Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture IS3318 22/11/11.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Lecture IS3318 22/11/11."— Presentation transcript:

1 Lecture IS3318 22/11/11

2 System Vulnerability and Abuse
Computer crime Defined as “any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution” Computer may be target of crime, e.g.: Breaching confidentiality of protected computerized data Accessing a computer system without authority Computer may be instrument of crime, e.g.: Theft of trade secrets Using for threats or harassment This slide discusses the legal definition of computer crime and identifies two ways computers can be involved in crime. The text lists a variety of other examples for computers as targets and as instruments of crime. Ask the students to provide more examples. According to CSI Computer Crime and Security Survey of nearly 500 companies, participant companies’ average annual loss from computer crime and security attacks was $350,424 (Richardson, 2007). However, many companies are reluctant to report computer crimes. Why? What are the most economically damaging types of computer crime? (DoS, introducing viruses, theft of services, disruption of computer systems.)

3 System Vulnerability and Abuse
Identity theft: Theft of personal Information (social security id, driver’s license or credit card numbers) to impersonate someone else Phishing: Setting up fake Web sites or sending messages that look like legitimate businesses to ask users for confidential personal data. Evil twins: Wireless networks that pretend to offer trustworthy Wi- Fi connections to the Internet Pharming: Redirects users to a bogus Web page, even when individual types correct Web page address into his or her browser This slide continues the discussion of types of computer crime. Have any students encountered any of these types of crimes personally? Note that The U.S. Congress addressed the threat of computer crime in 1986 with the Computer Fraud and Abuse Act. This act makes it illegal to access a computer system without authorization. The text lists other legislation to counter computer crime, such as the National Information Infrastructure Protection Act in 1996 to make virus distribution and hacker attacks to disable Web sites federal crimes.

4 System Vulnerability and Abuse
Click fraud Individual or computer program clicks online ad without any intention of learning more or making a purchase Global threats - Cyberterrorism and cyberwarfare Concern that Internet vulnerabilities and other networks make digital networks easy targets for digital attacks by terrorists, foreign intelligence services, or other groups This slide continues the discussion of types of computer crime. Note that cybercriminal activities are borderless: The global nature of the Internet makes it possible for cybercriminals to operate anywhere in the world. Ask students if there should be legislation outlawing click fraud.

5 System Vulnerability and Abuse
Internal threats – Employees Security threats often originate inside an organization Inside knowledge Sloppy security procedures User lack of knowledge Social engineering: Tricking employees into revealing their passwords by pretending to be legitimate members of the company in need of information This slide looks at another source of security problems – people inside the company with access to the system. Ask students if they have ever worked somewhere with a vulnerable password system. Have they ever revealed to anyone what their password is or was?

6 System Vulnerability and Abuse
Software vulnerability Commercial software contains flaws that create security vulnerabilities Hidden bugs (program code defects) Zero defects cannot be achieved because complete testing is not possible with large programs Flaws can open networks to intruders Patches Vendors release small pieces of software to repair flaws However, amount of software in use can mean exploits created faster than patches be released and implemented This slide looks at security and other vulnerabilities caused by software errors that open networks to intruders. The text cites the example of a flawed software upgrade shutting down BlackBerry service in the U.S. for 12 hours. The cost to the U.S. economy from software flaws runs to nearly $60 billion each year. Ask students why complete testing is not possible with large programs. The text gives the example of Microsoft’s service pack upgrades to its operating system software. Service Pack 1 for Vista included security enhancements to counter malware and hackers.

7 Business Value of Security and Control
Lack of security, control can lead to Loss of revenue Failed computer systems can lead to significant or total loss of business function Lowered market value: Information assets can have tremendous value A security breach may cut into firm’s market value almost immediately Legal liability Lowered employee productivity Higher operational costs This slide looks at the value of security and control to the business. Ask students what types of data have tremendous value or require protection. The text gives the examples of individual confidential information (taxes, finances, medical records, job performance reviews) and high-value data (trade secrets, new product development, marketing strategies, government information). Ask students to give an example of how inadequate security or control can pose a serious legal liability. The text gives the example of BJ’s Wholesale Club which was sued by the U.S. Federal Trade Commission for allowing hackers to access its systems and steal credit and debit card data for fraudulent purchase.

