Information Systems Today: Managing in the Digital World 6-1 6 Chapter Securing Information Systems “66 percent of all Webroot-scanned personal computers.

Slides:



Advertisements
Similar presentations
Computer and Network Security Mini Lecture by Milica Barjaktarovic.
Advertisements

Information Systems Today: Managing in the Digital World Chapter Securing Information Systems “66 percent of all Webroot-scanned personal computers.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
1 MIS 2000 Class 22 System Security Update: Winter 2015.
Chapter 9 Information Systems Ethics, Computer Crime, and Security.
Chapter 9 Information Systems Ethics, Computer Crime, and Security
Information Systems Ethics, Computer Crime, and Security
Chapter 17 Controls and Security Measures
Security+ Guide to Network Security Fundamentals
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Internet & Security Information Systems Today Jessup & Valacich, Chapter.6.
Business Data Communications, Fourth Edition Chapter 10: Network Security.
Chapter 9 Information Systems Ethics, Computer Crime, and Security
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
New Data Regulation Law 201 CMR TJX Video.
Objectives Overview Define the term, digital security risks, and briefly describe the types of cybercriminals Describe various types of Internet and network.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =
Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.
6-1 6 Chapter Securing Information Systems “66 percent of all Webroot-scanned personal computers are infected with at least 25 spyware programs.” Webroot.
IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 8/26/ Benjamin Franklin “Any society that would.
Chapter 11 Security and Privacy: Computers and the Internet.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
BUSINESS B1 Information Security.
Staying Safe Online Keep your Information Secure.
Internet Security facilities for secure communication.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/ Chapter 10 Information Systems Security.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Caring for Technology Malware. Malware In this Topic we examine: v Viruses (or Malware) v Virus Detection Techniques v When a Virus is Detected v Updating.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 10/15/ Accessories for “war driving” can.
Types of Electronic Infection
Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.
Educational Computing David Goldschmidt, Ph.D. Computer Science The College of Saint Rose CIS 204 Spring 2009.
IT in Business Issues in Information Technology Lecture – 13.
McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Chap1: Is there a Security Problem in Computing?.
Security Risks Viruses, worms, Trojans Hacking Spyware, phishing Keylogging Online fraud Identity theft DOS (Denial of Service attacks.
Your Interactive Guide to the Digital World Discovering Computers 2012 Chapter 11 Manage Computing Securely, Safely and Ethically.
Security and Ethics Safeguards and Codes of Conduct.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
PCs ENVIRONMENT and PERIPHERALS Lecture 10. Computer Threats: - Computer threats: - It means anything that has the potential to cause serious harm to.
Unit 3 Section 6.4: Internet Security
Securing Information Systems
Chapter 17 Risks, Security and Disaster Recovery
INFORMATION SYSTEMS SECURITY and CONTROL
Presentation transcript:

Information Systems Today: Managing in the Digital World Chapter Securing Information Systems “66 percent of all Webroot-scanned personal computers are infected with at least 25 spyware programs.” Webroot (2005)

Information Systems Today: Managing in the Digital World 6-2 Learning Objectives

Information Systems Today: Managing in the Digital World 6-3 Learning Objectives

Information Systems Today: Managing in the Digital World 6-4 Obtaining cell phone records (11Min): Kevin Mitnick Security Interview (4Min): How stuff works: Computer Virus (1Min): PBS spying (6Min): / /

Information Systems Today: Managing in the Digital World 6-5 Information Systems Security All systems connected to a network are at risk o Internal threats o External threats Information systems security o Precautions to keep IS safe from unauthorized access and use Increased need for good computer security with increased use of the Internet

Information Systems Today: Managing in the Digital World 6-6 Primary Threats to Information Systems Security Accidents and natural disasters o Power outages, cats walking across keyboards Employees and consultants Links to outside business contacts o Travel between business affiliates Outsiders Viruses

Information Systems Today: Managing in the Digital World 6-7 Unauthorized Access Unauthorized people o Look through electronic data o Peek at monitors o Intercept electronic communication Theft of computers or storage media Determined attackers /hackers gain administrator status

Information Systems Today: Managing in the Digital World 6-8 Gaining Access to a Password Brute force o Try combinations until a match is found Protection: o Wait time requirements after unsuccessful login attempt o CAPTCHA

Information Systems Today: Managing in the Digital World 6-9 Information Modification Attack User accesses electronic information User changes information o Employee gives himself a raise

