SlideShare a Scribd company logo

Mis chapter 9

Download as PPT, PDF
Filmon Habtemichael Tesfai
Filmon Habtemichael Tesfai

MIs and information security

Technology
1 of 53
Chapter 9: Information System Security Filmon Habtemichael
Introduction ♦ Computers have become such valuable tools that today’s business people have difficulty imagining work without them. ♦ Yet the information age has also brought the following potential problems for workers, companies, and society in general: • Computer waste and mistakes • Computer crime • Privacy issues • Work environment problems • Ethical issues
Computer Waste ♦ Discard old software and computer systems when they still have value. ♦ Build and maintain complex systems that are never used to their fullest extent. ♦ Employees playing computer games, sending unimportant e-mail, or accessing the Internet. ♦ Junk e-mail, also called spam, and junk faxes cause waste. – It wastes time and also computer resources. – Spam messages often carry attached files with embedded viruses ♦ A spam filter is software that attempts to block unwanted e-mail – This can be disastrous for people in sales or customer service – Image-based spam is a new tactic spammers use to circumvent spam-filtering software
PREVENTING COMPUTER-RELATED WASTE AND MISTAKES ♦ Preventing waste and mistakes involves (1)Establishing, (2)Implementing, (3)Monitoring, and (4)Reviewing effective policies and procedures.
Establishing Policies and Procedures ♦ A survey of 304 U.S. companies determined that over one-fourth of bosses have fired employees for inappropriate use of e-mail and one-third have fired workers for wasting valuable time on the Internet. ♦ The first step to prevent computer-related waste is to establish policies and procedures regarding efficient acquisition, use, and disposal of systems and devices. ♦ Prevention of computer-related mistakes begins by identifying the most common types of errors
…Establishing policies continued ♦ Types of computer-related mistakes include the following: – Data-entry or data-capture errors – Errors in computer programs – Errors in handling files, including formatting a disk by mistake, copying an old file over a newer one – Mishandling of computer output – Inadequate planning for control of equipment malfunctions – Inadequate planning for and control of environmental difficulties (such as electrical and humidity problems) – Failure to provide access to the most current information by not adding new Web links and not deleting old links
Implementing Policies and Procedures ♦ Most companies develop such policies and procedures with advice from the firm’s internal auditing group or its external auditing firm. ♦ The policies often focus on the implementation of source data automation and the use of data editing to ensure data accuracy and completeness ♦ Some useful policies to minimize waste and mistakes include the following: – The system should have controls to prevent invalid and unreasonable data entry. – A user manual should be available covering operating procedures
Monitoring Policies and Procedures ♦ Many organizations implement internal audits to measure actual results against established goals, such as – percentage of end-user reports produced on time, – percentage of data-input errors detected, – number of input transactions entered per eight hour shift, &so on.
Reviewing Policies and Procedures ♦ Do current policies cover existing practices adequately? ♦ Does the organization plan any new activities in the future? ♦ Are contingencies and disasters covered?
…Reviewing Policies and Procedures ♦ Preventing errors and mistakes is one way to do so. ♦ Another is implementing in-house security measures and legal protections to detect and prevent a dangerous type of misuse: computer crime.
♦ Wireless Security Challenges – radio frequency bands are easy to scan. – Both Bluetooth and Wi-Fi networks are susceptible to hacking by eavesdroppers. – war driving eavesdroppers drive by buildings or park outside and try to intercept wireless network traffic
COMPUTER CRIME ♦ Today, computer criminals are bolder and more creative than ever. With the increased use of the Internet, computer crime is now global ♦ The following is a sample of recent computer crimes:
…Computer crimes ♦ A Chilean hacker gathered personal data about 6 million people from various Chilean government sites including names, addresses, phone numbers, ID numbers, and e-mail addresses and posted them to a blog site for all to see. The hacker’s motivation was to protest his country’s weak data security. ♦ A 15-year-old Pennsylvania student broke into an educational network and saved on a flash drive the names, addresses, and Social Security numbers of some 55,000 people. The student was arrested and charged with four offenses of unlawful duplication and theft.
…Computer crimes ♦ When customers initially link their brokerage accounts to their bank account to allow the transfer of funds, firms such as E*Trade and Schwab.com use a test procedure to make micro-deposits of a few cents to a few dollars to the bank account to ensure that the account numbers and routing information are correct. A hacker took advantage of a backdoor to this procedure by opening tens of thousands of banking accounts with the brokerages and linked them to fraudulent brokerage accounts to collect the microdeposits. The hacker stole more than $50,000 over six months
♦ Part of what makes computer crime so unique and difficult to combat is its dual nature—the computer can be both the tool used to commit a crime and the object of that crime.
