Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Information Systems

Published byVendula Havlová Modified over 5 years ago

Similar presentations

Presentation on theme: "Securing Information Systems"— Presentation transcript:

1 Securing Information Systems
Chapter 8 Securing Information Systems

2 Management Information Systems Chapter 8 Securing Information Systems
LEARNING OBJECTIVES Analyze why information systems need special protection from destruction, error, and abuse. Why systems are vulnerable Malicious software Hackers ad computer crime Internal threats Assess the business value of security and control.

3 System Vulnerability And Abuse
Management Information Systems Chapter 8 Securing Information Systems Can you imagine what would happen if u tried to link to the internet without a firewall? Your computer would be disabled Many days to recover Confidential data would be destroyed In a business ,too much data destroyed u might not be able to operate.

4 System Vulnerability And Abuse
Management Information Systems Chapter 8 Securing Information Systems Operate a business Security and control top priority. Security refer to the policies, procedures and technical measures used to prevent unauthorized access, alteration, theft or physical damage to IS. Controls are methods, policies and organizational procedures that ensure the safety of the organization assets.

5 Why systems are vulnerable
Data stored in electronic form is more vulnerable to threats than data in manual form. In a network ,IS in different locations are interconnected Unauthorized access is not limited to a single location ,can occur at any access point in the network.

6 Client server environment vulnerabilities
Management Information Systems Chapter 8 Securing Information Systems In a multi tier client server computing environment Vulnerabilities exist at each layer Communication between the layers. Users at the client layer cause harm Introducing errors Accessing system without authorization Access data flowing over a network Steal valuable data during transmission Intruders can launch denial of service attacks Malicious softwares Penetrating corporate systems can destroy or alter corporate systems.

7 Why Systems Are Vulnerable
Management Information Systems Chapter 8 Securing Information Systems SYSTEM VULNERABILITY AND ABUSE Why Systems Are Vulnerable Contemporary Security Challenges and Vulnerabilities Figure 8-1

8 Internet vulnerabilities
Internet highly vulnerable Virtually open to anyone Internet becomes a part of corporate network IS systems become more vulnerable to outsiders due to internet.

9 Wireless Security Challenges:
Management Information Systems Chapter 8 Securing Information Systems SYSTEM VULNERABILITY AND ABUSE Wireless Security Challenges: Wireless network Radio frequency bands are easy to scan Bluetooth and WI-FI are susceptible to cracking by eaves dropper. Hackers can use softwares to detect unprotected networks

10 Wireless security challenges
Management Information Systems Chapter 8 Securing Information Systems Systems Vulnerability and Abuse Wireless security challenges Many home networks and public hotspots open to anyone, so not secure, communication unencrypted LANs using standard can be easily penetrated Service set identifiers (SSIDs) identify access points in Wi-Fi network and are broadcast multiple times WEP (Wired Equivalent Privacy): Initial Wi-Fi security standard not very effective as access point and all users share same password 10

11 Wi-Fi Security Challenges
Management Information Systems Chapter 8 Securing Information Systems Systems Vulnerability and Abuse Wi-Fi Security Challenges Many Wi-Fi networks can be penetrated easily by intruders using sniffer programs to obtain an address to access the resources of a network without authorization. Figure 8-2 11

12 Why Systems Are Vulnerable (Continued) Internet Vulnerabilities:
Management Information Systems Chapter 8 Securing Information Systems SYSTEM VULNERABILITY AND ABUSE Why Systems Are Vulnerable (Continued) Internet Vulnerabilities: Use of fixed Internet addresses through use of cable modems or DSL Fixed target for hackers. Lack of encryption with most Voice over IP (VoIP) Hackers can intercept conversation. Widespread use of and instant messaging (IM) Attachments, unauthorized recipients No secure layer for text messages

13 Malicious Software: Viruses, Worms, and Spyware
Management Information Systems Chapter 8 Securing Information Systems SYSTEM VULNERABILITY AND ABUSE Malicious Software: Viruses, Worms, and Spyware Hackers and Cybervandalism Computer viruses, worms, Spyware Identity theft, phishing, pharming Vulnerabilities from internal threats (employees); software flaws

14 Malicious Software: Viruses, Worms, and Spy ware
Malicious software programs are referred to as malware. Malware include threats ,viruses, worms and Trojan Horses. Computer virus is a software program that attaches itself to other software programs or data files in order to be executed, usually without user knowledge. Worms which are independent computer programs that copy themselves from one computers over a network. Virus that spreads from computer to computer, file to file. Worms spread much more rapidly than a virus. Destroy data and programs Disrupt and halt operation

15 Malicious Software: Viruses, Worms, and Spyware
Worms spread through Files attached to Instant messaging Infected disks worms are most Problematic

16 Malicious Software: Viruses, Worms, and Spyware
Trojan Horse Software program that appears to be benign but then does something other than expected. Not a virus doesn’t replicate. Way for viruses or other malicious code to be introduced into computer. Ex: Electronic greeting card lures in to trick windows users into launching an executable program. Once executed it pretends to be apache web server and tries to deliver executable malware programs.

