1 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning PROTECTING INFORMATION RESOURCES CHAPTER 5 Hossein BIDGOLI MIS.

Slides:



Advertisements
Similar presentations
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Advertisements

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Crime and Security in the Networked Economy Part 4.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
MIS PROTECTING INFORMATION RESOURCES Biometrics Identity theft
Chapter 9: Privacy, Crime, and Security
© Paradigm Publishing, Inc. 8-1 Chapter 8 Security Issues and Strategies Chapter 8 Security Issues and Strategies.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
IS Network and Telecommunications Risks
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Business Data Communications, Fourth Edition Chapter 10: Network Security.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
PROTECTING INFORMATION RESOURCES CHAPTER 5 Hossein BIDGOLI MIS Biometrics Identity theft Mary Stewart.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
Security Equipment Equipment for preventing unauthorised access to data & information.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Chapter 13 Network Security. Contents Definition of information security Role of network security Vulnerabilities, threats and controls Network security.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =
Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.
Chapter 2 Information Security Overview The Executive Guide to Information Security manual.
1 Pertemuan 10 Understanding Computers Security Matakuliah: J0282 / Pengantar Teknologi Informasi Tahun: 2005 Versi: 02/02.
Securing Information Systems
Chapter 10: Computer Controls for Organizations and Accounting Information Systems
Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies.
© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies.
Hacker Zombie Computer Reflectors Target.
Security Chapter 8 Objectives Societal impact of information and information technology –Explain the meaning of terms related to computer security and.
Copyright ©2016 Cengage Learning. All Rights Reserved
PROTECTING INFORMATION RESOURCES
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
BUSINESS B1 Information Security.
Internet Security facilities for secure communication.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
Chapter 12 by Lisa Reeves Bertin Securing Information in a Network.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
 a crime committed on a computer network, esp. the Internet.
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
1 MIS, Chapter 5 ©2014 Cengage Learning PROTECTING INFORMATION RESOURCES CHAPTER 5 Hossein BIDGOLI MIS.
1 MIS, Chapter 4 ©2011 Course Technology, a part of Cengage Learning PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER.
Caring for Technology Malware. Malware In this Topic we examine: v Viruses (or Malware) v Virus Detection Techniques v When a Virus is Detected v Updating.
CHAPTER 7: PRIVACY, CRIME, AND SECURITY. Privacy in Cyberspace  Privacy: an individual’s ability to restrict or eliminate the collection, use and sale.
Chapter 8 Computers and Society, Security, Privacy, and Ethics
Types of Electronic Infection
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Security Issues and Strategies Chapter 8 – Computers: Understanding Technology (Third edition)
ACM 511 Introduction to Computer Networks. Computer Networks.
1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,
McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.
Chap1: Is there a Security Problem in Computing?.
Invitation to Computer Science 5 th Edition Chapter 8 Information Security.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Information Systems Design and Development Security Precautions Computing Science.
Network System Security - Task 2. Russell Johnston.
Chapter 40 Internet Security.
Securing Information Systems
BUSINESS DRIVEN TECHNOLOGY
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Security in Networking
Network Security Mark Creighton GBA 576 6/4/2019.
Presentation transcript:

1 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning PROTECTING INFORMATION RESOURCES CHAPTER 5 Hossein BIDGOLI MIS

2 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources LO1 Describe basic safeguards in computer and network security. LO2 Explain the major security threats. LO3 Describe security and enforcement measures. LO4 Summarize the guidelines for a comprehensive security system, including business continuity planning. l e a r n i n g o u t c o m e s

3 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Is Facebook a Friend or Fiend? In 2010, a hacker named Kirllos was peddling 1.5 million stolen Facebook accounts for as little as 2.5 cents per account If true, that would mean that one out of every 300 Facebook users were, unbeknownst to them, on the market Cyber criminals use stolen accounts to spam, scam, and otherwise profit from unwary Facebook users, who are likely to respond to a familiar face or name without realizing that the friend is a fiend