THE COMPUTER AS A TOOL TO COMMIT CRIME ♦ Many people who commit computer-related crime claim they do it for the challenge, not for the money. ♦ Criminals need two capabilities to commit most computer crimes. – First, the criminal needs to know how to gain access to the computer system. – Second, the criminal must know how to manipulate the system to produce the desired result ♦ Social engineering – Using social skills to get computer users to provide information to access an information system or its data. ♦ Dumpster diving – Going through the trash cans of an organization to find secret or confidential information, including information needed to access an information system or its data.
Cyberterrorism ♦ Cyber-terrorist: Someone who intimidates or coerces a government or organization to advance his political or social objectives by launching computer-based attacks against computers, networks, and the information stored on them. – China, the United States, South Korea, Russia, and Taiwan are currently the sources of most of the world’s malware ♦
…Cyberterrorism ♦ The small Baltic nation of Estonia was subjected to a cyberterrorism attack for three weeks in 2007 that disabled government and corporate networks. The attack followed deadly riots by the nation’s ethnic Russian minority in response to the relocation of a Soviet war memorial. Moscow has denied any involvement. ♦ Pro-China cyberterrorists launched a brief denial-of- service attack on the CNN Web site, which they believe has been overly critical of China, to protest the news network’s coverage of Tibet. The attack was cancelled after less than 30 minutes, but the group threatened to launch another attack in the near future.
Cyberwarfare ♦ Cyberwarfare is a state-sponsored activity designed to cripple and defeat another state or nation by penetrating its computers or networks for the purposes of causing damage and disruption. – There are 250,000 probes trying to find their way into the U.S. Department of Defense networks every hour – Over the years, hackers have stolen plans for missile tracking systems, satellite navigation devices, surveillance drones, and leading-edge jet fighters. – STUXNET
…Cyberwarfare ♦ n July 2010, reports surfaced about a Stuxnet worm that had been targeting Iran’s nuclear facilities ♦ Malicious software had infected the Iranian nuclear facilities and disrupted the nuclear program by disabling the facilities' centrifuges. Wiped 1/5th of it. It delayed Iran 5 years ♦ It is the first visible example of industrial cyberwarfare ♦ TheWindows-based worm had a “dual warhead.” – One part was designed to lay dormant for long periods, then speed up Iran’s nuclear centrifuges so that they spun wildly out of control. – Another secretly recorded what normal operations at the nuclear plant looked like and then played those recordings back to plant operators so it would appear that the centrifuges were operating normally when they were actually tearing themselves apart.
Identity Theft ♦ Identify theft A crime in which an imposter obtains key pieces of personal identification information, such as Social Security or driver’s license numbers, to impersonate someone else. ♦ shoulder surfing—the identity thief simply stands next to someone at a public office, such as the Bureau of Motor Vehicles, and watches as the person fills out personal information on a form
THE COMPUTER AS THE OBJECT OF CRIME ♦ A computer can also be the object of the crime, rather than the tool for committing it. ♦ Vulnerability of a computer increases the risk of becoming object of crime
Internet Vulnerabilities ♦ Computers that are constantly connected to the Internet by cable modems or digital subscriber line (DSL) lines are more open to penetration by outsiders because they use fixed Internet addresses where they can be easily identified. – With dial-up service, a temporary Internet address is assigned for each session. – A fixed Internet address creates a fixed target for hackers. ♦ Most Voice over IP (VoIP) traffic over the public Internet is not encrypted, so anyone with a network can listen in on conversations ♦ Vulnerability has also increased from widespread use of e- mail, instant messaging (IM), and peer-to-peer file-sharing programs.
INTERNAL THREATS: EMPLOYEES ♦ We tend to think the security threats to a business originate outside the organization. In fact, company insiders pose serious security problems. ♦ Studies have found that user lack of knowledge is the single greatest cause of network security breaches ♦ Malicious intruders seeking system access sometimes trick employees ♦ Social engineering Tricking people into revealing their passwords by pretending to be legitimate users or members of a company in need of information
…THE COMPUTER AS THE OBJECT OF CRIME ♦ These crimes fall into several categories: – illegal access and use, – Data alteration and destruction, – Information and equipment theft, – Software and Internet piracy, – Computer-related scams, and – international computer crime.
Illegal Access and Use ♦ Hacker- A person who enjoys computer technology and spends time learning and using computer systems. ♦ Criminal hacker (cracker)- A computer-savvy person who attempts to gain unauthorized or illegal access to computer systems to steal passwords, corrupt files and programs, or even transfer money ♦ Script bunny- A cracker with little technical savvy who downloads programs called scripts, which automate the job of breaking into computers.
