Presentation is loading. Please wait.

Presentation is loading. Please wait.

Administering Security. Personal Computer Security Management Security problems for personal computers are more serious than on mainframe computers –people.

Published byUrsula Dalton Modified over 9 years ago

Similar presentations

Presentation on theme: "Administering Security. Personal Computer Security Management Security problems for personal computers are more serious than on mainframe computers –people."— Presentation transcript:

1 Administering Security

2 Personal Computer Security Management Security problems for personal computers are more serious than on mainframe computers –people issues –hardware and software issues lack of sensitivity –users do not appreciate security risks associated with the use of PCs lack of tools –hw and sw tools are fewer and less sophisticated than in the mainframe environment

3 Contributors to Security Problems Hardware vulnerabilities –limited protection of one memory space –every user can execute every instruction –can read and write every memory location –the operating system may declare certain files as “system” files, but it can not prevent the user from accessing them –operating system designers have failed to take advantage of hardware protection

4 Contributors to Security Problems Low awareness of the problem –analogous to a calculator no unique responsibility –if the machine is shared, nobody takes full responsibility for maintenance, supervision and control few hw controls –few PCs take advantage of hw features no audit trail environmental attacks physical access –unattended machines care of media components –diskettes, etc.

5 Contributors to Security Problems No backups questionable documentation high portability combination of duties –lack of checks and balances

6 Security Measures Procedures: Do not leave PCs unattended in an exposed environment if they contain sensitive info do not leave printers unattended if they are printing sensitive output secure media as carefully as you would a confidential report perform periodic back-ups practice separation of authority

7 Security Measures Hardware Controls: Secure the equipment consider using add-on security boards Software Controls: use all sw with full understanding of its potential threats do not use sw from dubious resources be suspicious of all results maintain periodic complete backups of all system resources

8 Protection of Files Access control features encryption copy protection no protection

9 Access Control Mechanisms for PCs Motivations for access control: Outside interference two users one machine network access errors untrusted software separation of applications

10 Features of PC Access Control Systems Transparent encryption –some systems automatically encrypt files so that their contents will not be evident time of day checking –allowing access during certain times automatic timeout –the system automatically terminates the session machine identification –unique serial no can be read by the application

11 Risk Analysis

12 RISK Possibility of suffering harm or loss, a factor, course or element involving uncertain danger

13 OPPORTUNITY & THREAT

14 THEORETICAL FRAMEWORK Important parameter in designing security systems is the COST RISK ASSESSMENT Risk perception –psychological theory of risk: how the general public reacts to uncertainities of danger, and how this general reaction affects individual behaviour. –cultural theory of risk: Risk perception differs depending on the social group & belief system an individual belongs to (Douglas 1970)

15 Reacting to Threats RISK PERCEPTION THREAT RESPONSE Passive Reaction communication

16 Reacting to Threats RISK PERCEPTION Organisation Structure RISK MANAGEMENT External danger Shared Meaning and Trust

17 CULTURAL THEORY When we try to think of the individual in a social context, we normally think of the corporate group or groups to which they belong. Individuals also have constraining classifications within the group: hierarchy, kinship, race, gender, age...

18 CULTURAL THEORY Group (Social incorporation) Grid (Individual) B Fatalists C Hierarchists A Individualist D Egalitarians Four types of social environment and cultural biases (Douglas 1970)

19 CULTURAL THEORY A: competitive, control people, autonomy; see risks with opportunities B: no voluntary risk taking, but accept it as a given, no personal autonomy C: group is emphasised; division of labour, specialisation, segregation of duties. Take risks iff it is approved by experts; hierarchical authority D: members get their support from the group; no formal delegation. The group dissolves in the absence of strong leadership group individual Individualist FatalistsHierarchists Egalitarians BC AD

20 CULTURE AND RISK Risk behaviour is a function of how human beings, individually and in groups, perceive their place in the world. It is important to understand the role of culture in stakeholder interaction in order to understand cultural biases in risk perception.

21 STAKEHOLDER MODEL Stakeholders –Users: information user –Suppliers: information provider and systems developer –Others: systems manager Each stakeholder group has a differing perceptions of same risk. Stakeholders can be grouped within themselves depending on the social groups they belong to rather than roles they assume.

22 STAKEHOLDER MODEL Links stakeholder model with the cultural theory

23 STAKEHOLDER MODEL Individuals have different cultural biases and have different perceptions of risk –computer privacy and security rules are different in different countries –Singapore, Japan, US, Canada Grouping stakeholders is not enough for designing IS.

24 RISK COMMUNICATION It is important to know the cultural backgrounds of the stakeholders –how they perceive risks –how they communicate risks –risk communication theory –risk communication model

25 RISK COMMUNICATION Past: –risk communication as one way to general public from government… –efforts to improve risk communication –to get the message across by describing the magnitude and balance of the attendant costs and benefits

26 RISK COMMUNICATION The costs and benefits are equally distributed across a society People do not agree about which events or actions do the most harm or which benefits are more worth seeking.

