Information Systems Today: Managing in the Digital World   6- 6 Chapter Securing Information Systems “ 66 percent of all W...
Learning Objectives Information Systems Today: Managing in the Digital World   6-
Learning Objectives Information Systems Today: Managing in the Digital World   6-
Information Systems Security <ul><li>All systems connected to a network are at risk </li></ul><ul><ul><li>Internal threats...
Primary Threats to Information Systems Security <ul><li>Accidents and natural disasters </li></ul><ul><ul><li>Power outage...
Unauthorized Access <ul><li>Unauthorized people </li></ul><ul><ul><li>Look through electronic data </li></ul></ul><ul><ul>...
Gaining Access to a Password <ul><li>Brute force </li></ul><ul><ul><li>Try combinations until a match is found </li></ul><...
Information Modification <ul><li>User accesses electronic information </li></ul><ul><li>User changes information </li></ul...
Denial of Service Attack <ul><li>Attackers prevent legitimate users from accessing services </li></ul><ul><li>Zombie compu...
Computer Viruses <ul><li>Corrupt and destroy data </li></ul><ul><li>Destructive code can </li></ul><ul><ul><li>Erase a har...
Spyware <ul><li>Within freeware or shareware </li></ul><ul><li>Within a Web site </li></ul><ul><li>Gathers information abo...
Spam <ul><li>Electronic junk mail </li></ul><ul><li>Advertisements of products and services </li></ul><ul><li>Eats up stor...
Protection Against Spam <ul><li>Barracuda Spam Firewall 600 </li></ul><ul><ul><li>Filters spam and other email threats </l...
Phishing <ul><li>Attempts to trick users into giving away credit card numbers </li></ul><ul><li>Phony messages </li></ul><...
Cookies <ul><li>Messages passed to a Web browser from a Web server </li></ul><ul><li>Used for Web site customization </li>...
Other Threats to IS Security <ul><li>Employees writing passwords on paper </li></ul><ul><li>No installation of antivirus s...
Other Threats to IS Security (II) <ul><li>Organizations fail to limit access to some files </li></ul><ul><li>Organizations...
Learning Objectives Information Systems Today: Managing in the Digital World   6-
Safeguarding Information Systems Resources <ul><li>Information systems audits </li></ul><ul><ul><li>Risk analysis </li></u...
Technological Safeguards <ul><li>Physical access restrictions </li></ul><ul><ul><li>Authentication </li></ul></ul><ul><ul>...
Biometrics <ul><li>Form of authentication </li></ul><ul><ul><li>Fingerprints </li></ul></ul><ul><ul><li>Retinal patterns <...
Access-Control Software <ul><li>Access only to files required for work </li></ul><ul><li>Read-only access </li></ul><ul><l...
Wireless LAN Control <ul><li>Wireless LAN cheap and easy to install </li></ul><ul><li>Use on the rise </li></ul><ul><li>Si...
Virtual Private Networks <ul><li>Connection constructed dynamically within an existing network </li></ul><ul><li>Secure tu...
Firewalls <ul><li>System designed to detect intrusion and prevent unauthorized access </li></ul><ul><li>Implementation </l...
Firewall Architecture <ul><li>Basic software firewall for a home network </li></ul><ul><li>Firewall router </li></ul><ul><...
Firewall Architecture  Larger Organization Information Systems Today: Managing in the Digital World   6-
Encryption <ul><li>Message encoded before sending </li></ul><ul><li>Message decoded when received </li></ul><ul><li>Encryp...
The Encryption Process <ul><li>Key – code that scrambles the message </li></ul><ul><ul><li>Symmetric secret key system </l...
How Encryption Works (Asymmetric) Information Systems Today: Managing in the Digital World   6-
Encryption for Websites <ul><li>Certificate Authority  </li></ul><ul><ul><li>Third party – trusted middleman </li></ul></u...
Other Encryption Approaches <ul><li>1976 – Public/private key </li></ul><ul><li>1977 – RSA </li></ul><ul><ul><li>Technolog...