♦ Insider : An employee, dissatisfied or otherwise, working solo or in concert with outsiders to compromise corporate systems ♦ Cyber vandalism- Intentional disruption, defacement, or destruction of a Web site or corporate information system. ♦ Ransomware: Cybercriminals extort money from victims by locking their devices remotely or by obtaining embarrassing photos, documents, and other material that can be dangled for a price. ♦ Rogues / Scareware (Rogue Anti Virus) pretend to be security software. Often, fake warnings are used to make you purchase the security software, which the pirates profit from.
…Illegal Access and Use ♦ Some criminals have started phony VoIP phone companies and sold subscriptions for services to unsuspecting customers. ♦ Catching and convicting criminal hackers remains a difficult task.
MALICIOUS SOFTWARE: VIRUSES, WORMS, TROJAN HORSES, AND SPYWARE ♦ Malicious software programs are referred to as malware and include a variety of threats, such as computer viruses, worms, and Trojan horses ♦ As many as one of every 10 downloads from the Web includes harmful programs ♦ The amount of harmful software in the world passed the amount of beneficial software in 2007 ♦ The security firm McAfee found nearly 13,000 different kinds of malware targeting mobile devices in 2012, with almost all attacks targeting devices using Google’s Android operating system.
♦ Virus- A computer program file capable of attaching to disks or other files and replicating itself repeatedly, typically without the user’s knowledge or permission ♦ Worm- A parasitic computer program that can create copies of itself on the infected computer or send copies to other computers via a network. – Worms are parasitic computer programs that replicate but, unlike viruses, do not infect other computer program files. ♦ Trojan horse- A malicious program that disguises itself as a useful application or game and purposefully does something the user does not expect – E.g. MMarketPay- Trojan for Android phones. – It has been detected in multiple app stores and has spread to more than 100,000 devices.
♦ Trojans are not viruses because they do not replicate, but they can be just as destructive. ♦ A logic bomb is a type of Trojan horse that executes when specific conditions occur ♦ A rootkit is a set of programs that enable its user to gain administrator level access to a computer or network. ♦ A variant is a modified version of a virus that is produced by the virus’s author or another person who amends the original virus code. – if the changes are significant, the variant might go undetected by antivirus software. ♦ SQL injection attack Attacks against a Web site that take advantage of vulnerabilities in poorly coded SQL applications in order to introduce malicious program code
Spoofing ♦ Spoofing is tricking or deceiving computer systems or other computer users by hiding one's identity or faking the identity of another user on the Internet – One increasingly popular tactic is a form of spoofing is phishing. – In a more targeted form of phishing called spear phishing, messages appear to come from a trusted source, such as an individual within the recipient's own company or a friend. – Phishing techniques called evil twins and pharming are harder to detect. – Evil twins- Wireless networks that pretend to be legitimate to entice participants to log on and reveal passwords or credit card numbers – Pharming- Phishing technique that redirects users to a bogus Web page, even when an individual enters the correct Web page address.
Sniffing ♦ Sniffing- Type of eavesdropping program that monitors information traveling over a network – When used legitimately, sniffers help identify potential network trouble spots or criminal activity on networks
Click fraud ♦ click fraud is falsely clicking on an online ad in pay per click advertising to generate an improper charge per click. ♦ It occurs when an individual or computer program fraudulently clicks on an online ad without any intention of learning more about the advertiser or making a purchase. ♦ Click fraud has become a serious problem at Google and other similar Web sites ♦ Some companies hire third parties (typically from low- wage countries) to fraudulently click ♦ Click fraud can also be carried out with software programs doing the clicking, and botnets are often used for this purpose.
Using Antivirus Programs ♦ Some of the most highly rated antivirus software for 2015 include – Bitdefender Antivirus Plus – Kaspersky Anti-Virus – McAfee AntiVirus Plus – Norton Security – Trend Micro Antivirus+ Security – Avira Antivirus pro – BullGuard Antivirus – Escan Antivirus – Zone Alarm Antivirus – G-Data Antivirus – Avast Pro Antivirus – AVG AntiVirus – Malwarebytes Anti-Exploit – Webroot SecureAnywhere Antivirus – Emsisoft Anti-Malware – F-Secure Anti-Virus – Panda Antivirus Pro – ESET NOD32 Antivirus
♦ Future antivirus programs might incorporate “nature-based models” that check for unusual or unfamiliar computer code. ♦ The advantage of this type of antivirus program is the ability to detect new viruses that are not part of an antivirus database.
♦ Hoax, or false, viruses are another problem. ♦ Criminal hackers sometimes warn the public of a new and devastating virus that doesn’t exist to create fear ♦ Companies sometimes spend hundreds of hours warning employees and taking preventive action against a nonexistent virus.
♦ Spyware Software that is installed on a personal computer to intercept or take partial control over the user’s interaction with the computer without knowledge or permission of the user. ♦ Key loggers are forms of spyware which record every keystroke made on a computer to – steal serial numbers for software, – to launch Internet attacks, – to gain access to e-mail accounts, – to obtain passwords to protected computer systems, or – to pick up personal information such as credit card numbers.
