IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 10-1 Accessories for “war driving” can.

Slides:



Advertisements
Similar presentations
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Advertisements

Ethics, Privacy and Information Security
Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Chapter 9 Information Systems Ethics, Computer Crime, and Security.
Chapter 9 Information Systems Ethics, Computer Crime, and Security
Class 11: Information Systems Ethics and Crime MIS 2101: Management Information Systems Based on material from Information Systems Today: Managing in the.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Computer Security and Risks 11.  2001 Prentice Hall11.2 Chapter Outline On-line Outlaws: Computer Crime Computer Security: Reducing Risks Security, Privacy,
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Security, Privacy, and Ethics Online Computer Crimes.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing that bites Paying for Privacy Pirates.
Chapter 10 Privacy and Security McGraw-Hill
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Chapter 9 Information Systems Ethics, Computer Crime, and Security
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
1010 CHAPTER PRIVACY AND SECURITY. © 2005 The McGraw-Hill Companies, Inc. All Rights Reserved Competencies Describe concerns associated with computer.
Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 LO1 Describe information technologies that could be used in computer.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.
Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =
Chapter 11 Security and Privacy: Computers and the Internet.
Securing Information Systems
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 8/30/ Accessories for “war driving” can.
PART THREE E-commerce in Action Norton University E-commerce in Action.
© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies.
© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies.
IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/10/ Chapter 11 Information Systems Ethics.
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/ Accessories for “war driving” can.
Cyber crime & Security Prepared by : Rughani Zarana.
BUSINESS B1 Information Security.
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.
Prepared by: Dinesh Bajracharya Nepal Security and Control.
IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/ Chapter 10 Information Systems Security.
Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
Computing Essentials 2014 Privacy, Security and Ethics © 2014 by McGraw-Hill Education. This proprietary material solely for authorized instructor use.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 10/15/ Accessories for “war driving” can.
Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.
Computer Crime crime accomplished through knowledge or use of computer technology. Computers are tools – we choose how to use / apply the technology.
Information Systems Today: Managing in the Digital World -Dr. Ali Zolait Chapter Managing Information Systems Ethics and Crimes Worldwide losses.
1 Computer Crime Often defies detection Amount stolen or diverted can be substantial Crime is “clean” and nonviolent Number of IT-related security incidents.
Educational Computing David Goldschmidt, Ph.D. Computer Science The College of Saint Rose CIS 204 Spring 2009.
IT in Business Issues in Information Technology Lecture – 13.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Topic 5: Basic Security.
Chap1: Is there a Security Problem in Computing?.
Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.
CONTROLLING INFORMATION SYSTEMS
Security and Ethics Safeguards and Codes of Conduct.
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
Computers Are Your Future Eleventh Edition Chapter 9: Privacy, Crime, and Security Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall1.
Issues for Computer Users, Electronic Devices, Computer and Safety.
IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 6/23/ Chapter 11 Managing Information Systems.
Securing Information Systems
Securing Information Systems
Chapter 9 E-Commerce Security and Fraud Protection
Presentation transcript:

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/ Accessories for “war driving” can be easily built using simple parts. Accessories for “war driving” can be easily built using simple parts. Chapter 10 Securing Information Systems

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Primary Threats to Information Systems Security 10-2 Natural disasters  Power outages, hurricanes, floods, and so on Accidents  Power outages, cats walking across keyboards Employees and consultants Links to outside business contacts  Travel between business affiliates Outsiders  Viruses

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Computer Crime Computer crime—The act of using a computer to commit an illegal act.  Targeting a computer while committing an offense.  Using a computer to commit an offense.  Using computers to support a criminal activity. Overall trend for computer crime has been declining over the past several years (CSI, 2009). Many incidents are never reported. 10-3

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Federal and State Laws The two main federal laws against computer crime are:  Computer Fraud and Abuse Act of 1986  Stealing or compromising data about national defense, foreign relations, atomic energy, or other restricted information  Violating data belonging to banks or other financial institutions  Intercepting or otherwise intruding on communications between states or foreign countries  Threatening to damage computer systems in order to extort money or other valuables from persons, businesses, or institutions  Electronic Communications Privacy Act of 1986  makes it a crime to break into any electronic communications service, including telephone services  prohibits the interception of any type of electronic communications 10-4

