Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies.

Published byGregory Horton Modified over 9 years ago

Similar presentations

Presentation on theme: "© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies."— Presentation transcript:

1 © Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies

2 © Paradigm Publishing Inc. 8-2 Presentation Overview Risk Assessment Network and Internet Security Risks Computer Viruses Hardware and Software Security Risks Security Strategies for Protecting Computer Systems and DataSecurity Strategies for Protecting Computer Systems and Data

3 © Paradigm Publishing Inc. 8-3 Risk Assessment Why is risk assessment important when defining security strategies?

4 © Paradigm Publishing Inc. 8-4 Risk Assessment Why is risk assessment important when defining security strategies? Organizations need to assess the level of security risk they face in order to develop an effective security strategy. They must determine the level of

5 © Paradigm Publishing Inc. 8-5 Risk Assessment Why is risk assessment important when defining security strategies? Organizations need to assess the level of security risk they face in order to develop an effective security strategy. They must determine the level of threat – the severity of a security breach

6 © Paradigm Publishing Inc. 8-6 Risk Assessment Why is risk assessment important when defining security strategies? Organizations need to assess the level of security risk they face in order to develop an effective security strategy. They must determine the level of threat – severity of a security breach vulnerability – likelihood of a security breach of systems or data

7 © Paradigm Publishing Inc. 8-7 Risk Assessment The higher the level of vulnerability and threat, the higher the level of risk.

8 © Paradigm Publishing Inc. 8-8 Network and Internet Security Risks What are the security risks on networks and the Internet?

9 © Paradigm Publishing Inc. 8-9 Network and Internet Security Risks What are the security risks on networks and the Internet? – Hacker – individual who breaks into security systems, motivated by curiosity of the challenge

10 © Paradigm Publishing Inc. 8-10 Network and Internet Security Risks What are the security risks on networks and the Internet? – Hacker – individual who breaks into security systems, motivated by curiosity of the challenge – Cracker – a hacker with malicious or criminal intent

11 © Paradigm Publishing Inc. 8-11 Network and Internet Security Risks What are the security risks on networks and the Internet? – Hacker – individual who breaks into security systems, motivated by curiosity of the challenge – Cracker – a hacker with malicious or criminal intent – Cyberwar – online attacks between countries

12 © Paradigm Publishing Inc. 8-12 Network and Internet Security Risks Percentage of unauthorized use of computer networks Source: 2005 CSI/FBI Computer Crime and Security Survey, http://www.cpppe.umd.edu/Bookstore/ Documents/2005CSISurvey.pdfhttp://www.cpppe.umd.edu/Bookstore/

13 © Paradigm Publishing Inc. 8-13 Network and Internet Security Risks Unauthorized Access

14 © Paradigm Publishing Inc. 8-14 Network and Internet Security Risks Unauthorized Access – User IDs and passwords – hackers gain entry by finding a working user ID and password

15 © Paradigm Publishing Inc. 8-15 Network and Internet Security Risks Unauthorized Access – User IDs and passwords – hackers gain entry by finding a working user ID and password – System backdoors – a test user ID and password that provides the highest level of authorization

16 © Paradigm Publishing Inc. 8-16 Network and Internet Security Risks Unauthorized Access – User IDs and passwords – hackers gain entry by finding a working user ID and password – System backdoors – a test user ID and password that provides the highest level of authorization – Spoofing – fooling another computer by pretending to send packets from a legitimate source

17 © Paradigm Publishing Inc. 8-17 Network and Internet Security Risks Unauthorized Access – User IDs and passwords – hackers gain entry by finding a working user ID and password – System backdoors – a test user ID and password that provides the highest level of authorization – Spoofing – fooling another computer by pretending to send packets from a legitimate source – Online predators – talk young people into meeting them

18 © Paradigm Publishing Inc. 8-18 Network and Internet Security Risks Denial of service attack (DoS) hackers run multiple copies of a program to flood it and shut it down.

