Presentation is loading. Please wait.

Presentation is loading. Please wait.

C8- Securing Information Systems

Published byArron McDowell Modified over 9 years ago

Similar presentations

Presentation on theme: "C8- Securing Information Systems"— Presentation transcript:

1 C8- Securing Information Systems

2 Definitions Security: the policies, procedures and technical measures used to prevent unauthorized access, alteration, threat or physical damage to information systems Controls: methods to ensure the safety of assets, reliability of records and adherence to standards

3 Contemporary Security Challenges and Vulnerabilities
The architecture of a Web-based application typically includes a Web client, a server, and corporate information systems linked to databases. Each of these components presents security challenges and vulnerabilities. Floods, fires, power failures, and other electrical problems can cause disruptions at any point in the network. Figure 8-1 8-5

4 System Vulnerability and Abuse
Internet vulnerabilities Vulnerable to outside attacks Abuses can have widespread impact increases system vulnerability Wireless security challenges The service set identifiers (SSID) identifying the access points broadcast multiple times 8-6

5 Malicious Software Programs (Malware)‏
Computer viruses: Rogue software programs that attach to other programs in order to be executed, usually without user knowledge or permission Deliver a “payload” Can spread by attachments Worms: Programs that copy themselves from one computer to another over networks Can destroy data, programs, and halt operation of computer networks Trojan Horse: A software program that appears to be benign, but then does something unexpected Often “transports” a virus into a computer system System Vulnerability and Abuse 8-8

6 Hackers and Cybervandalism
Hackers: individuals who attempt to gain unauthorized access to a computer system Cracker: a hacker with criminal intent Cybervandalism: intentional disruption, defacement, or destruction of a Web site or system System Vulnerability and Abuse 8-11

7 Spoofing and Sniffing Spoofing Sniffing
masquerading as someone else, or redirecting a Web link to an unintended address Sniffing an eavesdropping program that monitors information travelling over a network System Vulnerability and Abuse 8-12

8 Denial of Service (DoS) Attacks
Hackers flood a server with false communications in order to crash the system System Vulnerability and Abuse 8-13

9 Computer Crime ... Identity theft Phishing
A crime in which the imposter obtains key pieces of personal information Phishing Setting up fake Web sites or sending messages that look legitimate, and using them to ask for confidential data Cyberterrorism and Cyberwarfare Exploitation of systems by terrorists Internal Threats: Employees Software vulnerability violation of criminal law that involves a knowledge of technology for perpetration, investigation, or prosecution 8-16

10 Phishing

11 Business Value of Security and Control
Protect own information assets and customers, employees, and business partner legal liability litigation for data exposure or theft A sound security and control framework= high return on investment 8-18

12 Establishing a Framework for Security and Control
Risk Assessment Determine level of risk to the firm in the case of improper controls Security policy Chief Security Officer (CSO)‏ Acceptable Use Policy (AUP)‏ Authorization Policies Authorization Management systems Ensuring business continuity Fault-tolerant computer systems High-availability computing Recovery-oriented computing Disaster recovery planning and business continuity planning Security outsourcing The role of auditing 8-20

13 Technologies And Tools for Security and Control
Access controls Consist of all the policies and procedures a company uses to prevent improper access to systems by unauthorized insiders and outsiders Authentication ability to know that a person is who she or he claims to be Passwords, tokens, biometric authentication

14 Firewalls Firewalls: Hardware and software controlling flow of incoming and outgoing network traffic Packet Filtering examines selected fields in the headers of data packets flowing back and forth from network and the Internet Stateful inspection provides additional security by determining whether packets are part of an ongoing dialogue between a sender and receiver Technologies And Tools For Security And Control

15 Intrusion Detection Systems, and Antivirus
Full-time monitoring tools placed at the most vulnerable points of the corporate networks to detect and deter intruders Antivirus and Antispyware Checks computer systems for viruses Technologies And Tools For Security And Control 8-27

16 Encryption Encryption-rmvtu[yopm-fodszqujpo Public key encryption:
Coding and scrambling of messages to prevent unauthorized access to, or understanding of, the data being transmitted Public key encryption: Uses two different keys, one private and one public. The keys are mathematically related so that data encrypted with one key can be decrypted using only the other key Public Key Infrastructure (PKI): Use of public key cryptography working with a certificate authority Technologies And Tools For Security And Control

17 Public Key Encryption A public key encryption system can be viewed as a series of public and private keys that lock data when they are transmitted and unlock the data when they are received. The sender locates the recipient’s public key in a directory and uses it to encrypt a message. The message is sent in encrypted form over the Internet or a private network. When the encrypted message arrives, the recipient uses his or her private key to decrypt the data and read the message. Technologies And Tools For Security And Control 8-31

18 Management Opportunities, Challenges, And Solutions
Solution Guidelines Security and control must become a more visible and explicit priority and area of information systems investment Support and commitment from top management is required to show that security is indeed a corporate priority and vital to all aspects of the business Security and control should be the responsibility of everyone in the organization Management Opportunities, Challenges, And Solutions

19

20 Learning Objectives Analyze why information systems need special protection from destruction, error, and abuse. Assess the business value of security and control. Design an organizational framework for security and control. Evaluate the most important tools and technologies for safeguarding information resources. 8-20

Download ppt "C8- Securing Information Systems"

Similar presentations

Lecture 14 Securing Information Systems

Lecture 14 Securing Information Systems
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Module 2: Information Technology Infrastructure

Module 2: Information Technology Infrastructure
7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.

7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
7.1 © 2007 by Prentice Hall 7 Chapter Securing Information Systems.

7.1 © 2007 by Prentice Hall 7 Chapter Securing Information Systems.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Lecture 10 Security and Control.

Lecture 10 Security and Control.
Lecture 10 Security and Control.

Lecture 10 Security and Control.
10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.

10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
7.1 © 2007 by Prentice Hall 7 Chapter Securing Information Systems.

7.1 © 2007 by Prentice Hall 7 Chapter Securing Information Systems.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Misbahuddin Azzuhri SE. MM. CPHR.

Misbahuddin Azzuhri SE. MM. CPHR.
Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) =.00625 * 5,349.44 = $33.434 What happens to the.004?.004+.004+.004=.012.004.

Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =

Similar presentations

Ads by Google