The Evolution of Encryption <ul><li>Future encryption programs will provide </li></ul><ul><ul><li>Strong security </li></u...
Recommended Virus Precautions <ul><li>Purchase and install antivirus software </li></ul><ul><ul><li>Update frequently </li...
Audit Control Software <ul><li>Keeps track of computer activity </li></ul><ul><li>Spots suspicious action </li></ul><ul><l...
Other Technological Safeguards <ul><li>Backups  </li></ul><ul><ul><li>Secondary storage devices </li></ul></ul><ul><ul><li...
Human Safeguards <ul><li>Use of federal and state laws as well as ethics </li></ul>Information Systems Today: Managing in ...
Learning Objectives Information Systems Today: Managing in the Digital World   6-
Managing Information Systems Security <ul><li>Non-technical safeguards </li></ul><ul><ul><li>Management of people’s use of...
Developing an Information Systems Security Plan <ul><li>Ongoing five-step process </li></ul><ul><li>Risk analysis </li></u...
Security Plan: Step 2 <ul><li>Policies and procedures –  actions to be taken if security is breached </li></ul><ul><ul><li...
Security Plan: Remaining Steps <ul><li>Implementation </li></ul><ul><ul><li>Implementation of network security hardware an...
Responding to a Security Breach <ul><li>1988 – Computer Emergency Response Team (CERT) </li></ul><ul><ul><li>Started after...
The State of Systems Security Management <ul><li>Financial losses of cybercrime are decreasing </li></ul><ul><ul><li>Compu...
Use of Security Technologies <ul><li>CSI/FBI computer crime and security survey respondents (2006) </li></ul>Information S...
End of Chapter Content
Opening Case: Managing in the Digital World: Drive-by-Hacking <ul><li>60 - 80 % of corporate wireless networks do not use ...
Spyware Lurks on Most PCs <ul><li>Webroot </li></ul><ul><ul><li>Producer of software to scan and eliminate spyware </li></...
To Cookie or Not to Cookie <ul><li>Cookies collected by companies to get data about customers </li></ul><ul><ul><li>Footpr...
Anne Mulcahy, CEO and Chairman, Xerox Corporation <ul><li>1974 – B.A. in English and journalism </li></ul><ul><li>1976 – j...
Voiceprint <ul><li>1976 case – State of Maine v. Thomas Williams </li></ul><ul><ul><li>Bomb threat </li></ul></ul><ul><ul>...
Is Big Brother Watching You <ul><li>Employers can use equipment to </li></ul><ul><ul><li>Read your email </li></ul></ul><u...
Backhoe Cyber Threat <ul><li>Telecommunications infrastructure is vulnerable </li></ul><ul><ul><li>Damage to telephone lin...
Banking Industry <ul><li>In the past – highly regulated industry </li></ul><ul><ul><li>Banks limited to certain locations ...
