Presentation is loading. Please wait.

Presentation is loading. Please wait.

Principles of Information System Security: Text and Cases

Published byStanley Carr Modified over 6 years ago

Similar presentations

Presentation on theme: "Principles of Information System Security: Text and Cases"— Presentation transcript:

1 Principles of Information System Security: Text and Cases
Gurpreet Dhillon PowerPoint Prepared by Youlong Zhuang University of Missouri-Columbia

2 Principles of Information System Security: Text and Cases
Chapter Sixteen Summary Principles for IS Security

3 Copyright 2006 John Wiley & Sons, Inc.
Learning Objectives Understand the six principles for managing IS security Copyright 2006 John Wiley & Sons, Inc.

4 There is no complete security
Instead, firms can consider the following principles Principles for technical aspects of information system security Principles for formal aspects of information system security Principles for informal aspects of information system security Copyright 2006 John Wiley & Sons, Inc.

5 Principles for Technical Aspects of IS Security
Principle 1: In managing the security of technical systems a rationally planned grandiose strategy will fall short of achieving the purpose Exclusive emphasis on the policy and designing it in a top down manner is counter productive A rationally planned strategy does not necessarily consider the ground realities The changing and dynamic nature makes it difficult to formulate grandiose strategies Copyright 2006 John Wiley & Sons, Inc.

6 Principles for Technical Aspects of IS Security (cont’d)
Principle 2: Formal models for maintaining the confidentiality, integrity, and availability (CIA) of information are important. However, the nature and scope of CIA needs to be clearly understood. Micro-management for achieving CIA is the way forward Copyright 2006 John Wiley & Sons, Inc.

7 Principles for Technical Aspects of IS Security (cont’d)
Technology is pulling hard in the opposite direction of confidentiality Data is accessible to the many, not the few Organization structure is towards less authoritarian, more informality, fewer rules, and empowerment A secure organization not only needs to secure the data but also its interpretation Copyright 2006 John Wiley & Sons, Inc.

8 Principles for Technical Aspects of IS Security (cont’d)
Most information security models were developed for the military domain The organizational reality is not the same for all enterprises A model developed for information security within a military organization may not necessarily be valid and true for a commercial enterprise Micro-strategies should be created for unit or functional levels Copyright 2006 John Wiley & Sons, Inc.

9 Principles for Formal Aspects of IS Security
Principle 3: Establishing a boundary between what can be formalized and what should be norm based is the basis for establishing appropriate control measures A computer based system should automate only a small part of the rule based formal system of an organization, and commensurate relevant technical controls Copyright 2006 John Wiley & Sons, Inc.

10 Ideal and Over-engineered Solution, Fig 16.1
Copyright 2006 John Wiley & Sons, Inc.

11 Principles for Formal Aspects of IS Security (cont’d)
Principle 4: Rules for managing information security have little relevance unless they are contextualized It is important that a thorough review of technical, formal, and informal interventions is conducted The choice of various elements in a security policy is case specific Copyright 2006 John Wiley & Sons, Inc.

12 Principles for Informal Aspects of IS Security
Principle 5: Education, training and awareness, although important, are not sufficient conditions for managing information security. A focus on developing a security culture goes a long way in developing and sustaining a secure environment Organizational processes such as communications, decision making, change and power are culturally ingrained Copyright 2006 John Wiley & Sons, Inc.

13 Principles for Informal Aspects of IS Security (cont’d)
Principle 6: Responsibility, integrity, trust, and ethicality are the cornerstones for maintaining a secure environment Members of an organization should understand what their roles are and what their responsibilities should be Copyright 2006 John Wiley & Sons, Inc.

14 Principles for Informal Aspects of IS Security (cont’d)
Integrity of a person as member of an organization is very important, especially as information has emerged as the most important asset/resource of organizations There is a need to have mutual systems of trust Lowering of ethical standards has resulted in an increasing numbers of frauds Copyright 2006 John Wiley & Sons, Inc.

15 Copyright 2006 John Wiley & Sons, Inc.
All rights reserved. Reproduction or translation of this work beyond that permitted in section 117 of the 1976 United States Copyright Act without express permission of the copyright owner is unlawful. Request for further information should be addressed to the Permission Department, John Wiley & Sons, Inc. The purchaser may make back-up copies for his/her own use only and not for distribution or resale. The Publisher assumes no responsibility for errors, omissions, or damages caused by the use of these programs or from the use of the information herein. Copyright 2006 John Wiley & Sons, Inc.

Download ppt "Principles of Information System Security: Text and Cases"

Similar presentations

ACCOUNTING INFORMATION SYSTEMS

ACCOUNTING INFORMATION SYSTEMS
Slide 1-1 Chapter 2 Principles of Accounting Analyzing Business Transactions.

Slide 1-1 Chapter 2 Principles of Accounting Analyzing Business Transactions.
Chapter 101 Information Technology For Management 6 th Edition Turban, Leidner, McLean, Wetherbe Lecture Slides by L. Beaubien, Providence College John.

Chapter 101 Information Technology For Management 6 th Edition Turban, Leidner, McLean, Wetherbe Lecture Slides by L. Beaubien, Providence College John.
Chapter 141 Establishing a Culture of Quality Chapter 14 Achieving Quality Through Continual Improvement Claude W. Burrill / Johannes Ledolter Published.

