1 Pertemuan 5 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

Slides:

Advertisements

Similar presentations

Basic Communication on the Internet:

Advertisements

Let’s Talk About Cyber Security

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

1 Pertemuan 26 Contingency Planning Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

1 Pertemuan 23 Contingency Planning Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Introducing Computer and Network Security

1 Pertemuan 7 Internal Control System Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

1 Pertemuan 6 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

1 Pertemuan 05 Firewall Matakuliah: H0451/Praktikum Jaringan Komputer Tahun: 2006 Versi: 1/0.

1 Pertemuan 3 Information at Risk Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

1 Pertemuan 19 Organisational Back Up Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

1 Pertemuan 8 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

1 Pertemuan 17 Organisational Back Up Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

Pertemuan 02 Aspek dasar keamanan Jaringan dan ketentuan baku OSI

1 Pertemuan 12 Software Protection Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 1 DATE HERE Julie Grace - NetDox, Inc. Emerging Internet Commerce.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.

1 Pertemuan 10 Understanding Computers Security Matakuliah: J0282 / Pengantar Teknologi Informasi Tahun: 2005 Versi: 02/02.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

BUS1MIS Management Information Systems Semester 1, 2012 Week 7 Lecture 1.

PART THREE E-commerce in Action Norton University E-commerce in Action.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

BUSINESS B1 Information Security.

Defining Computer Security cybertechnology security can be thought of in terms of various counter measures: (i) unauthorized access to systems (ii) alteration.

Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.

The Internet 8th Edition Tutorial 2 Basic Communication on the Internet: .

1 Pertemuan 18 Organisational Back Up Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Cryptography, Authentication and Digital Signatures

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

1 Pertemuan 7 Sistem Keamanan dalam e-Bisnis Matakuliah: H0292 / E-Business Tahun: 2005 Versi: v0 / Revisi 1.

PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – NETWORK SECURITY M.C.A III Year II Sem.

Managing Information System Security: Principles GP Dhillon Associate Professor Virginia Commonwealth University.

1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,

1 Pertemuan 10 Software Protection Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 2: Message integrity.

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved. 2-1 BUSINESS DRIVEN TECHNOLOGY Business Plug-In B2 Ethics.

McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.

1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.

Topic 5: Basic Security.

1 Pertemuan 22 Contingency Planning Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

1 Pertemuan 8 Internal Control System Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.

THE NEED FOR NETWORK SECURITY Hunar & Nawzad & Kovan & Abdulla & Aram.

1 Pertemuan 9 Software Protection Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

Information Systems Design and Development Security Precautions Computing Science.

LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.

Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.

Firewalls and Tunneling Firewalls –Acts as a barrier against unwanted network traffic –Blocks many communication channels –Can change the design space.

8 – Protecting Data and Security

Chapter 40 Internet Security.

USAGE OF CRYPTOGRAPHY IN NETWORK SECURITY

Pertemuan 16 Security Policies

Chapter 5: The Art of Ensuring Integrity

INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.

Instructor Materials Chapter 5: The Art of Ensuring Integrity

Instructor Materials Chapter 5: The Art of Ensuring Integrity

Instructor Materials Chapter 5: Ensuring Integrity

Presentation transcript:

1 Pertemuan 5 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1

2 Learning Outcomes Pada akhir pertemuan ini, diharapkan mahasiswa akan mampu : Mahasiswa dapat menjelaskan Points of Exposure

3 Outline Materi –The Big Question –Threats to Confidentiality Integrity Authenticity –Consequences –Reasons to Address The Threats

4 –Reducing The Risks and Eliminating The Threat Encryption Digital Signature –Preceived Barriers to securing Encryption and Virus detection Software –Plugging The Hole –Reducing The Risks and Eliminating The Threat Encryption Digital Signature –Preceived Barriers to securing Encryption and Virus detection Software –Plugging The Hole

5 is one of the most simple and effective communication tools available. It is quick, convenient and cheap, but unless used properly, fundamentally insecure. It is as public as a postcard and leaves a written record long after it has been erased, meaning that any skilled or knowledgeable person can recover a long- forgotten or buried message from deep inside a networked system. There is no doubt that in a business environment the use of and the Internet poses a threat to a business’s ability to protect company intellectual property and other confidential information.