Upcoming SlideShare
Loading in...5
×

Securing IS

465

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
465
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
18
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Securing IS

  1. 1. Information Systems Today: Managing in the Digital World 6- 6 Chapter Securing Information Systems “ 66 percent of all Webroot-scanned personal computers are infected with at least 25 spyware programs.” Webroot (2005)
  2. 2. Learning Objectives Information Systems Today: Managing in the Digital World 6-
  3. 3. Learning Objectives Information Systems Today: Managing in the Digital World 6-
  4. 4. Information Systems Security <ul><li>All systems connected to a network are at risk </li></ul><ul><ul><li>Internal threats </li></ul></ul><ul><ul><li>External threats </li></ul></ul><ul><li>Information systems security </li></ul><ul><ul><li>Precautions to keep IS safe from unauthorized access and use </li></ul></ul><ul><li>Increased need for good computer security with increased use of the Internet </li></ul>Information Systems Today: Managing in the Digital World 6-
  5. 5. Primary Threats to Information Systems Security <ul><li>Accidents and natural disasters </li></ul><ul><ul><li>Power outages, cats walking across keyboards </li></ul></ul><ul><li>Employees and consultants </li></ul><ul><li>Links to outside business contacts </li></ul><ul><ul><li>Travel between business affiliates </li></ul></ul><ul><li>Outsiders </li></ul><ul><li>Viruses </li></ul>Information Systems Today: Managing in the Digital World 6-
  6. 6. Unauthorized Access <ul><li>Unauthorized people </li></ul><ul><ul><li>Look through electronic data </li></ul></ul><ul><ul><li>Peek at monitors </li></ul></ul><ul><ul><li>Intercept electronic communication </li></ul></ul><ul><li>Theft of computers or storage media </li></ul><ul><li>Determined hackers gain administrator status </li></ul>Information Systems Today: Managing in the Digital World 6-
  7. 7. Gaining Access to a Password <ul><li>Brute force </li></ul><ul><ul><li>Try combinations until a match is found </li></ul></ul><ul><li>Protection: </li></ul><ul><ul><li>Wait time requirements after unsuccessful login attempt </li></ul></ul><ul><ul><li>CAPTCHA </li></ul></ul>Information Systems Today: Managing in the Digital World 6-
  8. 8. Information Modification <ul><li>User accesses electronic information </li></ul><ul><li>User changes information </li></ul><ul><ul><li>Employee gives himself a raise </li></ul></ul>Information Systems Today: Managing in the Digital World 6-
  9. 9. Denial of Service Attack <ul><li>Attackers prevent legitimate users from accessing services </li></ul><ul><li>Zombie computers </li></ul><ul><ul><li>Created by viruses or worms </li></ul></ul><ul><ul><li>Attack Web sites </li></ul></ul>Information Systems Today: Managing in the Digital World 6-
  10. 10. Computer Viruses <ul><li>Corrupt and destroy data </li></ul><ul><li>Destructive code can </li></ul><ul><ul><li>Erase a hard drive </li></ul></ul><ul><ul><li>Seize control of a computer </li></ul></ul><ul><li>Worms </li></ul><ul><ul><li>Variation of a virus </li></ul></ul><ul><ul><li>Replicate endlessly across the Internet </li></ul></ul><ul><ul><li>Servers crash </li></ul></ul><ul><li>MyDoom attack on Microsoft’s Web site </li></ul>Information Systems Today: Managing in the Digital World 6-
  11. 11. Spyware <ul><li>Within freeware or shareware </li></ul><ul><li>Within a Web site </li></ul><ul><li>Gathers information about a user </li></ul><ul><ul><li>Credit card information </li></ul></ul><ul><ul><li>Behavior tracking for marketing purposes </li></ul></ul><ul><li>Eats up computer’s memory and network bandwidth </li></ul><ul><li>Adware – special kind of spyware </li></ul><ul><ul><li>Collects information for banner ad customization </li></ul></ul>Information Systems Today: Managing in the Digital World 6-
