Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dr. Ken Cosh.  Outsourcing  Managing Information Systems  Dependency  Reliability  Security  Ethics.

Similar presentations


Presentation on theme: "Dr. Ken Cosh.  Outsourcing  Managing Information Systems  Dependency  Reliability  Security  Ethics."— Presentation transcript:

1 Dr. Ken Cosh

2  Outsourcing

3  Managing Information Systems  Dependency  Reliability  Security  Ethics

4  The dependability of a system reflects the user’s degree of trust in that system – their confidence that it will operate as expected.

5  Reliability  The probability of failure-free system operation over a specified time in a given environment for a given purpose  Availability  The probability that a system, at a point in time, will be operational and able to deliver the requested services  It is sometimes possible to subsume system availability under system reliability  Obviously if a system is unavailable it is not delivering the specified system services  However, it is possible to have systems with low reliability that must be available. So long as system failures can be repaired quickly and do not damage data, low reliability may not be a problem

6  Costs of downtime for a business critical system  How much would a 15 minute failure of service cost?  How much would a days failure cost?  If this was an Email service?  What percent failure is acceptable?

7  One way of dealing with Reliability is to use redundancy  ‘Spare’ components, so if one fails another could be used.  ‘Back-Ups’  Availability Math  If a system is 98% available that means it is not available 2% of the time (i.e. about half an hour each day!!!)  Many systems are now needed to be 99.999% available.

8  Consider if each component was 98% reliable, and there were 5 components in series. .98 *.98 *.98 *.98 *.98 = 0.9, i.e. only 90% all components are running just 90% of the time.  With more components, it is increasingly less reliable Component 1 98% Component 2 98% Component 3 98% Component 4 98% Component 5 98%

9  Now consider these components in parallel.  The probability of failure is 0.02 each time;  0.02 * 0.02 * 0.02 * 0.02 * 0.02 = 0.0000000032 !!!  Hence, redundancy is used to increase reliability. If one component fails, another can be used in it’s place. Component 1 98% Component 2 98% Component 3 98% Component 4 98% Component 5 98%

10  Components in Parallel is sometimes called ‘Triple Modular Redundancy’, and it has 2 key assumptions;  Hardware components do not have common design faults.  Components fail randomly (there is low chance of simultaneous failure)  Neither of these assumptions are true for software;  Copying components copies design faults.  So simultaneous failure is inevitable.

11  N-Version Programming  Different (diverse) versions of algorithms written by different teams of programmers.

12  Before reaching ‘5 nines’ reliability / before implementing redundant components, each component needs to be reliable (98%?)  UPS (Uninterruptible Power Supply)  Redundancy in power  Physical Security Guards  Climate Control / Fire Suppression  Redundant Network Connectivity  Help Desk & Support Staff

13  So why is information systems security important?

14 Intrusion Viruses / Worms External Attacks Intrusion Viruses / Worms Interception

15  Intrusion  Gaining Access to internal infrastructure  Viruses / Worms  Replicating Software  External Attacks  Denial of Service.  Interception  Catching communication while en route between sender and receiver.

16  Gaining access to internal infrastructure;  Stealing Mobile Phone  Guessing Passwords  Hacking into private spaces  Once a hacker has access to an account, they have the same rights as the account owner.  Problem 1: Preventing hacker from accessing account.  Problem 2: Finding out what someone may have done while they had access.

17  Virus  Software Program that replicate itself on more PC’s – in a similar way to viruses spread between people.  Viruses need another program to piggyback off, e.g. a macro in a spreadsheet, or document.  Are often spread using email  Worms  A small piece of software that uses security loopholes to replicate.  E.g. finds a loophole in Windows, scans network for another PC with a similar loophole and copies itself to the new PC etc.

18  Attacks without gaining access to a private device.  Denial of Service(DoS)  Very Common Attacks  Purpose, to use up bandwidth or service, by ‘spoof’ conversations.  Blocking Webservers with repeated hits  Spam emails  Distributed Denial of Service (DDOS)  Attacking from many addresses simultaneously.  Code Red Worm  Chain Letters

19  Catching communication whilst on route between sender and receiver.  Intercepting Signals.  Wireless Signals  Government listening in on telephone conversations  Normally minimised through encryption.  Accessing someone else’s service  Using bandwidth of wireless network

20  Security Policies  Limiting users access & actions  Firewalls  Protection between network and internet  Authentication  Passwords etc.  Encryption  Encoding contents of communication  Patches  Responding to security breaches

21  Access Control Lists (ACL)  Limit which users can do what (e.g. update websites)  Signed agreements for service  When allowing users onto a network, normally they sign an agreement, regarding terms of use.  Noticeably none at Payap?  Policies could include,  Regular password changes  Whether personal use of service is permitted  Antivirus updates  Can help against, external attacks, intrusion, virus / worms

22  Hardware and / or Software protection sitting between internal network and internet.  Can help stop viruses/worms from accessing the network, W W W

23  Software to ensure permission of user to access service  Password  Finger prints / retina scans  Helps against intrusion

24  Encoding the contents of a transmission so it can’t be decrypted on route.  Symmetric-key encryption  Public / Private key encryption  Helps prevent interception.

