Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 17 Controls and Security Measures

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 17 Controls and Security Measures"— Presentation transcript:

1 Chapter 17 Controls and Security Measures

2 Goals of Information Security
Reduce the risk of systems and organizations ceasing operations Maintain information confidentiality Ensure the integrity and reliability of data resources Ensure compliance with national security laws and privacy policies and laws

3 Risks to Information Systems
Risks to Hardware Natural disasters Vandalism

4 Risks to Information Systems
Risks to Applications and Data Theft of information Data alteration and data destruction Computer viruses Unauthorized remote control programs

5 Risks to Information Systems
Frequency of security breaches in a 12-month period based on a survey of 745 professionals

6 Controls Controls: Constraints imposed on a user or a system to secure systems against risks. Common controls to protect systems from risk

7 Controls Backup Access Controls Periodic duplication of all data
Ensure that only authorized people can gain access to systems and files Access codes and passwords

8 Controls Atomic Transactions_ Audit Trails
Ensures that transaction data are recorded properly in all the pertinent files to ensure integrity Audit Trails Built into an IS so that transactions can be traced to people, times, and authorization information

9 Controls Integrating Security Measures into Systems Development
It is much less expensive to incorporate security measures during development than to impose them on an existing system. The cost of integrating security

10 Controls Security Standards The Orange Book- Four security levels
Decision A: Verify Protection Decision B: Mandatory Protection Decision C: Discretionary Protection Decision D: Minimal Protection or No Protection The ISO Standard Common set of requirements for IT product security functions and for assurance measures during security evaluation

11 Encrypt with public key Decrypt with private key
SENDER SCRAMBLED MESSAGE RECIPIENT Encrypt with public key Decrypt with private key Controls Network Controls Callback Remote user’s telephone number verified before access allowed Encryption Messages scrambled on sending end; descramble to plain text on receiving end Symmetric: Both users use a private, secret key Asymmetric: Parties use a combination of a public and a private key

12 Encrypt with public key Decrypt with private key
SENDER SCRAMBLED MESSAGE RECIPIENT Encrypt with public key Decrypt with private key

13 Controls Estimated time needed to break encryption keys, using $100,000 worth of computer equipment

14 Controls Digital Certificate Firewalls The Downside
Equivalent of a physical ID card Firewalls Software that separates users from computing resources Allows retrieval and viewing of certain material but blocks changes and access to other resources on the same computer The Downside Security measures slow data communications and require discipline that is not easy to maintain

15 The Economic Aspect of Security Measures
Two types of costs to consider when determining how much to spend on data security: The cost of potential damage The cost of implementing a preventive measure

16 Ethical and Societal Issues No Smooth Sailing for the Clipper
Clipper: a microprocessor that holds a complex encryption formula Government wanted U.S. computer manufacturers to include a chip in every microprocessor Enables law enforcement agencies to decipher encrypted communication Prevent criminals from concealing illegal activities.

17 Ethical and Societal Issues No Smooth Sailing for the Clipper
Computer industry has strongly lobbied against Clipper for fear of losing both foreign and domestic markets. Democratic nations must decide how to balance Government’s ability to protect citizens. Citizens ability to protect their privacy.

Download ppt "Chapter 17 Controls and Security Measures"

Similar presentations

Confidentiality and Privacy Controls

Confidentiality and Privacy Controls
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
The Islamic University of Gaza

The Islamic University of Gaza
Hackers They can u Read the data files u Run the application programs u Modify some files which may cause damages Individuals who gain unauthorized access.

Hackers They can u Read the data files u Run the application programs u Modify some files which may cause damages Individuals who gain unauthorized access.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
SECURITY What does this word mean to you? The sum of all measures taken to prevent loss of any kind.

SECURITY What does this word mean to you? The sum of all measures taken to prevent loss of any kind.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Risks, Controls and Security Measures

Risks, Controls and Security Measures
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
1 Senn, Information Technology, 3 rd Edition © 2004 Pearson Prentice Hall James A. Senn’s Information Technology, 3 rd Edition Chapter 14 Issues in Information.

1 Senn, Information Technology, 3 rd Edition © 2004 Pearson Prentice Hall James A. Senn’s Information Technology, 3 rd Edition Chapter 14 Issues in Information.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Chapter 19 Security.

Chapter 19 Security.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.

Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.

Similar presentations

Ads by Google