Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 14: Business Information Systems - ICT Security

Published byAnissa Hodges Modified over 5 years ago

Similar presentations

Presentation on theme: "Lecture 14: Business Information Systems - ICT Security"— Presentation transcript:

1 Lecture 14: Business Information Systems - ICT Security

2 Discussion point How would you plan the ultimate security of your HOME when you are building a house

3 Points of Vulnerability – An analogy
External Threat Burglars Storms Rodents Snakes Crocodiles Mistress Internal Threat Maid Kids Fire Dirt/Clatter Television External/Internal Electricity Sewer Water Neighbourhood

4 What to protect The whole computing system: Hardware Software Network
Systems Data Network People

5 Points of Vulnerability
External Manufacturers: Backdoor software: this has been known to be put in active devices for example. Part of the reason why CISCO is deemed a threat in China. Quality of product Fit to purpose Vendors Are they in the channel Are they reliable What warranty do they give

6 Points of Vulnerability
External Suppliers of Software Is it genuine What support do they have Reaction time; can they be reached and solve issues online How well established are they Backdoor (

7 Points of Vulnerability
External Repair Companies Are they in the channel Are they reliable What warranty do they have What is their turn around Partners Coupled thorough the Intranet Software vulnerabilities Data vulnerabilities

8 Points of Vulnerability
External Burglars Protection of the Sever Room Access points Controlled Access Controlled Conditions in the room General physical security Hackers Protection from without at network entry points Protection from within

9 Points of Vulnerability
Internal ICT Staff Intentional or Accidental Users Intentional or Accidental Solutions Access levels (only access necessary data) Training Properly defined procedures

10 Points of Vulnerability
Internal/External Internet Connection Greatest point of vulnerability Firewall with access rules External access rules including for employees Exchange of storage devices Lack of virus protection for the external devices (Bringing the external to the internal while bypassing the Firewall) Wireless network

11 What could go wrong Denial of services Virus attack Spam attack
Antivirus Spam attack ing Policies Antispam Wrong Data Rules in the database for integrity check

12 What could go wrong Denial of Service Corrupt Data Loss of Data
Manner in which data is stored Loss of Data Backup On site Off site Exposure of data By employees Regulatory By trusted third parties (e.g., your lawyers) Slow system Deny use of some services (webmail, social network sites etc.)

13 HR Role in ensuring security of bespoke systems
Physical security – the persons to secure Access control linked to the financial system Background check on all employed staff Training In house training of IT staff In house training of non-IT staff Contracts for IT staff Unlimited liability in terms of execution of their duties, ability to sue if there is intentional malice Resource allocation, appropriate tools Code of conduct consequences of breaching ICT related policies Skills retention schemes

14 Computer Crime Unauthorized Use at work Hacking Cyber Theft
List these and discuss these Software Piracy Piracy of Intellectual Property

15 Posed problems Give the security reasons why one should not use mobile/wireless networks for conducting business transactions How would you mitigate against these risks What security issues should one consider when using popular systems like Gmail and Yahoo What are the security issues to consider when an organization issues a laptop to its executives? (elaborated on next slide)

16 Stolen with sensitive information
What are the security issues to consider when an organization issues a laptop to its executives? Stolen with sensitive information Encryption Lock hard drive with password Limit the type of information on the laptop Physical damage of laptop  loss of data Data backup Should not access internet via wireless when off work  should access through VPN Restrict some of the uses of systems on the laptop

17 Discussion Point In an attempt to protect the ICT related assets we have decided to have a cocktail of policies. List the policies and briefly outline what would be in each policy What are the security issues that have to be considered at the following stages, National, Corporate, Personal, Global

Download ppt "Lecture 14: Business Information Systems - ICT Security"

Similar presentations

Northside I.S.D. Acceptable Use Policy 2009-2010.

Northside I.S.D. Acceptable Use Policy
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
Protecting ICT Systems

Protecting ICT Systems
Program Objective Security Basics

Program Objective Security Basics
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
General Awareness Training

General Awareness Training
CHAPTER 4 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate.

CHAPTER 4 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

Similar presentations

Ads by Google