25  Both sender and receiver use the same ‘code’ to encrypt and then decrypt a message.  If I tell you to move each character back two in the alphabet, and then send you this message;  Jgnnq Encuu  Anyone who intercepts the message gets nothing, but you are able to decrypt it.  More interesting patterns can be created to increase security.  Substitution  Transposition Key: FANCY Message: eatitnihmexnetmgmedt

26

27  Response to a virus or security breach  Anti virus software often updates to add new virus definitions.  Operating systems regularly update to deal with security loopholes which may allow worms to work.

28  “The use of information technologies in business has had major impacts on society and thus raises ethical issues in the areas of crime, privacy, individuality, employment, health and working conditions.”  Impacts can be positive, negative or both;  Computerising a manufacturing process has lead to people losing jobs, while improving the working conditions of those left and producing higher quality product and less cost.

29  Should you monitor employees email?  Should employees use work computers for private purpose?  Should they take copies of software home?  Should you keep electronic access to employee’s personal records?  Should you sell customers information?

30  Stockholder Theory  Managers are agents of the stockholders, with the ethical responsibility to them to increase profits without breaking the law  Social Contract Theory  Companies have an ethical responsibility to all members of society.  Stakeholder Theory  Managers should manage for the benefit of all stakeholders; shareholders, customers, suppliers, local community, employees etc.

31 1. Unauthorised use, access, modification and destruction of hardware, software, data or network resources. 2. Unauthorised release of information 3. Unauthorised copying of software 4. Denying an end user access to his or her own hardware, software, data or network resources 5. Using or conspiring to use computer of network resources to illegally obtain information or tangible property

32  Denial of Service (DOS – DDOS)  Scans  Sniffers  Spoofing  Trojan Horses  Back Doors  Malicious Applets  War Dialing  Logic Bombs  Buffer Overflow  Password Crackers  Social Engineering  Dumpster Diving

33  Time and Resource Theft (Cyberslacking)  Often monitored by sniffing software.  Includes;  General Email abuse (spamming, chain letters, spoofing, virus spreading, harrassment, defamatory statements)  Unauthorised Usage and Access (Sharing passwords and network access)  Copyright Infringement / Plagiarism (illegal or pirate software, copying websites or logos)

34  Newsgroups Postings (Posting non-work related topics)  Transmission of Confidential Data (Sharing company secrets)  Pornography (Accessing inappropriate websites on work resources)  Hacking  Non-work-related bandwidth use (sharing movies, music etc.)  Leisure use (online shopping, chatting, gambling)  Usage of External ISPs (avoiding detection by using external ISP)  Moonlighting (using company resources for personal business).

35  Software Piracy  Unauthorised copying of software  Alternatives include site licenses, shareware or public domain software.  IP Piracy  Intellectual property is also subject to piracy  The immergence of P2P network structures have led to a proliferation of IP piracy.

36  A basic human right is the right to privacy, but this right is brought into question by Technology.  Accessing individuals private email conversations and computer records is a violation of privacy  Monitoring peoples whereabouts through CCTV, computer monitoring, Mobile GPS.  Computer matching of customer information gained from different sources.  Collecting telephone number / email addresses etc. to build customer profiles

37  One aspect of the internet is anonymity.  Although in reality much of it is very visible and open to privacy violations.  But precautions can be taken to protect privacy, such as encryption, authentication etc. – which we will discuss under the security topic.

38  We’ve encountered several examples of computer profiling / matching during this course;  Individuals have been wrongly arrested.  Individuals have been denied credit.  Because of being mistakenly identified.  Identity Theft is also possible.  Many countries introduce privacy laws to protect people’s privacy, or attempted to.

39  Now, competing against the freedom of privacy, freedom of speech (information and the press), is another important human right.  People have a right to know about matters that others may wish to keep private.  With modern communication systems, sharing opinion (using ones right to free speech) becomes easier;  Flaming  Spamming

40  Employment  The introduction of IS/IT has created many new jobs, while at the same time eliminating some – how do we ethically introduce job cutting systems?  Computer Monitoring  How can we weight up our employees right to privacy against the desire to monitor computer usage (as a way of managing employees work)?

41  Working Conditions  While IS/IT has removed many repetitive, monotonous tasks, often the human role has changed from one of a craftsman to one of a machine regulating a machine  Individuality  Many IS/IT remove the individual treatment of people by imposing strict, uncustomisable procedures. Rather than dealing with customers individually, we are constrained by the capabilities of the system.


Download ppt "Dr. Ken Cosh.  Outsourcing  Managing Information Systems  Dependency  Reliability  Security  Ethics."

Similar presentations


Ads by Google