Presentation is loading. Please wait.

Presentation is loading. Please wait.

IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 7-1 Chapter 10 Information Systems Security.

Published byElvin Williamson Modified over 8 years ago

Similar presentations

Presentation on theme: "IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 7-1 Chapter 10 Information Systems Security."— Presentation transcript:

1 IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 7-1 Chapter 10 Information Systems Security and Controls

2 IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Information Systems Security 7-2 Information systems security: Precautions taken to keep all aspect of IS safe from unauthorized access and use. All aspects include all hardware, software, network equipments, and data. Increased need for good computer security with increased use of the Internet. Many computer system no longer stand-alone but parts of a networks. All systems connected to a network are at risk from Internal and external threats. Sources of threats: accidents and natural disasters, employees and consultants, links to outside business contacts, and outsiders. IS are most compromised via: unauthorized access, info modification, denial of services, virus, spam, spy-ware and cookies.

3 IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Sources of Primary Threats to Information Systems Security 7-3 1) Accidents and natural disasters: Power outages, cats walking across keyboards 2) Employees and consultants 3) Links to outside business contacts: Travel between business affiliates 4) Outsiders: hackers, crackers & Viruses

4 IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Unauthorized Access 7-4 IS security breach where an unauthorized user sees, manipulates, or otherwise handles electronically stored info. Seeing by: Looking through electronic data, Peeking at monitors, Intercepting electronic communication Theft of computers or storage media to access the data Determined hackers try to gain administrator status to access the data

5 IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Information Modification 7-5 An IS security attack by unauthorized users where electronic info is intentionally changed for ideological, political or criminal purposes. Ex: User changes information to give himself a raise, hacker deface website, student hack and change grade to ‘A’.

6 IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Computer Viruses 7-6 Destructive programs that disrupts the normal functioning of computer systems. Ex: Erase a hard drive, Seize control of a computer Require a lot of effort, time and money to repair the damage done by them. Worms: a Variation of a virus, that is designed to copy and send itself throughout internal networked computers or Internet. This leads to the Servers’ crash

7 IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Denial of Service Attack 7-7 Attacks by unauthorized users, often by zombie computers, that makes a network resource (e.g. website) unavailable to legitimate users or available with only a poor degree of services Zombie computers: computers that are infected with virus or worms that lunch attacks, in form of service requests, on websites.

8 IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Spyware 7-8 Software that covertly gathers info about a users through an Internet connection without the users knowledge. It usually comes in as part of a freeware or shareware. Sometimes embedded within a Web site and downloaded into the users computer without his knowledge. Freeware: software that is available for free, usually through the Internet Shareware: copyrighted software that is free of charge on trial basis, usually a users pay for a fee for continued use. Gathers information about a user. E.g. Credit card information; Behavior tracking for marketing purposes Eats up computer’s memory and network bandwidth Adware: special kind of spy-ware that collects information for banner ad customization

9 IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Spam 7-9 Electronic junk mail Advertisements of products and services Eats up storage space Compromises network bandwidth Spim  Spam over IM

10 IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Phishing 710 Attempts to trick users into giving away credit card numbers Phony messages Duplicates of legitimate Web sites E.g., eBay, PayPal have been used

11 IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Cookies 7-11 Messages passed to a Web browser from a Web server Used for Web site customization Cookies may contain sensitive information Cookie management and cookie killer software Internet Explorer Web browser settings

12 IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 6-12 Other Threats to IS Security 1. Employees writing passwords on paper 2. No installation of antivirus software 3. Use of default network passwords 4. Letting outsiders view monitors 5. Organizations fail to limit access to some files 6. Organizations fail to install firewalls 7. Not doing proper background checks 8. Lack of employee monitoring 9. Fired employees who are resentful 7-12

13 IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Safeguarding Information Systems Resources 7-13 Begin with a through Information systems audits on those systems (hardware, software, data networks, business processes) All to determine which aspects of the systems are most vulnerable Next step is to design & implement a security plan. IT dept responsible to implement plans (or technology safeguards) One important aspect of audit is risk analysis. Risk analysis: Process of assessing the value of protected assets. It try to determine the Cost of loss vs. cost of protection Analysis involves three results: 1) Risk reduction: Measures taken to protect the system, 2) Risk acceptance: Measures taken to absorb the damages, 3) Risk transfer: Transferring the absorption of risk to a third party Technology safeguards: 1) physical access restrictions, 2) firewalls, encryptions, 4) virus monitoring/prevention, 5) audit-control software, 6) facilities

14 IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Physical Access Restrictions (1) 714 Authentication- verifying the identity of a user  Use of passwords  Photo ID cards, smart cards  Keys to unlock a computer  Combination Authentication limited to  Something you have  Something you know  Something you are