  12. 12. Spam <ul><li>Electronic junk mail </li></ul><ul><li>Advertisements of products and services </li></ul><ul><li>Eats up storage space </li></ul><ul><li>Compromises network bandwidth </li></ul><ul><li>Spim </li></ul><ul><ul><li>Spam over IM </li></ul></ul>Information Systems Today: Managing in the Digital World 6-
  13. 13. Protection Against Spam <ul><li>Barracuda Spam Firewall 600 </li></ul><ul><ul><li>Filters spam and other email threats </li></ul></ul><ul><ul><li>Decreases amount of spam processed by the central e-mail server </li></ul></ul><ul><ul><li>Handles 3,000 – 10,000 active email users </li></ul></ul><ul><ul><li>Spam messages blocked or quarantines </li></ul></ul>Information Systems Today: Managing in the Digital World 6-
  14. 14. Phishing <ul><li>Attempts to trick users into giving away credit card numbers </li></ul><ul><li>Phony messages </li></ul><ul><li>Duplicates of legitimate Web sites </li></ul><ul><li>E.g., eBay, PayPal have been used </li></ul>Information Systems Today: Managing in the Digital World 6-
  15. 15. Cookies <ul><li>Messages passed to a Web browser from a Web server </li></ul><ul><li>Used for Web site customization </li></ul><ul><li>Cookies may contain sensitive information </li></ul><ul><li>Cookie management and cookie killer software </li></ul><ul><li>Internet Explorer Web browser settings </li></ul>Information Systems Today: Managing in the Digital World 6-
  16. 16. Other Threats to IS Security <ul><li>Employees writing passwords on paper </li></ul><ul><li>No installation of antivirus software </li></ul><ul><li>Use of default network passwords </li></ul><ul><li>Letting outsiders view monitors </li></ul>Information Systems Today: Managing in the Digital World 6-
  17. 17. Other Threats to IS Security (II) <ul><li>Organizations fail to limit access to some files </li></ul><ul><li>Organizations fail to install firewalls </li></ul><ul><li>Not doing proper background checks </li></ul><ul><li>Lack of employee monitoring </li></ul><ul><li>Fired employees who are resentful </li></ul>Information Systems Today: Managing in the Digital World 6-
  18. 18. Learning Objectives Information Systems Today: Managing in the Digital World 6-
  19. 19. Safeguarding Information Systems Resources <ul><li>Information systems audits </li></ul><ul><ul><li>Risk analysis </li></ul></ul><ul><ul><ul><li>Process of assessing the value of protected assets </li></ul></ul></ul><ul><ul><ul><ul><li>Cost of loss vs. cost of protection </li></ul></ul></ul></ul><ul><ul><ul><li>Risk reduction </li></ul></ul></ul><ul><ul><ul><ul><li>Measures taken to protect the system </li></ul></ul></ul></ul><ul><ul><ul><li>Risk acceptance </li></ul></ul></ul><ul><ul><ul><ul><li>Measures taken to absorb the damages </li></ul></ul></ul></ul><ul><ul><ul><li>Risk transfer </li></ul></ul></ul><ul><ul><ul><ul><li>Transferring the absorption of risk to a third party </li></ul></ul></ul></ul>Information Systems Today: Managing in the Digital World 6-
  20. 20. Technological Safeguards <ul><li>Physical access restrictions </li></ul><ul><ul><li>Authentication </li></ul></ul><ul><ul><ul><li>Use of passwords </li></ul></ul></ul><ul><ul><ul><li>Photo ID cards, smart cards </li></ul></ul></ul><ul><ul><ul><li>Keys to unlock a computer </li></ul></ul></ul><ul><ul><ul><li>Combination </li></ul></ul></ul>Information Systems Today: Managing in the Digital World 6- <ul><li>Authentication limited to </li></ul><ul><ul><li>Something you have </li></ul></ul><ul><ul><li>Something you know </li></ul></ul><ul><ul><li>Something you are </li></ul></ul>
  21. 21. Biometrics <ul><li>Form of authentication </li></ul><ul><ul><li>Fingerprints </li></ul></ul><ul><ul><li>Retinal patterns </li></ul></ul><ul><ul><li>Body weight </li></ul></ul><ul><ul><li>Etc. </li></ul></ul><ul><li>Fast authentication </li></ul><ul><li>High security </li></ul>Information Systems Today: Managing in the Digital World 6-
