SlideShare a Scribd company logo

Information system and security control

C
Cheng Olayvar
Technology
1 of 31
Download to read offline
Information System and Security Control Anthony D.J. Matutino
7 CRITERIA TO BE MET BY INFORMATION SYSTEM  Effectiveness  Efficiency  Confidentiality  Integrity  Availability  Compliance  Reliability
BUSINESS RISK INVOLVING INFORMATION SYSTEM  Strategic Risk  Security Risk  Legal Risk  Reputational Risk
STRATEGIC RISK  Strategic assessment and risk analysis  Integration within strategic goal  Selection and management of technological infrastructure  Comprehensive process for managing outsourcing relationships with third party providers
SECURITY RISK  Customer security practices  Authentication of customers  Non-repudiation and accountability of transactions  Segregation of duties  Authorization controls within the systems, databases and applications  Internal or external fraud
SECURITY RISK  Audit trails for transactions  Confidentiality of data during transactions  Third-party security risk
LEGAL RISK  Disclosures of information to customers  Privacy  Compliance to laws, rules and statements of the regulators  Exposure to foreign jurisdictions
REPUTATIONAL RISK  Service level delivery  Level of customer care  Business continuity and contingency planning
ACCESS LAYERS
SECURITY MEASURES  Policies  Firewalls  Password  Penetration testing and test software  Intrusion Detection and Prevention System  Encryption
SECURITY MEASURES  Digital Signatures  Virtual Private Network  Anti-virus Program  Anti-spyware program  Logging and monitoring
INTERNET SERVICE AS A MEANS OF INFORMATION SYSTEM  E-mail  World Wide Web (WWW)  File Transfer Protocol (FTP)  News  Telnet/remote interactive access  Internet Relay Chat (IRC)/Instant Messaging
E-MAIL THREATS THREATS RECOMMENDATION  Sender – No one can  Use of digital be sure that the sender signatures of an e-mail is the real sender.
E-MAIL THREATS THREATS RECOMMENDATION  Messages in plain  Encrypt the message test – It is possible that the message can be intercepted, read and change the message..
E-MAIL THREATS THREATS RECOMMENDATION  There are no  Certificate of posting guarantees of secure function delivery
E-MAIL THREATS THREATS RECOMMENDATION  Large attachments  Set a limit on how can clog the e-mail large the attachments system and/or server are that e-mail is allowed to receive and make guidelines for downloading, archiving and deletion of e-mails.
E-MAIL THREATS THREATS RECOMMENDATION  Spam (unwanted e-  Set filter to mails) remove/separate spams from legitimate messages.
WORLD WIDE WEB THREATS RECOMMENDATION  Information quality  Reader should be cautious and as much as possible, try to verify the information.
WORLD WIDE WEB THREATS RECOMMENDATION  Tracks  Firewall  Browser  Set your computer to  Plug-ins clear history  Cookies  Use InPrivate browsing
FILE TRANSFER PROTOCOL THREATS RECOMMENDATION  File Transfer Protocol  Proper configuration has basically no can only minimize the security. risk  Scan all incoming files
NEWS THREATS RECOMMENDATION  Reputation risk – the  It is possible to block news/blog can be access to news. This regarded as is a matter of organization’s official organizational policy view.
TELNET THREATS RECOMMENDATION  Username and  One-time or frequent password are usually password change and sent in plain text. It is other encryptions simple for intruders to should be used read user information and use it for unauthorized access.
INTERNET RELAY CHAT THREATS RECOMMENDATION  Most IRCs bypass the  IRCs with external anti-virus softwares access should be avoided. If it is necessary to download a file, avoid direct execution of files.
COMMON SIGNS OF VIRUS  Unusual message appear on your screen  Decreased system performance  Missing data  Inability to access your hard drives  Settings are automatically changed
Chrome - Incognito
IE – InPrivate Browsing
Firefox – Private Browsing
Always test policy on a test computer before applying it to any other computers
Videos  Basic PC Security  Anti-virus and other malware  Anti-spyware
SUMMARY

Recommended

Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information systemOnline
 
Chapter 1 introduction to information system
Chapter 1 introduction to information systemChapter 1 introduction to information system
Chapter 1 introduction to information systemAG RD
 
