Presentation is loading. Please wait.

Presentation is loading. Please wait.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Published byPhebe Morton Modified over 8 years ago

Similar presentations

Presentation on theme: "Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security."— Presentation transcript:

1 Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security

2 Alter – Information Systems 4th ed. © 2002 Prentice Hall 2 Threat of Accidents and Malfunctions Operator error Hardware malfunction Software bugs Data errors Accidental disclosure of information Damage to physical facilities Inadequate system performance Liability for system failure

3 Alter – Information Systems 4th ed. © 2002 Prentice Hall 3 Threat of Computer Crime: Theft Theft of software and equipment Unauthorized use of access codes and financial passwords Theft by entering fraudulent transaction data Theft by stealing or modifying data Internet hoaxes for illegal gain Theft by modifying software

4 Alter – Information Systems 4th ed. © 2002 Prentice Hall 4 Threat of Computer Crime: Sabotage and Vandalism Trap door A set of instructions that permits a user to bypass the computer system’s security measures Trojan horse A program that appears to be valid but contains hidden instructions that can cause damage

5 Alter – Information Systems 4th ed. © 2002 Prentice Hall 5 Threat of Computer Crime: Sabotage and Vandalism (cont.) Logic bomb A type of Trojan horse set to activate when a particular condition occurs Virus A special type of Trojan horse that can replicate itself and spread Denial of service attack Sabotaging a Web site by flooding it with incoming messages

6 Alter – Information Systems 4th ed. © 2002 Prentice Hall 6 Factors that Increase the Risks The nature of complex systems Human limitations Pressures in the business environment

7 Alter – Information Systems 4th ed. © 2002 Prentice Hall 7 Methods for Minimizing Risks Controlling system development and modifications Software change control systems Providing security training Physical access controls

8 Alter – Information Systems 4th ed. © 2002 Prentice Hall 8 Controlling Access to Data, Computers, and Networks Guidelines for manual data handling Access privileges Access control based on what you know Password Password schemes Access control based on what you have Access control based on where you are Access control based on who you are

9 Alter – Information Systems 4th ed. © 2002 Prentice Hall 9 Controlling incoming data flowing through networks and other media virus protection Commercially available virus protection products Firewall Firewall software that inspects each incoming data packet, and decides whether it is acceptable based on its IP address

10 Alter – Information Systems 4th ed. © 2002 Prentice Hall 10 Firewall and the Internet

11 Alter – Information Systems 4th ed. © 2002 Prentice Hall 11 Making the Data Meaningless to Unauthorized Users Public key encryption – encryption method based on two related keys, a public key and a private (secret) key Also used to transmit the secret key used by the Data Encryption Standard (DES) Digital signatures – use public key encryption to authenticate the sender of a message and the message content

12 Alter – Information Systems 4th ed. © 2002 Prentice Hall 12 Encryption

13 Alter – Information Systems 4th ed. © 2002 Prentice Hall 13 Controlling Traditional Transaction Processing Data preparation and authorization Data validation Error correction Backup and recovery

14 Alter – Information Systems 4th ed. © 2002 Prentice Hall 14 Maintaining Security in Web- Based Transactions Public key infrastructure (PKI) Public key infrastructure (PKI) Certification authority (CA) Certification authority (CA) – a company that issues digital certificates Computer-based records that identify the CA, identify the sender that is being verified, contain the sender’s public key, an is digitally signed by the CA

15 Alter – Information Systems 4th ed. © 2002 Prentice Hall 15 Transaction Privacy, Authentication, Integrity, and Nonrepudiation Web transactions are encrypted using the Secure Socket Layer (SSL) protocol - Encrypts the transmission using a temporary key generated automatically based on session information Transaction authentication – the process of verifying the identity of the participants in a transaction Transaction integrity – ensuring that information is not changed after the transaction is completed Nonrepudiation – ensuring that neither party can deny that the transaction occurred

16 Alter – Information Systems 4th ed. © 2002 Prentice Hall 16 Difficulties With Security Methods for Web Transactions Secure Electronic Transaction (SET) method: Proposed by a consortium of credit card companies More secure than SSL Costly, and very slow adoption rate

17 Alter – Information Systems 4th ed. © 2002 Prentice Hall 17 Motivating Efficient and Effective Operation Monitoring information system usage Business process performance Information system performance Unusual activity Charging users to encourage efficiency Chargeback systems try to motivate efficient usage by assigning the cost of information systems to the user departments

18 Alter – Information Systems 4th ed. © 2002 Prentice Hall 18 Auditing the Information System Auditing ensures that financial operations are neither misrepresented nor threatened due to defective procedures or accounting systems Auditing around the computer vs. auditing through the computer

19 Alter – Information Systems 4th ed. © 2002 Prentice Hall 19 Preparing for Disasters Disaster plan – a plan of action to recover from occurrences that shut down or harm major information systems

Download ppt "Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security."

Similar presentations

1 E-business Security and Control 2 Opening Case: Visa 10 commandments for online merchants – Maintaining a network firewall – Keeping security patches.

1 E-business Security and Control 2 Opening Case: Visa 10 commandments for online merchants – Maintaining a network firewall – Keeping security patches.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
1 Pertemuan 10 Membuat dan mengelola resiko dan kriminalitas sistem informasi Matakuliah: H0472 / Konsep Sistem Informasi Tahun: 2006 Versi: 1.

1 Pertemuan 10 Membuat dan mengelola resiko dan kriminalitas sistem informasi Matakuliah: H0472 / Konsep Sistem Informasi Tahun: 2006 Versi: 1.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Auditing Computer Systems

Auditing Computer Systems
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Chapter 9: Privacy, Crime, and Security

Chapter 9: Privacy, Crime, and Security
©1999 Addison Wesley Longman Slide 13.1 Information System Security and Control 13.

©1999 Addison Wesley Longman Slide 13.1 Information System Security and Control 13.
Chapter 17 Controls and Security Measures

Chapter 17 Controls and Security Measures
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Lecture 10 Security and Control.

Lecture 10 Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Risks, Controls and Security Measures

Risks, Controls and Security Measures

Similar presentations

Ads by Google