4 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Computer and Network Security: Basic Safeguards Critical for most organizations –Especially in recent years, with “hackers” becoming more numerous and adept at stealing and altering private information Hackers use a variety of tools to break into computers and networks –Sniffers, password crackers, and rootkits –Journals Phrack and 2600: The Hacker Quarterly

5 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Computer and Network Security: Basic Safeguards (cont’d.) Comprehensive security system –Protects an organization’s resources –Including information and computer and network equipment, s, invoices transferred via electronic data interchange (EDI), new product designs, marketing campaigns, and financial statements Threats –Include sharing passwords with coworkers, leaving a computer unattended while logged on to the network, or even spilling coffee on a keyboard

6 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Computer and Network Security: Basic Safeguards (cont’d.) Comprehensive security system –Includes hardware, software, procedures, and personnel that collectively protect information resources Confidentiality –System must not allow disclosing information to anyone who isn’t authorized to access it –Secure government agencies –Businesses –E-commerce

7 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Computer and Network Security: Basic Safeguards (cont’d.) Integrity –Ensures the accuracy of information resources in an organization –Financial transactions Availability –Ensures that computers and networks are operating –Authorized users can access the information they need

8 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Exhibit 5.1 The McCumber Cube

9 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Computer and Network Security: Basic Safeguards (cont’d.) Three levels of security –Level 1: front-end servers –Level 2: back-end systems –Level 3: corporate network Fault-tolerant systems –Combination of hardware and software for improving reliability –Uninterruptible power supply (UPS) –Redundant array of independent disks (RAID) –Mirror disks

10 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Security Threats: An Overview Some threats can be controlled completely or partially, but some can’t be controlled Categories –Unintentional –Intentional

11 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Intentional Threats Viruses Worms Trojan programs Logic bombs Backdoors Blended threats (e.g., worm launched by Trojan) Rootkits Denial-of-service attacks Social engineering

12 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Viruses Type of malware In 2008, the number of computer viruses in existence exceeded one million Estimating the dollar amount of damage viruses cause can be difficult Usually given names –I Love You, Michelangelo Consists of self-propagating program code that’s triggered by a specified time or event

13 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Viruses (cont’d.) Seriousness of viruses varies Transmitted through a network and attachments –Bulletin or message boards Virus hoaxes –Can cause as much damage as real viruses Indications of a computer infected by a virus Best measure against viruses –Installing and updating antivirus programs

14 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Worms Travel from computer to computer in a network –Do not usually erase data Independent programs that can spread themselves without having to be attached to a host program Replicate into a full-blown version that eats up computing resources Well-known worms –Code Red, Melissa, and Sasser

15 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Trojan Programs Named after the Trojan horse the Greeks used to enter Troy during the Trojan Wars Contains code intended to disrupt a computer, network, or Web site Usually hidden inside a popular program

16 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Logic Bombs Type of Trojan program used to release a virus, worm, or other destructive code Triggered at a certain time or by an event

17 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Backdoors Programming routine built into a system by its designer or programmer Enable the designer or programmer to bypass system security and sneak back into the system later to access programs or files System users aren’t aware a backdoor has been activated

18 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Blended Threats Combine the characteristics of computer viruses, worms, and other malicious codes with vulnerabilities found on public and private networks Main goal is not just to start and transmit an attack, but also to spread it Multi-layer security system could guard against blended threats

19 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Denial-of-Service Attacks Flood a network or server with service requests –Prevent legitimate users’ access to the system Target Internet servers Distributed denial-of-service (DDoS) attack –Hundreds or thousands of computers work together to bombard a Web site with thousands of requests for information in a short period –Difficult to trace

20 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Social Engineering Using “people skills” to trick others into revealing private information –Takes advantage of the human element of security systems Use the private information they’ve gathered to break into servers and networks and steal data Commonly used social-engineering techniques –“Dumpster diving” and “shoulder surfing”

21 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Protecting Against Data Theft and Data Loss Portable storage media –Theft or loss of media –Stealing company data Guidelines to protect against these risks

22 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Security Measures and Enforcement: An Overview Biometric security measures Nonbiometric security measures Physical security measures Access controls Virtual private networks Data encryption E-commerce transaction security measures Computer Emergency Response Team

