Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ch.5 It Security, Crime, Compliance, and Continuity

Similar presentations


Presentation on theme: "Ch.5 It Security, Crime, Compliance, and Continuity"— Presentation transcript:

1 Ch.5 It Security, Crime, Compliance, and Continuity
Lecture 4 Ch.5 It Security, Crime, Compliance, and Continuity

2 5.1 Protecting Data and Business Operations
IT security: the protection of data, systems, networks, and operations. Technology defenses are necessary, but they’re not suff icient because protecting data and business operations also involves: Implementing and enforcing acceptable use policies (AUPs). Complying with government regulations and laws. Making data available 24x7 while restricting access. Promoting secure and legal sharing of information.

3 IT Security Principles

4 Know Your Enemy and Your Risks
IT security risks are business risks Threats range from high-tech exploits to gain acce ss to a company’s networks to non-tech tactics su ch as stealing laptops or items of value. Common examples: Malware (malicious software): viruses, worms, trojan hors es, spyware, and disruptive or destructive programs insider error or action, either intentional or unintentional. Fraud Fire, flood, or other natural disasters

5 IT at Work 5.1 $100 Million Data Breach
May 2006: a laptop and external hard drive belo nging to the U.S. Dept of Veterans Affairs (VA) w ere stolen during a home burglary. Data on 26.5 million veterans and spouses had b een stored in plaintext. VA Secretary Jim Nicholson testified before Cong ress that it would cost at least $10 million just to inform veterans of the security breach. Total cost of data breach: $100 million

6 Risks Cloud computing Social networks Phishing
Search engine manipulation Money laundering Organized crime Terrorist financing

7 IT Security Defense-in-Depth Model

8 5.2 IS Vulnerabilities and Threats
Unintentional human error environmental hazards computer system failure Intentional hacking malware manipulation

9 Figure 5.4 How a computer virus can spread

10 Malware and Botnet Defenses
Anti-virus software Firewalls Intrusion detection systems (IDS) Intrusion prevention systems (IPS)

11 5.4 IT and Network Security
Objectives of a defense strategy Prevention and deterrence Detection Containment (minimize loses, damage control) Recovery Correction Awareness and compliance

12 Major categories of general controls
physical controls access controls biometric controls communication network controls administrative controls application controls endpoint security and control

13 Figure 5.7 Intelligent agents

14 Figure 5.8 Three layers of network security measures

15 Ethical issues Implementing security programs raises many ethical iss ues. Handling the privacy versus security dilemma is tough. Ethical and legal obligations that may require compani es to “invade the privacy” of employees and monitor t heir actions. Under the doctrine of duty of care, senior managers a nd directors have a obligation to use reasonable care t o protect the company’s business operations.


Download ppt "Ch.5 It Security, Crime, Compliance, and Continuity"

Similar presentations


Ads by Google