Anderson School of Management University of New Mexico.

Slides:



Advertisements
Similar presentations
CS5038 The Electronic Society
Advertisements

Laptop Security in the current IT world W3 group.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Ethics, Privacy and Information Security
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Using Your Knowledge – Security Threats
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Computer Security 1 Keeping your computer safe. Computer Security 1 Computer Security 1 includes two lessons:  Lesson 1: An overview of computer security.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Protecting ICT Systems
Information Security Technological Security Implementation and Privacy Protection.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
Defining Security Issues
PART THREE E-commerce in Action Norton University E-commerce in Action.
Information Systems Today, 2/C/e ©2008 Pearson Education Canada Lecture Outline eCommerce Highlights of Electronic Business 2-1.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
BUSINESS B1 Information Security.
Prepared by: Dinesh Bajracharya Nepal Security and Control.
IT Security Essentials Lesley A. Bidwell, IT Security Administrator.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
Chapter 12 by Lisa Reeves Bertin Securing Information in a Network.
What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Network Security Management Dr. Robert Chi Chair and Professor, IS department Chief editor, Journal of Electronic Commerce Research.
Chapter 01: Introduction to Network Security. Network  A Network is the inter-connection of communications media, connectivity equipment, and electronic.
Welcome to Introduction to Computer Security. Why Computer Security The past decade has seen an explosion in the concern for the security of information.
1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,
Chapter 8 Managing Operations. Key Points in Chapter 8 Outsourcing IS Functions Outsourcing IS Functions Security in the Internet Age Security in the.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
Topic 5: Basic Security.
Module 11: Designing Security for Network Perimeters.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,
Chap1: Is there a Security Problem in Computing?.
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
13LECTURE NET301 11/23/2015Lect13 NET THE PROBLEM OF NETWORK SECURITY The Internet allows an attacker to attack from anywhere in the world from.
CONTROLLING INFORMATION SYSTEMS
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
Safe’n’Sec IT security solutions for enterprises of any size.
Computer threats, Attacks and Assets upasana pandit T.E comp.
C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Securing Information Systems
Chapter 7. Identifying Assets and Activities to Be Protected
Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.
Introduction to Information Security
Threats to computers Andrew Cormack UKERNA.
Chapter 5 Electronic Commerce | Security
Securing Information Systems
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
IT Vocab IT = information technology Server Client or host
Chapter 5 Electronic Commerce | Security
INFORMATION SYSTEMS SECURITY and CONTROL
Security of Data  
Net301 LECTURE 11 11/23/2015 Lect13 NET301.
Mohammad Alauthman Computer Security Mohammad Alauthman
Presentation transcript:

Anderson School of Management University of New Mexico

Trade offs in information security. Finding the balance between efficiency and effectiveness.

Introduction What is information security? Why is information security important today? Does information security only apply to organizations? The history and evolution of information security.

History WWII – need for communication code breaking 1960’s – ARPANET program developed 1970’s & 80’s – development of MUTLICS and the microprocessor 1990’s – Rise of the internet 2000 to Present – the internet now dominates every aspect of daily life

What is Information Security? Information security is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction. Information security is the ongoing process of defending and maintaining our information system as individuals and organizations.

What is Information Security? Information security ensures: Integrity Availability Accessibility Utility Confidentiality

Information System Hardware – routers, computers, servers, etc Software – programs & operating system Network – LAN, WAN, Internet, etc Data – stored, processed, communicated People Policy and procedures

What are we defending our information system from? Threats and Attacks!! Deliberate software attacks –Malicious code, viruses, worms, Trojan horses, etc Deviations in quality of service – denial of service attack, Trespassing/Espionage - hackers Forces of Nature – fire, flood, or any natural disaster Human error/sabotage/vandalism

Target Data Breach Up to 70 million individuals personal information was stolen Names, address, phone numbers, credit card numbers Malicious software on system Extended credit monitoring and identity theft protection to all guests

NSA Data Breach Snowden accessed unauthorized data Released confidential information Internal breach – lack of policy and procedures, maybe poor oversight

Anonymous Hacking Group Attacks governments, businesses, non profits and anybody on their agenda Denial service attacks Stolen data Lost revenues, reputation implications, service disruption, national security etc

Recent Threat and Attack Against APD By Anonymous Hacktivist group Anonymous had stated that they were going to attack APD’s online presence. Denial of Service Attack (shutting down their site for a few hours) Planned it for Sunday night (the least busy night)

Stole data, high ranking APD official’s home addresses and released to public Incited protestors to take to the streets

Small Scale Attack

Survey Results Many had learned something about information security Most realize the importance of keeping passwords secure Many realize that there are online predators looking to get information and are good about not giving it out.

Speed VS Security

Network only as strong as its weakest link

Password Security

How are these machines used by Police in the field

BCSO Bernalillo County Sherriff's Office –What systems are they using? –What security measures are in place? –Are they achieving their information security goals? –What do users think of the measures? –Can they do something different?

Deputies are Dispatched to calls through these machines The internal GPS relays their coordinates to dispatchers as well as giving them directions to calls Run plates through governmental sites Looking up individuals to see if they have outstanding warrants Write reports

What Security is in place Saved passwords to log onto a machine Verizon air card placed in a secure tunnel Dual authentication key generator Secure Virtual Private Network (VPN) Login to separate applications using other passwords Automatic logout times

Drawbacks Login time (3-5 min) The amount of passwords With so many passwords, some can be forgotten Long login process can lead to accidentally messing up in process and locking the user out Frustrated users

Thoughts? What do you think? Is it too much security, not enough?

Security Need Ability to see location of deputies and other first responders in live time Ability to access entire country’s network Mobility of laptop increases threat of unauthorized access due to theft or loss State and Federal guidelines require minimum security standards

Achieving the balance It is the job of everyone involved in information security to determine the trade offs Weigh the pros and cons and evaluate the importance of each The users and the system need to be evaluated together, to ensure that thorough analysis occurs. Should not evaluate separately.

Large Scale Attack

Pop Quiz (5 Questions)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.