2. 7 CRITERIA TO BE MET BY
INFORMATION SYSTEM
Effectiveness
Efficiency
Confidentiality
Integrity
Availability
Compliance
Reliability
3. BUSINESS RISK INVOLVING
INFORMATION SYSTEM
Strategic Risk
Security Risk
Legal Risk
Reputational Risk
4. STRATEGIC RISK
Strategic assessment and risk analysis
Integration within strategic goal
Selection and management of
technological infrastructure
Comprehensive process for managing
outsourcing relationships with third party
providers
5. SECURITY RISK
Customer security practices
Authentication of customers
Non-repudiation and accountability of
transactions
Segregation of duties
Authorization controls within the systems,
databases and applications
Internal or external fraud
6. SECURITY RISK
Audit trails for transactions
Confidentiality of data during transactions
Third-party security risk
7. LEGAL RISK
Disclosures of information to customers
Privacy
Compliance to laws, rules and statements
of the regulators
Exposure to foreign jurisdictions
8. REPUTATIONAL RISK
Service level delivery
Level of customer care
Business continuity and contingency
planning
10. SECURITY MEASURES
Policies
Firewalls
Password
Penetration testing and test software
Intrusion Detection and Prevention System
Encryption
11. SECURITY MEASURES
Digital Signatures
Virtual Private Network
Anti-virus Program
Anti-spyware program
Logging and monitoring
12. INTERNET SERVICE AS A MEANS
OF INFORMATION SYSTEM
E-mail
World Wide Web (WWW)
File Transfer Protocol (FTP)
News
Telnet/remote interactive access
Internet Relay Chat (IRC)/Instant
Messaging
13. E-MAIL THREATS
THREATS RECOMMENDATION
Sender – No one can Use of digital
be sure that the sender signatures
of an e-mail is the real
sender.
14. E-MAIL THREATS
THREATS RECOMMENDATION
Messages in plain Encrypt the message
test – It is possible
that the message can
be intercepted, read
and change the
message..
15. E-MAIL THREATS
THREATS RECOMMENDATION
There are no Certificate of posting
guarantees of secure function
delivery
16. E-MAIL THREATS
THREATS RECOMMENDATION
Large attachments Set a limit on how
can clog the e-mail large the attachments
system and/or server are that e-mail is
allowed to receive
and make guidelines
for downloading,
archiving and deletion
of e-mails.
17. E-MAIL THREATS
THREATS RECOMMENDATION
Spam (unwanted e- Set filter to
mails) remove/separate
spams from legitimate
messages.
18. WORLD WIDE WEB
THREATS RECOMMENDATION
Information quality Reader should be
cautious and as much
as possible, try to
verify the information.
19. WORLD WIDE WEB
THREATS RECOMMENDATION
Tracks Firewall
Browser Set your computer to
Plug-ins clear history
Cookies Use InPrivate
browsing
20. FILE TRANSFER PROTOCOL
THREATS RECOMMENDATION
File Transfer Protocol Proper configuration
has basically no can only minimize the
security. risk
Scan all incoming
files
21. NEWS
THREATS RECOMMENDATION
Reputation risk – the It is possible to block
news/blog can be access to news. This
regarded as is a matter of
organization’s official organizational policy
view.
22. TELNET
THREATS RECOMMENDATION
Username and One-time or frequent
password are usually password change and
sent in plain text. It is other encryptions
simple for intruders to should be used
read user information
and use it for
unauthorized access.
23. INTERNET RELAY CHAT
THREATS RECOMMENDATION
Most IRCs bypass the IRCs with external
anti-virus softwares access should be
avoided. If it is
necessary to
download a file, avoid
direct execution of
files.
24. COMMON SIGNS OF VIRUS
Unusual message appear on your screen
Decreased system performance
Missing data
Inability to access your hard drives
Settings are automatically changed