Securing Information Systems - PowerPoint PPT Presentation

Loading...

PPT – Securing Information Systems PowerPoint presentation | free to download - id: 68b89c-NWU0M



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Securing Information Systems

Description:

8 Chapter Securing Information Systems Problem: Large number of vulnerable users of online financial services, ease of creating bogus Web sites. – PowerPoint PPT presentation

Number of Views:35
Avg rating:3.0/5.0
Slides: 15
Provided by: Kl
Learn more at: http://iris.nyit.edu
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Securing Information Systems


1
8
Chapter
Securing Information Systems
2
Management Information Systems Chapter 8 Securing
Information Systems
LEARNING OBJECTIVES
  • Analyze why information systems need special
    protection from destruction, error, and abuse.
  • Assess the business value of security and
    control.
  • Design an organizational framework for security
    and control.
  • Evaluate the most important tools and
    technologies for safeguarding information
    resources.

3
Management Information Systems Chapter 8 Securing
Information Systems
Phishing A Costly New Sport for Internet Users
  • Problem Large number of vulnerable users of
    online financial services, ease of creating bogus
    Web sites.
  • Solutions Deploy anti-phishing software and
    services and a multilevel authentication system
    to identify threats and reduce phishing attempts.
  • Deploying new tools, technologies, and security
    procedures, along with educating consumers,
    increases reliability and customer confidence.
  • Demonstrates ITs role in combating cyber crime.
  • Illustrates digital technology as part of a
    multilevel solution as well as its limitations in
    overcoming discouraged consumers.

4
Management Information Systems Chapter 8 Securing
Information Systems
Systems Vulnerability and Abuse
  • Why systems are vulnerable
  • Internet vulnerabilities
  • Wireless security challenges
  • Malicious software Viruses, worms, Trojan
    horses, and spyware
  • Hackers and cybervandalism
  • Spoofing and sniffing
  • Denial-of-service attacks

5
Management Information Systems Chapter 8 Securing
Information Systems
Systems Vulnerability and Abuse
Contemporary Security Challenges and
Vulnerabilities
The architecture of a Web-based application
typically includes a Web client, a server, and
corporate information systems linked to
databases. Each of these components presents
security challenges and vulnerabilities. Floods,
fires, power failures, and other electrical
problems can cause disruptions at any point in
the network.
Figure 8-1
6
Management Information Systems Chapter 8 Securing
Information Systems
Systems Vulnerability and Abuse
Worldwide Damage from Digital Attacks
This chart shows estimates of the average annual
worldwide damage from hacking, malware, and spam
since 1999. These data are based on figures from
mi2G and the authors.
Figure 8-3
7
Management Information Systems Chapter 8 Securing
Information Systems
Systems Vulnerability and Abuse
Bot Armies and Network Zombies
  • Read the Interactive Session Technology, and
    then discuss the following questions
  • What is the business impact of botnets?
  • What management, organization, and technology
    factors should be addressed in a plan to prevent
    botnet attacks?
  • How easy would it be for a small business to
    combat botnet attacks? A large business?

8
Management Information Systems Chapter 8 Securing
Information Systems
Systems Vulnerability and Abuse
  • Computer crime and cyberterrorism
  • Identity theft
  • Phishing
  • Evil twins
  • Pharming
  • Click fraud
  • Cyberterrorism and cyberwarfare
  • Internal threats Employees
  • Software vulnerability

9
Management Information Systems Chapter 8 Securing
Information Systems
Business Value of Security and Control
  • Legal and regulatory requirements for electronic
    records management
  • ERM
  • HIPAA
  • Gramm-Leach-Bliley
  • Sarbanes-Oxley
  • Electronic evidence and computer forensics

10
Management Information Systems Chapter 8 Securing
Information Systems
Establishing a Framework for Security and Control
  • Risk Assessment
  • Security policy
  • Ensuring business continuity
  • Disaster recovery planning and business
    continuity planning
  • Security outsourcing
  • The role of auditing

11
Management Information Systems Chapter 8 Securing
Information Systems
Technologies and Tools for Security
  • Access control
  • Firewalls, intrusion detection systems, and
    antivirus software
  • Securing wireless networks
  • Encryption and public key infrastructure

12
Management Information Systems Chapter 8 Securing
Information Systems
Technologies and Tools for Security
A Corporate Firewall
The firewall is placed between the firms private
network and the public Internet or another
distrusted network to protect against
unauthorized traffic.
Figure 8-6
13
Management Information Systems Chapter 8 Securing
Information Systems
Technologies and Tools for Security
Unilever Secures Its Mobile Devices
  • Read the Interactive Session Management, and
    then discuss the following questions
  • How are Unilever executives wireless handhelds
    related to the companys business performance?
  • Discuss the potential impact of a security breach
    at Unilever.
  • What management, organization, and technology
    factors had to be addressed in developing
    security policies and procedures for Unilevers
    wireless handhelds?
  • Is it a good idea to allow Unilever executives to
    use both BlackBerrys and cell phones? Why or why
    not?

14
Management Information Systems Chapter 8 Securing
Information Systems
Technologies and Tools for Security
Public Key Encryption
A public key encryption system can be viewed as a
series of public and private keys that lock data
when they are transmitted and unlock the data
when they are received. The sender locates the
recipients public key in a directory and uses it
to encrypt a message. The message is sent in
encrypted form over the Internet or a private
network. When the encrypted message arrives, the
recipient uses his or her private key to decrypt
the data and read the message.
Figure 8-7
About PowerShow.com