19 © Paradigm Publishing Inc. 8-19 Network and Internet Security Risks Limited Security for Wireless Devices Wired Equivalent Privacy (WEP) makes it more difficult for hackers to intercept and modify data transmissions sent by radio waves or infrared signals.

20 © Paradigm Publishing Inc. 8-20 Network and Internet Security Risks Data Browsing Workers with access to networked databases that contain private information “browse” through the private documents.

21 © Paradigm Publishing Inc. 8-21 Computer Viruses Computer Viruses and Worms

22 © Paradigm Publishing Inc. 8-22 Computer Viruses –Virus – a program designed to perform a trick upon an unsuspecting person; the trick may be just annoying or very destructive. Computer Viruses and Worms

23 © Paradigm Publishing Inc. 8-23 Computer Viruses –Virus – a program designed to perform a trick upon an unsuspecting person; the trick may be just annoying or very destructive. –Worm – software that actively attempts to move or copy itself. Computer Viruses and Worms

24 © Paradigm Publishing Inc. 8-24 Computer Viruses Viruses are often transmitted over the Internet and through shared devices such as flash drives.

25 © Paradigm Publishing Inc. 8-25 Computer Viruses Virus symptoms

26 © Paradigm Publishing Inc. 8-26 Computer Viruses Impact of Viruses

27 © Paradigm Publishing Inc. 8-27 Computer Viruses Impact of Viruses –Nuisance virus – usually does no damage but is an inconvenience

28 © Paradigm Publishing Inc. 8-28 Computer Viruses Impact of Viruses –Nuisance virus – usually does no damage but is an inconvenience –Espionage virus – allows a hacker to enter system later for the purpose of stealing data or spying

29 © Paradigm Publishing Inc. 8-29 Computer Viruses Impact of Viruses –Nuisance virus – usually does no damage but is an inconvenience –Espionage virus – allows a hacker to enter system later for the purpose of stealing data or spying –Data-destructive virus – designed to erase or corrupt files so that they are unreadable

30 © Paradigm Publishing Inc. 8-30 Computer Viruses Macro Virus

31 © Paradigm Publishing Inc. 8-31 Computer Viruses Macro Virus –a small subprogram written specifically for one program to customize and automate certain functions

32 © Paradigm Publishing Inc. 8-32 Computer Viruses Macro Virus –a small subprogram written specifically for one program to customize and automate certain functions –macro virus usually does little harm but is difficult to remove

33 © Paradigm Publishing Inc. 8-33 Computer Viruses Variant Virus

34 © Paradigm Publishing Inc. 8-34 Computer Viruses Variant Virus –programmed to change itself and its behavior to fool programs meant to stop it

35 © Paradigm Publishing Inc. 8-35 Computer Viruses Variant Virus –programmed to change itself and its behavior to fool programs meant to stop it –comes in many forms and can change daily to avoid detection

36 © Paradigm Publishing Inc. 8-36 Computer Viruses Stealth Virus

37 © Paradigm Publishing Inc. 8-37 Computer Viruses Stealth Virus –tries to hide from software designed to find and destroy it

38 © Paradigm Publishing Inc. 8-38 Computer Viruses Stealth Virus –tries to hide from software designed to find and destroy it –masks the size of the file by copying itself to another location on the victim’s hard drive

39 © Paradigm Publishing Inc. 8-39 Computer Viruses Boot Sector Virus

40 © Paradigm Publishing Inc. 8-40 Computer Viruses Boot Sector Virus –designed to alter the boot sector of a disk

41 © Paradigm Publishing Inc. 8-41 Computer Viruses Boot Sector Virus –designed to alter the boot sector of a disk –whenever the operating system reads the boot sector, the computer automatically becomes infected