Examples of Computer crime
Information and Equipment Theft ♦ Password sniffer- A small program hidden in a network or a computer system that records identification numbers and passwords.
….Information and Equipment Theft To fight computer crime, many companies use devices that disable the disk drive or lock the computer to the desk
Safe Disposal of Personal Computers ♦ Donation of personal computers no longer needed ♦ Sell at a deep discount to employees or auction. ♦ However, care must be taken to ensure that all traces of any personal or company confidential data is completely removed. ♦ Simply deleting files and emptying the Recycle Bin does not make it impossible for determined individuals to view the data. ♦ Be sure to use disk-wiping software utilities that overwrite all sectors of your disk making all data unrecoverable. ♦ Darik’s Boot and Nuke (DBAN) is free and can be downloaded from the SourceForge Web site.
Patent and Copyright Violations ♦ Software piracy- The act of unauthorized copying or distribution of copyrighted software – It involves the copying, downloading, sharing, selling, or installing of multiple copies onto personal or work computers ♦ When you purchase software, you are purchasing a license to use it; you do not own the actual software.
Computer-Related Scams ♦ Scam: works by sending customers an e-mail including a link that seems to direct users to their bank’s Web site. ♦ At the site, they are greeted with a pop-up box asking them for their full debit card numbers, their personal identification numbers, and their credit card expiration dates. ♦ The problem is that the Web site customers are directed to is a fake site operated by someone trying to gain access to their private information. As discussed previously, this form of scam is called phishing.
Using Intrusion Detection Software ♦ Intrusion detection system (IDS) Software that monitors system and network resources and notifies network security personnel when it senses a possible intrusion. ♦ Examples of suspicious activities include – repeated failed logon attempts, – attempts to download a program to a server, and – access to a system at unusual hours
Security Dashboard ♦ Security dashboard is software that provides a comprehensive display on a single computer screen of all the vital data related to an organization’s security defenses including threats, exposures, policy compliance and incident alerts ♦ The goal is to reduce the effort required for monitoring and to identify threats earlier. ♦ Data comes from a variety of sources including firewalls, applications, servers, and other software and hardware devices
Internet Libel Concerns ♦ A publisher, such as a newspaper, can be sued for libel, which involves publishing an intentionally false written statement that is damaging to a person’s reputation ♦ Geolocation tools match the user’s IP address with outside information to determine the actual geographic location of the online user where the customer’s computer signal enters the Internet. ♦ But there are differences which you need to understand when the false statements are made on-line. ♦
…Internet Libel concerns ♦ Defamation: An unprivileged false statement of fact which tends to harm the reputation of a person or company. This is a catch-all term for both libel and slander. ♦ Libel: Defamation which is written such as on a web site. Most on-line defamation occurs through libel by posting a web page, comment, bulletin board post, review, rating or blog post. ♦ Slander: Defamation that is spoken such as through an transcribed video, podcast or audio file
THE ROLE OF AUDITING ♦ An MIS audit examines the firm’s overall security environment as well as controls governing individual information systems.
MIS Audit
Business value of security and control ♦ Information assets, such as confidential employee records, trade secrets, or business plans, lose much of their value if they are revealed to outsiders or if they expose the firm to legal liability. ♦ New laws require companies to practice stringent electronic records management and adhere to strict standards for security, privacy, and control. ♦ Legal actions requiring electronic evidence and computer forensics also require firms to pay more attention to security and electronic records management.
Framework for security and control ♦ Firms need to establish a good set of both general and application controls for their information systems. ♦ Risk assessment evaluates information assets, identifies control points and control weaknesses, and determines the most cost-effective set of controls ♦ Firms must also develop a coherent corporate security policy and plans for continuing business operations in the event of disaster or disruption. ♦ Comprehensive and systematic MIS auditing helps organizations determine the effectiveness of security and controls for their information systems.
Tools and technologies for security ♦ Passwords, tokens, smart cards, and biometric authentication are used to authenticate system users ♦ Anti Virus, Anti spyware ♦ Encryption ♦ Digital certificates(an electronic document used to prove ownership of a public key) ♦ Companies can use fault-tolerant computer systems or create high-availability computing environments to make sure that their information systems are always available. ♦ Use of software metrics and rigorous software testing help improve software quality and reliability

