Presentation is loading. Please wait.

Presentation is loading. Please wait.

INFORMATION SYSTEMS SECURITY and CONTROL

Similar presentations


Presentation on theme: "INFORMATION SYSTEMS SECURITY and CONTROL"— Presentation transcript:

1 INFORMATION SYSTEMS SECURITY and CONTROL

2 What is security? The quality or state of being secure to be free from danger Security is achieved using several strategies simultaneously or used in combination with one another Security is recognized as essential to protect vital processes and the systems that provide those processes Security is not something you buy, it is something you do

3 Vulnerability, Threat and Attack
A vulnerability:- is a weakness in security system Can be in design, implementation, etc. Can be hardware, or software A threat:- is a set of circumstances that has the potential to cause loss or harm Or it’s a potential violation of security Threat can be: Accidental (natural disasters, human error, …) Malicious (attackers, insider fraud, …) An attack:- is the actual violation of security

4 Why Systems are Vulnerable?
Hardware problems- Breakdowns, configuration errors, damage from improper use or crime Software problems- Programming errors, installation errors, unauthorized changes) Disasters- Power failures, flood, fires, etc. Use of networks and computers outside of firm’s control - E.g. with domestic or offshore outsourcing vendors

5 SYSTEM VULNERABILITY AND ABUSE
Concerns for System Builders and Users Disaster Destroys computer hardware, programs, data files, and other equipment Security Prevents unauthorized access, alteration, theft, or physical damage

6 SYSTEM VULNERABILITY AND ABUSE
Concerns for System Builders and Users Errors- Cause computers to disrupt or destroy organization’s record-keeping and operations Bugs- Program code defects or errors Maintenance - Maintenance costs high due to organizational change, software complexity, and faulty system analysis and design

7 RISKS & THREATS Virus Attacks Systems & Network Failure
Theft, Sabotage, Misuse High User Knowledge of IT Systems Natural Calamities & Fire Lack Of Documentation Lapse in Physical Security

8 BUSINESS VALUE OF SECURITY AND CONTROL
Inadequate security and control may create serious legal liability. Businesses must protect not only their own information assets but also those of customers, employees, and business partners. Failure to do so can lead to costly litigation for data exposure or theft. A sound security and control framework that protects business information assets can thus produce a high return on investment.

9 ESTABLISHING A MANAGEMENT FRAMEWORK FOR SECURITY AND CONTROL
General controls: Establish framework for controlling design, security, and use of computer programs Software controls Hardware controls Computer operations controls Data security controls Implementation controls

10 Application controls:
Unique to each computerized application Input Processing Output

11 CREATING A CONTROL ENVIRONMENT
Controls:- Methods, policies, and procedures Ensures protection of organization’s assets Ensures accuracy and reliability of records, and operational adherence to management standards

12 CREATING A CONTROL ENVIRONMENT
Mirroring: Duplicating all processes and transactions of server on backup server to prevent any interruption Clustering: Linking two computers together so that a second computer can act as a backup to the primary computer or speed up processing

13 CREATING A CONTROL ENVIRONMENT
Internet Security Challenges Firewalls:- Hardware and software controlling flow of incoming and outgoing network traffic Prevent unauthorized users from accessing private networks Intrusion Detection System:- Monitors vulnerable points in network to detect and deter unauthorized intruders

14 CREATING A CONTROL ENVIRONMENT
Internet Security Challenges Encyption: - Coding and scrambling of messages to prevent their access without authorization Authentication: - Ability of each party in a transaction to ascertain identity of other party Message integrity: - Ability to ascertain that transmitted message has not been copied or altered

15 CREATING A CONTROL ENVIRONMENT
Internet Security Challenges Digital signature: -Digital code attached to electronically transmitted message to uniquely identify contents and sender Digital certificate: -Attachment to electronic message to verify the sender and to provide receiver with means to encode reply Secure Electronic Transaction (SET): -Standard for securing credit card transactions over Internet and other networks

16 MANAGEMENT CHALLENGES
Implementing an effective security policy Applying quality assurance standards in large systems projects What are the most important software quality assurance techniques? Why are auditing information systems and safeguarding data quality so important?


Download ppt "INFORMATION SYSTEMS SECURITY and CONTROL"

Similar presentations


Ads by Google