42 © Paradigm Publishing Inc. 8-42 Computer Viruses Trojan Horse Virus

43 © Paradigm Publishing Inc. 8-43 Computer Viruses Trojan Horse Virus –hides inside another legitimate program or data file

44 © Paradigm Publishing Inc. 8-44 Computer Viruses Trojan Horse Virus –hides inside another legitimate program or data file –common in downloaded games and shareware files

45 © Paradigm Publishing Inc. 8-45 Computer Viruses Trojan Horse Virus –hides inside another legitimate program or data file –common in downloaded games and shareware files –may cause damage immediately or may delay acting for a time

46 © Paradigm Publishing Inc. 8-46 Computer Viruses Multipartite Virus

47 © Paradigm Publishing Inc. 8-47 Computer Viruses Multipartite Virus –utilizes several forms of attack

48 © Paradigm Publishing Inc. 8-48 Computer Viruses Multipartite Virus –utilizes several forms of attack –may first infect boot sector and later become a Trojan horse by infecting a disk file

49 © Paradigm Publishing Inc. 8-49 Computer Viruses Multipartite Virus –utilizes several forms of attack –may first infect boot sector and later become a Trojan horse by infecting a disk file –rarely encountered but difficult to guard against

50 © Paradigm Publishing Inc. 8-50 Computer Viruses Logic Bomb Virus does not act immediately but waits for a specific event or set of conditions to occur.

51 © Paradigm Publishing Inc. 8-51 Hardware and Software Security Risks Systems Failure

52 © Paradigm Publishing Inc. 8-52 Hardware and Software Security Risks Systems Failure –Power spike – sudden rise or fall in power level caused by a power surge; can cause poor performance or permanent hardware damage

53 © Paradigm Publishing Inc. 8-53 Hardware and Software Security Risks Systems Failure –Power spike – sudden rise or fall in power level caused by a power surge; can cause poor performance or permanent hardware damage –Surge protector – guards against power spikes

54 © Paradigm Publishing Inc. 8-54 Hardware and Software Security Risks Systems Failure –Power spike – sudden rise or fall in power level caused by a power surge; can cause poor performance or permanent hardware damage –Surge protector – guards against power spikes –Uninterruptible power supply – guards against power spikes and keeps computers running during a blackout

55 © Paradigm Publishing Inc. 8-55 Hardware and Software Security Risks Employee Theft

56 © Paradigm Publishing Inc. 8-56 Hardware and Software Security Risks Employee Theft –cost of stolen computer hardware and software

57 © Paradigm Publishing Inc. 8-57 Hardware and Software Security Risks Employee Theft –cost of stolen computer hardware and software –cost of replacing lost data

58 © Paradigm Publishing Inc. 8-58 Hardware and Software Security Risks Employee Theft –cost of stolen computer hardware and software –cost of replacing lost data –cost of time lost while machines are gone

59 © Paradigm Publishing Inc. 8-59 Hardware and Software Security Risks Employee Theft –cost of stolen computer hardware and software –cost of replacing lost data –cost of time lost while machines are gone –cost of installing new machines and training people to use them

60 © Paradigm Publishing Inc. 8-60 Hardware and Software Security Risks Cracking Software for Copying

61 © Paradigm Publishing Inc. 8-61 Hardware and Software Security Risks Cracking Software for Copying –crack – a method of circumventing a security scheme that prevents a user from copying a program

62 © Paradigm Publishing Inc. 8-62 Hardware and Software Security Risks Cracking Software for Copying –crack – a method of circumventing a security scheme that prevents a user from copying a program –make copy of CD with burner

63 © Paradigm Publishing Inc. 8-63 Hardware and Software Security Risks Cracking Software for Copying –crack – a method of circumventing a security scheme that prevents a user from copying a program –make copy of CD with burner –copy files to hard drive and redirect software to check hard disk for files

