Chapter Extension 22 Managing Computer Security Risk © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Slides:

Advertisements

Similar presentations

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group

Advertisements

Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Control and Accounting Information Systems

Control and Accounting Information Systems

Chapter Extension 24 Computer Crime and Forensics © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

© Pearson Prentice Hall Using MIS 2e Chapter 12 Information Security Management David Kroenke.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

5.1 © 2006 by Prentice Hall Ethical and Social Issues in the Digital Firm.

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke

Chapter Extension 20 Outsourcing © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 14 Database Marketing © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 17 Small-Scale Systems Development © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 21 Financing and Accounting for IT Projects © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Information Technology for the Health Professions, 2/e By Lillian Burke and Barbara Weill ©2005 Pearson Education, Inc. Pearson Prentice Hall Upper Saddle.

Chapter 1 IS in the Life of Business Professionals © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Overview of IS Auditing n Need for control and Audit of Computers –Org cost of data loss –cost of incorrect decision –Value of hardware, software, personnel.

Chapter Extension 8 Understanding and Setting up a SOHO Network © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter 10: Ethics, Privacy, and Security Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall Chapter

Chapter 11 Information Systems Management © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

© Pearson Prentice Hall 2009 Part 4-1 Using MIS 2e Part 4 The International Dimension: International IT Development & Management David Kroenke.

Conostix S.A. Sensible defence.

1 General Awareness Training Security Awareness Module 1 Overview and Requirements.

Risk Analysis vs Security Controls. Security Controls Risk assessment is a flawed safeguard selection method. There is a tendency to confuse security.

Chapter Extension 9 Functional Information Systems © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 1 Chapter Extension 9 Functional Information Systems Provides greater detail than Chapter.

Chapter Extension 4 Preparing a Computer Budget © 2008 Pearson Prentice Hall,Experiencing MIS, David Kroenke.

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.

Chapter Extension 18 Large-Scale Systems Development © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Dr. Benjamin Khoo New York Institute of Technology School of Management.

Insuring Against Catastrophes. Lesson Goals: Assess risks Determine and develop risk management strategies Define insurance types and how they relate.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

Eliza de Guzman HTM 520 Health Information Exchange.

Chapter Extension 11 E-Commerce © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.

Chapter Extension 16 Information Systems and Counterterrorism © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Working with HIT Systems

Chapter Extension 2 Information Systems and Decision Making © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 15 Reporting Systems and OLAP © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

The International Dimension, Part IV International IT Development and Management © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

1 Figure 11-3: Risk Analysis Financially Sensible Protections  Risk analysis: Balance risks and countermeasture costs Enumeration of Assets  Assets:

Presented to Managers. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an organization.

Csci5233 Computer Security & Integrity 1 Overview of Security & Java (based on GS: Ch. 1)

Chapter Extension 13 Information Technology for Data Exchange: EDI and XML © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.

Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.

Information Security IBK3IBV01 College 1 Paul J. Cornelisse / George Pluimakers.

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 1 Chapter 2 Business Processes, Information, and Information Systems.

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 1 Chapter 11 Information Systems Management Read this unit prior to the presentation.

Information Security Governance and Risk Chapter 2 Part 2 Pages 69 to 100.

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 1 Chapter Extension 24 Computer Crime and Forensics.

Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.

MIS5001: Information Technology Management Ethics and Continuity Management Larry Brandolph

Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.

Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall. CHAPTER 1: BRANDS AND BRAND MANAGEMENT.

Information Security Principles and Practices by Mark Merkow and Jim Breithaupt Chapter 4: Security Management.

The Changing Role of Managerial Accounting in a Dynamic Business Environment Chapter 1 McGraw-Hill/Irwin Copyright © 2014 McGraw-Hill Education. All rights.

C72 – Introduction to Risk Management and Commercial Lines

Governance, risk and ethics. 2 Section A: Governance and responsibility Section B: Internal control and review Section C: Identifying and assessing risk.

Computer Science / Risk Management and Risk Assessment Nathan Singleton.

The Changing Role of Managerial Accounting in a Dynamic Business Environment Chapter 1 McGraw-Hill/Irwin Copyright © 2014 McGraw-Hill Education. All rights.

1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.

Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-XIV)

Information Security Program

Figure 3: TSN Analysis Methodology

Using MIS 2e Chapter 12 Information Security Management

Security Threats Severity Analysis

Functional Information Systems

Presentation transcript:

Chapter Extension 22 Managing Computer Security Risk © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke

CE22-2 Study Questions What is management’s role for computer security? What are the elements of security policy? What is the difference between risk and uncertainty? How do managers assess risk? Why are risk management decisions difficult?

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke CE22-3 What Is Management’s Role for Computer Security? Management plays crucial role – Sets policies – Balances costs against risks – Responsible for information security Security should have cost-benefit analysis Security responsibilities and accountabilities must be explicit – Problems can have far-reaching consequences No magic bullet or single safeguard Security is a continuing process Social factors may limit security programs

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke CE22-4 Elements of Computer Security Figure CE 22-1

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke CE22-5 What Are the Elements of a Security Policy? Senior management must define policy and manage risk Security policy elements – General statement of security program Foundation for more specific security measures – Issue-specific policies Employees should know policies – System-specific policy Addressed as part of standard systems development process

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke CE22-6 What Is the Difference Between Risk and Uncertainty? Risk is likelihood of adverse occurrence – Known threats and consequences Management must manage likelihood of threats being successful – Limit consequences – Reduces risk comes at a cost Uncertainty is different from risk – Unknown

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke CE22-7 Security Privacy Gramm-Leach-Bliley (GLB) Act protects consumer financial data stored by financial institutions and financial service providers Privacy Act of 1974 protects individuals’ records maintained by government agencies Health Insurance Portability and Accountability Act (HIPAA) protects data stored by health care professionals and providers State laws protect student data Other countries have stronger laws Retailers are not covered by any of these laws – Do they have an ethical duty to protect customer information ?

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke CE22-8 Security Privacy, continued Other countries have stronger laws Retailers are not covered by any of these laws – Do they have an ethical duty to protect customer information?

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke CE22-9 How Do Managers Assess Risk? Define assets – Determine potential threats – Likelihood of occurrence – Consequences of occurrence Assess threats Identify safeguards – Residual risks Reduce vulnerability

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke CE22-10 How Do Managers Assess Risk?, continued Consider consequences – Tangible and intangible Likelihood – Probability given assets will be compromised Probable loss – Bottom line of risk assessment – Likelihood multiplied by cost of consequences

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke CE22-11 Risk Assessment Figure CE 22-2

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke CE22-12 Why Are Risk Management Decisions Difficult? Some assets can be protected by inexpensive and easily implemented safeguards Some vulnerabilities are expensive to eliminate Effectiveness of safeguard may be unknown Management has fiduciary responsibility – Must make prudent decisions

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke CE22-13 Active Review What is management’s role for computer security? What are the elements of security policy? What is the difference between risk and uncertainty? How do managers assess risk? Why are risk management decisions difficult?