Presentation is loading. Please wait.

Presentation is loading. Please wait.

INFORMATION SYSTEMS SECURITY and CONTROL

Published byCory Evans Modified over 5 years ago

Similar presentations

Presentation on theme: "INFORMATION SYSTEMS SECURITY and CONTROL"— Presentation transcript:

1 INFORMATION SYSTEMS SECURITY and CONTROL

2 What is security? The quality or state of being secure to be free from danger Security is achieved using several strategies simultaneously or used in combination with one another Security is recognized as essential to protect vital processes and the systems that provide those processes Security is not something you buy, it is something you do

3 Vulnerability, Threat and Attack
A vulnerability:- is a weakness in security system Can be in design, implementation, etc. Can be hardware, or software A threat:- is a set of circumstances that has the potential to cause loss or harm Or it’s a potential violation of security Threat can be: Accidental (natural disasters, human error, …) Malicious (attackers, insider fraud, …) An attack:- is the actual violation of security

4 Why Systems are Vulnerable?
Hardware problems- Breakdowns, configuration errors, damage from improper use or crime Software problems- Programming errors, installation errors, unauthorized changes) Disasters- Power failures, flood, fires, etc. Use of networks and computers outside of firm’s control - E.g. with domestic or offshore outsourcing vendors

5 SYSTEM VULNERABILITY AND ABUSE
Concerns for System Builders and Users Disaster Destroys computer hardware, programs, data files, and other equipment Security Prevents unauthorized access, alteration, theft, or physical damage

6 SYSTEM VULNERABILITY AND ABUSE
Concerns for System Builders and Users Errors- Cause computers to disrupt or destroy organization’s record-keeping and operations Bugs- Program code defects or errors Maintenance - Maintenance costs high due to organizational change, software complexity, and faulty system analysis and design

7 RISKS & THREATS Virus Attacks Systems & Network Failure
Theft, Sabotage, Misuse High User Knowledge of IT Systems Natural Calamities & Fire Lack Of Documentation Lapse in Physical Security

8 BUSINESS VALUE OF SECURITY AND CONTROL
Inadequate security and control may create serious legal liability. Businesses must protect not only their own information assets but also those of customers, employees, and business partners. Failure to do so can lead to costly litigation for data exposure or theft. A sound security and control framework that protects business information assets can thus produce a high return on investment.

9 ESTABLISHING A MANAGEMENT FRAMEWORK FOR SECURITY AND CONTROL
General controls: Establish framework for controlling design, security, and use of computer programs Software controls Hardware controls Computer operations controls Data security controls Implementation controls

10 Application controls:
Unique to each computerized application Input Processing Output

11 CREATING A CONTROL ENVIRONMENT
Controls:- Methods, policies, and procedures Ensures protection of organization’s assets Ensures accuracy and reliability of records, and operational adherence to management standards

12 CREATING A CONTROL ENVIRONMENT
Mirroring: Duplicating all processes and transactions of server on backup server to prevent any interruption Clustering: Linking two computers together so that a second computer can act as a backup to the primary computer or speed up processing

13 CREATING A CONTROL ENVIRONMENT
Internet Security Challenges Firewalls:- Hardware and software controlling flow of incoming and outgoing network traffic Prevent unauthorized users from accessing private networks Intrusion Detection System:- Monitors vulnerable points in network to detect and deter unauthorized intruders

14 CREATING A CONTROL ENVIRONMENT
Internet Security Challenges Encyption: - Coding and scrambling of messages to prevent their access without authorization Authentication: - Ability of each party in a transaction to ascertain identity of other party Message integrity: - Ability to ascertain that transmitted message has not been copied or altered

15 CREATING A CONTROL ENVIRONMENT
Internet Security Challenges Digital signature: -Digital code attached to electronically transmitted message to uniquely identify contents and sender Digital certificate: -Attachment to electronic message to verify the sender and to provide receiver with means to encode reply Secure Electronic Transaction (SET): -Standard for securing credit card transactions over Internet and other networks

16 MANAGEMENT CHALLENGES
Implementing an effective security policy Applying quality assurance standards in large systems projects What are the most important software quality assurance techniques? Why are auditing information systems and safeguarding data quality so important?

Download ppt "INFORMATION SYSTEMS SECURITY and CONTROL"

Similar presentations

Security and Control Soetam Rizky. Why Systems Are Vulnerable ?

Security and Control Soetam Rizky. Why Systems Are Vulnerable ?
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
14.1 © 2004 by Prentice Hall INFORMATIONSYSTEMS SECURITY AND CONTROL.

14.1 © 2004 by Prentice Hall INFORMATIONSYSTEMS SECURITY AND CONTROL.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.

7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.
4/15: Security & Controls in IS Systems Vulnerabilities Controls: what to use to guard against vulnerabilities –General controls –Application controls.

4/15: Security & Controls in IS Systems Vulnerabilities Controls: what to use to guard against vulnerabilities –General controls –Application controls.
Chapter 17 Controls and Security Measures

Chapter 17 Controls and Security Measures
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Lecture 10 Security and Control.

Lecture 10 Security and Control.
Lecture 10 Security and Control.

Lecture 10 Security and Control.
10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.

10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
14.1 © 2004 by Prentice Hall Management Information Systems 8/e Chapter 14 Information Systems Security and Control 14 INFORMATIONSYSTEMS SECURITY AND.

14.1 © 2004 by Prentice Hall Management Information Systems 8/e Chapter 14 Information Systems Security and Control 14 INFORMATIONSYSTEMS SECURITY AND.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
11.1 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality,

11.1 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality,
Misbahuddin Azzuhri SE. MM. CPHR.

Misbahuddin Azzuhri SE. MM. CPHR.

Similar presentations

Ads by Google