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Other Federal Laws Patent protection U.S. Copyright Act  amended in 1980 for computer software Financial Privacy Act  protects information: credit card, credit reporting, bank loan applications Enforcement responsibilities  FBI—espionage, terrorism, banking, organized crime, and threats to national security  Secret Service—crimes against U.S. Treasury Department computers and against violations of the Right to Financial Privacy Act 10-5

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Hacking and Cracking Hackers—individuals who are knowledgeable enough to gain access to computer systems without authorization.  Term first used in the 1960s at MIT  Often the motivation is curiosity, not crime Crackers—those who break into computer systems with the intention of doing damage or committing a crime. Hacktivists—Those who attempt to break into systems or deface Web sites to promote political or ideological goals 10-6

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Types of Criminals 10-7 No clear profile as to who commits computer crimes Four groups of computer criminals 1. Current or former employees  85–95% of theft from businesses comes from the inside 2. People with technical knowledge committing crimes for personal gain 3. Career criminals using computers to assist them in crimes 4. Outside crackers hoping to find information of value  About 12 percent of cracker attacks cause damage

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Unauthorized Access 10-8 Examples  Employees do personal business on company computers.  Intruders break into government Web sites and change the information displayed.  Thieves steal credit card numbers and Social Security numbers from electronic databases, then use the stolen information to charge thousands of dollars in merchandise to victims.  An employee at a Swiss bank steals data that could possibly help to charge the bank’s customers for tax evasion, hoping to sell this data to other countries’ governments for hefty sums of money.

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Information Modification 10-9 User accesses electronic information. User changes information.  Employee gives herself a raise.

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Other Threats to IS Security Many times, computer security is breached simply because organizations and individuals do not exercise proper care in safeguarding information. Examples:  Keeping passwords or access codes in plain sight  Failing to install antivirus software or keep up-to-date  Continue to use default network passwords  Careless about letting outsiders view computer monitors  Failure to limit access to company files and system resources  Failure to install effective firewalls or intrusion detection systems, or they install but fail to monitor them regularly  Failure to provide proper employee background checks  Unmonitored employees  Disgruntled workers 10-10

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Computer Viruses and Other Destructive Code Malware—short for “malicious software” such as viruses, worms, and Trojan horses. Virus—a destructive program that disrupts the normal functioning of computer software.

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Worms, Trojan Horses, and Other Malware Worm  variation of a virus that is targeted at networks, taking advantage of security holes Trojan Horse  Does not replicate, but causes damage. Codes are hidden. Logic bombs or time bombs  Variations of Trojan horses  Time bombs are set off by specific dates; logic bombs are set off by certain types of operations

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Denial of Service Attack Attackers prevent legitimate users from accessing services. Zombie computers  Created by viruses or worms  Attack Web sites Servers crash under increased load.  MyDoom attack on Microsoft’s Web site

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Spyware Hidden within freeware or shareware, or embedded within Web sites Gathers information about a user  Credit card information  Behavior tracking for marketing purposes Eats up computer’s memory and network bandwidth Adware  Free software paid by advertisements  Sometimes contains spyware  Collects information for banner ad customization

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Spam Electronic junk mail Advertisements of products and services Eats up storage space Compromises network bandwidth 90 percent of all Internet is spam! Spam filters can help. Spim—spam in text message form

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Phishing (Spoofing) Attempts to trick users into giving away credit card numbers Phony messages Duplicates of legitimate Web sites Examples: eBay, PayPal have been used

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 CAPTCHA Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA) CAPTCHA uses images that computers cannot read. Combination of techniques is needed to stop spammers.

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Cookies Cookies are messages passed to a Web browser from a Web server. They are stored in a text file. They are used for Web site customization. Cookies may contain sensitive information. Managing cookies  Cookie killer software  Web browser settings

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Identity Theft Fastest growing “information crime” Stealing another person’s:  Credit card number  Social Security number  Other personal information Results in bad credit for victim

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Internet Hoaxes False messages circulated online  New viruses (that don’t exist)  Collection of funds for certain group  Example: Haiti earthquake victims  Possible consequences  Spammers harvesting addresses from hoaxes Web sites, such as Hoaxbusters ( Symantec, or McAfee, publish lists of known hoaxes.