Recommended

2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer CrimesRaffa Learning Community
 
Computer crime
Computer crimeComputer crime
Computer crimeSurya Prasad
 
Ii congresso de crimes eletrônicos e formas de proteção – 27 09-2010 – aprese...
Ii congresso de crimes eletrônicos e formas de proteção – 27 09-2010 – aprese...Ii congresso de crimes eletrônicos e formas de proteção – 27 09-2010 – aprese...
Ii congresso de crimes eletrônicos e formas de proteção – 27 09-2010 – aprese...FecomercioSP
 
An introduction to digital crimes
An introduction to digital crimesAn introduction to digital crimes
An introduction to digital crimesijfcstjournal
 
3e - Computer Crime
3e - Computer Crime3e - Computer Crime
3e - Computer CrimeMISY
 
Countering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaCountering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaMurray Security Services
 
File000146
File000146File000146
File000146Desmond Devendran
 
File000154
File000154File000154
File000154Desmond Devendran
 

Recommended

2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer CrimesRaffa Learning Community
 
Computer crime
Computer crimeComputer crime
Computer crimeSurya Prasad
 
Ii congresso de crimes eletrônicos e formas de proteção – 27 09-2010 – aprese...
Ii congresso de crimes eletrônicos e formas de proteção – 27 09-2010 – aprese...Ii congresso de crimes eletrônicos e formas de proteção – 27 09-2010 – aprese...
Ii congresso de crimes eletrônicos e formas de proteção – 27 09-2010 – aprese...FecomercioSP
 
An introduction to digital crimes
An introduction to digital crimesAn introduction to digital crimes
An introduction to digital crimesijfcstjournal
 
3e - Computer Crime
3e - Computer Crime3e - Computer Crime
3e - Computer CrimeMISY
 
Countering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaCountering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaMurray Security Services
 
File000146
File000146File000146
File000146Desmond Devendran
 
File000154
File000154File000154
File000154Desmond Devendran
 
Prosecuting Cybercrime and Regulating the Web
Prosecuting Cybercrime and Regulating the WebProsecuting Cybercrime and Regulating the Web
Prosecuting Cybercrime and Regulating the WebDarius Whelan
 
computer misuse n criminal law
computer misuse n criminal lawcomputer misuse n criminal law
computer misuse n criminal lawHamza Cheema
 
Hacking
Hacking Hacking
Hacking thajmohammed
 
Computer misuse and criminal law
Computer misuse and criminal lawComputer misuse and criminal law
Computer misuse and criminal lawZaheer Irshad
 
computer crime
computer crimecomputer crime
computer crime00jitesh00
 
File000161
File000161File000161
File000161Desmond Devendran
 
20140314 Belgian Senate Judicial action of police on social media
20140314 Belgian Senate Judicial action of police on social media20140314 Belgian Senate Judicial action of police on social media
20140314 Belgian Senate Judicial action of police on social mediaLuc Beirens
 
File000155
File000155File000155
File000155Desmond Devendran
 
finance and accounting
finance and accountingfinance and accounting
finance and accountingHamza Cheema
 
I want to be a cyber forensic examiner
I want to be a cyber forensic examinerI want to be a cyber forensic examiner
I want to be a cyber forensic examinerNeeraj Aarora
 
File000145
File000145File000145
File000145Desmond Devendran
 
ppt on child pornography and cyber crime
ppt on child pornography and cyber crimeppt on child pornography and cyber crime
ppt on child pornography and cyber crime008_Anuj
 
Cybercrime In South Africa and the benefits of public private partnerships
Cybercrime In South Africa and the benefits of public private partnershipsCybercrime In South Africa and the benefits of public private partnerships
Cybercrime In South Africa and the benefits of public private partnershipsJacqueline Fick
 
Current threats and trends
Current threats and trendsCurrent threats and trends
Current threats and trendsLive Tecnologies
 
20121119 Cybercrime : a basis for cyberwar ?
20121119 Cybercrime : a basis for cyberwar ?20121119 Cybercrime : a basis for cyberwar ?
20121119 Cybercrime : a basis for cyberwar ?Luc Beirens
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismAbhay Vijay
 
document on cyber terrorism
document on cyber terrorismdocument on cyber terrorism
document on cyber terrorismKirti Temani
 
Understanding Computers: Today and Tomorrow, 13th Edition Chapter 9 - Network...
Understanding Computers: Today and Tomorrow, 13th Edition Chapter 9 - Network...Understanding Computers: Today and Tomorrow, 13th Edition Chapter 9 - Network...
Understanding Computers: Today and Tomorrow, 13th Edition Chapter 9 - Network...yaminohime
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeRafel Ivgi
 
cyber crime
cyber crime cyber crime
cyber crimesonalpandey11
 
Sdlc
SdlcSdlc
SdlcWaheed Iqbal Boss
 
System development life cycle (sdlc)
System development life cycle (sdlc)System development life cycle (sdlc)
System development life cycle (sdlc)Mukund Trivedi
 

