1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

Ethics, Privacy and Information Security
Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.
CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.
-Gunjandeep Singh Khera. C1India (security Features) Digital Signature: The solution includes capturing Digital Signature Authorized and certified by.
Computer and Network Security Mini Lecture by Milica Barjaktarovic.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
1 MIS 2000 Class 22 System Security Update: Winter 2015.
Chapter 9: Privacy, Crime, and Security
Security+ Guide to Network Security Fundamentals
IS Network and Telecommunications Risks
Lecture 10 Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Business Data Communications, Fourth Edition Chapter 10: Network Security.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Chapter 19 Security.
NETWORK SECURITY.
Web services security I
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
1 Pertemuan 10 Understanding Computers Security Matakuliah: J0282 / Pengantar Teknologi Informasi Tahun: 2005 Versi: 02/02.
Securing Information Systems
Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj
7.1 © 2007 by Prentice Hall 10 Chapter Securing Information Systems.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
7.1 © 2007 by Prentice Hall 7 Chapter Securing Information Systems.
1 Chapter Six IT Networks and Telecommunications Risks.
BUSINESS B1 Information Security.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
8.1 CSC 601 Management Information Systems Chapter 8 Securing Information Systems.
C8- Securing Information Systems
8.1 © 2007 by Prentice Hall Minggu ke 6 Chapter 8 Securing Information Systems Chapter 8 Securing Information Systems.
Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Caring for Technology Malware. Malware In this Topic we examine: v Viruses (or Malware) v Virus Detection Techniques v When a Virus is Detected v Updating.
E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.
Types of Electronic Infection
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Networked Information Systems Network Security. Network Physical Security File server failure can severely affect network users. Server security: Locked.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
1 Chpt. 12: INFORMATION SYSTEM QUALITY, SECURITY, AND CONTROL.
1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,
Database Security Tampere University of Technology, Introduction to Databases. Oleg Esin.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.
Invitation to Computer Science 5 th Edition Chapter 8 Information Security.
Jump to first page Internet Security in Perspective Yong Cao December 2000.
Don’t Log in!. Recap on the previous units I’ve tried to make it as concise as possible but there is a bit of writing, to ensure that you have some notes.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.
ESTABLISHING AND MANAGING IT SECURITY Prepared by : Siti Mahani Mahmud Yong Azua Mat Zaliza Azan.
Secure Socket Layer Protocol Dr. John P. Abraham Professor, UTRGV.
Information Systems Design and Development Security Precautions Computing Science.
Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography (confidentiality) 8.3 Message integrity 8.4 End-point authentication.
Securing Information Systems
Chapter 40 Internet Security.
Securing Information Systems
Security and Authentication
Lecture 5. Security Threats
Security and Encryption
Securing Information Systems
Presentation transcript:

1 Chapter 8 Securing Information Systems

Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access, theft) Intrusion detections system Firewall Encryption Disaster recovery planning Digital signature and certificate Secure Sockets Layer (SSL) Access control (user authentication) Securing Wireless Networks (WEP) 2

3 Systems Vulnerability Digital data Can be duplicated/changed without being detected Networks Connected to LANs, WANS, & the Internet Anyone from inside/outside the organization can attempt to infiltrate information systems Centralized and integrated data – business benefit, security challenge

Security Threats - External 4 Data theft Defense: Encryption False identity (spoofing/phishing) Malware (virus, worm) Powerouttage, Natural disaster Defense: Plan, facilities Defense: Cautious user Defense: Anti-virus software, Firewall Sniffing Defense: Intrusion detection system

55 Defenses Firewall (blocks Malware) Placed between internal LANs and external networks Need to write/maintain rules that dictate what comes in and what goes out. Part of operating systems Intrusion Detection Systems (blocks data theft) Automatically detects suspicious network traffic at most vulnerable points of network

6 Defenses: Encryption Encryption with Public & Private Key Scrambling of messages to prevent un authorized parties to read them Single key model – Sender and receiver use the same key for encryption and decryption Double key model – Sender and Receiver have their public and private keys: Digital Certificate - public key and a proof of its validity issued by a certificate authority (e.g., VeriSign); licensed annually. Digital Signature – a message encrypted by sender’s private key proving his identity. Both sender and receiver can use it to prove their identity. Encrypt with Recipient’s Public Key Decrypt with Recipient’s Private Key Digital Certificate Digital Signature can be applied

Communications between client and server happen over Secure Socket Layer (SSL) (current name: Transport Layer Security)- Internet protocol for securing data transfer. Supported by operating systems and Web browsers and servers. Negotiations about security, encryption, public key transfers – all happens on SSL/TSL. 7 Defenses: Encryption

88 Security Threats - Internal Theft (stealing data hardware, software) Unauthorized access to data (read, change, delete) Human error (leaving data unprotected, poor & lost passwords, not locking data/hardware/software) Defenses: Security measures Manage data access (system administrators) Training, supervision

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.