Security. Topics: Security What are the threats that affect information security? – For each threat, identify controls that can be used to mitigate risks.

Slides:



Advertisements
Similar presentations
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Advertisements

Crime and Security in the Networked Economy Part 4.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Chapter 17 Controls and Security Measures
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Lecture 10 Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.
Risks, Controls and Security Measures
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Business Data Communications, Fourth Edition Chapter 10: Network Security.
Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Lecture 11 Reliability and Security in IT infrastructure.
Chapter 19 Security.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =
Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.
Security. Introduction to Security Why do we need security? What happens if data is lost? –Wrong business decisions through lack of information –Long-term.
Chapter 11 Security and Privacy: Computers and the Internet.
Securing Information Systems
Disaster Planning and Security Policies. Threats to data DeliberateTerrorism Criminal vandalism/sabotage White collar crime Accidental Floods and fire,
Copyright © 2007 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.
General Awareness Training
Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
PART THREE E-commerce in Action Norton University E-commerce in Action.
1 I.Assets and Treats Information System Assets That Must Be Protected People People Hardware Hardware Software Software Operating systems Operating systems.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
BUSINESS B1 Information Security.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
Prepared by: Dinesh Bajracharya Nepal Security and Control.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
C8- Securing Information Systems
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Types of Electronic Infection
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,
Oz – Foundations of Electronic Commerce © 2002 Prentice Hall Security and Privacy Issues.
Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.
Database Security Tampere University of Technology, Introduction to Databases. Oleg Esin.
McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Information Systems, Security, and e-Commerce* ACCT7320, Controllership C. Bailey *Ch in Controllership : The Work of the Managerial Accountant,
Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,
Chap1: Is there a Security Problem in Computing?.
CONTROLLING INFORMATION SYSTEMS
CPT 123 Internet Skills Class Notes Internet Security Session B.
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.
Chapter 40 Internet Security.
Securing Information Systems
Network Security (the Internet Security)
PAYMENT GATEWAY Presented by SHUJA ASHRAF SHAH ENROLL: 4471
Chapter 17 Risks, Security and Disaster Recovery
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
INFORMATION SYSTEMS SECURITY and CONTROL
Security.
Operating System Concepts
Presentation transcript:

Security

Topics: Security What are the threats that affect information security? – For each threat, identify controls that can be used to mitigate risks.

Security Concerns Information systems are subject to many threats Continue to apply Risk Assessment Framework – What is threat? – What is likelihood that threat will occur? – What is potential damage from threat? – What controls can be used to minimize damage? – What is the cost of implementing the control?

Goals of Information Security Reduce the risk of systems and organizations ceasing operations Maintain information confidentiality Ensure the integrity and reliability of data resources Ensure compliance with national security laws and privacy policies and laws

Security Threats Three major types: – Natural Forces – Human – Technical (System)

Security Threats Natural forces – Fire – Water – Energy (surges, brownouts, etc.) – Structural damage (earthquake) – Pollution How prevent/minimize damage?

Security Threats - cont Human – Unintentional mistakes – Unauthorized intrusion – Sabotage – Hackers – Virus and worms

Human Security Threats (cont.) Unintentional mistakes – Over 90% of errors How prevent/minimize?

Risks to Information Systems Risks to Applications and Data – Theft of information – Data alteration and data destruction – Computer viruses – Unauthorized remote control programs – Nonmalicious mishaps Unintentional mistakes

Human Security Threats (cont.) Risks to Network Operations – Denial of Service Denial of Service – Spoofing Deception for the purpose of gaining access Deception of users direction to different web site

Risks to Information Systems

Security Threats - cont Technical – Inadequate testing of modifications – Hardware failure

Controls Controls: Constraints imposed on a user or a system to secure systems against risks. Types – Prevent – Detect – Correct

Control Types – cont’d Preventative – Program Robustness and Data Entry Controls Provide a clear and sound interface with the user Menus and limits – Access Controls Ensure that only authorized people can gain access to systems and files Access codes, passwords, biometric – Atomic Transactions Ensures that transaction data are recorded properly in all the pertinent files to ensure integrity

Control Types – cont’d Preventative Controls – cont’d Segregation of Duties – Different people in charge of different activities, allowing checks and balances and minimizing possibility of criminal behavior. – Separation of duties during systems development prevents installation of trapdoors. – Separation of duties while using the system minimizes abuse, especially in electronic fund transfer.

