Ch.5 It Security, Crime, Compliance, and Continuity

Slides:



Advertisements
Similar presentations
Let’s Talk About Cyber Security
Advertisements

4 Information Security.
Ethics, Privacy and Information Security
Information Security EDU IT Security Terms EDU
Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
IT Security, Crime, Compliance, and Continuity C hapter Copyright 2012 John Wiley & Sons, Inc. Course Part II. Data and Network Infrastructure.
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
Professor Michael J. Losacco CIS 1150 – Introduction to Computer Information Systems Privacy, Security, and Ethics Chapter 9.
Security, Privacy, and Ethics Online Computer Crimes.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
1 McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved. Ethical Challenges Ethics Principles of right and wrong that.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
E-Commerce Security and Fraud Issues and Protections
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Author: Andy Reedftp://topsurf.co.uk/reed FdSc IT/Computer Networking & IT(e-commerce) Communications Network Management An Introduction to Security.
Securing Information Systems
Information Security Technological Security Implementation and Privacy Protection.
CHAPTER 4 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Computer Crime and Information Technology Security
Kholoud AlSafadi Ethical Issues in Information Systems and the Internet.
7.1 © 2007 by Prentice Hall 7 Chapter Securing Information Systems.
BUSINESS B1 Information Security.
Prepared by: Dinesh Bajracharya Nepal Security and Control.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
Chapter 12 by Lisa Reeves Bertin Securing Information in a Network.
C8- Securing Information Systems
8.1 © 2007 by Prentice Hall Minggu ke 6 Chapter 8 Securing Information Systems Chapter 8 Securing Information Systems.
INFORMATION SECURITY & RISK MANAGEMENT SZABIST – Spring 2012.
What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.
Information Systems Security Operations Security Domain #9.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Basic Security Networking for Home and Small Businesses – Chapter 8.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
CPS ® and CAP ® Examination Review OFFICE SYTEMS AND TECHNOLOGY, Fifth Edition By Schroeder and Graf ©2005 Pearson Education, Inc. Pearson Prentice Hall.
Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,
Chap1: Is there a Security Problem in Computing?.
Computer Skills and Applications Computer Security.
CONTROLLING INFORMATION SYSTEMS
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
BTEC NAT Unit 15 - Organisational Systems Security ORGANISATIONAL SYSTEMS SECURITY Unit 15 Lecture 3 OTHER DAMAGING THREATS.
MIS323 – Business Telecommunications Chapter 10 Security.
Threats To Data 30 Threats To Data 30. Threats To Data 30 We’re now going to look at a range of different threats to people’s data: Opportunity Threats.
Information Resources, Security and Continuity
Securing Information Systems
Securing Information Systems
Issues and Protections
IT Security, Crime, Compliance, and Continuity
CHAPTER FOUR OVERVIEW SECTION ETHICS
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
CHAPTER 4 Information Security.
Securing Information Systems
IT Security, Crime, Compliance, and Continuity
Malware, Phishing and Network Policies
E-Commerce Security and Fraud Issues and Protections
Chapter 9 E-Commerce Security and Fraud Protection
Networking for Home and Small Businesses – Chapter 8
CHAPTER FOUR OVERVIEW SECTION ETHICS
CyberSecurity, Compliance, and Business Continuity
Chapter # 3 COMPUTER AND INTERNET CRIME
Networking for Home and Small Businesses – Chapter 8
Networking for Home and Small Businesses – Chapter 8
Computer System Security
Presentation transcript:

Ch.5 It Security, Crime, Compliance, and Continuity Lecture 4 Ch.5 It Security, Crime, Compliance, and Continuity

5.1 Protecting Data and Business Operations IT security: the protection of data, systems, networks, and operations. Technology defenses are necessary, but they’re not suff icient because protecting data and business operations also involves: Implementing and enforcing acceptable use policies (AUPs). Complying with government regulations and laws. Making data available 24x7 while restricting access. Promoting secure and legal sharing of information.

IT Security Principles

Know Your Enemy and Your Risks IT security risks are business risks Threats range from high-tech exploits to gain acce ss to a company’s networks to non-tech tactics su ch as stealing laptops or items of value. Common examples: Malware (malicious software): viruses, worms, trojan hors es, spyware, and disruptive or destructive programs insider error or action, either intentional or unintentional. Fraud Fire, flood, or other natural disasters

IT at Work 5.1 $100 Million Data Breach May 2006: a laptop and external hard drive belo nging to the U.S. Dept of Veterans Affairs (VA) w ere stolen during a home burglary. Data on 26.5 million veterans and spouses had b een stored in plaintext. VA Secretary Jim Nicholson testified before Cong ress that it would cost at least $10 million just to inform veterans of the security breach. Total cost of data breach: $100 million

Risks Cloud computing Social networks Phishing Search engine manipulation Money laundering Organized crime Terrorist financing

IT Security Defense-in-Depth Model

5.2 IS Vulnerabilities and Threats Unintentional human error environmental hazards computer system failure Intentional hacking malware manipulation

Figure 5.4 How a computer virus can spread

Malware and Botnet Defenses Anti-virus software Firewalls Intrusion detection systems (IDS) Intrusion prevention systems (IPS)

5.4 IT and Network Security Objectives of a defense strategy Prevention and deterrence Detection Containment (minimize loses, damage control) Recovery Correction Awareness and compliance

Major categories of general controls physical controls access controls biometric controls communication network controls administrative controls application controls endpoint security and control

Figure 5.7 Intelligent agents

Figure 5.8 Three layers of network security measures

Ethical issues Implementing security programs raises many ethical iss ues. Handling the privacy versus security dilemma is tough. Ethical and legal obligations that may require compani es to “invade the privacy” of employees and monitor t heir actions. Under the doctrine of duty of care, senior managers a nd directors have a obligation to use reasonable care t o protect the company’s business operations.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.