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Cybersquatting The practice of registering a domain name and later reselling it. Some of the victims include:  Eminem  Panasonic  Hertz  Avon Anti-Cybersquatting Consumer Protection Act in 1999  Fines as high as $100,000  Some companies pay the cybersquatters to speed up the process of getting the domain.

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Cyber Harassment, Stalking, and Bullying Cyber harassment—Crime that broadly refers to the use of a computer to communicate obscene, vulgar, or threatening content. Cyber stalking  Making false accusations that damage reputation of another  Gaining information on a victim by monitoring online activities  Using the Internet to encourage others to harass a victim  Attacking data and equipment of a victim by sending viruses or other destructive code  Using the Internet to place false orders for goods or services

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Cyber Bullying Cyber bullying is the deliberate cause of emotional distress to a victim Online predator  Typically target vulnerable population for sexual or financial purposes  Social networking sites have become the playground for online predators.  Most social networking and chat sites provide ways to report abuse.

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Software Piracy Legal activities  Making one backup copy for personal use  Sharing free software (shareware or public domain software) Illegal activities  Making copies of purchased software for others  Offering stolen proprietary software (warez peddling) Intellectual property  Patents: process or machine inventions  Copyrights: creations of the mind  Various copyright laws applicable to software 10-24

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Software Piracy Is a Global Business Worldwide losses exceeded $53 billion in 2008 Some factors influencing piracy around the world  Concept of intellectual property differs between countries  Economic reasons for piracy  Lack of public awareness about the issue 10-25

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Cyberwar Cyberware—Military’s attempt to disrupt or destroy another country’s information and communication systems  Goal is to diminish opponent’s communication capabilities.  It is used in concert with traditional methods

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Cyberwar Vulnerabilities Systems at risk:  Command and control systems  Intelligence collection and distribution systems  Information processing and distribution systems  Tactical communication systems and methods  Troop and weapon positioning systems  Friend-or-foe identification systems  Smart weapons systems Propaganda  Web vandalism  Cyber propaganda 10-27

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 The New Cold War A 2007 McAfee report on Internet security listed a cyber cold war as an imminent threat. Reminiscent of the Cold War between the United States and the Soviet Union from the mid-1940s until the early 1990s —intelligence agencies are testing networks for possible weaknesses. Patriot Hackers—independent citizens that attack perceived enemies of the state.

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Cyberterrorism Governments are not involved. Attacks can be launched from anywhere in the world. Goal is to cause fear, panic, and destruction. Cyberterrorism will likely become weapon of choice.

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Assessing the Cyberterrorism Threat Internet infrastructure is extremely vulnerable to cyberterrorism.  Some successful attacks  1991—Gulf War Dutch crackers stole information about the movement of U.S. troops and offered it for sale to Iraq. The Iraqis turned down the offer.  2000—U.S. presidential elections Web sites were targeted by crackers with political motives. DoS attacks launched.  2007—Government and bank networks within Estonia came under attack for the removal of a Soviet-era memorial.  2010—Chinese-based hackers attacked Google who threatened to remove Chinese filter searches from the search engine.

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Obstacles to Cyberterrorism Computer systems are complex and attacks may not have desired outcome. 2. Security measures are fast-changing. 3. Cyberattacks rarely cause physical harm to victims.