Information security
Information securityInformation security
Information securityLJ PROJECTS
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security Shreedevi Tharanidharan
 
MIS concepts
MIS conceptsMIS concepts
MIS conceptsSajan N. Thomas
 
Information System & Business applications
Information System & Business applicationsInformation System & Business applications
Information System & Business applicationsShubham Upadhyay
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)Biswajit Bhattacharjee
 

Recommended

Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information systemOnline
 
Chapter 1 introduction to information system
Chapter 1 introduction to information systemChapter 1 introduction to information system
Chapter 1 introduction to information systemAG RD
 
Information security
Information securityInformation security
Information securityLJ PROJECTS
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security Shreedevi Tharanidharan
 
MIS concepts
MIS conceptsMIS concepts
MIS conceptsSajan N. Thomas
 
Information System & Business applications
Information System & Business applicationsInformation System & Business applications
Information System & Business applicationsShubham Upadhyay
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)Biswajit Bhattacharjee
 
Information Technology Infrastructure
Information Technology Infrastructure Information Technology Infrastructure
Information Technology Infrastructure Hurriya Saeed rana
 
Data security
Data securityData security
Data securitySoumen Mondal
 
DATA WAREHOUSING AND DATA MINING
DATA WAREHOUSING AND DATA MININGDATA WAREHOUSING AND DATA MINING
DATA WAREHOUSING AND DATA MININGLovely Professional University
 
Types of databases
Types of databasesTypes of databases
Types of databasesPAQUIAAIZEL
 
Threats to information security
Threats to information securityThreats to information security
Threats to information securityswapneel07
 
Database administrator
Database administratorDatabase administrator
Database administratorTech_MX
 
The role of information system
The role of information system The role of information system
The role of information system University of Duhok
 
Information System Security
Information System Security Information System Security
Information System Security Syed Asif Sherazi
 
Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information SystemSatya P. Joshi
 
Chapter 8 securing information systems
Chapter 8 securing information systemsChapter 8 securing information systems
Chapter 8 securing information systemsVan Chau
 
Information system ethics
Information system ethicsInformation system ethics
Information system ethicsKriscila Yumul
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Business Application (MIS)
Business Application (MIS)Business Application (MIS)
Business Application (MIS)Nirajan Silwal
 
Ethical And Social Issues in MIS - Management Information System
Ethical And Social Issues in MIS - Management Information SystemEthical And Social Issues in MIS - Management Information System
Ethical And Social Issues in MIS - Management Information SystemFaHaD .H. NooR
 
Data Mining & Data Warehousing Lecture Notes
Data Mining & Data Warehousing Lecture NotesData Mining & Data Warehousing Lecture Notes
Data Mining & Data Warehousing Lecture NotesFellowBuddy.com
 
Business information system with explaination
Business information system with explainationBusiness information system with explaination
Business information system with explainationAlana Abraham
 
Security threats
Security threatsSecurity threats
Security threatsQamar Farooq
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Securitysappingtonkr
 
Computer Ethics
Computer EthicsComputer Ethics
Computer EthicsRamki M
 
Chapter2
Chapter2Chapter2
Chapter2Knowlittle Matharu
 
Cyber security mis
Cyber security misCyber security mis
Cyber security misAditya Singh Rana
 
Mis of hero honda
Mis of hero hondaMis of hero honda
Mis of hero hondaneelnmanju
 

More Related Content

What's hot

Information Technology Infrastructure
Information Technology Infrastructure Information Technology Infrastructure
Information Technology Infrastructure Hurriya Saeed rana
 
Types of databases
Types of databasesTypes of databases
Types of databasesPAQUIAAIZEL
 
Threats to information security
Threats to information securityThreats to information security
Threats to information securityswapneel07
 
Database administrator
Database administratorDatabase administrator
Database administratorTech_MX
 
Information System Security
Information System Security Information System Security
Information System Security Syed Asif Sherazi
 
Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information SystemSatya P. Joshi
 
Chapter 8 securing information systems
Chapter 8 securing information systemsChapter 8 securing information systems
Chapter 8 securing information systemsVan Chau
 
