1 Pertemuan 9 Network Security and E-Commerce Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi: >

Slides:

Advertisements

Similar presentations

Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.

Advertisements

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

1 Pertemuan 13 eBusiness, AIS, Financial Statement and Accounting Professionals Matakuliah: F0662/ Web Based Accounting Tahun: 2005 Versi: 1/0.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

Using Your Knowledge – Security Threats

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Auditing Computer Systems

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

Summer IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.

Security Controls – What Works

Security+ Guide to Network Security Fundamentals

Principles of Information Security Kris Rosenberg, Chief Technology Officer Oregon State University College of Business Kris Rosenberg, Chief Technology.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

MJ10/07041 Session 10 Accounting, Security Management Adapted from Network Management: Principles and Practice © Mani Subramanian 2000 and solely used.

Factors to be taken into account when designing ICT Security Policies

1 Pertemuan 17 Organisational Back Up Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

Essentials of Security Steve Lamb Technical Security Advisor

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.

SEC835 Database and Web application security Information Security Architecture.

PART THREE E-commerce in Action Norton University E-commerce in Action.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Windows 2000 Security Policies & Practices: How to build your plan Mandy Andress, CISSP President ArcSec Technologies.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.

1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.

David N. Wozei Systems Administrator, IT Auditor.

Security Architecture

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

Module 14: Configuring Server Security Compliance

Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.

What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.

Monitoring Employees on Networks: Unethical or Good Business?

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

Network Security. Need for security  Connecting to the Internet is quickly becoming a necessity for companies/ individuals  Understand the security.

Data Security Assessment and Prevention AD660 – Databases, Security, and Web Technologies Marcus Goncalves Spring 2013.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.

Information Systems, Security, and e-Commerce* ACCT7320, Controllership C. Bailey *Ch in Controllership : The Work of the Managerial Accountant,

Introduction to Information Security

Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.

Chap1: Is there a Security Problem in Computing?.

Energize Your Workflow! ©2006 Merge eMed. All Rights Reserved User Group Meeting “Energize Your Workflow” May 7-9, Security.

IT Security Policy: Case Study March 2008 Copyright , All Rights Reserved.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

Computer Security By Duncan Hall.

1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.

Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.

E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.

Distributed Systems Ryan Chris Van Kevin. Kinds of Systems Distributed Operating System –Offers Transparent View of Network –Controls multiprocessors.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

UNIT-4 Computer Security Classification 2 Online Security Issues Overview Computer security – The protection of assets from unauthorized access, use,

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

Welcome to the ICT Department Unit 3_5 Security Policies.

© 2007 Open Grid Forum Authentication Service Profile Christos Kanellopoulos 14 th EUGridPMA, Lisbon, PT October 7 th, 2008.

Information Security and Privacy in HRIS

Chapter 8 – Administering Security

CHAPTER FOUR OVERVIEW SECTION ETHICS

Secure Software Confidentiality Integrity Data Security Authentication

Introduction to the Federal Defense Acquisition Regulation

Implementing Client Security on Windows 2000 and Windows XP Level 150

CHAPTER FOUR OVERVIEW SECTION ETHICS

Designing IIS Security (IIS – Internet Information Service)

Presentation transcript:

1 Pertemuan 9 Network Security and E-Commerce Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi: >

2 Learning Objectives Estimate the technical security requirements for a network. Evaluate the business impact of security decisions. Conduct a security audit of a small network. Control access to the computing resources. Establish acceptable security solutions.

3 Internet Security Requirements Secrecy –Deals with the protection of information due to unauthorized disclosure and the authentication of the data source. Integrity –Addresses the validity of data and the guarantee that the data have not been tampered during transfer. Availability –Insurance that the site will be reachable in a timely manner when the user is a legitimate stakeholder. “Faulty Security has a impact on Business”

4 Security Threats Loss, Damage, or Distortion of Data via Hackers Risks from Viruses Unauthorized Access to the System Financial Loss to Company or Customers Breaches of Personal Privacy

5 Security Policy Development Administrative Security Network Security

6 Security Policy Development Administrative Security What services are required by the business and how can they be met securely? How much do employees depend on the Internet and the use of ? Do users rely on remote access to the internal network? Is access to the Web required? Are customers supported through the Web?

7 Security Policy Development Administrative Security Root policies must include –Security architecture guide. –Incident-response procedures. –Acceptable use procedures. –System administration procedures. –Other management procedures.

8 Security Policy Development Network Security All systems and servers have their own weaknesses. –Establish steps to harden the system Limit exposed services/processes –Follow update/patching warning From software publisher From security community –Monitor security listserv –Apply timely patches or use third party utility

9 Network Security Systems documentation –Software provider security documentation –Book Publisher title specific to security, OS, NOS, web server, applications –Subscription to security services –Apply advice explained in documentation E.g. do not run unnecessary services –Obtain documentation for update (pros & cons) Security patches New security issues

10 Network Security User access lists –Users should have limited access to resources –Access control list is compilation of access control entries –Access control entries contains following A SID, that identifies the trustee. A trustee can be a user account, group account, or a logon account for a program such as a Windows NT service. An access mask specifying access rights controlled by the ACE. Flags that indicates the type of ACE and flags that determine whether other objects or containers can inherit the ACE from the primary object to which the ACL is attached.

11 Network Security Assets access control Assets list with who, when, how access is provided