17 Malicious Software: Viruses, Worms, and Spyware
Other spy ware can secretly install itself on an Internet user’s computer by piggybacking on larger applications. Once installed, the spy ware calls out to Web sites to send banner ads and other unsolicited material to the user A form of spy ware: Key loggers Record keystrokes made on computer Steal serial numbers, passwords to protected computers systems , credit card numbers Slows computer performance

18 Hacker and computer crime
Hacker gains unauthorized access to a computer system. Finds weaknesses in the security protections employed by systems. Thefts of goods and information System damage and cyber vandalism Cyber vandalism the intentional disruption, defacement or destruction of websites corporate information systems.

19 Management Information Systems Chapter 8 Securing Information Systems
Hacker and computer crime Hackers also known as cracker trying to hide identity often spoof or misrepresent themselves by using fake addresses. Spoofing also may involve redirecting a web link to an address different from the intended one. With the site masquerading as the intended one. If customers is redirected to a fake site that looks like the true site they can collect and process orders. Steal business and customer information

20 Hacker and computer crime
Sniffer is a type of eavesdropping program that monitors information traveling over a network. Legitimates use Help identify network troubleshoots Criminal activity on network Criminal purpose damaging and difficult to detect. Help hackers to steal information ,company file and confidential reports

21 Hacker and computer crime
DoS Attack Denial of service attack Hacker flood a network server or web server with many thousand of false communication or request of services to crash the network. Receives so many queries cannot keep up. Do not destroy information Cause a website to shutdown. Distributed denial of service attack Uses numerous computer to inundate from numerous launch points.

22 Computer Crime Computer crime is the commission of illegal acts through the use of a computer or against a computer system Computer as target of crime Accessing computer without authority Breaching confidentiality of protected computerized data Computer as instrument of crime Theft of trade secrets and unauthorized copying of software or copyrighted intellectual property Using for threats or harassment

23 Identity theft Identity theft
Is a crime in which an imposter obtains key pieces of personal information such as Social security number Driver license number Credit card numbers Information maybe used to obtain credit, merchandise service in the name of victim or to provide thief with false credentials.

24 Phising Phising form of spoofing
Setting up fake Web sites to ask users for confidential information. Sending messages that look like those of legitimate businesses; Ask user for personal data. Update records by providing SSN or credit card number. Or answer s

25 Evil twins Evil twins are wireless networks that pretend to offer Wi-fi connections At airports, hotels and coffee shop Capture password or credit card numbers.

26 Pharming Pharming Redirecting users to a fraudulent Web site even when the user has typed in the correct address in the browser.

27 Internal threats Internal threats: employee
Company insiders pose serious security problems Access to inside information– like security codes and passwords May leave little trace

28 Software vulnerability
Software flaws Bugs Software errors are constant threat to information systems Cost U.S. economy $59.6 billion each year Can enable malware to slip past antivirus defenses

29 Firewalls, Intrusion Detection Systems, and Antivirus Software
Management Information Systems Chapter 8 Securing Information Systems TECHNOLOGIES AND TOOLS FOR SECURITY AND CONTROL Firewalls, Intrusion Detection Systems, and Antivirus Software Firewalls: Hardware and software controlling flow of incoming and outgoing network traffic Placed between internal network and internet Acts as a gatekeeper checks user credential and then grant access. Prevents unauthorized communication. Protection against malware and intruders.

30 A Corporate Firewall Management Information Systems Figure 8-6
Chapter 10 Security and ControlChapter 8 Securing Information Systems TECHNOLOGIES AND TOOLS FOR SECURITY AND CONTROL A Corporate Firewall Figure 8-6

31 TECHNOLOGIES AND TOOLS FOR SECURITY AND CONTROL
Antivirus software: Software that checks computer systems and drives for the presence of computer viruses and can eliminate the virus from the infected area To remain effective, antivirus software must be continually updated Antispyware software tools: Many leading antivirus software vendors include protection against spyware(Mcafee) Standalone tools available (spyware doctor)

Download ppt "Securing Information Systems"

Similar presentations

What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.

What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.
Lecture 14 Securing Information Systems

Lecture 14 Securing Information Systems
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Module 2: Information Technology Infrastructure

Module 2: Information Technology Infrastructure
7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.

7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Lecture 10 Security and Control.

Lecture 10 Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Securing Information Systems

Securing Information Systems
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
ISNE101 Dr. Ken Cosh Week 14. This Week  Challenges (still) facing Modern IS  Reliability  Security.

ISNE101 Dr. Ken Cosh Week 14. This Week  Challenges (still) facing Modern IS  Reliability  Security.
PART THREE E-commerce in Action Norton University E-commerce in Action.

PART THREE E-commerce in Action Norton University E-commerce in Action.
Prepared by: Dinesh Bajracharya Nepal Security and Control.

Prepared by: Dinesh Bajracharya Nepal Security and Control.
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.

1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
8.1 CSC 601 Management Information Systems Chapter 8 Securing Information Systems.

8.1 CSC 601 Management Information Systems Chapter 8 Securing Information Systems.
C8- Securing Information Systems

C8- Securing Information Systems

Similar presentations

Ads by Google