Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 MIS 2000 Class 22 System Security Update: Winter 2015.

Published byShana Shields Modified over 9 years ago

Similar presentations

Presentation on theme: "1 MIS 2000 Class 22 System Security Update: Winter 2015."— Presentation transcript:

1 1 MIS 2000 Class 22 System Security Update: Winter 2015

2 Outline Security threats concept Sniffing Encryption defense Malware Data theft Intrusion detections system, password & firewall defenses Internet threats and defenses Internal threats & defenses Summary 2

3 3 Information Systems’ Vulnerability Network-related challenges: Access to local and wide area networks (Internet) brings risks. Anyone from inside/outside the organization can attempt to infiltrate information systems. The risks of unauthorized access to data, stealing and destruction is greater than with paper that exists in one original form and can be securely locked. Digital data can also be changed, while the fraud is not easily detected. One of disadvantages in comparison with paper.*

4 Security Threats - External 4 Data theft Malware (virus, worm…) False identity (spoofing/phishing) Power failure, Natural disaster Sniffing

5 Sniffing refers to listening to a communication channel performed by an uninvited party. Sniffing is a version of unauthorized access. Conversations on cell phones can easily be sniffed.* WiFi channels are also vulnerable. Defense: Encryption of the data transferred. The content is jammed into illegible format by using some programming method. Example: “Hi, how are you?” can be encrypted into something like “xy&*z-&8w4}”. See next slide. 5

6 6 Encryption Encryption = Scrambling of a message to prevent unauthorized parties from reading it. Encryption is a defense against sniffing communication channel. Single key encryption – Sender and receiver use the same private key for encryption and decryption. Double key encryption – Sender and Receiver use a combination of a public and a private key: Digital Certificate - public key and a proof of its validity issued by a certificate authority (e.g., VeriSign); licensed annually. Critical for e-commerce; important in other Internet communications Encrypt with Recipient’s Public Key Decrypt with Recipient’s Private Key Digital Certificate Digital Signature can be applied Certificate Authority

7 77 Malware Malware = malicious software that can harm data, and/or computer software and even hardware. Virus (a legend about their origin) – destructive to data & software Warm – replicates itself taking computing resources and impairing computer functioning (e.g., speed, and screen freeze). Trojan – blocks system security functions, so opening doors for other malware. Adware – presents unwanted ads in pop-up or pop-under windows. Spyware – observes user's activities and reports it to external party. Defenses: Anti-virus software. Automatic and continuously updated online by vendor. Critical for Internet. * Firewall (see later slide)

8 Data Theft Data theft is stealing data by hackers. This is also internal threat in organizations when unauthorized person accesses data. Also, data storage devices or mobile tech. can be stolen or lost. Defenses: Firewall: a whole security-tasked IS for guarding access 8

9 More Defenses from Data Theft Intrusion Detection System (IDS). Automatically detects suspicious network traffic. Passwords for access Physical: Locking up computers and storage devices. Mobile tech. methods: Combining passwords, storage encryption*, locks, remote data wipes. 9 Supports Firewall Rules defining suspicious moves Monitoring internal traffic as well

10 False Identity Also called spoofing, phishing, social engineering…* A malevolent party pretends to be a company or a person they really are not, and tries to get personal data (credit card numbers etc.). Defense: Vigilance and caution! Never go to Web sites your are invited to via email or on social media, unless you are absolutely sure the site/invitation is real.** Never engage in “money transfer” schemes unknown persons offer you via email or texting. 10

11 11 Internal Security Threats & Defenses Within organizations. Threats are bigger as people are closer to technologies and data storage. Unauthorized access, change and copying of data; also, stealing data storage. Unauthorized access to data: when a user does not have a particular privilege (read, write, change, delete) but gets it somehow. Human errors: leaving data unprotected, poor & lost passwords, not locking data/hardware/software. Defenses: Physical securing; passwords; biometric methods (fingertip readers). Managing access to data (system administrators) Training, supervision

12 Power failure & Natural disasters 12 Power failure can be internal or external threat. Defense: Have backup electricity generators ready to take over. Natural disasters belong to external threats. Defense: Have disaster management plans Extra computing facilities off-site (can be rented). Keep backup data off-site. Run regular checks to assess preparedness.

13 Summary Security threats are external and internal, and include malware, false identity, sniffing, data theft, and unauthorized access and change of data tempering. Mobile phones and devices and wireless channels are very vulnerable. Internet increases security risks. Defenses include data encryption, intrusion detections system, passwords, firewalls, physical means, and managing system access. 13

Download ppt "1 MIS 2000 Class 22 System Security Update: Winter 2015."

Similar presentations

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
POSSIBLE THREATS TO DATA

POSSIBLE THREATS TO DATA
Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.

1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.

Similar presentations

Ads by Google