64 © Paradigm Publishing Inc. 8-64 Hardware and Software Security Risks Cracking Software for Copying –crack – a method of circumventing a security scheme that prevents a user from copying a program –make copy of CD with burner –copy files to hard drive and redirect software to check hard disk for files –duplication of program made difficult when original CD has scrambled files

65 © Paradigm Publishing Inc. 8-65 Security Strategies for Protecting Computer Systems and Data Physical Security

66 © Paradigm Publishing Inc. 8-66 Security Strategies for Protecting Computer Systems and Data Physical Security –computers should be located in controlled-access areas

67 © Paradigm Publishing Inc. 8-67 Security Strategies for Protecting Computer Systems and Data Physical Security –computers should be located in controlled-access areas –locking cables can be used when equipment not used

68 © Paradigm Publishing Inc. 8-68 Security Strategies for Protecting Computer Systems and Data Firewall

69 © Paradigm Publishing Inc. 8-69 Security Strategies for Protecting Computer Systems and Data Firewall –allows normal Web browser operations but prevents other types of communication

70 © Paradigm Publishing Inc. 8-70 Security Strategies for Protecting Computer Systems and Data Firewall –allows normal Web browser operations but prevents other types of communication –checks incoming data against a list of known sources

71 © Paradigm Publishing Inc. 8-71 Security Strategies for Protecting Computer Systems and Data Firewall –allows normal Web browser operations but prevents other types of communication –checks incoming data against a list of known sources –data rejected if it does not fit a preset profile

72 © Paradigm Publishing Inc. 8-72 Security Strategies for Protecting Computer Systems and Data Network Sniffer

73 © Paradigm Publishing Inc. 8-73 Security Strategies for Protecting Computer Systems and Data Network Sniffer –displays network traffic data

74 © Paradigm Publishing Inc. 8-74 Security Strategies for Protecting Computer Systems and Data Network Sniffer –displays network traffic data –shows which resources employees use and Web sites they visit

75 © Paradigm Publishing Inc. 8-75 Security Strategies for Protecting Computer Systems and Data Network Sniffer –displays network traffic data –shows which resources employees use and Web sites they visit –can be used to troubleshoot network connections and improve system performance

76 © Paradigm Publishing Inc. 8-76 Security Strategies for Protecting Computer Systems and Data Antivirus Software

77 © Paradigm Publishing Inc. 8-77 Security Strategies for Protecting Computer Systems and Data Antivirus Software –detects and deletes known viruses

78 © Paradigm Publishing Inc. 8-78 Security Strategies for Protecting Computer Systems and Data Antivirus Software –detects and deletes known viruses –Internet allows antivirus software to update itself to detect newer viruses

79 © Paradigm Publishing Inc. 8-79 Security Strategies for Protecting Computer Systems and Data Data Backups

80 © Paradigm Publishing Inc. 8-80 Security Strategies for Protecting Computer Systems and Data Data Backups Organizations protect critical files by –keeping a copy of programs and data in a safe place

81 © Paradigm Publishing Inc. 8-81 Security Strategies for Protecting Computer Systems and Data Data Backups Organizations protect critical files by –keeping a copy of programs and data in a safe place –keep more than one backup of important databases and update them on a set schedule

82 © Paradigm Publishing Inc. 8-82 Security Strategies for Protecting Computer Systems and Data Disaster Recovery Plan

83 © Paradigm Publishing Inc. 8-83 Security Strategies for Protecting Computer Systems and Data Disaster Recovery Plan a safety system that allows a company to restore its systems after a complete loss of data; elements include – data backup procedures

84 © Paradigm Publishing Inc. 8-84 Security Strategies for Protecting Computer Systems and Data Disaster Recovery Plan a safety system that allows a company to restore its systems after a complete loss of data; elements include – data backup procedures – remotely located backup copies

85 © Paradigm Publishing Inc. 8-85 Security Strategies for Protecting Computer Systems and Data Disaster Recovery Plan a safety system that allows a company to restore its systems after a complete loss of data; elements include – data backup procedures – remotely located backup copies – redundant systems with mirrored hard drive which contains same data as original hard drive and is updated automatically when original drive is updated