Information Systems Today: Managing in the Digital World 6-10 Denial of Service Attack Attackers prevent legitimate users from accessing services Zombie computers o Created by viruses or worms o Attack Web sites

Information Systems Today: Managing in the Digital World 6-11 Computer Viruses Attack Corrupt and destroy data Destructive code can o Erase a hard drive o Seize control of a computer Worms o Variation of a virus o Replicate endlessly across the Internet o Servers crash MyDoom attack on Microsoft’s Web site

Information Systems Today: Managing in the Digital World 6-12 Spyware Hidden within freeware or shareware Embedded within a Web site Gathers information about a user o Credit card information o Behavior tracking for marketing purposes Eats up computer’s memory and network bandwidth Adware – special kind of spyware o Collects information for banner ad customization

Information Systems Today: Managing in the Digital World 6-13 Spam Electronic junk mail Advertisements of products and services Eats up storage space Compromises network bandwidth Spim o Spam over IM

Information Systems Today: Managing in the Digital World 6-14 Protection Against Spam Barracuda Spam Firewall 600 o Filters spam and other threats o Decreases amount of spam processed by the central server o Handles 3,000 – 10,000 active users o Spam messages blocked or quarantines

Information Systems Today: Managing in the Digital World 6-15 Phishing Attempts to trick users into giving away credit card numbers Sending phony messages Duplicates of legitimate Web sites E.g., eBay, PayPal have been used

Information Systems Today: Managing in the Digital World 6-16 Cookies Messages passed to a Web browser from a Web server Used for Web site customization Cookies may contain sensitive information Cookie management and cookie killer software Internet Explorer Web browser settings

Information Systems Today: Managing in the Digital World 6-17 Other Threats to IS Security 1. Employees writing passwords on paper 2. No installation of antivirus software 3. Use of default network passwords 4. Letting outsiders view monitors

Information Systems Today: Managing in the Digital World 6-18 Other Threats to IS Security (II) 5. Organizations fail to limit access to some files 6. Organizations fail to install firewalls 7. Not doing proper background checks 8. Lack of employee monitoring 9. Fired employees who are resentful

Information Systems Today: Managing in the Digital World 6-19 Learning Objectives

Information Systems Today: Managing in the Digital World 6-20 Safeguarding Information Systems Resources Information systems audits o Risk analysis Process of assessing the value of protected assets oCost of loss vs. cost of protection Risk reduction oMeasures taken to protect the system( i.e firewalls.. etc) Risk acceptance oMeasures taken to absorb the damages Risk transfer oTransferring the absorption of risk to a third party

Information Systems Today: Managing in the Digital World 6-21 Technological Safeguards Physical access restrictions o Authentication Use of passwords Photo ID cards, smart cards Keys to unlock a computer Combination Authentication limited to o Something you have o Something you know o Something you are

Information Systems Today: Managing in the Digital World 6-22 Biometrics Form of authentication o Fingerprints o Retinal patterns o Body weight o Etc. Fast authentication High security

Information Systems Today: Managing in the Digital World 6-23 Access-Control Software Access only to files required for work Read-only access Certain time periods for allowed access Many business systems applications o Built-in access control capabilities

Information Systems Today: Managing in the Digital World 6-24 Wireless LAN Control Wireless LAN cheap and easy to install Use on the rise Signal transmitted through the air o Susceptible to being intercepted o Drive-by hacking

Information Systems Today: Managing in the Digital World 6-25 Virtual Private Networks Network Connection that is constructed dynamically within an existing network Use authentication & encryption mechanisms Only authorized users access the network Secure tunnel o Encrypted information

Information Systems Today: Managing in the Digital World 6-26 Firewalls System designed to detect intrusion and prevent unauthorized access Implementation o Hardware, software, mixed Approaches o Packet filter – each packet examined o Application-level control – security measures only for certain applications o Circuit-level control – based on certain type of connection o Proxy server – firewall acts as the server and intercepts all messages; Network Address Translation

Information Systems Today: Managing in the Digital World 6-27 Firewall Architecture a) Basic software firewall for a home network b) Firewall router Home office Small office

Information Systems Today: Managing in the Digital World 6-28 Firewall Architecture Larger Organization

Information Systems Today: Managing in the Digital World 6-29 Encryption Message encoded before sending Message decoded when received Encryption software allows for o Authentication – proving one’s identity o Privacy/confidentiality – only intended recipient can read a message o Integrity – assurance of unaltered message o Nonrepudiation – use of digital signature

