Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 11 Data Security. Manager’s View Issues regarding information security and ethics regarding information systems are critical to all managers in.

Similar presentations


Presentation on theme: "Lecture 11 Data Security. Manager’s View Issues regarding information security and ethics regarding information systems are critical to all managers in."— Presentation transcript:

1 Lecture 11 Data Security

2 Manager’s View Issues regarding information security and ethics regarding information systems are critical to all managers in modern organisations. Information systems represent critical organisational assets. Ethical responsibility for private information is important to managers.

3 Viewing IS Security uControl loss of assets uensure the integrity and reliability of data uimprove the efficiency/ effectiveness of Information Systems applications

4 Risks, Threats, and Vulnerabilities Risk: a potential monetary loss to the firm. Threat: people, actions, events, and other situations that can trigger losses. Vulnerabilities: flaws, problems, and other conditions that make a system open to threats.

5 Assessing Risks Identify what risks are acceptable and what risks are not. Estimate amount of loss and probability the loss will occur. –If loss occurs, how will the firm respond? –What would be the cost of the response?

6 Controls Counter measures to threats. vPhysical controls vElectronic controls vSoftware controls vManagement controls

7 Common Threats Natural Disasters Employ Errors Computer Crime, Fraud, and Abuse

8 Natural Disasters uDisaster prevention plan FUse of backup power supplies FSpecial building material FLocation FDrainage systems FStructural modifications to avoid damage

9 Natural Disasters Disaster recovery plan Planning how to restore operations quickly Developing contingency plans Disaster containment plan Sprinkler systems Water tight ceilings

10 Computer Crime, Fraud and Abuse About 75% of firms reported financial losses from computer crimes; 90% of computer crime goes unreported. Industrial Espionage - The theft of organisational data by competitors

11 Hacking - Unauthorised entry by a person into a computer system or network Data Diddling - The use of a computer system by employees to forge documents or change data in records for personal gain

12 Computer Viruses a hidden program which insert itself into the computer system and forces the system to clone it. Can be –Benign –Malicious destroys its original host when it has copied itself spare capacity of the computer is used up by proliferation

13 Time Bombs activated by a particular date Logic Bomb activated by the execution of a specific logical condition Worms similar to virus but, resides on separate soft ware Trojan Horses

14 Computer Viruses Can be infected by : E-mail any network connection - download a program -access web site from diskettes

15 Computer Crime, Fraud and Abuse (Cont.) Hardware Theft and Vandalism: –Over 208,000 notebook computers were stolen in 1995. Software Piracy: reproducing a program that violates copyright protection. –Illegal use jeopardises organisations. –Piracy can cause you to lose your job. Copy right laws

16 Privacy Violations Capacity of individuals or organisations to control information about themselves. –limiting the types and amounts of data that can be collected about individuals and organisations. –individuals or organisations have the ability to access, examine, and correct the data stored about them –that the disclosure, use, or dissemination of those data are restricted

17 Privacy Violations Violations of electronic mail privacy and electronic data interchange. Data protection legislation

18 Controls YGood computer hygiene YAnti-Virus programs - Prevent a virus-laden file from being down loaded from a network -Prevent the virus program being inserting it self in the system -Detect a virus program so you can take emergency action -Controlling the damage virus programs can do once they have been detected

19 Protecting Information Systems Small business measures: –Alarms and regular use of keyboard locks. –Replacement value insurance. –Password protection. –Storage of software disks in a locked cabinet. –Tie-down cables for desktop computers. –Train employees.

20 Securing Communications Systems Encryption: the process of encoding data Firewalls: typically a system used to enforce an access control policy between two networks. E-mail Gateways: monitors all inbound and outbound traffic

21 Develop/practice a disaster recovery plan with a “hot” site and a “cold” site. Describes how a firm can resume operations after a disaster

22 Ethics Ethical and Contractual Behaviour: a good part of computer ethics is behaving legally and contractually - not copying software you have no right to copy. Privacy, Access, and Accuracy Issues: It is not illegal to read the email of others, but it is unethical.

23 Privacy Issues What information on individuals and other firms should an organisation keep? What rights should these individuals and firms have about the use of the data that your organisation keeps? If your organisation is bought by another, what rights should the purchaser have about the data that it maintains?

24 Privacy Issues (Cont.) What is your firm’s responsibility for ensuring the data on people it keeps is accurate? What rights do people have to review the data kept about themselves? Who in an organisation has the right to review the records of others?

25 Property Issues Using shareware software without sending a check to the developer is unethical. Protecting the rights of others by not copying software--piracy increases the legal cost to others who purchase the software. Property rights over intellectual property such as copyrights.

26 The Widespread Impact of Information Systems and Management Responsibility IS allow increased efficiency and effectiveness--this can lead to workforce reductions. Responsibilities to employees as stakeholders in the organisation. Managers should develop and deploy information systems in a socially responsible way.

27 Summary Information systems pose numerous security and ethical problems for managers. Assess the risks and understand the controls to apply to reduce the threats to IS. Understand that ethical problems with IS have been the subject of legislation and court action, and that managers have a social responsibility to safeguard information and its use.

28 R. Behar, “Who’s Reading Your Email?”, Fortune, February 3, 1997,, p58, p64. Check out CNET.COM (on line magazine). K Ferrell, “Net Crime: Don’t be a Victim”, February 6, 1996. A Gordon, “Study: Computer Crimes Grow, Losses Top $100 million, “ UDA Today, March 7, 1997 (on line version). M J Zuckerman, “Cybercrime against Business Frequent, Costly”, USA Today, January 13, 1997 (online version). Vance McCarthy, “Web Security: How Much Is Enough?”, January, 1997.


Download ppt "Lecture 11 Data Security. Manager’s View Issues regarding information security and ethics regarding information systems are critical to all managers in."

Similar presentations


Ads by Google