broad definition includes such equipment as copiers, fax machines, and all types of media, and paper document Information Security

Objectives of Information Security  Confidentiality  Firm seeks to protect its data and information from disclosure to unauthorized persons.  Executive information systems, HRIS, & such transaction processing systems as payroll, accounts receivable, purchasing, and accounts payable are especially critical in this regard.  Availability  The purpose of firm’s information infrastructure is to make its data and information available to those who are authorized to use it. This objective is especially important to information oriented systems such as human resource information systems and executive information systems. Information Security

 Integrity  All of the information systems should provide an accurate representation of the physical systems that they represent The firm’s information systems must protect the data and information from misuse, but ensure its availability to authorized users who can have confidence in its accuracy Information Security

Management of information Security  Management is not only expected to keep the information resources secure, it is also expected to keep the firm functioning after a disaster or security breach.  ISM; express the activity of keeping information resources secure  Business Continuity Management The activity of keeping the firm and its information resources functioning after a catastrophe Information Security

 Management of information Security CISSO: Corporate information systems security officer has been used for the person in the organization, typically a member of the information systems unit, who is responsible for the firm’s information systems security. CIAO  Firms are trying to achieve an even higher level of security; designated a Corporate Information Assurance Officer; who will report to the CEO and manage an information assurance unit.  The CIAO should possess the full range of security certification and have a minimum of 10 years experience in managing an information security facility Information Security

Information Security Management  It consist on four steps Identifying the threat Define the risks Establish and information security policy Implementing the controls The Term Risk Management has been coined to describe this approach of basing the security of the firm’s information resources on the risk that it faces Information Security

RISK Mgmt Identify The threats Define the Risks Establis h an IS policy Impleme nt the controls

Information security Management  Information Security Benchmark A benchmark is a recommended level of performance Security benchmark is a recommended level of security that in normal circumstances should offer reasonable protection against unauthorized intrusion. These are defined by government and industry association and reflect what those authorities believe to be the components of a good information security program. Information Security

When a firm follow this approach, which we call benchmark compliance, it is assumed that government and industry authorities have done a good job of considering the threats and risks and that the bench marks offer good protection Benchmark compliance Information Security Benchmarks Establis h an ISP Impleme nt the control

Threats  Information security threat is a person, organization, mechanism, or event that has potential to inflict harm on the firm’s information resources Internal and External Threats  Internal includes not only employee, temporary workers, consultants, contractors, and even partners. External threats due to more intimate knowledge of the system by the internal threats Information Security

Accidental and deliberate Acts  Some threats are accidental; caused by persons inside or outside the firm  Information security should be aimed at preventing deliberate threats, it should also eliminate or reduce the opportunity for accidental damage Information Security

 Types of threats Virus  Computer program that can replicate itself without being observable to the user and embed copies of itself in other programs and boot sectors Trojan horse  Can neither replicate nor distribute itself; user produced it as utility but when it is used then it produces unwanted changes in the system’s functionality Adware  It generates intrusive advertising messages Spyware  Gathers data from the user’s machines Information security

Information Security Risks  Unauthorized disclosure and theft  Unauthorized use  Unauthorized destruction and denial of services  Unauthorized modification

Thank you!!! Q&A

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.