86 © Paradigm Publishing Inc. 8-86 Security Strategies for Protecting Computer Systems and Data Authentication

87 © Paradigm Publishing Inc. 8-87 Security Strategies for Protecting Computer Systems and Data Authentication proof of identity of a user and of authority to access data; identity can be confirmed by – personal identity (PIN) numbers

88 © Paradigm Publishing Inc. 8-88 Security Strategies for Protecting Computer Systems and Data Authentication proof of identity of a user and of authority to access data; identity can be confirmed by – personal identity (PIN) numbers – user IDs and passwords

89 © Paradigm Publishing Inc. 8-89 Security Strategies for Protecting Computer Systems and Data Authentication proof of identity of a user and of authority to access data; identity can be confirmed by – personal identity (PIN) numbers – user IDs and passwords – smart cards

90 © Paradigm Publishing Inc. 8-90 Security Strategies for Protecting Computer Systems and Data Authentication proof of identity of a user and of authority to access data; identity can be confirmed by – personal identity (PIN) numbers – user IDs and passwords – smart cards – biometrics

91 © Paradigm Publishing Inc. 8-91 Security Strategies for Protecting Computer Systems and Data An encryption key is used to secure messages that are sent across the Internet.

92 © Paradigm Publishing Inc. 8-92 Security Strategies for Protecting Computer Systems and Data Monitoring and Auditing

93 © Paradigm Publishing Inc. 8-93 Security Strategies for Protecting Computer Systems and Data Monitoring and Auditing employees’ online and offline activities can be monitored at work by – keyboard loggers store keystrokes on hard drive

94 © Paradigm Publishing Inc. 8-94 Security Strategies for Protecting Computer Systems and Data Monitoring and Auditing employees’ online and offline activities can be monitored at work by – keyboard loggers store keystrokes on hard drive – Internet traffic trackers record Web sites visited

95 © Paradigm Publishing Inc. 8-95 Security Strategies for Protecting Computer Systems and Data Monitoring and Auditing employees’ online and offline activities can be monitored at work by – keyboard loggers store keystrokes on hard drive – Internet traffic trackers record Web sites visited – webcams provide video surveillance

96 © Paradigm Publishing Inc. 8-96 Security Strategies for Protecting Computer Systems and Data Monitoring and Auditing employees’ online and offline activities can be monitored at work by – keyboard loggers store keystrokes on hard drive – Internet traffic trackers record Web sites visited – webcams provide video surveillance – auditing reviews monitored data and system logins for unauthorized access

97 © Paradigm Publishing Inc. 8-97 On the Horizon Based on the information presented in this chapter and your own experience, what do you think is on the horizon?

Download ppt "© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies."

Similar presentations

By: Jack, Anna, Cassidy and Patrick October 7, 2008.

By: Jack, Anna, Cassidy and Patrick October 7, 2008.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.

1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
Chapter 9: Privacy, Crime, and Security

Chapter 9: Privacy, Crime, and Security
7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.

7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.
© Paradigm Publishing, Inc. 8-1 Chapter 8 Security Issues and Strategies Chapter 8 Security Issues and Strategies.

© Paradigm Publishing, Inc. 8-1 Chapter 8 Security Issues and Strategies Chapter 8 Security Issues and Strategies.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Viruses & Destructive Programs

Viruses & Destructive Programs
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.

Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) =.00625 * 5,349.44 = $33.434 What happens to the.004?.004+.004+.004=.012.004.

Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =
Business computer application University of Palestine College of Business Instructor: Mr. Ahmed Abumosameh.

Business computer application University of Palestine College of Business Instructor: Mr. Ahmed Abumosameh.
Data Security GCSE ICT.

Data Security GCSE ICT.
Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.

Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.

Similar presentations

Ads by Google