Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 11 Data Security. Manager’s View Issues regarding information security and ethics regarding information systems are critical to all managers in.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Lecture 11 Data Security. Manager’s View Issues regarding information security and ethics regarding information systems are critical to all managers in."— Presentation transcript:

1 Lecture 11 Data Security

2 Manager’s View Issues regarding information security and ethics regarding information systems are critical to all managers in modern organisations. Information systems represent critical organisational assets. Ethical responsibility for private information is important to managers.

3 Viewing IS Security uControl loss of assets uensure the integrity and reliability of data uimprove the efficiency/ effectiveness of Information Systems applications

4 Risks, Threats, and Vulnerabilities Risk: a potential monetary loss to the firm. Threat: people, actions, events, and other situations that can trigger losses. Vulnerabilities: flaws, problems, and other conditions that make a system open to threats.

5 Assessing Risks Identify what risks are acceptable and what risks are not. Estimate amount of loss and probability the loss will occur. –If loss occurs, how will the firm respond? –What would be the cost of the response?

6 Controls Counter measures to threats. vPhysical controls vElectronic controls vSoftware controls vManagement controls

7 Common Threats Natural Disasters Employ Errors Computer Crime, Fraud, and Abuse

8 Natural Disasters uDisaster prevention plan FUse of backup power supplies FSpecial building material FLocation FDrainage systems FStructural modifications to avoid damage

9 Natural Disasters Disaster recovery plan Planning how to restore operations quickly Developing contingency plans Disaster containment plan Sprinkler systems Water tight ceilings

10 Computer Crime, Fraud and Abuse About 75% of firms reported financial losses from computer crimes; 90% of computer crime goes unreported. Industrial Espionage - The theft of organisational data by competitors

11 Hacking - Unauthorised entry by a person into a computer system or network Data Diddling - The use of a computer system by employees to forge documents or change data in records for personal gain

12 Computer Viruses a hidden program which insert itself into the computer system and forces the system to clone it. Can be –Benign –Malicious destroys its original host when it has copied itself spare capacity of the computer is used up by proliferation

13 Time Bombs activated by a particular date Logic Bomb activated by the execution of a specific logical condition Worms similar to virus but, resides on separate soft ware Trojan Horses

14 Computer Viruses Can be infected by : E-mail any network connection - download a program -access web site from diskettes

15 Computer Crime, Fraud and Abuse (Cont.) Hardware Theft and Vandalism: –Over 208,000 notebook computers were stolen in 1995. Software Piracy: reproducing a program that violates copyright protection. –Illegal use jeopardises organisations. –Piracy can cause you to lose your job. Copy right laws

16 Privacy Violations Capacity of individuals or organisations to control information about themselves. –limiting the types and amounts of data that can be collected about individuals and organisations. –individuals or organisations have the ability to access, examine, and correct the data stored about them –that the disclosure, use, or dissemination of those data are restricted

17 Privacy Violations Violations of electronic mail privacy and electronic data interchange. Data protection legislation

18 Controls YGood computer hygiene YAnti-Virus programs - Prevent a virus-laden file from being down loaded from a network -Prevent the virus program being inserting it self in the system -Detect a virus program so you can take emergency action -Controlling the damage virus programs can do once they have been detected

19 Protecting Information Systems Small business measures: –Alarms and regular use of keyboard locks. –Replacement value insurance. –Password protection. –Storage of software disks in a locked cabinet. –Tie-down cables for desktop computers. –Train employees.

20 Securing Communications Systems Encryption: the process of encoding data Firewalls: typically a system used to enforce an access control policy between two networks. E-mail Gateways: monitors all inbound and outbound traffic

21 Develop/practice a disaster recovery plan with a “hot” site and a “cold” site. Describes how a firm can resume operations after a disaster

22 Ethics Ethical and Contractual Behaviour: a good part of computer ethics is behaving legally and contractually - not copying software you have no right to copy. Privacy, Access, and Accuracy Issues: It is not illegal to read the email of others, but it is unethical.

23 Privacy Issues What information on individuals and other firms should an organisation keep? What rights should these individuals and firms have about the use of the data that your organisation keeps? If your organisation is bought by another, what rights should the purchaser have about the data that it maintains?

24 Privacy Issues (Cont.) What is your firm’s responsibility for ensuring the data on people it keeps is accurate? What rights do people have to review the data kept about themselves? Who in an organisation has the right to review the records of others?

25 Property Issues Using shareware software without sending a check to the developer is unethical. Protecting the rights of others by not copying software--piracy increases the legal cost to others who purchase the software. Property rights over intellectual property such as copyrights.

26 The Widespread Impact of Information Systems and Management Responsibility IS allow increased efficiency and effectiveness--this can lead to workforce reductions. Responsibilities to employees as stakeholders in the organisation. Managers should develop and deploy information systems in a socially responsible way.

27 Summary Information systems pose numerous security and ethical problems for managers. Assess the risks and understand the controls to apply to reduce the threats to IS. Understand that ethical problems with IS have been the subject of legislation and court action, and that managers have a social responsibility to safeguard information and its use.

28 R. Behar, “Who’s Reading Your Email?”, Fortune, February 3, 1997,, p58, p64. Check out CNET.COM (on line magazine). K Ferrell, “Net Crime: Don’t be a Victim”, February 6, 1996. A Gordon, “Study: Computer Crimes Grow, Losses Top $100 million, “ UDA Today, March 7, 1997 (on line version). M J Zuckerman, “Cybercrime against Business Frequent, Costly”, USA Today, January 13, 1997 (online version). Vance McCarthy, “Web Security: How Much Is Enough?”, January, 1997.

Download ppt "Lecture 11 Data Security. Manager’s View Issues regarding information security and ethics regarding information systems are critical to all managers in."

Similar presentations

Chapter 1 - 1 ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.

Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Computer Crimes A criminal act committed through the use of a computer. It can also involve the theft of a computer and any equipment associated with the.

Computer Crimes A criminal act committed through the use of a computer. It can also involve the theft of a computer and any equipment associated with the.
Computing Issues that Affect Us All lesson 30. This lesson includes the following sections: Computer Crime Computer Viruses Theft Computers and the Environment.

Computing Issues that Affect Us All lesson 30. This lesson includes the following sections: Computer Crime Computer Viruses Theft Computers and the Environment.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.

1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.
Chapter 9 Information Systems Ethics, Computer Crime, and Security.

Chapter 9 Information Systems Ethics, Computer Crime, and Security.
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
Class 11: Information Systems Ethics and Crime MIS 2101: Management Information Systems Based on material from Information Systems Today: Managing in the.

Class 11: Information Systems Ethics and Crime MIS 2101: Management Information Systems Based on material from Information Systems Today: Managing in the.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
9 99 CHAPTER Privacy and Security. 9 © The McGraw-Hill Companies, Inc. 2002 Objectives 1.Privacy 2.Security 3.Ergonomics 4.Environment.

9 99 CHAPTER Privacy and Security. 9 © The McGraw-Hill Companies, Inc Objectives 1.Privacy 2.Security 3.Ergonomics 4.Environment.
Threats and Attacks Principles of Information Security, 2nd Edition

Threats and Attacks Principles of Information Security, 2nd Edition
Computer and Ethics. Ethical Problems Proliferation of computers and their networks have created new ethical problems The ACM has issued a Code of Ethics.

Computer and Ethics. Ethical Problems Proliferation of computers and their networks have created new ethical problems The ACM has issued a Code of Ethics.

Similar presentations

Ads by Google