More Related Content

What's hot

Prosecuting Cybercrime and Regulating the Web
Prosecuting Cybercrime and Regulating the WebProsecuting Cybercrime and Regulating the Web
Prosecuting Cybercrime and Regulating the WebDarius Whelan
 
computer misuse n criminal law
computer misuse n criminal lawcomputer misuse n criminal law
computer misuse n criminal lawHamza Cheema
 
Computer misuse and criminal law
Computer misuse and criminal lawComputer misuse and criminal law
Computer misuse and criminal lawZaheer Irshad
 
computer crime
computer crimecomputer crime
computer crime00jitesh00
 
20140314 Belgian Senate Judicial action of police on social media
20140314 Belgian Senate Judicial action of police on social media20140314 Belgian Senate Judicial action of police on social media
20140314 Belgian Senate Judicial action of police on social mediaLuc Beirens
 
finance and accounting
finance and accountingfinance and accounting
finance and accountingHamza Cheema
 
I want to be a cyber forensic examiner
I want to be a cyber forensic examinerI want to be a cyber forensic examiner
I want to be a cyber forensic examinerNeeraj Aarora
 
ppt on child pornography and cyber crime
ppt on child pornography and cyber crimeppt on child pornography and cyber crime
ppt on child pornography and cyber crime008_Anuj
 
Cybercrime In South Africa and the benefits of public private partnerships
Cybercrime In South Africa and the benefits of public private partnershipsCybercrime In South Africa and the benefits of public private partnerships
Cybercrime In South Africa and the benefits of public private partnershipsJacqueline Fick
 
Current threats and trends
Current threats and trendsCurrent threats and trends
Current threats and trendsLive Tecnologies
 
20121119 Cybercrime : a basis for cyberwar ?
20121119 Cybercrime : a basis for cyberwar ?20121119 Cybercrime : a basis for cyberwar ?
20121119 Cybercrime : a basis for cyberwar ?Luc Beirens
 
document on cyber terrorism
document on cyber terrorismdocument on cyber terrorism
document on cyber terrorismKirti Temani
 
Understanding Computers: Today and Tomorrow, 13th Edition Chapter 9 - Network...
Understanding Computers: Today and Tomorrow, 13th Edition Chapter 9 - Network...Understanding Computers: Today and Tomorrow, 13th Edition Chapter 9 - Network...
Understanding Computers: Today and Tomorrow, 13th Edition Chapter 9 - Network...yaminohime
 

What's hot (20)

Prosecuting Cybercrime and Regulating the Web
Prosecuting Cybercrime and Regulating the WebProsecuting Cybercrime and Regulating the Web
Prosecuting Cybercrime and Regulating the Web
 
computer misuse n criminal law
computer misuse n criminal lawcomputer misuse n criminal law
computer misuse n criminal law
 
Hacking
Hacking Hacking
Hacking
 
Computer misuse and criminal law
Computer misuse and criminal lawComputer misuse and criminal law
Computer misuse and criminal law
 
computer crime
computer crimecomputer crime
computer crime
 
File000161
File000161File000161
File000161
 
20140314 Belgian Senate Judicial action of police on social media
20140314 Belgian Senate Judicial action of police on social media20140314 Belgian Senate Judicial action of police on social media
20140314 Belgian Senate Judicial action of police on social media
 
File000155
File000155File000155
File000155
 
finance and accounting
finance and accountingfinance and accounting
finance and accounting
 
I want to be a cyber forensic examiner
I want to be a cyber forensic examinerI want to be a cyber forensic examiner
I want to be a cyber forensic examiner
 
File000145
File000145File000145
File000145
 
ppt on child pornography and cyber crime
ppt on child pornography and cyber crimeppt on child pornography and cyber crime
ppt on child pornography and cyber crime
 
Cybercrime In South Africa and the benefits of public private partnerships
Cybercrime In South Africa and the benefits of public private partnershipsCybercrime In South Africa and the benefits of public private partnerships
Cybercrime In South Africa and the benefits of public private partnerships
 
Current threats and trends
Current threats and trendsCurrent threats and trends
Current threats and trends
 
20121119 Cybercrime : a basis for cyberwar ?
20121119 Cybercrime : a basis for cyberwar ?20121119 Cybercrime : a basis for cyberwar ?
20121119 Cybercrime : a basis for cyberwar ?
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
document on cyber terrorism
document on cyber terrorismdocument on cyber terrorism
document on cyber terrorism
 
Understanding Computers: Today and Tomorrow, 13th Edition Chapter 9 - Network...
Understanding Computers: Today and Tomorrow, 13th Edition Chapter 9 - Network...Understanding Computers: Today and Tomorrow, 13th Edition Chapter 9 - Network...
Understanding Computers: Today and Tomorrow, 13th Edition Chapter 9 - Network...
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
cyber crime
cyber crime cyber crime
cyber crime
 