8 Business Value of Security and Control
Electronic evidence Evidence for white collar crimes often found in digital form Data stored on computer devices, , instant messages, e-commerce transactions Proper control of data can save time, money when responding to legal discovery request Computer forensics: Scientific collection, examination, authentication, preservation, and analysis of data from computer storage media for use as evidence in court of law Includes recovery of ambient and hidden data This slide continues the discussion of the business value of security and control. Security, control, and electronic records management are essential today for responding to legal actions. Ask students what the most common form of electronic evidence is ( ). Note that in a legal action, a firm is obligated to respond to a discovery request for access to information that may be used as evidence, and the company is required by law to produce those data. The cost of responding to a discovery request can be enormous if the company has trouble assembling the required data or the data have been corrupted or destroyed. Courts impose severe financial and even criminal penalties for improper destruction of electronic documents. Ask students what ambient data is and to give an example. Given the legal requirements for electronic records, it is important that an awareness of computer forensics should be incorporated into a firm’s contingency planning process.

9 Establishing a Framework for Security and Control
Information systems controls General controls Govern design, security, and use of computer programs and data throughout organization’s IT infrastructure Combination of hardware, software, and manual procedures to create overall control environment Types of general controls Software controls Hardware controls Computer operations controls Data security controls Implementation controls Administrative controls To improve security for a firm’s information systems, it is important to create a framework that supports security. This includes establishing information systems controls, understanding the risks to the firm’s information systems, and establishing security policies that are appropriate for the firm. This slide looks at controls used in information systems. Remember that controls are methods, policies, and organizational procedures that ensure safety of organization’s assets; accuracy and reliability of its accounting records; and operational adherence to management standards. There are two main types of controls, general controls and application controls. General controls apply to all computerized applications. Ask students what the functions are of the different types of general controls.

10 Establishing a Framework for Security and Control
Application controls Specific controls unique to each computerized application, such as payroll or order processing Include both automated and manual procedures Ensure that only authorized data are completely and accurately processed by that application Types of application controls: Input controls Processing controls Output controls This slide examines the second type of information systems controls, application controls. Ask students what each type of application control does. (Input controls check data for accuracy and completeness when they enter the system. There are specific input controls for input authorization, data conversion, data editing, and error handling. Processing controls establish that data are complete and accurate during updating. Output controls ensure that the results of computer processing are accurate, complete, and properly distributed.)

11 Technologies and Tools for Security
Antivirus and antispyware software: Checks computers for presence of malware and can often eliminate it as well Require continual updating Unified threat management (UTM) Comprehensive security management products Tools include Firewalls Intrusion detection VPNs Web content filtering Antispam software This slide looks at additional tools to prevent unwanted intruders and software from accessing the network. Ask students what antivirus and antispyware tools they use. Ask why these tools require continual updating. Ask why UTM packages would include antispam software.

12 Intro to Databases File organization concepts
Computer system organizes data in a hierarchy Field: Group of characters as word(s) or number Record: Group of related fields File: Group of records of same type Database: Group of related files Record: Describes an entity Entity: Person, place, thing on which we store information Attribute: Each characteristic, or quality, describing entity E.g., Attributes Date or Grade belong to entity COURSE This slide describes standard units of data be stored by a computer in an information system. (The smallest units common to all applications are bits and bytes – a bit stores a single binary digit, 0 or 1, and a byte stores a group of digits to represent a single character, number, or other symbol). This hierarchy is illustrated by the graphic on the next slide. Ask students to come up with some other entities that might be found in a university database (Student, Professor, etc.)

13 The Data Hierarchy Figure 6-1
A computer system organizes data in a hierarchy that starts with the bit, which represents either a 0 or a 1. Bits can be grouped to form a byte to represent one character, number, or symbol. Bytes can be grouped to form a field, and related fields can be grouped to form a record. Related records can be collected to form a file, and related files can be organized into a database. This graphic illustrates the hierarchy of data found in a database. It shows the student course file grouped with files on students’ personal histories and financial backgrounds to create a student database. Figure 6-1

14 Data redundancy and inconsistency
Problems with the traditional file environment (files maintained separately by different departments) Data redundancy and inconsistency Data redundancy: Presence of duplicate data in multiple files Data inconsistency: Same attribute has different values Program-data dependence: When changes in program requires changes to data accessed by program Lack of flexibility Poor security Lack of data sharing and availability This slide discusses the problems in data management that occur in a traditional file environment. In a traditional file environment, different functions in the business (accounting, finance, HR, etc.) maintained their own separate files and databases. Ask students to describe further why data redundancy, inconsistency pose problems? What kinds of problems happen when data is redundant or inconsistence. Ask students to give an example of program-data dependence. What makes the traditional file environment inflexible?