27 RISK COMMUNICATION US National Research Counsil (1989) Risk communication is an interactive process of exchange of information and opinion among individuals, groups and institutions. It involves multiple messages about the nature of the risk and other messages, not strictly about risk, that express concerns, opinions and reactions to risk messages or to legal and institutional arrangements for risk management. Top-down definition of risk

28 RISK COMMUNICATION Risk Communication –risks posed to stakeholders on the web are technological hazards –classical risk communication model: sources transmitters receivers Certain aspects of risks are intensified or attenuated

29 CULTURE Sources Scientists Agencies Interest Groups Eyewitnesses Portrayal of Event with symbols, signals and images by the Sources Transmitters Media Institutions/Agencies Interest Groups Opinion Leaders Receivers General Public Affected Organisations/Institutions Social Groups Other target audience Risk Event feedback Two-way interaction

30 Initial Information HEAR CULTURE SOCIAL FASHION PERSONAL VALUES RELATED ATTITUDES INFLUENCES Appeal Do not Appeal UNDERSTAND BELIEVE PERSONALIZE RESPOND New Information

31 Communication The recipient hears the information and then screens it based on social fashion, personal values, attitudes under the influence from peer groups –cultural forces before understanding the message Believing involves acceptance that the understanding is correct –the risk is real Personalisation –the risk event will affect the receiver Response –decision to take action for protection from risk

32 Communication Credibility of information sources and transmitters is a key issue in risk communication

33 TRUST AND CONFIDENCE VS CREDIBILITY Trust is an important ingredient in any trade transaction Trust acts as the mitigating factor for the risks assumed by one party on the party in the trade As trust increases the risks either reduce or become manageable by the trusting party Existence of trust also reduces the transaction cost in a trade

34 TRUST For effective communication of risks it is critically important that receivers place trust on the sources and transmitters (Lee 1986) Five levels of trust analysis framework

35 INSTITUTIONAL CREDIBILITY Confidence in business and economic organisations depends on the perceived quality of their services, but also on the employment situation, the perception of power monopolies in business, the observation of allegedly unethical behaviour and the confidence in other institutions Confidence in political institutions depends on their performance record and openness, but in addition on the perception of a political crisis, the belief that the government is treating everyone fair and equally, the belief in functioning of checks and balances, the perception of hidden agendas, and the confidence in other institutions

36 INSTITUTIONAL CREDIBILITY The more educated people are, the more they express confidence in the system, but the more they are also disappointed about the performance of the people representing the system Political conservatism correlates positively with confidence in business and negatively with government and public service

37 INSTITUTIONAL CREDIBILITY The social climate pre-sets the conditions under which an institution has to operate to gain and maintain trust in a positive climate people invest more in trust institutions in a negative climate people tend to caution and seek to have more control

38 Risk Perception, Trust and Credibility Hypothesis: –once trust and credibility exist in a relationship among the stakeholders during risk communication, stakeholders do not get involved in the analysis of risk factors individually, and –information systems security becomes less important to people when dealing with a trustworthy and credible institution.

39 Risk Perception, Trust and Credibility Personality of the communicator with attributes of ability and integrity are also important in establishing trust. Overall; message, communicator, institution, and the social context are the major factors in establishing trust within an organisation.

40 Risk Perception, Trust and Credibility Inferential analysis: –inverse correlation between trust and security on the internet –the higher the trust placed on an organisation the lower was the security concern.

Download ppt "Administering Security. Personal Computer Security Management Security problems for personal computers are more serious than on mainframe computers –people."

Similar presentations

EMS Checklist (ISO model)

EMS Checklist (ISO model)
GATE Definition of Active Ageing. GATE Define GATE Definition Note: We will consider this in the context of the non deficit model of ageing looking at.

GATE Definition of Active Ageing. GATE Define GATE Definition Note: We will consider this in the context of the non deficit model of ageing looking at.
The Labour Union and the Supervisor

The Labour Union and the Supervisor
Module 4 Social Determinants of Financial Reporting

Module 4 Social Determinants of Financial Reporting
Legitimate Leadership SPIAA Training Conference Enhancing Legitimacy: Procedural Justice & Crime Control in the 21 st Century Tuesday, July 22, 2014 -

Legitimate Leadership SPIAA Training Conference Enhancing Legitimacy: Procedural Justice & Crime Control in the 21 st Century Tuesday, July 22,
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Recruitment: The First Step in the Selection Process

Recruitment: The First Step in the Selection Process
BUILDING SOCIAL EXCHANGES AND FAIRNESS

BUILDING SOCIAL EXCHANGES AND FAIRNESS
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
The Managerial Environment

The Managerial Environment
Chapter 3 Organizational Environments and Culture

Chapter 3 Organizational Environments and Culture
Vladimir Ninković TRANSCONFLICT. Tolerating the unexpected Dealing with uncertainties.

Vladimir Ninković TRANSCONFLICT. Tolerating the unexpected Dealing with uncertainties.
Unit “ 10 “ CONTROLLING. Controlling Final step in the management process: actions taken to ensure that actual outcomes are consistent with those Planned.

Unit “ 10 “ CONTROLLING. Controlling Final step in the management process: actions taken to ensure that actual outcomes are consistent with those Planned.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Chapter 3: System design. System design Creating system components Three primary components – designing data structure and content – create software –

Chapter 3: System design. System design Creating system components Three primary components – designing data structure and content – create software –
Psychological Aspects of Risk Management and Technology – G. Grote ETHZ, Fall09 Psychological Aspects of Risk Management and Technology – Overview.

Psychological Aspects of Risk Management and Technology – G. Grote ETHZ, Fall09 Psychological Aspects of Risk Management and Technology – Overview.
The Australian/New Zealand Standard on Risk Management

The Australian/New Zealand Standard on Risk Management
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
SESSION 3 INFORMATION SYSTEMS, ORGANIZATIONS, MANAGEMENT, AND STRATEGY.

SESSION 3 INFORMATION SYSTEMS, ORGANIZATIONS, MANAGEMENT, AND STRATEGY.

Similar presentations

Ads by Google