Viewers also liked

System development life cycle (sdlc)
System development life cycle (sdlc)System development life cycle (sdlc)
System development life cycle (sdlc)Mukund Trivedi
 
ppt on sOFTWARE DEVELOPMENT LIFE CYCLE
ppt on sOFTWARE DEVELOPMENT LIFE CYCLE ppt on sOFTWARE DEVELOPMENT LIFE CYCLE
ppt on sOFTWARE DEVELOPMENT LIFE CYCLESwarnima Tiwari
 
System Development Life Cycle (SDLC)
System Development Life Cycle (SDLC)System Development Life Cycle (SDLC)
System Development Life Cycle (SDLC)fentrekin
 
Management information system
Management information systemManagement information system
Management information systemAnamika Sonawane
 
Management Information System (MIS)
Management Information System (MIS)Management Information System (MIS)
Management Information System (MIS)Navneet Jingar
 

Viewers also liked (7)

Sdlc
SdlcSdlc
Sdlc
 
System development life cycle (sdlc)
System development life cycle (sdlc)System development life cycle (sdlc)
System development life cycle (sdlc)
 
ppt on sOFTWARE DEVELOPMENT LIFE CYCLE
ppt on sOFTWARE DEVELOPMENT LIFE CYCLE ppt on sOFTWARE DEVELOPMENT LIFE CYCLE
ppt on sOFTWARE DEVELOPMENT LIFE CYCLE
 
System Development Life Cycle (SDLC)
System Development Life Cycle (SDLC)System Development Life Cycle (SDLC)
System Development Life Cycle (SDLC)
 
Management information system
Management information systemManagement information system
Management information system
 
Software Development Life Cycle (SDLC)
Software Development Life Cycle (SDLC) Software Development Life Cycle (SDLC)
Software Development Life Cycle (SDLC)
 
Management Information System (MIS)
Management Information System (MIS)Management Information System (MIS)
Management Information System (MIS)
 

Similar to Mis chapter 9

CYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYCYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYChaya Sorir
 
"Cyber crime", or computer-oriented crime..!!
"Cyber crime", or computer-oriented crime..!!"Cyber crime", or computer-oriented crime..!!
"Cyber crime", or computer-oriented crime..!!amit_shanu
 
Iaetsd cyber crimeand
Iaetsd cyber crimeandIaetsd cyber crimeand
Iaetsd cyber crimeandIaetsd Iaetsd
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer CrimesRaffa Learning Community
 
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia LunaAviva Spectrum™
 
Cyber Security in Society
Cyber Security in SocietyCyber Security in Society
Cyber Security in SocietyRubal Sagwal
 
Cybercrime and security.pptx
Cybercrime and security.pptxCybercrime and security.pptx
Cybercrime and security.pptxEnginAltan4
 
Network security
Network securityNetwork security
Network securitymena kaheel
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.pptEndAlk15
 
LandscapingA local landscaping company that provides lawn-mowing.docx
LandscapingA local landscaping company that provides lawn-mowing.docxLandscapingA local landscaping company that provides lawn-mowing.docx
LandscapingA local landscaping company that provides lawn-mowing.docxsmile790243
 
Cyber security by Gaurav Singh
Cyber security by Gaurav SinghCyber security by Gaurav Singh
Cyber security by Gaurav SinghGaurav Singh
 

Similar to Mis chapter 9 (20)

Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 
CYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYCYBER CRIME AND SECURITY
CYBER CRIME AND SECURITY
 
Cyberterrorism
CyberterrorismCyberterrorism
Cyberterrorism
 
Cyber crime and forensic
Cyber crime and forensicCyber crime and forensic
Cyber crime and forensic
 
Cyber security mis
Cyber security misCyber security mis
Cyber security mis
 
"Cyber crime", or computer-oriented crime..!!
"Cyber crime", or computer-oriented crime..!!"Cyber crime", or computer-oriented crime..!!
"Cyber crime", or computer-oriented crime..!!
 