Information system ethics
Information system ethicsInformation system ethics
Information system ethicsKriscila Yumul
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Business Application (MIS)
Business Application (MIS)Business Application (MIS)
Business Application (MIS)Nirajan Silwal
 
Ethical And Social Issues in MIS - Management Information System
Ethical And Social Issues in MIS - Management Information SystemEthical And Social Issues in MIS - Management Information System
Ethical And Social Issues in MIS - Management Information SystemFaHaD .H. NooR
 
Data Mining & Data Warehousing Lecture Notes
Data Mining & Data Warehousing Lecture NotesData Mining & Data Warehousing Lecture Notes
Data Mining & Data Warehousing Lecture NotesFellowBuddy.com
 
Business information system with explaination
Business information system with explainationBusiness information system with explaination
Business information system with explainationAlana Abraham
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Securitysappingtonkr
 
Computer Ethics
Computer EthicsComputer Ethics
Computer EthicsRamki M
 

What's hot (20)

Information Technology Infrastructure
Information Technology Infrastructure Information Technology Infrastructure
Information Technology Infrastructure
 
Data security
Data securityData security
Data security
 
DATA WAREHOUSING AND DATA MINING
DATA WAREHOUSING AND DATA MININGDATA WAREHOUSING AND DATA MINING
DATA WAREHOUSING AND DATA MINING
 
Types of databases
Types of databasesTypes of databases
Types of databases
 
Threats to information security
Threats to information securityThreats to information security
Threats to information security
 
Database administrator
Database administratorDatabase administrator
Database administrator
 
The role of information system
The role of information system The role of information system
The role of information system
 
Information System Security
Information System Security Information System Security
Information System Security
 
Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information System
 
Chapter 8 securing information systems
Chapter 8 securing information systemsChapter 8 securing information systems
Chapter 8 securing information systems
 
Information system ethics
Information system ethicsInformation system ethics
Information system ethics
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Business Application (MIS)
Business Application (MIS)Business Application (MIS)
Business Application (MIS)
 
Ethical And Social Issues in MIS - Management Information System
Ethical And Social Issues in MIS - Management Information SystemEthical And Social Issues in MIS - Management Information System
Ethical And Social Issues in MIS - Management Information System
 
Data Mining & Data Warehousing Lecture Notes
Data Mining & Data Warehousing Lecture NotesData Mining & Data Warehousing Lecture Notes
Data Mining & Data Warehousing Lecture Notes
 
Business information system with explaination
Business information system with explainationBusiness information system with explaination
Business information system with explaination
 
Security threats
Security threatsSecurity threats
Security threats
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security
 
Computer Ethics
Computer EthicsComputer Ethics
Computer Ethics
 
Chapter2
Chapter2Chapter2
Chapter2
 

Viewers also liked

Mis of hero honda
Mis of hero hondaMis of hero honda
Mis of hero hondaneelnmanju
 
Management Information Systems in Maruti Suzuki
Management Information Systems in Maruti SuzukiManagement Information Systems in Maruti Suzuki
Management Information Systems in Maruti SuzukiMohammad Mohtashim
 
Security and control in mis
Security and control in misSecurity and control in mis
Security and control in misGurjit
 
A Method for Evaluating End-User Development Technologies
A Method for Evaluating End-User Development TechnologiesA Method for Evaluating End-User Development Technologies
A Method for Evaluating End-User Development TechnologiesClaudia Melo
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)BPalmer13
 
A Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System RiskA Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System Riskamiable_indian
 
Supply Chain Management
Supply Chain ManagementSupply Chain Management
Supply Chain ManagementAnupam Basu
 
Strategic information system management
Strategic information system managementStrategic information system management
Strategic information system managementPragnya Sahoo
 
Information risk management
Information risk managementInformation risk management
Information risk managementAkash Saraswat
 
Challenge of Outsourcing
Challenge of OutsourcingChallenge of Outsourcing
Challenge of OutsourcingNascenia IT
 
Characterization of strategic information systems
Characterization of strategic information systemsCharacterization of strategic information systems
Characterization of strategic information systemsSuresh Kumar
 