23 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Biometric Security Measures Use a physiological element to enhance security measures Devices and measures –Facial recognition –Fingerprints –Hand geometry –Iris analysis –Palmprints –Retinal scanning –Signature analysis – Vein analysis – Voice recognition

24 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Biometrics at Phoebe Putney Memorial Hospital Phoebe Putney Memorial Hospital switched to fingerprint scanners, which, along with a single sign-on application, made the electronic health record system both easier to use and more secure Another advantage of fingerprint scanners: They don’t tend to get lost, like smart cards

25 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Exhibit 5.2 Examples of Biometric Devices

26 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Nonbiometric Security Measures Main security measures: –Callback modems –Firewalls –Intrusion detection systems

27 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Callback Modems Verify whether a user’s access is valid by: –Logging the user off –Calling the user back at a predetermined number Useful in organizations with many employees who work off-site

28 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Firewalls Combination of hardware and software Act as a filter or barrier between a private network and external computers or networks Network administrator defines rules for access Examine data passing into or out of a private network –Decide whether to allow the transmission based on users’ IDs, the transmission’s origin and destination, and the transmission’s contents

29 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Exhibit 5.3 A Basic Firewall Configuration

30 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Firewalls (cont’d.) Possible actions after examining packet –Reject the incoming packet –Send a warning to the network administrator –Send a message to the packet’s sender that the attempt failed –Allow the packet to enter (or leave) the private network

31 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Firewalls (cont’d.) Main types of firewalls –Packet-filtering firewalls –Application-filtering firewalls –Proxy servers

32 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Exhibit 5.4 A Proxy Server

33 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Intrusion Detection Systems Protect against both external and internal access Placed in front of a firewall Prevent against DoS attacks Monitor network traffic “Prevent, detect, and react” approach Require a lot of processing power and can affect network performance

34 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Physical Security Measures Primarily control access to computers and networks Include: –Cable shielding –Corner bolts –Electronic trackers –Identification (ID) badges –Proximity-release door openers –Room shielding –Steel encasements

35 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Lost and Stolen Laptops Recommendations: –Install cable locks and use biometric measures –Only store confidential data when necessary –Use passwords –Encrypt data –Install security chips

36 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Access Controls Terminal resource security –Software feature that erases the screen and signs the user off automatically after a specified length of inactivity Password –Combination of numbers, characters, and symbols that’s entered to allow access to a system –Length and complexity determine its vulnerability to discovery –Guidelines for strong passwords

37 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Virtual Private Networks Provide a secure “tunnel” through the Internet –For transmitting messages and data via a private network Remote users have a secure connection to the organization’s network Low cost Slow transmission speeds

38 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Data Encryption Transforms data, called “plaintext” or “cleartext,” into a scrambled form called “ciphertext” Rules for encryption determine how simple or complex the transformation process should be –Known as the “encryption algorithm” Protocols: –Secure Sockets Layer (SSL) –Transport Layer Security (TLS)

39 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Data Encryption (cont’d.) Key size –Between 32 and 168 bits Main types of encryption –Asymmetric also called “public key encryption” –Symmetric

40 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Exhibit 5.7 Using Encryption

41 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources E-commerce Transaction Security Measures Three factors are critical for security: –Authentication –Confirmation –Nonrepudiation Transaction security –Confidentiality –Authentication –Integrity –Nonrepudiation of origin –Nonrepudiation of receipt

42 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Computer Emergency Response Team Developed by the Defense Advanced Research Projects Agency Focuses on security breaches and DoS attacks Offers guidelines on handling and preventing these incidents Cyber Incident Response Capability –CIRC,

43 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Guidelines for Comprehensive Security System Train employees Guidelines and steps involved: –People –Procedures –Equipment and technology

44 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Business Continuity Planning Outlines procedures for keeping an organization operational Prepare for disaster Plan steps for resuming normal operations as soon as possible

45 MIS, Chapter 5 ©2011 Course Technology, a part of Cengage Learning Chapter 5 Protecting Information Resources Summary Types of threat Basic safeguards –Biometric –Nonbiometric Fault tolerance Establish comprehensive security system and business continuity plan

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.