Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 17 Risks, Security and Disaster Recovery

Published byHolly Ross Modified over 6 years ago

Similar presentations

Presentation on theme: "Chapter 17 Risks, Security and Disaster Recovery"— Presentation transcript:

1 Chapter 17 Risks, Security and Disaster Recovery
Management Information Systems, 4th Edition

2 Learning Objectives Describe the primary goals of information security
Enumerate the main types of risks to information systems List the various types of attacks on networked systems Management Information Systems, 4th Edition

3 Learning Objectives (Cont.)
Describe the types of controls required to ensure the integrity of data entry and processing and uninterrupted e-commerce Describe the various kinds of security measures that can be taken to protect data and ISs Outline the principles of how organizations develop recovery plans Explain the economic aspects of information security Management Information Systems, 4th Edition

4 Goals of Information Security
Reduce the risk of systems and organizations ceasing operations Maintain information confidentiality Ensure the integrity and reliability of data resources Ensure the uninterrupted availability of data resources and online operations Ensure compliance with national security laws and privacy policies and laws Management Information Systems, 4th Edition

5 Risks to Information Systems
Risks to Hardware Natural disasters Blackouts and brownouts Vandalism Management Information Systems, 4th Edition

6 Risks to Information Systems (Cont.)
Risks to Applications and Data Theft of information Social engineering and identity theft Data alteration, data destruction, and Web defacement Computer viruses, worms, and logic bombs Nonmalicious mishaps Management Information Systems, 4th Edition

7 Risks to Online Operations
Denial of service Hijacking Spoofing Management Information Systems, 4th Edition

8 Risks to Online Operations
Management Information Systems, 4th Edition

9 Controls Management Information Systems, 4th Edition

10 Controls (Cont.) Program Robustness and Data Entry Controls Backup
Provide a clear and sound interface with the user Menus and limits Backup Periodic duplication of all data Access Controls Ensure that only authorized people can gain access to systems and files Access codes and passwords Management Information Systems, 4th Edition

11 Controls (Cont.) Management Information Systems, 4th Edition

12 Controls (Cont.) Atomic Transactions Audit Trails
Ensures that transaction data are recorded properly in all the pertinent files to ensure integrity Audit Trails Built into an IS so that transactions can be traced to people, times, and authorization information Management Information Systems, 4th Edition

13 Controls (Cont.) Management Information Systems, 4th Edition

14 Security Measures Firewalls
Defense against unauthorized access to systems over the Internet Controls communication between a trusted network and the “untrusted” Internet Proxy Server: represents another server for all information requests and acts as a buffer Management Information Systems, 4th Edition

15 Security Measures (Cont.)
Management Information Systems, 4th Edition

16 Authentication and Encryption
Keeps communications secret Authentication: the process of ensuring the identity of the person sending the message Encryption: coding a message into a form unreadable to an interceptor Management Information Systems, 4th Edition

17 Authentication and Encryption (Cont.)
Management Information Systems, 4th Edition

18 Authentication and Encryption (Cont.)
Encryption Strength Distribution Restrictions Public-key Encryptions Symmetric and asymmetric encryption Secure Sockets Layer and Secure Hypertext Transport Protocol Pretty Good Privacy Management Information Systems, 4th Edition

19 Authentication and Encryption (Cont.)
Management Information Systems, 4th Edition

20 Authentication and Encryption (Cont.)
Management Information Systems, 4th Edition

21 Digital Signatures and Digital Certificates
Electronic Signatures Digital Signatures Digital Certificates Management Information Systems, 4th Edition

22 Digital Signatures and Digital Certificates (Cont.)
Management Information Systems, 4th Edition

23 Digital Signatures and Digital Certificates (Cont.)
Management Information Systems, 4th Edition

24 The business recovery plan
Obtain management’s commitment to the plan Establish a planning committee Perform risk assessment and impact analysis Prioritize recovery needs: critical, vital, sensitive, noncritical Management Information Systems, 4th Edition

25 The business recovery plan (Cont.)
Select a recovery plan Select vendors Develop and implement the plan Test the plan Continually test and evaluate Management Information Systems, 4th Edition

26 Recovery plan providers
Companies that specialize in either disaster recovery planning or provision of alternate sites Small companies can opt for Web-based services Management Information Systems, 4th Edition

27 The IS Security Budget Management Information Systems, 4th Edition

28 The IS Security Budget (Cont.)
How much security is enough security? Calculating downtime Management Information Systems, 4th Edition

29 The IS Security Budget (Cont.)
Management Information Systems, 4th Edition

30 Ethical and Societal Issues Terrorism, Carnivores, and Echelons
Carnivorous methods FBI developed Carnivore Device is attached to the ISP servers to monitor Top Echelon Surveillance system Management Information Systems, 4th Edition

31 Summary Information Security has certain major goals
There are different types of risks to information systems There are various types of attacks on networked systems There are different types of controls that ensure integrity of data and e-commerce There are various measures that can protect data and ISs Management Information Systems, 4th Edition

Download ppt "Chapter 17 Risks, Security and Disaster Recovery"

Similar presentations

Management Information Systems, Sixth Edition

Management Information Systems, Sixth Edition
Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Fundamentals of Information Systems, Second Edition 1 Security, Privacy, and Ethical Issues in Information Systems and the Internet Chapter 9.

Fundamentals of Information Systems, Second Edition 1 Security, Privacy, and Ethical Issues in Information Systems and the Internet Chapter 9.
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
E-Business Risks Chapter Seven. E-Business Models EDI Web pages The online environment Distributed e-business and intranets Supply chain linkage Collaborative.

E-Business Risks Chapter Seven. E-Business Models EDI Web pages The online environment Distributed e-business and intranets Supply chain linkage Collaborative.
Chapter 17 Controls and Security Measures

Chapter 17 Controls and Security Measures
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Lecture 10 Security and Control.

Lecture 10 Security and Control.
Lecture 10 Security and Control.

Lecture 10 Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Risks, Controls and Security Measures

Risks, Controls and Security Measures
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
1 Senn, Information Technology, 3 rd Edition © 2004 Pearson Prentice Hall James A. Senn’s Information Technology, 3 rd Edition Chapter 14 Issues in Information.

1 Senn, Information Technology, 3 rd Edition © 2004 Pearson Prentice Hall James A. Senn’s Information Technology, 3 rd Edition Chapter 14 Issues in Information.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Fifth Edition 1 M a n a g e m e n t I n f o r m a t i o n S y s t e m s M a n a g I n g I n f o r m a t i o n T e c h n o l o g y i n t h e E – B u s i.

Fifth Edition 1 M a n a g e m e n t I n f o r m a t i o n S y s t e m s M a n a g I n g I n f o r m a t i o n T e c h n o l o g y i n t h e E – B u s i.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Eleventh Edition 1 Introduction to Information Systems Essentials for the Internetworked E-Business Enterprise Irwin/McGraw-Hill Copyright © 2002, The.

Eleventh Edition 1 Introduction to Information Systems Essentials for the Internetworked E-Business Enterprise Irwin/McGraw-Hill Copyright © 2002, The.

Similar presentations

Ads by Google