Presentation is loading. Please wait.

Presentation is loading. Please wait.

MIS 7003 MIS Core Course The MBA Program The University of Tulsa Professor: Akhilesh Bajaj Security: Personal & Business © Akhilesh Bajaj 2004,2005, 2007,

Published byPauline Wiggins Modified over 8 years ago

Similar presentations

Presentation on theme: "MIS 7003 MIS Core Course The MBA Program The University of Tulsa Professor: Akhilesh Bajaj Security: Personal & Business © Akhilesh Bajaj 2004,2005, 2007,"— Presentation transcript:

1 MIS 7003 MIS Core Course The MBA Program The University of Tulsa Professor: Akhilesh Bajaj Security: Personal & Business © Akhilesh Bajaj 2004,2005, 2007, 2008. All Rights Reserved.

2 Personal Security -Guard against Phishing scams -Guard against keyboard logging software on public machines -Guard against sending email and password addresses on open wireless networks. http://www.dslreports.com/forum/remark,20834285?hilite=hotspot+security -Zombies are machines that have already been compromised -Run a firewall on your home computer Firewalls: http://www.webopedia.com/TERM/f/firewall.htmlhttp://www.webopedia.com/TERM/f/firewall.html -Use spyware protection software like spybot. http://www.spybot.com/en/download/ -If possible use an operating system like Linux, that, when setup, is impervious to viruses.

3 Ethics from a Business Perspective Proportionality: Good should outweigh bad, and least bad should be used to accomplish the good. Informed Consent: Always get users/employees to be informed and to accept the risks Justice: Those who profit the most should bear the most risk Minimize risk: Similar to proportionality. -These are useful as a check list to ensure any new technology used by employees or customers or suppliers is ethical and defensible. -These can also be used to justify a policy of snooping on employees that is ethical and defensible. How can it be used to do that?

4 Security from a Business Perspective Threat: Changing employees, and securing data What kind of data? Customer lists, company statistics, internal memos -make employees sign really strong NDAs TCP/IP: Inherently hardened against network failure What is most important to a company? h/w, s/w, or data? Sources of problems with company data: -Failure of components (disk drives, optical disks) -Bugs in application software -Bugs in OS software -Attacks by malicious parties Adding redundancy increases complexity. E.g., Mirroring of data, mirroring of websites.

5 Checklist of Components of high availability: Uninterruptible Electric Supply Dual power inputs, UPS, access 2 power grids, diesel generators, battery less flywheel technologies on UPS (crank wheels) Physical Security Guards, CC TV, buffer zones, buildings hardened, single person (hostage proof buffers) biometric access, motion sensors Movie: Sneakers, 1992 Fire suppression, gas sealing

6 Availability Checklist Components of high availability (contd.): Network Access Two backbone providers, redundant connections, redundant network centers, private networks instead of the public internet Help Desk Manned 24X7, Automated backup procedures, disaster recovery plans. Why can’t we make servers redundant? What about the application servers? Log files need to be transferred. What about the database server? The database files need to be replicated.

7 Classification of Threats External Attacks: -Denial of Service (DOS): Distributed DOS, degradation of service Intrusions: -Social Engineering (Sneakers movie) -sniffing network traffic that is unencrypted -password cracking software -operating system hacks Viruses & worms -Because of operating system problems

8 Managing Security Security Policies: password content, frequency of change, access to databases, access to applications, what can users download?, central identity servers? password or token? Encryption: network data should be encrypted. Use https for all application access. Files can be encrypted on disk as well. Public Key versus Private key encryption Keeping track of patches and changes in the versions of code are part of security policies. Intrusion Detection: The Cuckoo’s Egg (recommended reading) by Clifford Stoll http://www.inforingpress.com/articles/cuckoos-egg.htm

Download ppt "MIS 7003 MIS Core Course The MBA Program The University of Tulsa Professor: Akhilesh Bajaj Security: Personal & Business © Akhilesh Bajaj 2004,2005, 2007,"

Similar presentations

Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
2 An Overview of Telecommunications and Networks Telecommunications: the _________ transmission of signals for communications (home net) (home net)

2 An Overview of Telecommunications and Networks Telecommunications: the _________ transmission of signals for communications (home net) (home net)
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.

N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Sixth Edition 1 M a n a g e m e n t I n f o r m a t i o n S y s t e m s M a n a g I n g I n f o r m a t i o n T e c h n o l o g y i n t h e E – B u s i.

Sixth Edition 1 M a n a g e m e n t I n f o r m a t i o n S y s t e m s M a n a g I n g I n f o r m a t i o n T e c h n o l o g y i n t h e E – B u s i.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
1 McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved. Ethical Challenges Ethics Principles of right and wrong that.

1 McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved. Ethical Challenges Ethics Principles of right and wrong that.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Network Security Peter Behrens Seth Elschlager. Computer Security Preventing unauthorized use of your network and information within that network. Preventing.

Network Security Peter Behrens Seth Elschlager. Computer Security Preventing unauthorized use of your network and information within that network. Preventing.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Eleventh Edition 1 Introduction to Information Systems Essentials for the Internetworked E-Business Enterprise Irwin/McGraw-Hill Copyright © 2002, The.

Eleventh Edition 1 Introduction to Information Systems Essentials for the Internetworked E-Business Enterprise Irwin/McGraw-Hill Copyright © 2002, The.

Similar presentations

Ads by Google