Information System Security Engineering and Management Additional slides for INFORMATION SECURITY RISK MANAGEMENT Dr. William Hery

Slides:



Advertisements
Similar presentations
Process the sale to complete the exchange.
Advertisements

What Are the Functions of ATM Machines?
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Introduction and Overview of Digital Crime and Digital Terrorism
09/04/2015Unit 2 (b) Back-Office processes Unit 2 Assessment Criteria (b) 10 marks.
2.7.1.G1 © Family Economics & Financial Education – December 2005– Get Ready to Take Charge of Your Finances – Electronic Banking Bonanza – Slide 1 Funded.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Checking Account & Debit Card Simulation Understanding Checking Accounts and Debit Card Transactions.
1.2.2.G1 © Take Charge Today – Revised May 2010 – Electronic Banking Bonanza – Slide 1 Funded by a grant from Take Charge America, Inc. to the Norton School.
Warm-up: April 11 What’s the difference between a checking and savings account?
Checking Account & Debit Card Simulation Understanding Checking Accounts and Debit Card Transactions.
GOALS BUSINESS MATH© Thomson/South-WesternLesson 12.1Slide Cash Sales and Sales on Account Complete a cash proof form Calculate sales invoice and.
Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Information System Security Engineering and Management Risk Analysis and System Security Engineering Homework (#2, #3) Dr. William Hery
Introducing Computer and Network Security
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
An electronic machine that bank customers and credit union members can use to withdraw cash and make other financial transactions.
Information System Security Engineering and Management INFORMATION SECURITY RISK MANAGEMENT Dr. William Hery
Credit Card And Prepaid Process Edward M. Kwang President.
BATCH TRANSACTION PROCESSING Option 1: Transaction Processing Systems.
Checking Account & Debit Card Simulation Understanding Checking Accounts and Debit Card Transactions.
Chapter 10 Accounting Theory.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Electronic Payment Systems University of Palestine University of Palestine Eng. Wisam Zaqoot Eng. Wisam Zaqoot March 2010 March 2010 ITSS 4201 Internet.
Economics Paycheck.
Unit 03: Financial Literacy Vocabulary. Available Balance The amount available in an account for a person, business, or organization to spend. How much.
PART THREE E-commerce in Action Norton University E-commerce in Action.
Identity Theft By: Chelsea Thompson. What is identity theft? The crime of obtaining the personal or financial information of another person for the purpose.
Test Review Banking. 1 List the guidelines for selecting a PIN number. Don’t pick a number that anyone else could figure out.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Credit Card Processing Overview. Credit Card Setup Overview  Call The Business Link ( ) Decide on Processor/Clearing House Software. Eprocess.
Dimensions of E – Commerce Security
ICT and Banks Banks use mainframe computers to maintain customer accounts. They store a record of each customer’s withdrawals and deposits. Each bank mainframe.
Lesson 7-Managing Risk. Overview Defining risk. Identifying the risk to an organization. Measuring risk.
SECURITY OF DATA By: ADRIAN PERHAM. Issues of privacy; Threats to IT systems; Data integrity; Standard clerical procedures; Security measures taken to.
Prepared by Dept. of Information Technology & Telecommunications, November 19, 2015 Application Security Business Risk and Data Protection Gregory Neuhaus.
Topic 5: Basic Security.
1 Electronic Transaction Management Lower Risks Higher Profits Improved Customer Services.
Computer Security By Duncan Hall.
Introduction to Bank Accounts. Questions? Why do some people choose not have a bank account? What are some advantages to having a bank account? What is.
Checking Account & Debit Card Understanding Checking Accounts and Debit Card Transactions.
Financial Accounting Week 5: Lecture 5 & 6.
Safe’n’Sec IT security solutions for enterprises of any size.
Checking & Savings Accounts Economics What is a Checking Account?  Common financial service used by many consumers (a place to keep money)  Funds.
Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.
A Global fully incorporated Virtual ecommerce Software Solution.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
Trusted source for all your payment processing needs.
Merchant Services for Website Paycron. About Paycon Paycron is purposive in meeting immediate solutions in crafting merchant account services and credit.
Examples of Proof of Payment - Personnel. Example of Direct Deposit 1- from a full service payroll company such as ADP, Paycheck, etc. For personnel where.
Examples of Proof of Payment - Personnel
Threats and Survivability Architectures
BANKING TERMS _____.
Discover the Boom in Electronic Banking!
Lecture 14: Business Information Systems - ICT Security
The Combined Journal Chapter 11.
Switchover from Teledeposit to VIRTUAL TERMINAL Moneris Solutions
Discover the Boom in Electronic Banking!
Uses Of Encryption Algorithms
Chapter 27 Security Engineering
Journalizing Cash Receipts Using a Cash Receipts Journal
Discover the Boom in Electronic Banking!
Journalizing Cash Receipts Using a Cash Receipts Journal
Journalizing Cash Receipts Using a Cash Receipts Journal
Checking Accounts, Debit Cards & Check Writing
Presentation transcript:

Information System Security Engineering and Management Additional slides for INFORMATION SECURITY RISK MANAGEMENT Dr. William Hery

Two Clarifications From Last Week Since we are only looking at IT security, for our purposes an asset is at risk because some IT asset is at risk. An IT asset may be information, a process run on the IT system, or a piece of IT equipment. The corresponding “real world” asset is used to put a value on the IT asset. These added slides will relate the IT asset to the “real world” assets discussed in the POSA example last week. Examples should have been included of the risks as  asset, threat, vulnerability combinations

POSA Functional Diagram POSA CFAC USER 1 Sale information 7 Complete Trans. Register 5 Y/N 4 Sale & user information 8 Complete transaction 3 User CC information 6 Y/N 2 Display Sale Info

Store Assets at Risk Value of purchase (for incorrect approval)  IT asset: the approval process integrity, customer credit card data confidentiality Loss of purchase profit (for incorrect denial, POSA unavailability)  IT assets: the approval process integrity, system availability Loss of customer good will (for incorrect denial, unavailability)  IT assets: the approval process integrity, system availability Store ability to process sales (if CFAC is taken down by an attack through POSA)  IT assets: system availability Corporate reputation (for repeated problems, publicized problems)  IT asset: system availability, the approval process integrity, customer credit card data confidentiality …

Credit Card Holder Assets at Risk Credit card number/pin  Time, ability to purchase (for incorrect denial, unavailability due to cancelled card)  $50 (for incorrect approval on a lost/stolen card used by someone else)  $50 (for use of a credit card number stolen through the system)  Time cost to correct problem & possible temporary loss of credit (for use of a credit card number stolen through the system)  Temporary use of checking account (for use of a debit card number/pin stolen through the system)  IT Asset: approval system integrity, card number/pin confidentiality …

Credit Card Company Assets at Risk Credit card number/pin  Amount of purchase (for incorrect approval)  IT Asset: customer credit card data confidentiality …

Sample POSA Risks Confidentiality of customer information  read by insiders using internal network vulnerabilities  read by insiders using POSA terminal vulnerabilities  read by insiders using POSA-register link vulnerabilities  read by hackers using vulnerabilities on Internet connections Integrity of verification process, modified by  insiders using internal network vulnerabilities  insiders using POSA-register link vulnerabilities  modified by insiders using POSA terminal vulnerabilities  modified by insiders using vulnerabilities on Internet connections Availability of verification process, attacked by…...

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.