Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security MIS 171 – Web Technologies and Innovation Paul F. Clay, Ph.D.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Security MIS 171 – Web Technologies and Innovation Paul F. Clay, Ph.D."— Presentation transcript:

1 Security MIS 171 – Web Technologies and Innovation Paul F. Clay, Ph.D.

2 Categories of Threats Technical Unauthorized disclosure Denial of Service Spoofing & Phishing –Email or site pretending to be someone else Sniffing –Eavesdropping on network traffic Viruses & Spyware “Acts of God” Behavioral User error –Fraud Enron, WorldCom… –Retaliation Cox comm. ex. –Multiple user access work stations –Accidental loss lack of training Password Cascade

3 Threats to Security SecrecySecrecy data is disclosed to authorized personneldata is disclosed to authorized personnel IntegrityIntegrity data is modified by unauthorized party AvailabilityAvailability data assets are available to authorized party SD U Interception SD U Modification SD Interruption S: source D: destination U: unauthorized party

4 Legal Requirements HIPAA-Health Insurance Portability and Accountability Act (1996)HIPAA-Health Insurance Portability and Accountability Act (1996) –Maintain records 6 years –Ensures confidentiality of health care records Penalties for breach of privacy or unauthorized disclosure by email or unauthorized network accessPenalties for breach of privacy or unauthorized disclosure by email or unauthorized network access

5 Legal Requirements (part2) Gramm-Leach-Bliley Act(1999)Gramm-Leach-Bliley Act(1999) –Requires financial institutions to ensure security and confidentiality of customer data Security during storage and transmissionSecurity during storage and transmission Sarbanes-Oxley Act (2002)Sarbanes-Oxley Act (2002) –CEO and CFO of all publicly traded companies it the US must certify the accuracy of their financial reports Maintain all records for 7 yearsMaintain all records for 7 years Requires the creation of internal controls to ensure that all reports reflect accurate and complete dataRequires the creation of internal controls to ensure that all reports reflect accurate and complete data –IS used for the creation, storage and transmission of data and reports

6 Types of Encryption Private KeyPrivate Key –Data Encryption Standard (DES) est. 1975 Symmetric Key – One key used to encrypt and decrypt the same messageSymmetric Key – One key used to encrypt and decrypt the same message Public KeyPublic Key –RSA (Rivest, Shamir & Adleman) est. 1977 Asymmetric Key – Two different but linked keys used to encrypt and decrypt the same messageAsymmetric Key – Two different but linked keys used to encrypt and decrypt the same message RSA VidRSA VidRSA VidRSA Vid

7 Encryption and Bit Strength Bit Strength Matters Encryption Algorithms Matter – –WEP (Wired Equivalent Privacy) - very weak – –DES-weak – –RSA-better CNet News article on encryption

8 Decentralized Computing Questions?

Download ppt "Security MIS 171 – Web Technologies and Innovation Paul F. Clay, Ph.D."

Similar presentations

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
Lecture 14 Securing Information Systems

Lecture 14 Securing Information Systems
Confidentiality and Privacy Controls

Confidentiality and Privacy Controls
Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Chapter 15 Security Bernard Chen Spring Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.
Cryptography and Network Security Chapter 1

Cryptography and Network Security Chapter 1
7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.

7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.
Brief Synopsis of Computer Security Standards. Tenets of Information Systems Security Confidentiality Integrity Availability Over the years, standards.

Brief Synopsis of Computer Security Standards. Tenets of Information Systems Security Confidentiality Integrity Availability Over the years, standards.
SECURITY ISSUES IN NETWORKS WITH INTERNET ACCESS PRESENTED BY Sri Vallabh Aida Janciragic Sashidhar Reddy.

SECURITY ISSUES IN NETWORKS WITH INTERNET ACCESS PRESENTED BY Sri Vallabh Aida Janciragic Sashidhar Reddy.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.

Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
NETWORKS Lauren Hickman Patrick McCamy Morgan Pace Noah Ryder.

NETWORKS Lauren Hickman Patrick McCamy Morgan Pace Noah Ryder.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Similar presentations

Ads by Google