End user development
End user developmentEnd user development
End user developmentgavhays
 
Make or buy, insourcingoutsourcing
Make or buy, insourcingoutsourcingMake or buy, insourcingoutsourcing
Make or buy, insourcingoutsourcingAnkit
 

Viewers also liked (20)

Cyber security mis
Cyber security misCyber security mis
Cyber security mis
 
Mis of hero honda
Mis of hero hondaMis of hero honda
Mis of hero honda
 
Management Information Systems in Maruti Suzuki
Management Information Systems in Maruti SuzukiManagement Information Systems in Maruti Suzuki
Management Information Systems in Maruti Suzuki
 
Security and control in mis
Security and control in misSecurity and control in mis
Security and control in mis
 
McDonald's information systems
McDonald's information systemsMcDonald's information systems
McDonald's information systems
 
A Method for Evaluating End-User Development Technologies
A Method for Evaluating End-User Development TechnologiesA Method for Evaluating End-User Development Technologies
A Method for Evaluating End-User Development Technologies
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)
 
Outsource
OutsourceOutsource
Outsource
 
A Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System RiskA Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System Risk
 
Supply Chain Management
Supply Chain ManagementSupply Chain Management
Supply Chain Management
 
Make or Buy
Make or BuyMake or Buy
Make or Buy
 
Strategic information system management
Strategic information system managementStrategic information system management
Strategic information system management
 
Outsourcing
OutsourcingOutsourcing
Outsourcing
 
Information systems risk assessment frame workisraf 130215042410-phpapp01
Information systems risk assessment frame workisraf 130215042410-phpapp01Information systems risk assessment frame workisraf 130215042410-phpapp01
Information systems risk assessment frame workisraf 130215042410-phpapp01
 
Information risk management
Information risk managementInformation risk management
Information risk management
 
Make or buy diagram
Make or buy diagramMake or buy diagram
Make or buy diagram
 
Challenge of Outsourcing
Challenge of OutsourcingChallenge of Outsourcing
Challenge of Outsourcing
 
Characterization of strategic information systems
Characterization of strategic information systemsCharacterization of strategic information systems
Characterization of strategic information systems
 
End user development
End user developmentEnd user development
End user development
 
Make or buy, insourcingoutsourcing
Make or buy, insourcingoutsourcingMake or buy, insourcingoutsourcing
Make or buy, insourcingoutsourcing
 

Similar to Information system and security control

Dark Alleys/Internet Security
Dark Alleys/Internet SecurityDark Alleys/Internet Security
Dark Alleys/Internet SecurityJohn Dorner
 
Online Data Protection - R D Sivakumar
Online Data Protection - R D SivakumarOnline Data Protection - R D Sivakumar
Online Data Protection - R D SivakumarSivakumar R D .
 
Cyber Security – Virus and the Internet
Cyber Security – Virus and the Internet Cyber Security – Virus and the Internet
Cyber Security – Virus and the Internet Love Steven
 
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open SourceInvited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Sourcehack33
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011lbcollins18
 
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUEScompTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUESEMERSON EDUARDO RODRIGUES
 
Security communication
Security communicationSecurity communication
Security communicationSay Shyong
 
Network and Security-2.pptx
Network and Security-2.pptxNetwork and Security-2.pptx
Network and Security-2.pptxDhanvanthkesavan
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint ProtectionSophos
 
firewallpresentation-100826052003-phpapp02.pptx
firewallpresentation-100826052003-phpapp02.pptxfirewallpresentation-100826052003-phpapp02.pptx
firewallpresentation-100826052003-phpapp02.pptxApdiazizHussein
 
It security,malware,phishing,information theft
It security,malware,phishing,information theftIt security,malware,phishing,information theft
It security,malware,phishing,information theftDeepak John
 
3e - Computer Crime
3e - Computer Crime3e - Computer Crime
3e - Computer CrimeMISY
 
3e - Security And Privacy
3e - Security And Privacy3e - Security And Privacy
3e - Security And PrivacyMISY
 
