Chapter 17 Risks, Security and Disaster Recovery

Slides:



Advertisements
Similar presentations
Management Information Systems, Sixth Edition
Advertisements

Ethics, Privacy and Information Security
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Crime and Security in the Networked Economy Part 4.
Fundamentals of Information Systems, Second Edition 1 Security, Privacy, and Ethical Issues in Information Systems and the Internet Chapter 9.
Chapter 9 Information Systems Ethics, Computer Crime, and Security
E-Business Risks Chapter Seven. E-Business Models EDI Web pages The online environment Distributed e-business and intranets Supply chain linkage Collaborative.
Chapter 17 Controls and Security Measures
Security+ Guide to Network Security Fundamentals
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Lecture 10 Security and Control.
Lecture 10 Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Risks, Controls and Security Measures
Chapter 9 Information Systems Ethics, Computer Crime, and Security
1 Senn, Information Technology, 3 rd Edition © 2004 Pearson Prentice Hall James A. Senn’s Information Technology, 3 rd Edition Chapter 14 Issues in Information.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Fifth Edition 1 M a n a g e m e n t I n f o r m a t i o n S y s t e m s M a n a g I n g I n f o r m a t i o n T e c h n o l o g y i n t h e E – B u s i.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Eleventh Edition 1 Introduction to Information Systems Essentials for the Internetworked E-Business Enterprise Irwin/McGraw-Hill Copyright © 2002, The.
11.1 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality,
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Chapter 8 Security and Control.
10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.
Securing Information Systems
Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.
Risks, Security, and Disaster Recovery
Security. Topics: Security What are the threats that affect information security? – For each threat, identify controls that can be used to mitigate risks.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Oz – Foundations of Electronic Commerce © 2002 Prentice Hall Security and Privacy Issues.
SESSION 14 INFORMATION SYSTEMS SECURITY AND CONTROL.
Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
IT in Business Issues in Information Technology Lecture – 13.
Chap1: Is there a Security Problem in Computing?.
Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.
CONTROLLING INFORMATION SYSTEMS
Security and Ethics Safeguards and Codes of Conduct.
CPT 123 Internet Skills Class Notes Internet Security Session B.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Management Information Systems by Prof. Park Kyung-Hye Chapter 14 (15th Week) Risks, Security, and Disaster Recovery 14.
James A. Senn’s Information Technology, 3rd Edition
Information Systems Security
Security Issues in Information Technology
Securing Information Systems
INFORMATION SYSTEMS SECURITY AND CONTROL.
Network Security (the Internet Security)
Network Security Basics: Malware and Attacks
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
IT effective auditing in MIS and prevention
Computer-Based Processing: Developing an Audit Assessment Approach
Chapter 10 Security and Control.
Systems Design Chapter 6.
INFORMATION SYSTEMS SECURITY and CONTROL
Unit 36: Internet Server Management
Security.
Unit 8 Network Security.
Electronic Payment Security Technologies
Module 4 System and Application Security
Presentation transcript:

Chapter 17 Risks, Security and Disaster Recovery Management Information Systems, 4th Edition

Learning Objectives Describe the primary goals of information security Enumerate the main types of risks to information systems List the various types of attacks on networked systems Management Information Systems, 4th Edition

Learning Objectives (Cont.) Describe the types of controls required to ensure the integrity of data entry and processing and uninterrupted e-commerce Describe the various kinds of security measures that can be taken to protect data and ISs Outline the principles of how organizations develop recovery plans Explain the economic aspects of information security Management Information Systems, 4th Edition

Goals of Information Security Reduce the risk of systems and organizations ceasing operations Maintain information confidentiality Ensure the integrity and reliability of data resources Ensure the uninterrupted availability of data resources and online operations Ensure compliance with national security laws and privacy policies and laws Management Information Systems, 4th Edition

Risks to Information Systems Risks to Hardware Natural disasters Blackouts and brownouts Vandalism Management Information Systems, 4th Edition

Risks to Information Systems (Cont.) Risks to Applications and Data Theft of information Social engineering and identity theft Data alteration, data destruction, and Web defacement Computer viruses, worms, and logic bombs Nonmalicious mishaps Management Information Systems, 4th Edition

Risks to Online Operations Denial of service Hijacking Spoofing Management Information Systems, 4th Edition

Risks to Online Operations Management Information Systems, 4th Edition

Controls Management Information Systems, 4th Edition

Controls (Cont.) Program Robustness and Data Entry Controls Backup Provide a clear and sound interface with the user Menus and limits Backup Periodic duplication of all data Access Controls Ensure that only authorized people can gain access to systems and files Access codes and passwords Management Information Systems, 4th Edition

Controls (Cont.) Management Information Systems, 4th Edition

Controls (Cont.) Atomic Transactions Audit Trails Ensures that transaction data are recorded properly in all the pertinent files to ensure integrity Audit Trails Built into an IS so that transactions can be traced to people, times, and authorization information Management Information Systems, 4th Edition

Controls (Cont.) Management Information Systems, 4th Edition

Security Measures Firewalls Defense against unauthorized access to systems over the Internet Controls communication between a trusted network and the “untrusted” Internet Proxy Server: represents another server for all information requests and acts as a buffer Management Information Systems, 4th Edition

Security Measures (Cont.) Management Information Systems, 4th Edition

Authentication and Encryption Keeps communications secret Authentication: the process of ensuring the identity of the person sending the message Encryption: coding a message into a form unreadable to an interceptor Management Information Systems, 4th Edition

Authentication and Encryption (Cont.) Management Information Systems, 4th Edition

Authentication and Encryption (Cont.) Encryption Strength Distribution Restrictions Public-key Encryptions Symmetric and asymmetric encryption Secure Sockets Layer and Secure Hypertext Transport Protocol Pretty Good Privacy Management Information Systems, 4th Edition

Authentication and Encryption (Cont.) Management Information Systems, 4th Edition

Authentication and Encryption (Cont.) Management Information Systems, 4th Edition

Digital Signatures and Digital Certificates Electronic Signatures Digital Signatures Digital Certificates Management Information Systems, 4th Edition

Digital Signatures and Digital Certificates (Cont.) Management Information Systems, 4th Edition

Digital Signatures and Digital Certificates (Cont.) Management Information Systems, 4th Edition

The business recovery plan Obtain management’s commitment to the plan Establish a planning committee Perform risk assessment and impact analysis Prioritize recovery needs: critical, vital, sensitive, noncritical Management Information Systems, 4th Edition

The business recovery plan (Cont.) Select a recovery plan Select vendors Develop and implement the plan Test the plan Continually test and evaluate Management Information Systems, 4th Edition

Recovery plan providers Companies that specialize in either disaster recovery planning or provision of alternate sites Small companies can opt for Web-based services Management Information Systems, 4th Edition

The IS Security Budget Management Information Systems, 4th Edition

The IS Security Budget (Cont.) How much security is enough security? Calculating downtime Management Information Systems, 4th Edition

The IS Security Budget (Cont.) Management Information Systems, 4th Edition

Ethical and Societal Issues Terrorism, Carnivores, and Echelons Carnivorous methods FBI developed Carnivore Device is attached to the ISP servers to monitor email Top Echelon Surveillance system Management Information Systems, 4th Edition

Summary Information Security has certain major goals There are different types of risks to information systems There are various types of attacks on networked systems There are different types of controls that ensure integrity of data and e-commerce There are various measures that can protect data and ISs Management Information Systems, 4th Edition

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.