6 The Big Question It is unquestionable that security is the next big IT security issue – a fact that gives rise to the following question: if a company’s most valuable asset apart from its workforce is its intellectual property, why are so many businesses failing to take the crucial steps towards protecting that property in its electronic form when it would be both simple and cost-effective for them to do so?

7 It security experts would obviously understand the issues surrounding treatment of the Internet in greater depth than the average man in the street but the need to extend this awareness to all Internet users is now critical. Letters have been used as a form of communication for thousands of years, so there is no wonder that people have learnt how to deal with them safely. For the Internet – and consequently – there has been far less time for users to absorb the underlying principles and implications surrounding its use.

8 Threats to The main points of exposure within the process of sending unprotected are: –Confidentiality –Integrity –Authenticity

9 Confidentiality The information sent is vulnerable to being anonymously read by any unauthorised person whilst in transit. Hack-attacks of this kind are very easy to perform by almost anyone who has the will to do so. A good analogy for this type of hack is the postman who allows another person to read other people’s postcards before delivering them to the rightful recipients.

10 Integrity The contents of an unprotected can also be anonymously modified while they are in transit and then passed onto the recipient as if they were the original message, without either the recipient or sender being any the wiser.

11 Authenticity s can be easily and anonymously forged so that messages appear to be from a certain person.

12 Consequences Cyber-criminals – and it is known that the majority of them operate covertly within their own company – go about their business for a variety of reasons. These range from an intention to gain a competitive edge (corporate espionage) to the desire to exact revenge or to further a political cause.

13 Reasons to Address The Threats While horror stories abound, the average business or private user of might feel they have nothing much to hide and are unlikely targets for hackers.

14 Reducing The Risks and Eliminating The Threat Whilst it is true that information security has become a greater priority in the last two years, especially at board level, the threats have also increased substantially. Modern cryptography techniques and services can add substantial benefits to electronic business arrangements. These techniques can scramble data to avoid unauthorised disclosure and also to ensure the integrity, authenticity and legitimacy of electronic communication records and computerised transactions.

15 Encryption This is the electronic equivalent of putting a message in an envelope (see Figure p. 57). It protects confidentiality and confirms for the recipient that the message has arrived in its original state without having been seen by an unauthorised person. Good encryption software ensures that information is only decrypted as and when needed and then makes provision for the safe deletion of electronic messages.

16 Digital Signature This is the electronic equivalent of signing and sealing a letter by hand (see Figure P. 58). It maintains the integrity, authenticity and non-repudiation aspects of an in much the same way as a person hand-written signature is proof on authorship of a letter. Cryptographic techniques and digital signatures, though widely available for both private and business use and simple in concept, can nevertheless be technically difficult solutions to understand for someone with poor IT knowledge.

17 Perceived Barriers to Securing Encryption and Virus Detection Software

18 Encryption and Virus Detection Software One of the biggest perceived problems regarding IT security faced by business users in the widely held belief that encrypted messages would bypass anti-virus and content-checking server- based software.

19 There is a very wide range of anti-virus products available on the market, many of which are fully compatible with cryptographic techniques and which can be installed locally. In cases, where the anti-virus software cannot be installed locally, the rules inherent in encryption software are so flexible that users are able to determine which messages are encrypted and which are not.

20 By combining the use of solid encryption techniques and careful rule-setting with modern, desktop-based, anti-virus software, comprehensive and effective control of security would lie entirely, and independently, with the user.

21 Plugging The Hole Rather than being baffled by the technology, businesses need to be clear about their security needs and to choose modern encryption software with good functionality that they understand completely. Businesses need to recognise that unprotected is a risk. It is a vulnerability that cannot be fixed by a firewall installation of by anti-virus implementation. A security policy that does not address the open nature of s is falling short of its purpose.

22 The End