Presentation is loading. Please wait.

Presentation is loading. Please wait.

Management Information Systems The Islamia University of Bahawalpur Delivered by: Tasawar Javed Lecture 17.

Published byLucas Flynn Modified over 9 years ago

Similar presentations

Presentation on theme: "Management Information Systems The Islamia University of Bahawalpur Delivered by: Tasawar Javed Lecture 17."— Presentation transcript:

1 Management Information Systems The Islamia University of Bahawalpur Delivered by: Tasawar Javed Lecture 17

2 Today’s talk  E-Commerce Considerations The Disposable Credit Card Visa’s required Security Practices  Risk Management  Information Security Policy  Controls Information Security

3  E-Commerce Consideration New Security Concern Not only protection of data Not only protection of information Not only protection of software But protection from Credit Card Fraud Information Security

4 The Disposable Credit Card  American Express announced a “disposable” credit card  The fear came due to internet use  When user enter credit card number for purchasing; it creates the randomly generated number from the credit card company’s website; this number is given to the e- commerce retailer, who submits it to the credit card company for repayment.  Later on it was closed down; and disposable card was issued. On which you can make much more purchases.  Citibank offers Virtual Account Numbers, and MBNA has a program called ShopSafe. Information Security

5 Visa’s Required Security Practices  Visa announced 10 security related practices Install and maintain a firewall Keep security patches up to date Encrypt stored data Encrypt transmitted data Use and update antivirus software Restrict data access to those with a need to know Assign unique IDs to persons with data access privileges Track data access with the unique ID Not use vendor supplied password defaults Regularly test the security system

6 Risk Management  Identify business assets to be protected from risks  Recognize the risks  Determine the level of impact on the firm should the risks materialize  Analyze the firm’s vulnerabilities Impact could be severe Impact Impact could be Significant Impact Impact could be Minor Impact Information Security

7  Risk Management should prepare the report A description of the risk Source of the risk Severity of the risk Controls that are being applied to the risk The owner of the risk Recommended action to address the risk Recommended time frame for addressing the risk What was done to mitigate the risk Information Security

8 Service Impact Significant Impact Minor Impact High VulnerabilityConduct Vulnerability analysis. Must Improve controls Conduct vulnerability analysis. Unnecessary Medium Vulnerability Conduct vulnerability analysis. Should improve controls Conduct vulnerability analysis. Unnecessary Low VulnerabilityConduct vulnerability analysis. Keep Controls intact Conduct vulnerability analysis. Unnecessary Degree of impact and Vulnerability Determine controls

9 Information Security Information Security Policy  Phase 1- Project Initiation  Phase 2- Policy development  Phase 3- Consultation and approval  Phase 4- Awareness and education  Phase 5- Policy dissemination

10 Information Security Phase 1 Organizational units management Interested & affected parties Security project steering com Project team Phase 2 Phase 3 Phase 4 Phase 5 Establish Consultation Training awareness & policy education Security Policies

11 Thank you!!! Q&A

Download ppt "Management Information Systems The Islamia University of Bahawalpur Delivered by: Tasawar Javed Lecture 17."

Similar presentations

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.

Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
09/04/2015Unit 2 (b) Back-Office processes Unit 2 Assessment Criteria (b) 10 marks.

09/04/2015Unit 2 (b) Back-Office processes Unit 2 Assessment Criteria (b) 10 marks.
PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.

PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.
Complying With Payment Card Industry Data Security Standards (PCI DSS)

Complying With Payment Card Industry Data Security Standards (PCI DSS)
2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.

2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Jeff Williams Information Security Officer CSU, Sacramento

Jeff Williams Information Security Officer CSU, Sacramento
Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor

Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
E-Commerce Security Brett Hinshaw Kevin Hooker Jeff Hunter Shane Worrell.

E-Commerce Security Brett Hinshaw Kevin Hooker Jeff Hunter Shane Worrell.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Why Comply with PCI Security Standards?

Why Comply with PCI Security Standards?

Similar presentations

Ads by Google