Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.

Published byBrianna Lyons Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized."— Presentation transcript:

1 1 Chapter 8 Securing Information Systems

2 Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access, theft) Intrusion detections system Firewall Encryption Disaster recovery planning Digital signature and certificate Secure Sockets Layer (SSL) Access control (user authentication) Securing Wireless Networks (WEP) 2

3 3 Systems Vulnerability Digital data Can be duplicated/changed without being detected Networks Connected to LANs, WANS, & the Internet Anyone from inside/outside the organization can attempt to infiltrate information systems Centralized and integrated data – business benefit, security challenge

4 Security Threats - External 4 Data theft Defense: Encryption False identity (spoofing/phishing) Malware (virus, worm) Powerouttage, Natural disaster Defense: Plan, facilities Defense: Cautious user Defense: Anti-virus software, Firewall Sniffing Defense: Intrusion detection system

5 55 Defenses Firewall (blocks Malware) Placed between internal LANs and external networks Need to write/maintain rules that dictate what comes in and what goes out. Part of operating systems Intrusion Detection Systems (blocks data theft) Automatically detects suspicious network traffic at most vulnerable points of network

6 6 Defenses: Encryption Encryption with Public & Private Key Scrambling of messages to prevent un authorized parties to read them Single key model – Sender and receiver use the same key for encryption and decryption Double key model – Sender and Receiver have their public and private keys: Digital Certificate - public key and a proof of its validity issued by a certificate authority (e.g., VeriSign); licensed annually. Digital Signature – a message encrypted by sender’s private key proving his identity. Both sender and receiver can use it to prove their identity. Encrypt with Recipient’s Public Key Decrypt with Recipient’s Private Key Digital Certificate Digital Signature can be applied

7 Communications between client and server happen over Secure Socket Layer (SSL) (current name: Transport Layer Security)- Internet protocol for securing data transfer. Supported by operating systems and Web browsers and servers. Negotiations about security, encryption, public key transfers – all happens on SSL/TSL. 7 Defenses: Encryption

8 88 Security Threats - Internal Theft (stealing data hardware, software) Unauthorized access to data (read, change, delete) Human error (leaving data unprotected, poor & lost passwords, not locking data/hardware/software) Defenses: Security measures Manage data access (system administrators) Training, supervision

Download ppt "1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.

Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.
CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication E-Mail Security E-Mail Security Secure Sockets Layer Secure.

CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.
-Gunjandeep Singh Khera. C1India (security Features) Digital Signature: The solution includes capturing Digital Signature Authorized and certified by.

-Gunjandeep Singh Khera. C1India (security Features) Digital Signature: The solution includes capturing Digital Signature Authorized and certified by.
Computer and Network Security Mini Lecture by Milica Barjaktarovic.

Computer and Network Security Mini Lecture by Milica Barjaktarovic.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Chapter 9: Privacy, Crime, and Security

Chapter 9: Privacy, Crime, and Security
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
Lecture 10 Security and Control.

Lecture 10 Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Similar presentations

Ads by Google