Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.

Slides:



Advertisements
Similar presentations
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Advertisements

Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Auditing Computer-Based Information Systems
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Class 11: Information Systems Ethics and Crime MIS 2101: Management Information Systems Based on material from Information Systems Today: Managing in the.
© Paradigm Publishing, Inc. 8-1 Chapter 8 Security Issues and Strategies Chapter 8 Security Issues and Strategies.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Security, Privacy, and Ethics Online Computer Crimes.
Security+ Guide to Network Security Fundamentals
Lecture 10 Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
1 Senn, Information Technology, 3 rd Edition © 2004 Pearson Prentice Hall James A. Senn’s Information Technology, 3 rd Edition Chapter 14 Issues in Information.
Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Wonga example Register Question- What risks do you think businesses face due to IT developments?
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
CYBER CRIME AND SECURITY TRENDS
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Chapter 3 Ethics, Privacy & Security
Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.
Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =
Securing Information Systems
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 8/30/ Accessories for “war driving” can.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
Computer Crime and Information Technology Security
PART THREE E-commerce in Action Norton University E-commerce in Action.
© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies.
© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies.
IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/10/ Chapter 11 Information Systems Ethics.
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 9/10/ Accessories for “war driving” can.
Cyber crime & Security Prepared by : Rughani Zarana.
BUSINESS B1 Information Security.
Internet Security facilities for secure communication.
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.
Prepared by: Dinesh Bajracharya Nepal Security and Control.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.
IS Today (Valacich & Schneider) Copyright © 2010 Pearson Education, Inc. Published as Prentice Hall 9/19/ Chapter 10 Information Systems Security.
Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
C8- Securing Information Systems
Security Issues, Ethics, & Emerging Technologies in Education
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 10/15/ Accessories for “war driving” can.
Course code: ABI 204 Introduction to E-Commerce Chapter 5: Security Threats to Electronic Commerce AMA University 1.
Security and Ethics Privacy Employment Health Crime Working
IT in Business Issues in Information Technology Lecture – 13.
McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Topic 5: Basic Security.
Chap1: Is there a Security Problem in Computing?.
Security and Ethics Safeguards and Codes of Conduct.
CPT 123 Internet Skills Class Notes Internet Security Session B.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
UNIT V Security Management of Information Technology.
Securing Information Systems
Securing Information Systems
Chapter 17 Risks, Security and Disaster Recovery
Securing Information Systems
INFORMATION SYSTEMS SECURITY and CONTROL
Chapter # 3 COMPUTER AND INTERNET CRIME
Presentation transcript:

Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems

Copyright © 2014 Pearson Education, Inc. 2 Computer Crime Define computer crime and describe several types of computer crime. Cyberwar and Cyberterrorism Describe and explain the differences between cyberwar and cyberterrorism. Information Systems Security Explain what is meant by the term “IS security” and describe both technology and human based safeguards for information systems. Managing IS Security Discuss how to better manage IS security and explain the process of developing an IS security plan. Information Systems Controls, Auditing, and the Sarbanes-Oxley Act Describe how organizations can establish IS controls to better ensure IS security.

Copyright © 2014 Pearson Education, Inc. 3 Primary Threats to Information Systems Security Natural disasters – Power outages, hurricanes, floods, and so on Accidents – Power outages, cats walking across keyboards Employees and consultants Links to outside business contacts – Travel between business affiliates Outsiders – Viruses

Copyright © 2014 Pearson Education, Inc. 4 Computer Crime Computer crime—The act of using a computer to commit an illegal act. – Targeting a computer while committing an offense. – Using a computer to commit an offense. – Using computers to support a criminal activity. Overall trend for computer crime has been declining over the past several years (CSI, 2011). Many incidents are never reported.

Copyright © 2014 Pearson Education, Inc. 5 5 Types of Computer Crimes and Financial Losses What do you think happens to a company’s stock price if they report that their systems have been compromised? Would you report it if you didn’t have to?

Copyright © 2014 Pearson Education, Inc. 6 Types of Criminals No clear profile as to who commits computer crimes Four groups of computer criminals 1.Current or former employees  85–95% of theft from businesses comes from the inside 2.People with technical knowledge committing crimes for personal gain 3.Career criminals using computers to assist them in crimes 4.Outside crackers hoping to find information of value  About 12 percent of cracker attacks cause damage

Copyright © 2014 Pearson Education, Inc. 7 Computer Viruses and Other Destructive Code What is your favorite virus? s with enticing subject lines Phishing

Spam Used for Phishing

Copyright © 2014 Pearson Education, Inc. 9 Denial of Service Attack Attackers prevent legitimate users from accessing services. Zombie computers – Created by viruses or worms – Attack Web sites Servers crash under increased load. – MyDoom attack on Microsoft’s Web site

Copyright © 2014 Pearson Education, Inc. 10 Cybersquatting The practice of registering a domain name and later reselling it. Some of the victims include: – Eminem – Panasonic – Hertz – Avon Anti-Cybersquatting Consumer Protection Act in 1999 – Fines as high as $100,000 – Some companies pay the cybersquatters to speed up the process of getting the domain.

