Presentation is loading. Please wait.

Presentation is loading. Please wait.

Thursday 2/24/2011 Agenda: 1) Student security topics 2)Computer / Network security & fraud 3) Quiz 3 4) Last short paper: Cloud Computing 5) Final similar.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Thursday 2/24/2011 Agenda: 1) Student security topics 2)Computer / Network security & fraud 3) Quiz 3 4) Last short paper: Cloud Computing 5) Final similar."— Presentation transcript:

1 Thursday 2/24/2011 Agenda: 1) Student security topics 2)Computer / Network security & fraud 3) Quiz 3 4) Last short paper: Cloud Computing 5) Final similar to midterm, over 2d half of course only. 1Foster School of Business Acctg 420

2 NETWORK (COMPUTER) SECURITY Security:  prevent unauthorized access.  recovery from temporary service problems.  recovery from disasters.  protect organization’s data & application software. Foster School of Business Acctg 4202

3 The problem Computer security problem are wide spread. The average case of computer fraud causes a loss of about $1,000,000. Computer fraud is under reported. Why? Employee fraud is the most common type of fraud. Economic espionage (theft of information and intellectual property) is growing very fast. Foster School of Business Acctg 4203

4 Viruses Viruses: several new viruses are created by twisted individuals every day (update anti- virus software frequently). Attachments to e- mail present a high risk for virus infection. Newer viruses are able to mutate (change their appearance as they replicate and spread). Foster School of Business Acctg 4204

5 Fraud (all types) Fraud: (3-legged stool) 1)Motivation (pressure)—financial, work- related, other. 2)Opportunity—lack of internal controls (prevent, detect, and correct). 3)Rationalization—excuse. Foster School of Business Acctg 4205

6 Risk Assessment Risk Assessment—starting point for security, identify and rate each risk. This allows for resource allocation and setting of security priorities. A control spreadsheet is used to organize this process. Foster School of Business Acctg 4206

7 RECOVERY Mitigate disruption, destruction, and disaster by redundancy in both hardware and software. Fault-tolerant servers, automatic disk copy, duplicate main network components at different location and decentralize data. Hot, cold, & warm sites for business continuity. Disaster recovery plan: most important part is backup and recovery controls. Plan Foster School of Business Acctg 4207

8 Access Unauthorized access: casual cruisers, security experts, professional hackers. Detecting— looking for the unusual, repeat tries, entrapment (fake server = honey pot to bait intruder) Correcting—depends how the breach occurred, civil and/or criminal action Latest (Mar. 2010) way to keep PCs Safe—InZero Systems XB technology, a better sandbox! Foster School of Business Acctg 4208

9 Preventing unauthorized access: Have a security policy—social engineering Develop user profiles—need to know access basis, smart cards, biometric access systems. Delete user accounts when user leaves organization. Plug security holes—delete preset accounts, keep up to date and “patch” holes. (Microsoft servers) Secure access points—terminal, modem, network. Call-back modems, firewalls, proxy servers (application firewall of choice but slows message transfer from internal to Internet. Prevent eavesdropping—network cabling & devices. Control physical access, use special cables & hubs. Foster School of Business Acctg 4209

10 Cryption Cryption—encrypt & decrypt, plain text and ciphertext. Algorithms and keys. Keys make the transformation of data unique. Need a key to encrypt and one to decrypt information. The longer the key, the harder it is to guess (56 bits is one standard). It takes 1 week to break a 56-bit key, 1 yr for 64-bit, and billions of years for 128-bit key. Key escrow—a good or bad idea? Foster School of Business Acctg 42010

11 Cryption Data encryption standard (DES) is a symmetric algorithm—key to encrypt is the same as the one to decrypt. Public key encryption—RSA, asymmetric algorithm, public key to encrypt and private key to decrypt. This allows for authentication (digital signatures). SHTTP is encryption for the web. Foster School of Business Acctg 42011

12 Asymmetric Key Public key algorithms are invertable—text encrypted with either key can be decrypted with the other. Normally, we encrypt with public and decrypt with private, but we can do the reverse! Foster School of Business Acctg 42012

13 Who sent the message? How would you prove legally who actually sent the message? (This is needed for transfer of funds, buy/sell orders, etc.) Assume that A wants to send a message to B and also wants to prove it came from A. A encrypts key part of message with its private key, then encrypts the whole message with B’s public key. Then sends message to B. B then decodes with its private key and sees that part of the message is still encoded. B then decodes the encoded part with A’s public key. Only A has the private key that allows message to be decoded with As public key! Therefore, B knows that the message was from A. Foster School of Business Acctg 42013

14 QUESTIONS???? Foster School of Business Acctg 42014

Download ppt "Thursday 2/24/2011 Agenda: 1) Student security topics 2)Computer / Network security & fraud 3) Quiz 3 4) Last short paper: Cloud Computing 5) Final similar."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
GCSE ICT Networks & Security..

GCSE ICT Networks & Security..
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Hackers They can u Read the data files u Run the application programs u Modify some files which may cause damages Individuals who gain unauthorized access.

Hackers They can u Read the data files u Run the application programs u Modify some files which may cause damages Individuals who gain unauthorized access.
12-1 Business Data Communications and Networking, 6 th ed. FitzGerald and Dennis.

12-1 Business Data Communications and Networking, 6 th ed. FitzGerald and Dennis.
Chapter 17 Controls and Security Measures

Chapter 17 Controls and Security Measures
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Lecture 10 Security and Control.

Lecture 10 Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Risks, Controls and Security Measures

Risks, Controls and Security Measures
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Introduction Security is a major networking concern. 90% of the respondents to the 2004 Computer Security Institute/FBI Computer Crime and Security Survey.

Introduction Security is a major networking concern. 90% of the respondents to the 2004 Computer Security Institute/FBI Computer Crime and Security Survey.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
Security Security is critical in the storage and transmission of information loss of information can not only cause problems to the organisation but can.

Security Security is critical in the storage and transmission of information loss of information can not only cause problems to the organisation but can.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Chapter 19 Security.

Chapter 19 Security.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Similar presentations

Ads by Google