  22. 22. Access-Control Software <ul><li>Access only to files required for work </li></ul><ul><li>Read-only access </li></ul><ul><li>Certain time periods for allowed access </li></ul><ul><li>Business systems applications </li></ul><ul><ul><li>Built-in access control capabilities </li></ul></ul>Information Systems Today: Managing in the Digital World 6-
  23. 23. Wireless LAN Control <ul><li>Wireless LAN cheap and easy to install </li></ul><ul><li>Use on the rise </li></ul><ul><li>Signal transmitted through the air </li></ul><ul><ul><li>Susceptible to being intercepted </li></ul></ul><ul><ul><li>Drive-by hacking </li></ul></ul>Information Systems Today: Managing in the Digital World 6-
  24. 24. Virtual Private Networks <ul><li>Connection constructed dynamically within an existing network </li></ul><ul><li>Secure tunnel </li></ul><ul><ul><li>Encrypted information </li></ul></ul>Information Systems Today: Managing in the Digital World 6-
  25. 25. Firewalls <ul><li>System designed to detect intrusion and prevent unauthorized access </li></ul><ul><li>Implementation </li></ul><ul><ul><li>Hardware, software, mixed </li></ul></ul><ul><li>Approaches </li></ul><ul><ul><li>Packet filter – each packet examined </li></ul></ul><ul><ul><li>Application-level control – security measures only for certain applications </li></ul></ul><ul><ul><li>Circuit-level control – based on certain type of connection </li></ul></ul><ul><ul><li>Proxy server – firewall acts as the server and intercepts all messages; Network Address Translation </li></ul></ul>Information Systems Today: Managing in the Digital World 6-
  26. 26. Firewall Architecture <ul><li>Basic software firewall for a home network </li></ul><ul><li>Firewall router </li></ul><ul><ul><li>Home office </li></ul></ul><ul><ul><li>Small office </li></ul></ul>Information Systems Today: Managing in the Digital World 6-
  27. 27. Firewall Architecture Larger Organization Information Systems Today: Managing in the Digital World 6-
  28. 28. Encryption <ul><li>Message encoded before sending </li></ul><ul><li>Message decoded when received </li></ul><ul><li>Encryption allows for </li></ul><ul><ul><li>Authentication – proving one’s identity </li></ul></ul><ul><ul><li>Privacy/confidentiality – only intended recipient can read a message </li></ul></ul><ul><ul><li>Integrity – assurance of unaltered message </li></ul></ul><ul><ul><li>Nonrepudiation – use of digital signature </li></ul></ul>Information Systems Today: Managing in the Digital World 6-
  29. 29. The Encryption Process <ul><li>Key – code that scrambles the message </li></ul><ul><ul><li>Symmetric secret key system </li></ul></ul><ul><ul><ul><li>Sender and recipient use the same key </li></ul></ul></ul><ul><ul><ul><li>Cons: Management problems </li></ul></ul></ul><ul><ul><li>Public key technology </li></ul></ul><ul><ul><ul><li>Asymmetric key system </li></ul></ul></ul><ul><ul><ul><li>Each individual has a pair of keys </li></ul></ul></ul><ul><ul><ul><ul><li>Public key – freely distributed </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Private key – kept secret </li></ul></ul></ul></ul>Information Systems Today: Managing in the Digital World 6-
  30. 30. How Encryption Works (Asymmetric) Information Systems Today: Managing in the Digital World 6-
  31. 31. Encryption for Websites <ul><li>Certificate Authority </li></ul><ul><ul><li>Third party – trusted middleman </li></ul></ul><ul><ul><ul><li>Verifies trustworthiness of a Web site </li></ul></ul></ul><ul><ul><ul><li>Checks for identity of a computer </li></ul></ul></ul><ul><ul><ul><li>Provides public keys </li></ul></ul></ul><ul><li>Secure Sockets Layer (SSL) </li></ul><ul><ul><li>Developed by Netscape </li></ul></ul><ul><ul><li>Popular public-key encryption method </li></ul></ul>Information Systems Today: Managing in the Digital World 6-