15 Interfaces between application programs and physical data files
Database Collection of data organized to serve many applications by centralizing data and controlling redundant data Database management system Interfaces between application programs and physical data files Separates logical and physical views of data Solves problems of traditional file environment Controls redundancy Eliminates inconsistency Uncouples programs and data Enables organization to central manage data and data security This slide defines and describes databases and DBMS. Ask students to explain what the difference is between a database and a DBMS. What is the physical view of data? What is the logical view of data?

16 Human Resources Database with Multiple Views
This graphic illustrates what is meant by providing different logical views of data. The orange rectangles represent two different views in an HR database, one for reviewing employee benefits, the other for accessing payroll records. The students can think of the green cylinder as the physical view, which shows how the data are actually organized and stored on the physical media. The physical data do not change, but a DBMS can create many different logical views to suit different needs of users. A single human resources database provides many different views of data, depending on the information requirements of the user. Illustrated here are two possible views, one of interest to a benefits specialist and one of interest to a member of the company’s payroll department. Figure 6-3

17 Represent data as two-dimensional tables called relations or files
Relational DBMS Represent data as two-dimensional tables called relations or files Each table contains data on entity and attributes Table: grid of columns and rows Rows (tuples): Records for different entities Fields (columns): Represents attribute for entity Key field: Field used to uniquely identify each record Primary key: Field in table used for key fields Foreign key: Primary key used in second table as look-up field to identify records from original table This slide introduces the most common type of DBMS in use with PCs, servers, and mainframes today, the relational database. Ask students why these DBMS are called relational. Ask students for examples of RDBMS software popular today and if they have every used any of this software. You can walk students through an example data base that you have prepared in Access or use one of the exercise data tables found at the end of the chapter. Identify rows, fields, and primary key.

18 Relational Database Tables
The graphic on this slide and the next illustrates two tables in a relational DBMS. Ask students what the entity on this slide and the next are. The key field in the Supplier table is the Supplier number. What is the purpose of the key field? A relational database organizes data in the form of two-dimensional tables. Illustrated here are tables for the entities SUPPLIER and PART showing how they represent each entity and its attributes. Supplier_Number is a primary key for the SUPPLIER table and a foreign key for the PART table. Figure 6-4A

19 Relational Database Tables (cont.)
This slide shows the second part of the graphic on the previous slide. Notice that the foreign key in this table is the primary key in the Suppliers table. What is the purpose of the foreign key. Can multiple records have the same foreign key? Figure 6-4B

20 Capabilities of Database Management Systems
Data definition capability: Specifies structure of database content, used to create tables and define characteristics of fields Data dictionary: Automated or manual file storing definitions of data elements and their characteristics Data manipulation language: Used to add, change, delete, retrieve data from database Structured Query Language (SQL) Microsoft Access user tools for generation SQL Many DBMS have report generation capabilities for creating polished reports (Crystal Reports) This slide discusses the three main capabilities of a DBMS, its data definition capability, the data dictionary, and a data manipulation language. Ask students to describe what characteristics of data would be stored by a data dictionary. (Name, description, size, type, format, other properties of a field. For a large company a data dictionary might also store characteristics such as usage, ownership, authorization, security, users.) Note that the data manipulation language is the tool that requests operations such as SELECT and JOIN to be performed on data.

21 Microsoft Access Data Dictionary Features
The Database Approach to Data Management Microsoft Access Data Dictionary Features Figure 6-6 This graphic shows the data dictionary capability of Microsoft access. For the field “Supplier Name” selected in the top pane, definitions can be configured in the General tab in the bottom pane. These General characteristics are Fields Size, Format, Input Mask, Caption, Default Value, Validation Rule, Validation Text, Required, Allow Zero Length, Indexed, Unicode Compression, IME mode, IME Sentence Mode, and Smart Tags. Microsoft Access has a rudimentary data dictionary capability that displays information about the size, format, and other characteristics of each field in a database. Displayed here is the information maintained in the SUPPLIER table. The small key icon to the left of Supplier_Number indicates that it is a key field.

