Information Systems, Security, and e-Commerce* ACCT7320, Controllership C. Bailey *Ch. 43-46 in Controllership : The Work of the Managerial Accountant,

Slides:



Advertisements
Similar presentations
IT Security Policy Framework
Advertisements

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Security Controls – What Works
Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Chapter 12 Network Security.
Lecture 10 Security and Control.
1 An Overview of Computer Security computer security.
Lecture 10 Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Lecture 11 Reliability and Security in IT infrastructure.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
E-Commerce Security and Fraud Issues and Protections
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Chapter 3: Information Security Framework
Session 3 – Information Security Policies
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Chapter 8 Security and Control.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
SEC835 Database and Web application security Information Security Architecture.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Internet Security for Small & Medium Business Week 6
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.
1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,
Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.
April 09, 2008 The Demilitarized Zone as an Information Protection Network, By Parvathy Subramanian 1 The Demilitarized Zone as an Information Protection.
IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
06/02/06 Workshop on knowledge sharing using the new WWW tools May 30 – June 2, 2006 GROUP Presentation Group 5 Group Members Ambrose Ruyooka Emmanuel.
Chap1: Is there a Security Problem in Computing?.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
Chapter 8 Auditing in an E-commerce Environment
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
CPT 123 Internet Skills Class Notes Internet Security Session B.
IS3220 Information Technology Infrastructure Security
LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.
Securing Information Systems
Chapter 17 Risks, Security and Disaster Recovery
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Chapter 3: IRS and FTC Data Security Rules
IS4680 Security Auditing for Compliance
Chapter 9 E-Commerce Security and Fraud Protection
Cybersecurity compliance for attorneys
INFORMATION SYSTEMS SECURITY and CONTROL
How to Mitigate the Consequences What are the Countermeasures?
Mohammad Alauthman Computer Security Mohammad Alauthman
Presentation transcript:

Information Systems, Security, and e-Commerce* ACCT7320, Controllership C. Bailey *Ch in Controllership : The Work of the Managerial Accountant, by Janice M. Roehl-Anderson, Steven M. Bragg, 7th Edition, 2004.

Information Security Systems: Risk Analysis Process

Controller’s Role in Information Security (p. 841) Establishing top-level information protection goals Monitoring compliance to security standards and policies Assessing the risk to mission-critical systems – Balancing costs, benefits Participating in the investigation of security incidents – Including evaluation of loss or impact

Goals concerning data Confidentiality Integrity Availability

Types of threats Intentional: – Unauthorized access by outsider – Unauthorized access by insider – Malicious software Unintentional: – Hardware/software failure – Human error

Policies Levels of information – Restricted (release would cause serious damage) – Company Confidential (dondisclosure agreements) – Internal use only (business purpose, as needed) – Public Classes of Service (relative importance to day-to-day operations) – Production—mission critical – Production—non-mission-critical – Developmental – Experimental/prototype Less critical

Security measures Technical (p. 838) – Access controls, passwords, biometrics, firewalls… Nontechnical (p. 839) – Policies for use, physical access, insurance, recovery plans…

Enterprise Security Challenges Client server systems – Versus old mainframes Networks & internet – Virtual private networking (VPN) Interconnected customer & vendor – Encryption, key certificates, digital signatures

Enforcement (Ch. 44) Create enforceable policy – Explicit – Implementable within tech limitations Balanced, not extreme – Spell out consequences – Define escalation procedures Chain command; reporting number to call? – Clear acceptable-use policy Signed by employee

Enforceable policy, cont’d Notification of proprietary nature of systems – Essential for criminal case Actions to take if intrusion is suspected – Plan spelled out

After infraction occurs Documenting the “crime scene” – Circumstances – Define the bounds No not contact the suspect – May rule out police involvement Create backup Assure system integrity Assess the damage – Quantifiable?? Approach law enforcement officials

E-Commerce Security (Ch. 45) Architectures – Traditional; single-enterprise network – Demilitarized zone w/mail & web servers – Layered architectures A fundamental restructuring Multiple firewalls within the network

Critical security measures Firewalls – Monitors for suspicious strings/commands – Hardware or software based Intrusion detection & response software Encryption – SSL widely used for e-commerce – Assurance that: Message not intercepted Not tampered with Person is who you think they are Appropriate where parties are strangers

Critical security measures, cont’d. Authentication – E.g., your bank; shared secret, etc. – Relevant to both parties Are you really dealing with your bank?! Access control – E.g., different clerks can approve, make payments Host hardening Vulnerability testing

Digital Signatures (Ch. 46) Public key cryptology – Anyone can decode the message – Only the person with the private key can create it. Does not provide privacy, just authentication Digital certificates needed to identify who creator is – Certification authority must be trusted (like notary)

What drives adoption of digital signatures? Internet increasingly used for commerce – vs. expensive dedicated lines Useful even internally …but legal status still hazy

Let’s go phishing…

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.