Control Types – cont’d Preventative Controls – cont’d Network – Callback Remote user’s telephone number verified before access allowed – Encryption Messages scrambled on sending end; descramble to plain text on receiving end Symmetric: Both users use a private, secret key Asymmetric: Parties use a combination of a public and a private key

Control Types – cont’d Preventative Controls – cont’d Web encryption standards – Secure Sockets layer (SSL) is the most common protocol used The main capability is encrypting messages automatically by the SSL in your computer browser before being sent over the Internet. – Secure Hypertext Transport Protocol (SHTTP) Works only along with HTTP – Secure Electronic Transaction (SET) Developed by MasterCard and VISA in 1997 to provide protection from electronic payment fraud Proposed standard incorporating digital signatures, encryption, certification, and an agreed-upon payment gateways

Control Types – cont’d Preventative Controls – cont’d Firewalls – Software that separates users from computing resources – Allows retrieval and viewing of certain material but blocks changes and access to other resources on the same computer

Control Types – cont’d Detective – Audit Trails Built into an IS so that transactions can be traced to people, times, and authorization information – Network Logs – Internet Logs

Control Types – cont’d Corrective – Backup and Recovery Periodic duplication of all data

Electronic Commerce Security The security features needed to conduct commerce were not in place when public ban on use of internet was lifted Major issues – Authorization – Authentication – Integrity – Privacy – Fraud/theft – Sabotage

Electronic Commerce Security Authorization – Does user have permission to access? – Solution: Access control mechanisms – Passwords – Problem with solution Administrative overhead How control access to e-commerce site?

Electronic Commerce Security Authorization – Cont’d – Digital Certificate Equivalent of a physical ID card – Electronic Signature Electronic symbol or process associated with a contract – Digital Signature Encrypted text sent along with message that verifies that message was not altered (equivalent to a signed envelop)

Electronic Commerce Security Authentication - assurance regarding the identity of the parties who are involved in the deal Solution – Encrypted password devices System sends a 5 digit number Enter into handheld device, which displays different 5 digit number Enter back into system as password – Digital Certificate Similar principle – owner’s public key stored on third-party site

Electronic Commerce Security Integrity - assurance that data and information (orders, reply to queries, and payment authorization) are not accidentally or maliciously altered or destroyed during transmission Solution – Digital signature Digital code attached to message that verifies origin and contents Problems – Not everyone has digital signatures

Electronic Commerce Security Privacy – How prevent eavesdropping? Solution – Encryption Based on mathematical principles to factor product into two prime numbers If prime numbers are large, supposedly difficult to crack – 56-bit DES encrypted message was decrypted in little over 22 hours by a network of volunteers and a special purpose computer called “Deep Crack”. Standards: – Secure Sockets Layer (SSL) – Secure HTTP (S-HTTP) – Secure Electronic Transactions (SET)

Electronic Commerce Security Fraud/Theft – How do you know if something is “stolen”? Solution – Internet logs – “Electronic tags” on files, etc. Problems – Cannot prevent people from saving page, images, etc. – If saved as images – almost impossible to determine if someone else has them.

Electronic Commerce Security Sabotage – Can someone enter internal information system and access private information or destroy/alter information? What do intruders do? – Scan/explore system (15%) – Change documents/files (15%) e.g., credit rating, stealing – Plant a virus (11%) – Steal trade secrets (10%)

Hackers Who are they? – People who gain unauthorized access for profit, criminal mischief or personal pleasure “Training” manuals on WWW Examples of tactics – “War dialing” – denial of service – Sniffers – Password crackers – Viruses

Viruses First occurrence on internet in 1988 by Robert Morris, CS student at Cornell – Went out of control. As spread, tied up memory and storage space – Hundreds of computer centers in research institutes and universities had to shut down – Virus intended to cause no harm cost over $100 million in lost access and direct labor costs Anti-viral software

Sabotage – cont’d Solution – Firewall Sits between internet and internal network Can be router, or can use third-party host for web site – Firebreak – submit sensitive information over telephone or VAN– not over internet Problem – Only prevents inexperienced hackers

CERT Computer Emergency Response Team – Helps determine who is breaking into sites, and publishes solutions to the method used for the breakin

Discussion Questions Crime – Bank robbery: average loss is $3400, 85% chance of being caught – White collar: average loss is $23,000 – Computer fraud: average loss is $600,000, extremely hard to catch culprit – Why?

Discussion Questions cont’d Computer fraud typically performed by insiders. – What measures can be used to minimize fraud? Why doesn’t everyone use biometric access controls? Should companies use firewalls to block employee access to outside web sites? – To track pages downloaded to PC? Why don’t companies report computer fraud?

Network Security: Need combination to Minimize Risk Authorization management Firewall Encryption Advisory organization and consultants – e.g., CERT, ex-hackers OR Disconnect from internet

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.