Copyright © 2014 Pearson Education, Inc. 11 Cyber Harassment, Stalking, and Bullying Cyber harassment—Crime that broadly refers to the use of a computer to communicate obscene, vulgar, or threatening content. Cyber stalking – Making false accusations that damage reputation of another – Gaining information on a victim by monitoring online activities – Using the Internet to encourage others to harass a victim – Attacking data and equipment of a victim by sending viruses or other destructive code – Using the Internet to place false orders for goods or services

Copyright © 2014 Pearson Education, Inc. 12 Information Systems Security Computer Crime Define computer crime and describe several types of computer crime. Cyberwar and Cyberterrorism Describe and explain the differences between cyberwar and cyberterrorism. Information Systems Security Explain what is meant by the term “IS security” and describe both technology and human based safeguards for information systems. Managing IS Security Discuss how to better manage IS security and explain the process of developing an IS security plan. Information Systems Controls, Auditing, and the Sarbanes-Oxley Act Describe how organizations can establish IS controls to better ensure IS security.

Copyright © 2014 Pearson Education, Inc. 13 Safeguarding IS Resources Risk Reduction – Actively installing countermeasures Risk Acceptance – Accepting any losses that occur Risk Transference – Insurance – Outsourcing

Copyright © 2014 Pearson Education, Inc. 14 Information Systems Security All systems connected to a network are at risk. – Internal threats – External threats Information systems security – Precautions to keep IS safe from unauthorized access and use Increased need for good computer security with increased use of the Internet & related technologies

Copyright © 2014 Pearson Education, Inc. 15 Technological Safeguards - Six Types Physical access restrictions – Difficult & Costly Authentication – Use of passwords – Photo ID cards, smart cards – Keys to unlock a computer – Combination Authentication dependent on – Something you have – Something you know – Something you are

Copyright © 2014 Pearson Education, Inc. 16 Biometrics – Most Sophisticated Form of authentication – Fingerprints – Retinal patterns – Facial features and so on Fast authentication High security

Copyright © 2014 Pearson Education, Inc. 17 Wireless LAN Control Wireless LAN cheap and easy to install Use on the rise Signal transmitted through the air – Susceptible to being intercepted – Drive-by hacking Important to do this!

Copyright © 2014 Pearson Education, Inc. 18 Virtual Private Networks Connection constructed dynamically within an existing network Tunneling – Send private data over public network – Encrypted information

Copyright © 2014 Pearson Education, Inc. 19 Firewalls Firewall—A system designed to detect intrusion and prevent unauthorized access Implementation – Hardware, software, mixed

Copyright © 2014 Pearson Education, Inc. 20 Virus Monitoring and Prevention Virus prevention – Purchase and install antivirus software. Update frequently. – Do not download data from unknown sources. Flash drives, disks, Web sites – Delete (without opening) s from unknown sources. – Do not blindly open attachments Even if they come from a known source. – Report any viruses to the IT department.

Copyright © 2014 Pearson Education, Inc. 21 Secure Data Centers Specialized facilities are important. Technical Requirements – Power – Cooling How do organizations reliably protect themselves from threats?

Copyright © 2014 Pearson Education, Inc. 22 Managing IS Security Computer Crime Define computer crime and describe several types of computer crime. Cyberwar and Cyberterrorism Describe and explain the differences between cyberwar and cyberterrorism. Information Systems Security Explain what is meant by the term “IS security” and describe both technology and human based safeguards for information systems. Managing IS Security Discuss how to better manage IS security and explain the process of developing an IS security plan. Information Systems Controls, Auditing, and the Sarbanes-Oxley Act Describe how organizations can establish IS controls to better ensure IS security.

Copyright © 2014 Pearson Education, Inc. 23 Managing Information Systems Security Non-technical safeguards – Management of people’s use of IS Acceptable use policies – Trustworthy employees – Well-treated employees

Copyright © 2014 Pearson Education, Inc. 24 Disaster Planning Disasters can’t be completely avoided. Need to be prepared. Business continuity plan – describes how a business resumes operation after a disaster Disaster recovery plan – Subset of business continuity plan – Procedures for recovering from systems-related disasters – Two types of objectives Recovery time objectives (Maximum time allowed to recover) Recovery point objectives (How current should the backup material be?)

Copyright © 2014 Pearson Education, Inc. 25 Information Systems Controls, Auditing Computer Crime Define computer crime and describe several types of computer crime. Cyberwar and Cyberterrorism Describe and explain the differences between cyberwar and cyberterrorism. Information Systems Security Explain what is meant by the term “IS security” and describe both technology and human based safeguards for information systems. Managing IS Security Discuss how to better manage IS security and explain the process of developing an IS security plan. Information Systems Controls, Auditing Describe how organizations can establish IS controls to better ensure IS security.

Copyright © 2014 Pearson Education, Inc. 26 IS Auditing Information Systems audit – Performed by external auditors to help organizations assess the state of their IS controls. To determine necessary changes To assure the IS availability, confidentiality, and integrity Risk assessment – Determine what type of risks the IS infrastructure faces. Computer-Assisted Auditing Tools (CAAT) – Specific software to test applications and data, using test data or simulations.

Copyright © 2014 Pearson Education, Inc. 27 Hierarchy of IS Controls Preventive Detective Did Something Go Wrong? Corrective Mitigation After the Fact Types

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.