  32. 32. Other Encryption Approaches <ul><li>1976 – Public/private key </li></ul><ul><li>1977 – RSA </li></ul><ul><ul><li>Technology licensed to Lotus and Microsoft </li></ul></ul><ul><ul><li>Federal law prohibited exporting encryption technology </li></ul></ul><ul><ul><ul><li>Limited use by organizations </li></ul></ul></ul><ul><li>1991 – Pretty good privacy </li></ul><ul><ul><li>Versatile encryption program </li></ul></ul><ul><ul><li>Global favorite </li></ul></ul><ul><li>1993 – Clipper chip </li></ul><ul><ul><li>Chip generating uncrackable codes </li></ul></ul><ul><ul><li>Scrapped before it became reality </li></ul></ul>Information Systems Today: Managing in the Digital World 6-
  33. 33. The Evolution of Encryption <ul><li>Future encryption programs will provide </li></ul><ul><ul><li>Strong security </li></ul></ul><ul><ul><li>High speed </li></ul></ul><ul><ul><li>Usability on any platform </li></ul></ul><ul><ul><ul><li>Encryption for cellular phones </li></ul></ul></ul><ul><ul><ul><li>Encryption for PDAs </li></ul></ul></ul>Information Systems Today: Managing in the Digital World 6-
  34. 34. Recommended Virus Precautions <ul><li>Purchase and install antivirus software </li></ul><ul><ul><li>Update frequently </li></ul></ul><ul><li>Do not download data from unknown sources </li></ul><ul><ul><li>Flash drives, disks, Web sites </li></ul></ul><ul><li>Delete (without opening) e-mail from unknown source </li></ul><ul><li>Warn people if you get a virus </li></ul><ul><ul><li>Your department </li></ul></ul><ul><ul><li>People on e-mail list </li></ul></ul>Information Systems Today: Managing in the Digital World 6-
  35. 35. Audit Control Software <ul><li>Keeps track of computer activity </li></ul><ul><li>Spots suspicious action </li></ul><ul><li>Audit trail </li></ul><ul><ul><li>Record of users </li></ul></ul><ul><ul><li>Record of activities </li></ul></ul><ul><li>IT department needs to monitor this activity </li></ul>Information Systems Today: Managing in the Digital World 6-
  36. 36. Other Technological Safeguards <ul><li>Backups </li></ul><ul><ul><li>Secondary storage devices </li></ul></ul><ul><ul><li>Regular intervals </li></ul></ul><ul><li>Closed-circuit television (CCTV) </li></ul><ul><ul><li>Monitoring for physical intruders </li></ul></ul><ul><ul><li>Video cameras display and record all activity </li></ul></ul><ul><ul><li>Digital video recording </li></ul></ul><ul><li>Uninterruptible power supply (UPS) </li></ul><ul><ul><li>Protection against power surges </li></ul></ul>Information Systems Today: Managing in the Digital World 6-
  37. 37. Human Safeguards <ul><li>Use of federal and state laws as well as ethics </li></ul>Information Systems Today: Managing in the Digital World 6-
  38. 38. Learning Objectives Information Systems Today: Managing in the Digital World 6-
  39. 39. Managing Information Systems Security <ul><li>Non-technical safeguards </li></ul><ul><ul><li>Management of people’s use of IS </li></ul></ul><ul><ul><ul><li>Acceptable use policies </li></ul></ul></ul><ul><ul><li>Trustworthy employees </li></ul></ul><ul><ul><li>Well-treated employees </li></ul></ul>Information Systems Today: Managing in the Digital World 6-
  40. 40. Developing an Information Systems Security Plan <ul><li>Ongoing five-step process </li></ul><ul><li>Risk analysis </li></ul><ul><ul><li>Determine value of electronic information </li></ul></ul><ul><ul><li>Assess threats to confidentiality, integrity and availability of information </li></ul></ul><ul><ul><li>Identify most vulnerable computer operations </li></ul></ul><ul><ul><li>Assess current security policies </li></ul></ul><ul><ul><li>Recommend changes to existing practices to improve computer security </li></ul></ul>Information Systems Today: Managing in the Digital World 6-