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 The Globalization of Terrorism Increasing dependence on technology Increasing possibilities of cyberterrorism International laws and treaties must evolve. However: likelihood of large attacks is small.  Successful large attack would require:  Intelligence information  Years of preparation  At least $200 million

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Information Systems Security All systems connected to a network are at risk.  Internal threats  External threats Information systems security  Precautions to keep IS safe from unauthorized access and use Increased need for good computer security with increased use of the Internet

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Safeguarding Information Systems Resources Information systems audits  Risk analysis  Process of assessing the value of protected assets Cost of loss vs. cost of protection  Risk reduction Measures taken to protect the system  Risk acceptance Measures taken to absorb the damages  Risk transfer Transferring the absorption of risk to a third party

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Technological Safeguards Physical access restrictions Firewalls Encryption Virus Monitoring and prevention Audit-control software Dedicated facilities 10-35

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Technological Safeguards Physical access restrictions  Authentication  Use of passwords  Photo ID cards, smart cards  Keys to unlock a computer  Combination Authentication dependent on  Something you have  Something you know  Something you are 10-36

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Biometrics Form of authentication  Fingerprints  Retinal patterns  Facial features and so on Fast authentication High security

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Wireless LAN Control Wireless LAN cheap and easy to install Use on the rise Signal transmitted through the air  Susceptible to being intercepted  Drive-by hacking

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Virtual Private Networks Connection constructed dynamically within an existing network Tunneling  Send private data over public network  Encrypted information

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Firewalls Firewall—A system designed to detect intrusion and prevent unauthorized access Implementation  Hardware, software, mixed

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Encryption Message encoded before sending Message decoded when received Cryptography—the science of encryption.  It requires use of a key for decoding. Certificate authority—manages distribution of keys on a busy Web site. Secure Sockets Layer (SSL)—popular public key encryption method.

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Virus Monitoring and Prevention Virus prevention  Purchase and install antivirus software.  Update frequently.  Do not download data from unknown sources.  Flash drives, disks, Web sites  Delete (without opening) s from unknown sources.  Do not blindly open attachments  Even if they come from a known source.  Report any viruses to the IT department.

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Audit-Control Software Keeps track of computer activity Spots suspicious action Audit trail  Record of users  Record of activities IT department needs to monitor this activity.

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Secure Data Centers Specialized facilities are important. Technical Requirements  Power  Cooling How do organizations reliably protect themselves from threats?

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Ensuring Availability High-availability facilities  To ensure uninterrupted service  Self-sufficient  Backup cooling systems  Raised floors (to more easily reconfigure systems)  Built to withstand storms Collocation facilities UPS servers need 24/7/365 reliability

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Human Safeguards Use of federal and state laws as well as ethics

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Computer Forensics Use of formal investigative techniques to evaluate digital information  Evaluation of storage devices for traces of illegal activity  Now common in murder cases  Restoration of deleted files Honeypots used to entice and catch hackers and crackers  Example: DarkMarket Some criminals have special “booby-trap” programs to destroy evidence.  10-47

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 IS Controls, Auditing, and Sarbanes-Oxley Act Information Systems control specific IT processes designed to ensure reliability of information  Controls should be a combination of three types:  Preventive controls  Detective controls  Corrective controls

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Hierarchy of IS Controls 10-49

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Types of IS Controls Policies  Define aim and objectives. Standards  Support the requirements of policies. Organization and management  Define the lines of reporting. Physical and environmental controls  Protect the organization’s IS assets.

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 Types of IS Controls (cont’d) Systems software controls  Enable applications and users to utilize the systems. Systems development and acquisition controls  Ensure systems meet the organization’s needs. Application-based controls  Ensures correct input, processing, storage, and output of data; maintain record of data as it moves through the system.

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 IS Auditing Information Systems audit  Performed by external auditors to help organizations assess the state of their IS controls.  To determine necessary changes  To assure the IS availability, confidentiality, and integrity Risk assessment  Determine what type of risks the IS infrastructure faces. Computer-Assisted Auditing Tools (CAAT)  Specific software to test applications and data, using test data or simulations.

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 The Sarbanes-Oxley Act The Sarbanes-Oxley Act was formed as a reaction to large- scale accounting scandals.  WorldCom, Enron It primarily addresses the accounting side of organizations. Companies have to demonstrate that:  controls are in place to prevent misuse and fraud,  controls are in place to detect potential problems, and  measures are in place to correct problems COBIT (Control Objectives for Information and Related Technology)  Set of best practices  Help organizations to maximize the benefits from their IS infrastructure  Establish appropriate controls

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/2015 End of Chapter Content 10-54

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.