22 Some Drawbacks… Complexity Cost of DBMS
A DBMS is a complex piece of software all users must fully understand it to make use of its functionalities Cost of DBMS The cost varies significantly depending on the environment and the functionality provided. Must take into consideration recurrent annual maintenance costs

23 Continued.. Cost of Conversion Performance Higher Impact of Failure
Cost of converting existing applications to run on the new DBMS and hardware. (additional training costs) Performance DBMS is written for applications in general which means that some applications may run slower than before Higher Impact of Failure Centralization of resources increases vulnerability of the system

24 Database Administrator
Oversees a staff of database specialists Final recommendations for DB design Load and maintain DB Establish security controls Perform backup and recovery

25 Data Administration Data Administrator Database technology And
management Database Management System Data planning and modelling technology Users Information policies – rules governing the maintenance, distribution and use of information in an organization.

26 Systems Analyst Or business analyst is a systems analyst that specializes in business problem analysis and technology-independent requirements analysis. A programmer/analyst (or analyst/programmer) includes the responsibilities of both the computer programmer and the systems analyst. Other synonyms for systems analyst include: Systems consultant Systems architect Systems engineer Information engineer Systems integrator Conversion Notes We dropped “application analyst” and “information analyst” as variations described in the previous edition. It has become much less common. Teaching Notes Business analyst is becoming more popular because of the number of end-users and other knowledge workers being assigned to systems analysts roles in organizations.

27 Variations on the Systems Analysts Title
Other synonyms for systems analyst include: Systems consultant Systems architect Systems engineer Information engineer Systems integrator Conversion Notes We dropped “application analyst” and “information analyst” as variations described in the previous edition. It has become much less common. Teaching Notes Business analyst is becoming more popular because of the number of end-users and other knowledge workers being assigned to systems analysts roles in organizations.

28 Where Systems Analysts Work
In traditional businesses Working in traditional information services organizations (permanent project teams) Working in contemporary information services organizations (dynamic project teams) In outsourcing businesses Contracted to traditional businesses In consulting businesses In application software businesses Building software products for traditional businesses No additional notes

Download ppt "Lecture IS3318 22/11/11."

Similar presentations

C6 Databases.

C6 Databases.
Lecture 14 Securing Information Systems

Lecture 14 Securing Information Systems
By: Mr Hashem Alaidaros MIS 211 Lecture 4 Title: Data Base Management System.

By: Mr Hashem Alaidaros MIS 211 Lecture 4 Title: Data Base Management System.
7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.

7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.
Managing Data Resources

Managing Data Resources
Managing data Resources: An information system provides users with timely, accurate, and relevant information. The information is stored in computer files.

Managing data Resources: An information system provides users with timely, accurate, and relevant information. The information is stored in computer files.
Managing Data Resources

Managing Data Resources
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Organizing Data & Information

Organizing Data & Information
Lecture IS3318 29/11/11.

Lecture IS /11/11.
Information Technology in Organizations

Information Technology in Organizations
BUSINESS DRIVEN TECHNOLOGY

BUSINESS DRIVEN TECHNOLOGY
Mgt 20600: IT Management & Applications Databases Tuesday April 4, 2006.

Mgt 20600: IT Management & Applications Databases Tuesday April 4, 2006.
Managing Data Resources. File Organization Terms and Concepts Bit: Smallest unit of data; binary digit (0,1) Byte: Group of bits that represents a single.

Managing Data Resources. File Organization Terms and Concepts Bit: Smallest unit of data; binary digit (0,1) Byte: Group of bits that represents a single.
Chapter 3 Foundations of Business Intelligence: Databases and Information Management.

Chapter 3 Foundations of Business Intelligence: Databases and Information Management.
Chapter 4 Database Management Systems. Chapter 4Slide 2 What is a Database Management System (DBMS)?  Database An organized collection of related data.

Chapter 4 Database Management Systems. Chapter 4Slide 2 What is a Database Management System (DBMS)?  Database An organized collection of related data.
Chapter 4 Relational Databases Copyright © 2012 Pearson Education 4-1.

Chapter 4 Relational Databases Copyright © 2012 Pearson Education 4-1.
Chapter 1 Database Systems. Good decisions require good information derived from raw facts Data is managed most efficiently when stored in a database.

Chapter 1 Database Systems. Good decisions require good information derived from raw facts Data is managed most efficiently when stored in a database.
Securing Information Systems

Securing Information Systems
COMPUTING FOR BUSINESS AND ECONOMICS-III. Lecture no.6 COURSE INSTRUCTOR- Ms. Tehseen SEMESTER- Summer 2010.

COMPUTING FOR BUSINESS AND ECONOMICS-III. Lecture no.6 COURSE INSTRUCTOR- Ms. Tehseen SEMESTER- Summer 2010.

Similar presentations

Ads by Google