  41. 41. Security Plan: Step 2 <ul><li>Policies and procedures – actions to be taken if security is breached </li></ul><ul><ul><li>Information policy – handling of sensitive information </li></ul></ul><ul><ul><li>Security policy – technical controls on organizational computers </li></ul></ul><ul><ul><li>Use policy – appropriate use of in-house IS </li></ul></ul><ul><ul><li>Backup policy </li></ul></ul><ul><ul><li>Account management policy – procedures for adding new users </li></ul></ul><ul><ul><li>Incident handling procedures – handling security breach </li></ul></ul><ul><ul><li>Disaster recovery plan – restoration of computer operations </li></ul></ul>Information Systems Today: Managing in the Digital World 6-
  42. 42. Security Plan: Remaining Steps <ul><li>Implementation </li></ul><ul><ul><li>Implementation of network security hardware and software </li></ul></ul><ul><ul><li>IDs and smart cards dissemination </li></ul></ul><ul><ul><li>Responsibilities of the IS department </li></ul></ul><ul><li>Training – organization’s personnel </li></ul><ul><li>Auditing </li></ul><ul><ul><li>Assessment of policy adherence </li></ul></ul><ul><ul><li>Penetration tests </li></ul></ul>Information Systems Today: Managing in the Digital World 6-
  43. 43. Responding to a Security Breach <ul><li>1988 – Computer Emergency Response Team (CERT) </li></ul><ul><ul><li>Started after Morris worm disabled 10% of all computers connected to the Internet </li></ul></ul><ul><li>Computer Security Division (CSD) </li></ul><ul><ul><li>Raising of awareness of IT risks </li></ul></ul><ul><ul><li>Research and advising about IT vulnerabilities </li></ul></ul><ul><ul><li>Development of standards </li></ul></ul><ul><ul><li>Development of guidelines to increase secure IT planning, implementation, management and operation </li></ul></ul>Information Systems Today: Managing in the Digital World 6-
  44. 44. The State of Systems Security Management <ul><li>Financial losses of cybercrime are decreasing </li></ul><ul><ul><li>Computer virus attacks result in the greatest financial losses </li></ul></ul><ul><ul><li>Only about 25% of organizations utilize cyberinsurance </li></ul></ul><ul><ul><li>Only about 20% of organizations report intrusions to the law enforcement </li></ul></ul><ul><ul><ul><li>Fear of falling stock prices </li></ul></ul></ul><ul><ul><li>Most organizations do not outsource security activities </li></ul></ul><ul><ul><li>90% of organizations conduct routine security audits </li></ul></ul><ul><ul><li>Most organizations agree security training is important </li></ul></ul><ul><ul><ul><li>Majority said they do not do enough of training </li></ul></ul></ul>Information Systems Today: Managing in the Digital World 6-
  45. 45. Use of Security Technologies <ul><li>CSI/FBI computer crime and security survey respondents (2006) </li></ul>Information Systems Today: Managing in the Digital World 6-
  46. 46. End of Chapter Content
  47. 47. Opening Case: Managing in the Digital World: Drive-by-Hacking <ul><li>60 - 80 % of corporate wireless networks do not use security </li></ul><ul><li>“ War driving” – a new hacker tactic </li></ul><ul><ul><li>Driving around densely populated areas </li></ul></ul><ul><li>“ War spamming” </li></ul><ul><ul><li>Attackers link to an e-mail server and send out millions of spam messages </li></ul></ul><ul><ul><li>Companies pay millions in bandwidth fees </li></ul></ul><ul><li>Businesses fight back using bogus access points </li></ul><ul><ul><li>FakeAP </li></ul></ul><ul><li>Network scanners distinguish between real and fake APs </li></ul><ul><ul><li>Netstumbler </li></ul></ul><ul><li>Fast Packet Keying – to fix shortcomings of WEP </li></ul>Information Systems Today: Managing in the Digital World 6-
  48. 48. Spyware Lurks on Most PCs <ul><li>Webroot </li></ul><ul><ul><li>Producer of software to scan and eliminate spyware </li></ul></ul><ul><li>Webroot company data </li></ul><ul><ul><li>66% of scanned PCs infected with at least 25 spyware programs </li></ul></ul><ul><ul><li>Incidents of spyware slightly decreasing </li></ul></ul>Information Systems Today: Managing in the Digital World 6-
