Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Systems, Security, and e-Commerce* ACCT7320, Controllership C. Bailey *Ch. 43-46 in Controllership : The Work of the Managerial Accountant,

Published byTerence Adams Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Systems, Security, and e-Commerce* ACCT7320, Controllership C. Bailey *Ch. 43-46 in Controllership : The Work of the Managerial Accountant,"— Presentation transcript:

1 Information Systems, Security, and e-Commerce* ACCT7320, Controllership C. Bailey *Ch. 43-46 in Controllership : The Work of the Managerial Accountant, by Janice M. Roehl-Anderson, Steven M. Bragg, 7th Edition, 2004.

2 Information Security Systems: Risk Analysis Process

3 Controller’s Role in Information Security (p. 841) Establishing top-level information protection goals Monitoring compliance to security standards and policies Assessing the risk to mission-critical systems – Balancing costs, benefits Participating in the investigation of security incidents – Including evaluation of loss or impact

4 Goals concerning data Confidentiality Integrity Availability

5 Types of threats Intentional: – Unauthorized access by outsider – Unauthorized access by insider – Malicious software Unintentional: – Hardware/software failure – Human error

6 Policies Levels of information – Restricted (release would cause serious damage) – Company Confidential (dondisclosure agreements) – Internal use only (business purpose, as needed) – Public Classes of Service (relative importance to day-to-day operations) – Production—mission critical – Production—non-mission-critical – Developmental – Experimental/prototype Less critical

7 Security measures Technical (p. 838) – Access controls, passwords, biometrics, firewalls… Nontechnical (p. 839) – Policies for use, physical access, insurance, recovery plans…

8 Enterprise Security Challenges Client server systems – Versus old mainframes Networks & internet – Virtual private networking (VPN) Interconnected customer & vendor – Encryption, key certificates, digital signatures

9 Enforcement (Ch. 44) Create enforceable policy – Explicit – Implementable within tech limitations Balanced, not extreme – Spell out consequences – Define escalation procedures Chain command; reporting number to call? – Clear acceptable-use policy Signed by employee

10 Enforceable policy, cont’d Notification of proprietary nature of systems – Essential for criminal case Actions to take if intrusion is suspected – Plan spelled out

11 After infraction occurs Documenting the “crime scene” – Circumstances – Define the bounds No not contact the suspect – May rule out police involvement Create backup Assure system integrity Assess the damage – Quantifiable?? Approach law enforcement officials

12 E-Commerce Security (Ch. 45) Architectures – Traditional; single-enterprise network – Demilitarized zone w/mail & web servers – Layered architectures A fundamental restructuring Multiple firewalls within the network

13 Critical security measures Firewalls – Monitors for suspicious strings/commands – Hardware or software based Intrusion detection & response software Encryption – SSL widely used for e-commerce – Assurance that: Message not intercepted Not tampered with Person is who you think they are Appropriate where parties are strangers

14 Critical security measures, cont’d. Authentication – E.g., your bank; shared secret, etc. – Relevant to both parties Are you really dealing with your bank?! Access control – E.g., different clerks can approve, make payments Host hardening Vulnerability testing

15 Digital Signatures (Ch. 46) Public key cryptology – Anyone can decode the message – Only the person with the private key can create it. Does not provide privacy, just authentication Digital certificates needed to identify who creator is – Certification authority must be trusted (like notary)

16 What drives adoption of digital signatures? Internet increasingly used for commerce – vs. expensive dedicated lines Useful even internally …but legal status still hazy

17 Let’s go phishing… http://www.profbailey.com/ACCT7320/phishing.htm

Download ppt "Information Systems, Security, and e-Commerce* ACCT7320, Controllership C. Bailey *Ch. 43-46 in Controllership : The Work of the Managerial Accountant,"

Similar presentations

IT Security Policy Framework

IT Security Policy Framework
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Chapter 12 Network Security.

Chapter 12 Network Security.
Lecture 10 Security and Control.

Lecture 10 Security and Control.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Lecture 10 Security and Control.

Lecture 10 Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
E-Commerce Security and Fraud Issues and Protections

E-Commerce Security and Fraud Issues and Protections
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Similar presentations

Ads by Google