Chapter 141 Establishing a Culture of Quality Chapter 14 Achieving Quality Through Continual Improvement Claude W. Burrill / Johannes Ledolter Published.
PowerPoint Presentation for Dennis & Haley Wixom, Systems Analysis and Design Copyright 2000 © John Wiley & Sons, Inc. All rights reserved. Slide 1 Systems.

PowerPoint Presentation for Dennis & Haley Wixom, Systems Analysis and Design Copyright 2000 © John Wiley & Sons, Inc. All rights reserved. Slide 1 Systems.
“Copyright © 2001 John Wiley & Sons, Inc. All rights reserved. Reproduction or translation of this work beyond that permitted in Section 117 of the 1976.

“Copyright © 2001 John Wiley & Sons, Inc. All rights reserved. Reproduction or translation of this work beyond that permitted in Section 117 of the 1976.
Chapter 31 The Value of Implementing Quality Chapter 3 Achieving Quality Through Continual Improvement Claude W. Burrill / Johannes Ledolter Published.

Chapter 31 The Value of Implementing Quality Chapter 3 Achieving Quality Through Continual Improvement Claude W. Burrill / Johannes Ledolter Published.
© 2007 John Wiley & Sons Chapter 3 - Competitor AnalysisPPT 3-1 Competitor Analysis Chapter Three Copyright © 2007 John Wiley & Sons, Inc. All rights reserved.

© 2007 John Wiley & Sons Chapter 3 - Competitor AnalysisPPT 3-1 Competitor Analysis Chapter Three Copyright © 2007 John Wiley & Sons, Inc. All rights reserved.
MODERN AUDITING 7th Edition Developed by: Gregory K. Lowry, MBA, CPA Saint Paul’s College John Wiley & Sons, Inc. William C. Boynton California Polytechnic.

MODERN AUDITING 7th Edition Developed by: Gregory K. Lowry, MBA, CPA Saint Paul’s College John Wiley & Sons, Inc. William C. Boynton California Polytechnic.
Chapter 111 Information Technology For Management 6 th Edition Turban, Leidner, McLean, Wetherbe Lecture Slides by L. Beaubien, Providence College John.

Chapter 111 Information Technology For Management 6 th Edition Turban, Leidner, McLean, Wetherbe Lecture Slides by L. Beaubien, Providence College John.
Copyright © 2000 John Wiley & Sons, Inc. All rights reserved

Copyright © 2000 John Wiley & Sons, Inc. All rights reserved
© 2007 John Wiley & Sons Chapter 15 - Organizational Issues PPT 15-1 Organizational Issues Chapter Fifteen Copyright © 2007 John Wiley & Sons, Inc. All.

© 2007 John Wiley & Sons Chapter 15 - Organizational Issues PPT 15-1 Organizational Issues Chapter Fifteen Copyright © 2007 John Wiley & Sons, Inc. All.
Copyright © 2000 John Wiley & Sons, Inc. All rights reserved. Reproduction or translation of this work beyond that permitted in Section 117 of the 1976.

Copyright © 2000 John Wiley & Sons, Inc. All rights reserved. Reproduction or translation of this work beyond that permitted in Section 117 of the 1976.
1 LO 7 Compute earnings per share in a complex capital structure. Dirac Enterprises Example (Solution 1) Compute basic & diluted earnings per share for.

1 LO 7 Compute earnings per share in a complex capital structure. Dirac Enterprises Example (Solution 1) Compute basic & diluted earnings per share for.
Chapter 14 Venture Capital Copyright¸ 2003 John Wiley & Sons, Inc. All rights reserved. Reproduction or translation of this work beyond that permitted.

Chapter 14 Venture Capital Copyright¸ 2003 John Wiley & Sons, Inc. All rights reserved. Reproduction or translation of this work beyond that permitted.
1 Multinational Financial Management Alan Shapiro 10 th Edition John Wiley & Sons, Inc. PowerPoints by Joseph F. Greco, Ph.D. California State University,

1 Multinational Financial Management Alan Shapiro 10 th Edition John Wiley & Sons, Inc. PowerPoints by Joseph F. Greco, Ph.D. California State University,
Principles of Information System Security: Text and Cases Gurpreet Dhillon PowerPoint Prepared by Youlong Zhuang University of Missouri-Columbia.

Principles of Information System Security: Text and Cases Gurpreet Dhillon PowerPoint Prepared by Youlong Zhuang University of Missouri-Columbia.
Copyright 2006 John Wiley & Sons, Inc. Beni Asllani University of Tennessee at Chattanooga Operations Management - 5 th Edition Chapter 10 Supplement Roberta.

Copyright 2006 John Wiley & Sons, Inc. Beni Asllani University of Tennessee at Chattanooga Operations Management - 5 th Edition Chapter 10 Supplement Roberta.
Principles of Information System Security: Text and Cases

Principles of Information System Security: Text and Cases
I- 1 Prepared by Coby Harmon University of California, Santa Barbara Westmont College.

I- 1 Prepared by Coby Harmon University of California, Santa Barbara Westmont College.

Similar presentations

Ads by Google