Chapter 3 Ensuring Internet Security
Chapter 3 Ensuring Internet SecurityChapter 3 Ensuring Internet Security
Chapter 3 Ensuring Internet SecurityPatty Ramsey
 

Similar to Information system and security control (20)

Dark Alleys/Internet Security
Dark Alleys/Internet SecurityDark Alleys/Internet Security
Dark Alleys/Internet Security
 
Online Data Protection - R D Sivakumar
Online Data Protection - R D SivakumarOnline Data Protection - R D Sivakumar
Online Data Protection - R D Sivakumar
 
IT Security for Small Business
IT Security for Small BusinessIT Security for Small Business
IT Security for Small Business
 
Cyber Security – Virus and the Internet
Cyber Security – Virus and the Internet Cyber Security – Virus and the Internet
Cyber Security – Virus and the Internet
 
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open SourceInvited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
 
internet security
internet securityinternet security
internet security
 
Firewalls-Intro
Firewalls-IntroFirewalls-Intro
Firewalls-Intro
 
Cyber security
Cyber securityCyber security
Cyber security
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011
 
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUEScompTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
 
information security and backup system
information security and backup systeminformation security and backup system
information security and backup system
 
Security communication
Security communicationSecurity communication
Security communication
 
Network and Security-2.pptx
Network and Security-2.pptxNetwork and Security-2.pptx
Network and Security-2.pptx
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint Protection
 
firewallpresentation-100826052003-phpapp02.pptx
firewallpresentation-100826052003-phpapp02.pptxfirewallpresentation-100826052003-phpapp02.pptx
firewallpresentation-100826052003-phpapp02.pptx
 
It security,malware,phishing,information theft
It security,malware,phishing,information theftIt security,malware,phishing,information theft
It security,malware,phishing,information theft
 
3e - Computer Crime
3e - Computer Crime3e - Computer Crime
3e - Computer Crime
 
3e - Security And Privacy
3e - Security And Privacy3e - Security And Privacy
3e - Security And Privacy
 
Computer security
Computer securityComputer security
Computer security
 
Chapter 3 Ensuring Internet Security
Chapter 3 Ensuring Internet SecurityChapter 3 Ensuring Internet Security
Chapter 3 Ensuring Internet Security
 

More from Cheng Olayvar

CIS Audit Lecture # 1
CIS Audit Lecture # 1CIS Audit Lecture # 1
CIS Audit Lecture # 1Cheng Olayvar
 
Accounting Information System
Accounting Information SystemAccounting Information System
Accounting Information SystemCheng Olayvar
 
Cash Flow Statement - Finac 4
Cash Flow Statement - Finac 4Cash Flow Statement - Finac 4
Cash Flow Statement - Finac 4Cheng Olayvar
 
Production Management - ABC Inventory
Production Management - ABC InventoryProduction Management - ABC Inventory
Production Management - ABC InventoryCheng Olayvar
 

More from Cheng Olayvar (12)

Cost of Capital
Cost of Capital Cost of Capital
Cost of Capital
 
AIS Lecture 1
AIS Lecture 1AIS Lecture 1
AIS Lecture 1
 
CIS Audit Lecture # 1
CIS Audit Lecture # 1CIS Audit Lecture # 1
CIS Audit Lecture # 1
 
Sophos a-to-z
Sophos a-to-z Sophos a-to-z
Sophos a-to-z
 
AIS Implementation
AIS ImplementationAIS Implementation
AIS Implementation
 
Bsa 1286
Bsa 1286Bsa 1286
Bsa 1286
 
Microsoft Project
Microsoft ProjectMicrosoft Project
Microsoft Project
 
Accounting Information System
Accounting Information SystemAccounting Information System
Accounting Information System
 
Info System 2
Info System 2Info System 2
Info System 2
 
Info System
Info SystemInfo System
Info System
 
Cash Flow Statement - Finac 4
Cash Flow Statement - Finac 4Cash Flow Statement - Finac 4
Cash Flow Statement - Finac 4
 
Production Management - ABC Inventory
Production Management - ABC InventoryProduction Management - ABC Inventory
Production Management - ABC Inventory
 

Recently uploaded

Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 

Recently uploaded (20)

Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 

Information system and security control

  • 1. Information System and Security Control Anthony D.J. Matutino
  • 2. 7 CRITERIA TO BE MET BY INFORMATION SYSTEM  Effectiveness  Efficiency  Confidentiality  Integrity  Availability  Compliance  Reliability
  • 3. BUSINESS RISK INVOLVING INFORMATION SYSTEM  Strategic Risk  Security Risk  Legal Risk  Reputational Risk
  • 4. STRATEGIC RISK  Strategic assessment and risk analysis  Integration within strategic goal  Selection and management of technological infrastructure  Comprehensive process for managing outsourcing relationships with third party providers
  • 5. SECURITY RISK  Customer security practices  Authentication of customers  Non-repudiation and accountability of transactions  Segregation of duties  Authorization controls within the systems, databases and applications  Internal or external fraud
  • 6. SECURITY RISK  Audit trails for transactions  Confidentiality of data during transactions  Third-party security risk
  • 7. LEGAL RISK  Disclosures of information to customers  Privacy  Compliance to laws, rules and statements of the regulators  Exposure to foreign jurisdictions
  • 8. REPUTATIONAL RISK  Service level delivery  Level of customer care  Business continuity and contingency planning
  • 10. SECURITY MEASURES  Policies  Firewalls  Password  Penetration testing and test software  Intrusion Detection and Prevention System  Encryption
  • 11. SECURITY MEASURES  Digital Signatures  Virtual Private Network  Anti-virus Program  Anti-spyware program  Logging and monitoring
  • 12. INTERNET SERVICE AS A MEANS OF INFORMATION SYSTEM  E-mail  World Wide Web (WWW)  File Transfer Protocol (FTP)  News  Telnet/remote interactive access  Internet Relay Chat (IRC)/Instant Messaging
  • 13. E-MAIL THREATS THREATS RECOMMENDATION  Sender – No one can  Use of digital be sure that the sender signatures of an e-mail is the real sender.
  • 14. E-MAIL THREATS THREATS RECOMMENDATION  Messages in plain  Encrypt the message test – It is possible that the message can be intercepted, read and change the message..
  • 15. E-MAIL THREATS THREATS RECOMMENDATION  There are no  Certificate of posting guarantees of secure function delivery
  • 16. E-MAIL THREATS THREATS RECOMMENDATION  Large attachments  Set a limit on how can clog the e-mail large the attachments system and/or server are that e-mail is allowed to receive and make guidelines for downloading, archiving and deletion of e-mails.
  • 17. E-MAIL THREATS THREATS RECOMMENDATION  Spam (unwanted e-  Set filter to mails) remove/separate spams from legitimate messages.
  • 18. WORLD WIDE WEB THREATS RECOMMENDATION  Information quality  Reader should be cautious and as much as possible, try to verify the information.
  • 19. WORLD WIDE WEB THREATS RECOMMENDATION  Tracks  Firewall  Browser  Set your computer to  Plug-ins clear history  Cookies  Use InPrivate browsing
  • 20. FILE TRANSFER PROTOCOL THREATS RECOMMENDATION  File Transfer Protocol  Proper configuration has basically no can only minimize the security. risk  Scan all incoming files
  • 21. NEWS THREATS RECOMMENDATION  Reputation risk – the  It is possible to block news/blog can be access to news. This regarded as is a matter of organization’s official organizational policy view.
  • 22. TELNET THREATS RECOMMENDATION  Username and  One-time or frequent password are usually password change and sent in plain text. It is other encryptions simple for intruders to should be used read user information and use it for unauthorized access.
  • 23. INTERNET RELAY CHAT THREATS RECOMMENDATION  Most IRCs bypass the  IRCs with external anti-virus softwares access should be avoided. If it is necessary to download a file, avoid direct execution of files.
  • 24. COMMON SIGNS OF VIRUS  Unusual message appear on your screen  Decreased system performance  Missing data  Inability to access your hard drives  Settings are automatically changed
  • 25.
  • 27. IE – InPrivate Browsing
  • 29. Always test policy on a test computer before applying it to any other computers
  • 30. Videos  Basic PC Security  Anti-virus and other malware  Anti-spyware