Information Systems Today: Managing in the Digital World 6-30 The Encryption Process Key – code that scrambles the message o Symmetric secret key system Sender and recipient use the same key Cons: Management problems o Public key technology Asymmetric key system Each individual has a pair of keys oPublic key – freely distributed oPrivate key – kept secret

Information Systems Today: Managing in the Digital World 6-31 How Encryption Works (Asymmetric)

Information Systems Today: Managing in the Digital World 6-32 Encryption for Websites Certificate Authority o Third party – trusted middleman Verifies trustworthiness of a Web site Checks for identity of a computer Provides public keys Secure Sockets Layer (SSL) o Developed by Netscape o Popular public-key encryption method

Information Systems Today: Managing in the Digital World 6-33 Other Encryption Approaches 1976 – Public/private key 1977 – RSA o Technology licensed to Lotus and Microsoft o Federal law prohibited exporting encryption technology Limited use by organizations 1991 – Pretty Good Privacy (PGP) o Versatile encryption program o Global favorite 1993 – Clipper chip o Chip generating uncrackable codes o Scrapped before it became reality

Information Systems Today: Managing in the Digital World 6-34 The Evolution of Encryption Future encryption programs will provide o Strong security o High speed o Usability on any platform Encryption for cellular phones Encryption for PDAs

Information Systems Today: Managing in the Digital World 6-35 Recommended Virus Precautions Purchase and install antivirus software o Update frequently Do not download data from unknown sources o Flash drives, disks, Web sites Delete (without opening) from unknown source Warn people if you get a virus o Your department o People on list

Information Systems Today: Managing in the Digital World 6-36 Audit Control Software Keeps track of computer activity Spots suspicious action Audit trail o Record of users o Record of activities IT department needs to monitor this activity

Information Systems Today: Managing in the Digital World 6-37 Other Technological Safeguards Backups o Secondary storage devices o Regular intervals Closed-circuit television (CCTV) o Monitoring for physical intruders o Video cameras display and record all activity o Digital video recording Uninterruptible power supply (UPS) o Protection against power surges

Information Systems Today: Managing in the Digital World 6-38 Human Safeguards Use of federal and state laws as well as ethics

Information Systems Today: Managing in the Digital World 6-39 Learning Objectives

Information Systems Today: Managing in the Digital World 6-40 Managing Information Systems Security Non-technical safeguards o Management of people’s use of IS Acceptable use policies o Trustworthy employees o Well-treated employees

Information Systems Today: Managing in the Digital World 6-41 Developing an Information Systems Security Plan Ongoing five-step process 1. Risk analysis a.Determine value of electronic information b.Assess threats to confidentiality, integrity and availability of information c.Identify which computer operations most weak to security breaches d.Assess current security policies e.Recommend changes to existing practices to improve computer security

Information Systems Today: Managing in the Digital World 6-42 Security Plan: Step 2 2. Policies and procedures – actions to be taken if security is breached a.Information policy – handling of sensitive information b.Security policy – technical controls on organizational computers c.Use policy – appropriate use of in-house IS d.Backup policy e.Account management policy – procedures for adding new users f.Incident handling procedures – handling security breach g.Disaster recovery plan – restoration of computer operations

Information Systems Today: Managing in the Digital World 6-43 Security Plan: Remaining Steps 3. Implementation a.Implementation of network security hardware and software b.IDs and smart cards dissemination c.Responsibilities of the IS department 4. Training – organization’s personnel 5. Auditing a.Assessment of policy adherence b.Penetration tests

Information Systems Today: Managing in the Digital World 6-44 Responding to a Security Breach 1988 – Computer Emergency Response Team (CERT) o Started after Morris worm disabled 10% of all computers connected to the Internet Computer Security Division (CSD) o Raising of awareness of IT risks o Research and advising about IT vulnerabilities o Development of standards o Development of guidelines to increase secure IT planning, implementation, management and operation

Information Systems Today: Managing in the Digital World 6-45 The State of Systems Security Management Financial losses of cybercrime are decreasing o Computer virus attacks result in the greatest financial losses o Only about 25% of organizations utilize cyberinsurance o Only about 20% of organizations report intrusions to the law enforcement Fear of falling stock prices o Most organizations do not outsource security activities o 90% of organizations conduct routine security audits o Most organizations agree security training is important Majority said they do not do enough of training CSI/FBI computer crime and security survey respondents (2006) Findings

Information Systems Today: Managing in the Digital World 6-46 Use of Security Technologies In addition, organization use a broad variety of Security Technology.

End of Chapter Content

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.