Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) =.00625 * 5,349.44 = $33.434 What happens to the.004?.004+.004+.004=.012.004.

Published byReynard Harmon Modified over 9 years ago

Similar presentations

Presentation on theme: "Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) =.00625 * 5,349.44 = $33.434 What happens to the.004?.004+.004+.004=.012.004."— Presentation transcript:

1 Security

2 If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) =.00625 * 5,349.44 = $33.434 What happens to the.004?.004+.004+.004=.012.004 * 1,000,000 customers * 12 months = $48,000!!!!! Nice income supplement. Standard Example

3 Computer Crime  Computer crime losses estimated between $15-$300 Billion annually.  “The playground bullies are learning how to type” -- Forbes Magazine.

4 BUT, crime is not the only security area!  Three main concerns:  evil (crime)  system limitations  Carelessness / Stupidity

5 The First Line of Defense - People n Organizations must enable employees, customers, and partners to access information electronically n The biggest issue surrounding information security is not a technical issue, but a people issue n 33% of security incidents originate within the organization –Insiders – legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident

6 The First Line of Defense - People n The first line of defense an organization should follow to help combat insider issues is to develop information security policies and an information security plan –Information security policies – identify the rules required to maintain information security –Information security plan – details how an organization will implement the information security policies

7 The First Line of Defense - People n Five steps to creating an information security plan: 1.Develop the information security policies 2.Communicate the information security policies 3.Identify critical information assets and risks – Firewall – hardware and/or software that guards a private network by analyzing the information leaving and entering the network – Intrusion detection software (IDS) – searches out patterns in network traffic to indicate attacks and quickly respond to prevent harm 4.Test and reevaluate risks 5.Obtain stakeholder support

8 The First Line of Defense - People n Hackers frequently use “social engineering” to obtain password –Social engineering – using one’s social skills to trick people into revealing access credentials or other information valuable to the attacker

9 The Second Line of Defense - Technology n Three primary information security areas: 1.Authentication and authorization 2.Prevention and resistance 3.Detection and response

10 AUTHENTICATION AND AUTHORIZATION n Authentication – a method for confirming users’ identities n The most secure type of authentication involves a combination of the following: 1.Something the user knows such as a user ID and password 2.Something the user has such as a smart card or token 3.Something that is part of the user such as a fingerprint or voice signature

11 Something the User Knows such as a User ID and Password n This is the most common way to identify individual users and typically contains a user ID and a password n This is also the most ineffective form of authentication n Over 50 percent of help-desk calls are password related

12 Something the User Has such as a Smart Card or Token n Smart cards and tokens are more effective than a user ID and a password –Tokens – small electronic devices that change user passwords automatically –Smart card – a device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing

13 Something That Is Part of the User such as a Fingerprint or Voice Signature n This is by far the best and most effective way to manage authentication –Biometrics – the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting n Unfortunately, this method can be costly and intrusive

14 PREVENTION AND RESISTANCE n Downtime can cost an organization anywhere from $100 to $1 million per hour n Technologies available to help prevent and build resistance to attacks include: 1.Content filtering 2.Encryption 3.Firewalls

15 Content Filtering n Organizations can use content filtering technologies to filter e-mail and prevent e- mails containing sensitive information from transmitting and stop spam and viruses from spreading. –Content filtering – occurs when organizations use software that filters content to prevent the transmission of unauthorized information –Spam – a form of unsolicited e-mail

16 ENCRYPTION n If there is an information security breach and the information was encrypted, the person stealing the information would be unable to read it –Encryption – scrambles information into an alternative form that requires a key or password to decrypt the information

17 SENDER SCRAMBLED MESSAGE RECIPIENT Encrypt with public key Decrypt with private key PUBLIC KEY ENCRYPTION SECURITY AND THE INTERNET

18 FIREWALLS n One of the most common defenses for preventing a security breach is a firewall –Firewall – hardware and/or software that guards a private network by analyzing the information leaving and entering the network

19 FIREWALLS n Sample firewall architecture connecting systems located in Chicago, New York, and Boston

20 DETECTION AND RESPONSE n If prevention and resistance strategies fail and there is a security breach, an organization can use detection and response technologies to mitigate the damage n Antivirus software is the most common type of detection and response technology

21 DETECTION AND RESPONSE n Some of the most damaging forms of security threats to e-business sites include: –Malicious code – includes a variety of threats such as viruses, worms, and Trojan horses –Hoaxes – attack computer systems by transmitting a virus hoax, with a real virus attached –Spoofing – the forging of the return address on an e-mail so that the e-mail message appears to come from someone other than the actual sender –Sniffer – a program or device that can monitor data traveling over a network

22 Providing Security - Procedural  Keep an electronic audit trail  Separate duties.  Never allow too much power to one individual. In ES, don’t allow the expert to update the knowledge base.  Continually asses threats, risks, exposures, and vulnerabilities.  Have standard procedures and documentation.  Strict authorization requirements.

23 Providing Security - Procedural  Outside audits.  “Security is everybody’s business” -- give awards, etc.  Have a disaster recovery plan. Lacked by 60% of all businesses!  Use intelligent systems capability of firm to flag problems.

24 Providing Security - Physical  All hard drives will eventually crash. This fact should be your first to consider. Everything else doesn’t count if you’ve forgotten this.  Secure systems physically.  Separate systems physically.  Have off site storage.  Backups -files more than programs.  Fault tolerance - UPS.  Don’t let your corporate knowledge get lost. This is WAY more important for DSS than TPS… should figure 2:1 on physical security procedures.

Download ppt "Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) =.00625 * 5,349.44 = $33.434 What happens to the.004?.004+.004+.004=.012.004."

Similar presentations

1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.

Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
CHAPTER OVERVIEW SECTION 4.1 – Ethics

CHAPTER OVERVIEW SECTION 4.1 – Ethics
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Sarbanes-Oxley: Where Information Technology, Finance, and Ethics Meet

Sarbanes-Oxley: Where Information Technology, Finance, and Ethics Meet
BUSINESS PLUG-IN B6 Information Security.

BUSINESS PLUG-IN B6 Information Security.
McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Business Plug-In B6 Information Security.

McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Business Plug-In B6 Information Security.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS

ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
The Systems Development Life Cycle Systems Implementation Product: Operational System Systems Implementation Product: Operational System Systems Investigation.

The Systems Development Life Cycle Systems Implementation Product: Operational System Systems Implementation Product: Operational System Systems Investigation.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved ETHICS SECTION 4.1.

McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved ETHICS SECTION 4.1.
4-1 Chapter Four Overview SECTION 4.1 - ETHICS –Ethics –Information Ethics –Developing Information Management Policies –Ethics in the Workplace SECTION.

4-1 Chapter Four Overview SECTION ETHICS –Ethics –Information Ethics –Developing Information Management Policies –Ethics in the Workplace SECTION.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.

Similar presentations

Ads by Google