  49. 49. To Cookie or Not to Cookie <ul><li>Cookies collected by companies to get data about customers </li></ul><ul><ul><li>Footprints that marketers can trace </li></ul></ul><ul><ul><li>Sometimes sold to other companies </li></ul></ul><ul><li>Web browsers can protect against accepting cookies </li></ul><ul><ul><li>Constant pop-ups </li></ul></ul><ul><ul><li>Some sites will not work properly </li></ul></ul><ul><ul><li>Customized information will not be available </li></ul></ul><ul><li>National Security Agency (NSA) </li></ul>Information Systems Today: Managing in the Digital World 6-
  50. 50. Anne Mulcahy, CEO and Chairman, Xerox Corporation <ul><li>1974 – B.A. in English and journalism </li></ul><ul><li>1976 – joined Xerox </li></ul><ul><li>2002 – promoted to CEO </li></ul><ul><ul><li>Xerox in 2002 </li></ul></ul><ul><ul><ul><li>$17 billion debt </li></ul></ul></ul><ul><ul><li>Xerox under Mulcahy </li></ul></ul><ul><ul><ul><li>First time profitable in years </li></ul></ul></ul><ul><ul><ul><li>Cut expenses by $1.7 billion </li></ul></ul></ul><ul><ul><ul><li>Sold non-core assets for $2.3 billion </li></ul></ul></ul>Information Systems Today: Managing in the Digital World 6-
  51. 51. Voiceprint <ul><li>1976 case – State of Maine v. Thomas Williams </li></ul><ul><ul><li>Bomb threat </li></ul></ul><ul><ul><li>Voiceprint used for conviction of terrorism </li></ul></ul><ul><ul><ul><li>Each individual has unique voice characteristics </li></ul></ul></ul><ul><ul><ul><li>1967-2006 – more than 5,000 law enforcement voice identification cases </li></ul></ul></ul><ul><ul><ul><li>Spectrogram – visual inspection of waves </li></ul></ul></ul><ul><ul><li>Voiceprints used for access authorization </li></ul></ul>Information Systems Today: Managing in the Digital World 6-
  52. 52. Is Big Brother Watching You <ul><li>Employers can use equipment to </li></ul><ul><ul><li>Read your email </li></ul></ul><ul><ul><li>Monitor Web-surfing behavior </li></ul></ul><ul><ul><li>Collect keystrokes </li></ul></ul><ul><ul><li>Follow the movement of employees </li></ul></ul><ul><ul><ul><li>RFID and GPS </li></ul></ul></ul><ul><li>Companies have rights to collect almost any information about employees while on the job </li></ul>Information Systems Today: Managing in the Digital World 6-
  53. 53. Backhoe Cyber Threat <ul><li>Telecommunications infrastructure is vulnerable </li></ul><ul><ul><li>Damage to telephone lines, fiber-optic cables, water lines, gas pipelines </li></ul></ul><ul><ul><ul><li>675,000 incidents in 1 year </li></ul></ul></ul><ul><ul><li>Infrastructure information publicly available </li></ul></ul><ul><ul><li>Most of Internet communication goes through cables buried along major highways and railroads </li></ul></ul><ul><ul><ul><li>Only two major routes across US for Internet traffic </li></ul></ul></ul>Information Systems Today: Managing in the Digital World 6-
  54. 54. Banking Industry <ul><li>In the past – highly regulated industry </li></ul><ul><ul><li>Banks limited to certain locations and services </li></ul></ul><ul><ul><li>Efforts to make banks safer </li></ul></ul><ul><ul><li>Regulations prevented banks from competition </li></ul></ul><ul><li>1970 to present – many regulations eliminated </li></ul><ul><ul><li>Acquisitions, consolidations and integration across state lines </li></ul></ul><ul><ul><li>Better customer service at lower prices </li></ul></ul><ul><ul><li>Benefits to overall economy </li></ul></ul><ul><li>Internet era </li></ul><ul><ul><li>Customers assess banks based on online banking services </li></ul></ul>Information Systems Today: Managing in the Digital World 6-
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×