Viewing Information Systems Security. The basic objectives of Information Security are the same as the basic objectives of EDP auditing. They are: 1.To.

Slides:

Advertisements

Similar presentations

Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.

Advertisements

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

Information Technology Control Day IV Afternoon Sessions.

Is There a Security Problem in Computing? Network Security / G. Steffen1.

Auditing Computer Systems

Managing Information Systems Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345.

Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 11 Data Security. Manager’s View Issues regarding information security and ethics regarding information systems are critical to all managers in.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.

Lecture 11 Reliability and Security in IT infrastructure.

Factors to be taken into account when designing ICT Security Policies

Auditing Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.

Chapter 3.  Security Framework  Operational Security Lifecycle  Security Perimeter  Access Control  Social Engineering  Environmental Issues.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

11.1 Copyright © 2005 Pearson Education Canada Inc. Management Information Systems, Second Canadian Edition Chapter 11: Information Systems Security, Quality,

UNIT 3C Security of Information. SECURITY OF INFORMATION Firms use passwords to prevent unauthorised access to computer files. They should be made up.

Security The Kingsway School. Accidental Data Loss Data can be lost or damaged by: Hardware failure such as a failed disk drive Operator error e.g. accidental.

Protecting ICT Systems

Disaster Planning and Security Policies. Threats to data DeliberateTerrorism Criminal vandalism/sabotage White collar crime Accidental Floods and fire,

Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the.

Computer Based Information Systems Control UAA – ACCT 316 – Fall 2003 Accounting Information Systems Dr. Fred Barbee.

1 I.Assets and Treats Information System Assets That Must Be Protected People People Hardware Hardware Software Software Operating systems Operating systems.

GCSE ICT Viruses, Security & Hacking. Introduction to Viruses – what is a virus? Computer virus definition - Malicious code of computer programming How.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

1.1 System Performance Security Module 1 Version 5.

What does “secure” mean? Protecting Valuables

Security and backups GCSE ICT.

Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Information Systems Security Operational Control for Information Security.

System Security Chapter no 16. Computer Security Computer security is concerned with taking care of hardware, Software and data The cost of creating data.

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

John Carpenter & lecture & Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals.

Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.

Note1 (Admi1) Overview of administering security.

ICT Homework- ICT Security Consultant PowerPoint.

Zulhizam Bin Ebrahim Mohd Shamir Bin Abd Azia Muhammad Salehin Bin Suhaimi

SECURITY OF DATA By: ADRIAN PERHAM. Issues of privacy; Threats to IT systems; Data integrity; Standard clerical procedures; Security measures taken to.

Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,

Chap1: Is there a Security Problem in Computing?.

Cmpe 471: Personnel and Legal Issues. Personnel Crime is a human issue not a technological one Hiring On-going management Unauthorised access Redundancy.

Communication in Administration (Security)

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Bailey Ryan.

The Importance of Proper Controls. 5 Network Controls Developing a secure network means developing mechanisms that reduce or eliminate the threats.

CONTROLLING INFORMATION SYSTEMS

Computer Security By Duncan Hall.

Protecting Data. Privacy Everyone has a right to privacy Data is held by many organisations –Employers –Shops –Banks –Insurance companies –etc.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

© 2003 McGraw-Hill Australia Pty Ltd, PPTs t/a Accounting Information & Reporting Systems by A. Aseervatham and D. Anandarajah. Slides prepared by Kaye.

Learning Intention Security of Information. Why protect files? To prevent unauthorised access to confidential information To prevent virus/corruption.

By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

ANS File Security Chapter # 29 ( Prepared by : Mazhar Javed ) 1 Data Security “Protection against loss, corruption of, or unauthorized access of data”

UNIT V Security Management of Information Technology.

Cybersecurity: Risk Management

Information Systems Security

Securing Information Systems

Risk management.

Computer security Computer security means protecting our computer system and the information they contain againts unwanted access, damage,destruction or.

Planning and Security Policies

Data integrity and security

INFORMATION SYSTEMS SECURITY and CONTROL

Security of Data

Unit 4 IT Security Kerris Davies.

Presentation transcript:

Viewing Information Systems Security

The basic objectives of Information Security are the same as the basic objectives of EDP auditing. They are: 1.To Control the loss of assets. 2.To ensure the integrity and reliability of data. 3.To improve the efficiency / effectiveness of Information Systems Applications To accomplish these objectives, the manager must make certain that the risks to information systems are identified and that appropriate security controls are used to eliminate or reduce the risks.

Risks The dangers to information systems are the people, hardware, software, data and other assets with which they are associated necessitate security controls. These dangers include onatural disasters, othieves, oindustrial spies, odisgruntled employees, ocomputer viruses, oaccidents, and oeven poorly trained or naive employees.

Risks Threats and Vulnerabilities Risks By Risk they mean potential loss to the firm. Potential risk refers to, potential monetary losses whether those losses are direct or indirect.. The monetary losses may result from total loss, partial damage, or even the temporary loss of an information systems asset. Threats When EDP auditors use the term Threat, they refer to people actions, events or other situations that could trigger losses. Eg. For a website hacking is regarded as a threat aided by Internet Viruses and worms.

Vulnerabilities When auditors use the term Vulnerability, they mean flaws, problems or other conditions that make a system open to threats. A firm’s potential risk of losing all of its microcomputers occurs when the threat of a thief stealing the microcomputers becomes possible, eg. Example, when inadequate lock and alarm systems are used in the building in the building in which the PCs are housed.

Controls Controls are countermeasures to threats. Controls are the tools that are used to counter risks from people, actions, events or situations that can threaten an information system. Types of Controls Physical Controls – are controls that use physical protection measures. It might include door locks, keyboard locks, fire doors and sump pumps, controls over the access and use of computer facilities and equipment and controls for prevention of theft. Electronic Controls – are controls that use electronic measures to identify or prevent threats. Electronic controls might include motion sensors. It also includes intruder detection and biological access controls – biometric systems, such as log-in IDs, passwords, badges, hand and voice retina print access controls.

Software Controls – are program code control used in IS Applications to identify, prevent or recover from errors, unauthorised access and other threats. Management Controls – often result from setting, implementing, and enforcing policies and procedures. Employees may be required to back up or archive their data at regular intervals and to take back up or copies of data files to secure, off-site locations for storage. Management may enforce policies that require employees to take their vacation time or ensure separation of duties to reduce the threat of embezzlement. Required employee training may be used to reduce data entry errors, or background checks may be required for employees who have certain levels of access to information systems.