15 IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Physical Access Restrictions (2) 7-15 Biometrics: one Form of authentication  Fingerprints  Retinal patterns  Body weight  Etc. Fast authentication: take few seconds for system to authenticate High security: difficult to replicate body parts

16 IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Physical Access Restrictions (3) 7-16 Access-Control Software: Special software that can be used to help keep stored data to authorized users only. Requires the use of ID and password Restriction can be in forms of: 1) Access only to files required for work, 2) Read-only access, 3) Certain time periods for allowed access Build in design for most Business systems applications

17 IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Physical Access Restrictions (4) 7-17 Wireless LAN (Control): A computer network that spans in a relatively small area, allow all computer to be connected to each others using wireless transmission protocol cheap and easy to install Use on the rise Signal transmitted through the air but Susceptible to being intercepted or Drive-by hacking Control is through access point configuration (only allow access by registered computers via preauthorized wireless NIC)

18 IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Physical Access Restrictions (5) 7-18 Virtual Private Network: A network Connection that is constructed dynamically within an existing network, often called a Secure tunnel, in order to securely connect remote users or nodes to an organization networks Rely on the use of Encryption and authentication

19 IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Firewall 7-19 Systems that are designed to detect intrusion and prevent unauthorized access to or from a private network Implementation  Hardware, software, mixed

20 IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Encryption 7-20 Process of encoding messages before they enter an network or airwaves, then decoding them at the receiving end of the transfer, so that the intended recipients can read or hear them.

21 IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Anti-Virus software & Recommended Virus Precautions 7-21 Purchase and install antivirus software  Update frequently Do not download data from unknown sources  Flash drives, disks, Web sites Delete (without opening) e- mail from unknown source Warn people if you get a virus  Your department  People on e-mail list

22 IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Audit-Control Software 7-22 Software that helps to Keep track of computer activity so that auditors can spot suspicious activity and take actions. Allow to record users (authorized and unauthorized) to electronic footprints, a.k.a Audit trail  Record of users  Record of activities IT department or Info security dept needs to monitor this activity and interpret results.

23 IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Facilities 7-23 Specialized facilities to create a reliable and secure IS infrastructure Provides Technical Requirements (Power and Cooling systems) Designed to protects IS from floods, seismic activity, blackouts, hurricanes and potential criminal activities

24 IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Other Technological Safeguards 7-24 Backups  Secondary storage devices  Regular intervals Closed-circuit television (CCTV)  Monitoring for physical intruders  Video cameras display and record all activity  Digital video recording Uninterruptible power supply (UPS)  Protection against power surges

25 IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Non-technical Safeguards 7-25 Securing IS also involves Non-technical safeguards  use of the country laws and internal IS policies (e.g. Acceptable use policies) and educate employees about them Also making sure only Trustworthy employees are hired and treating the employees well

26 IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Developing an Information Systems Security Plan 7-26 Ongoing five-step process 1) Risk analysis- determine the Cost of loss vs. cost of protection a.Determine value of electronic information b.Assess threats to confidentiality, integrity and availability of information c.Identify most vulnerable computer operations d.Assess current security policies e.Recommend changes to existing practices to improve computer security

27 IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Security Plan: Step 2 7-27 2) Policies and procedures—actions to be taken if security is breached a.Information Policy—handling of sensitive information b.Security Policy—technical controls on organizational computers c.Use Policy—appropriate use of in-house IS d.Backup Policy e.Account Management Policy—procedures for adding new users f.Incident Handling Procedures—handling security breach g.Disaster Recovery Plan—restoration of computer operations

28 IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 Security Plan: Remaining Steps 7-28 3) Implementation- carrying out policies and procedures a.Implementation of network security hardware and software b.IDs and smart cards dissemination c.Responsibilities of the IS department 4) Training – organization’s personnel so that they know about and how to carry out the policies and procedures 5) Auditing – evaluate the effectiveness of step (1) to (4) a.Assessment of policy adherence b.Penetration tests

Download ppt "IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/2015 7-1 Chapter 10 Information Systems Security."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
Information Systems Today: Managing in the Digital World 6-1 6 Chapter Securing Information Systems “66 percent of all Webroot-scanned personal computers.

Information Systems Today: Managing in the Digital World Chapter Securing Information Systems “66 percent of all Webroot-scanned personal computers.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Internet & Security Information Systems Today Jessup & Valacich, Chapter.6.

Internet & Security Information Systems Today Jessup & Valacich, Chapter.6.
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
1 Senn, Information Technology, 3 rd Edition © 2004 Pearson Prentice Hall James A. Senn’s Information Technology, 3 rd Edition Chapter 14 Issues in Information.

1 Senn, Information Technology, 3 rd Edition © 2004 Pearson Prentice Hall James A. Senn’s Information Technology, 3 rd Edition Chapter 14 Issues in Information.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Similar presentations

Ads by Google