Iaetsd cyber crimeand
Iaetsd cyber crimeandIaetsd cyber crimeand
Iaetsd cyber crimeand
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes
 
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
 
Cyber Security in Society
Cyber Security in SocietyCyber Security in Society
Cyber Security in Society
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Cybercrime and security.pptx
Cybercrime and security.pptxCybercrime and security.pptx
Cybercrime and security.pptx
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
 
Network security
Network securityNetwork security
Network security
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.ppt
 
LandscapingA local landscaping company that provides lawn-mowing.docx
LandscapingA local landscaping company that provides lawn-mowing.docxLandscapingA local landscaping company that provides lawn-mowing.docx
LandscapingA local landscaping company that provides lawn-mowing.docx
 
Cyber security by Gaurav Singh
Cyber security by Gaurav SinghCyber security by Gaurav Singh
Cyber security by Gaurav Singh
 
Cyber security
Cyber securityCyber security
Cyber security
 

More from Filmon Habtemichael Tesfai

Mis chapter 4 information systems, management, and decision making
Mis chapter 4 information systems, management, and decision makingMis chapter 4 information systems, management, and decision making
Mis chapter 4 information systems, management, and decision makingFilmon Habtemichael Tesfai
 

More from Filmon Habtemichael Tesfai (8)

Mis chapter 8
Mis chapter 8Mis chapter 8
Mis chapter 8
 
Mis chapter 7 database systems
Mis chapter 7 database systemsMis chapter 7 database systems
Mis chapter 7 database systems
 
Mis chapter 3
Mis chapter 3Mis chapter 3
Mis chapter 3
 
Mis chapter 4 information systems, management, and decision making
Mis chapter 4 information systems, management, and decision makingMis chapter 4 information systems, management, and decision making
Mis chapter 4 information systems, management, and decision making
 
Mis chapter 2
Mis chapter 2Mis chapter 2
Mis chapter 2
 
Mis chapter 7b
Mis chapter 7bMis chapter 7b
Mis chapter 7b
 
Mis chapter 5
Mis chapter 5Mis chapter 5
Mis chapter 5
 
Mis chapter 6
Mis chapter 6Mis chapter 6
Mis chapter 6
 

Recently uploaded

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 

Recently uploaded (20)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 

Mis chapter 9

  • 1. Chapter 9: Information System Security Filmon Habtemichael
  • 2. Introduction ♦ Computers have become such valuable tools that today’s business people have difficulty imagining work without them. ♦ Yet the information age has also brought the following potential problems for workers, companies, and society in general: • Computer waste and mistakes • Computer crime • Privacy issues • Work environment problems • Ethical issues
  • 3. Computer Waste ♦ Discard old software and computer systems when they still have value. ♦ Build and maintain complex systems that are never used to their fullest extent. ♦ Employees playing computer games, sending unimportant e-mail, or accessing the Internet. ♦ Junk e-mail, also called spam, and junk faxes cause waste. – It wastes time and also computer resources. – Spam messages often carry attached files with embedded viruses ♦ A spam filter is software that attempts to block unwanted e-mail – This can be disastrous for people in sales or customer service – Image-based spam is a new tactic spammers use to circumvent spam-filtering software
  • 4. PREVENTING COMPUTER-RELATED WASTE AND MISTAKES ♦ Preventing waste and mistakes involves (1)Establishing, (2)Implementing, (3)Monitoring, and (4)Reviewing effective policies and procedures.
  • 5. Establishing Policies and Procedures ♦ A survey of 304 U.S. companies determined that over one-fourth of bosses have fired employees for inappropriate use of e-mail and one-third have fired workers for wasting valuable time on the Internet. ♦ The first step to prevent computer-related waste is to establish policies and procedures regarding efficient acquisition, use, and disposal of systems and devices. ♦ Prevention of computer-related mistakes begins by identifying the most common types of errors
  • 6. …Establishing policies continued ♦ Types of computer-related mistakes include the following: – Data-entry or data-capture errors – Errors in computer programs – Errors in handling files, including formatting a disk by mistake, copying an old file over a newer one – Mishandling of computer output – Inadequate planning for control of equipment malfunctions – Inadequate planning for and control of environmental difficulties (such as electrical and humidity problems) – Failure to provide access to the most current information by not adding new Web links and not deleting old links
  • 7. Implementing Policies and Procedures ♦ Most companies develop such policies and procedures with advice from the firm’s internal auditing group or its external auditing firm. ♦ The policies often focus on the implementation of source data automation and the use of data editing to ensure data accuracy and completeness ♦ Some useful policies to minimize waste and mistakes include the following: – The system should have controls to prevent invalid and unreasonable data entry. – A user manual should be available covering operating procedures
  • 8. Monitoring Policies and Procedures ♦ Many organizations implement internal audits to measure actual results against established goals, such as – percentage of end-user reports produced on time, – percentage of data-input errors detected, – number of input transactions entered per eight hour shift, &so on.
  • 9. Reviewing Policies and Procedures ♦ Do current policies cover existing practices adequately? ♦ Does the organization plan any new activities in the future? ♦ Are contingencies and disasters covered?
  • 10. …Reviewing Policies and Procedures ♦ Preventing errors and mistakes is one way to do so. ♦ Another is implementing in-house security measures and legal protections to detect and prevent a dangerous type of misuse: computer crime.
  • 11. ♦ Wireless Security Challenges – radio frequency bands are easy to scan. – Both Bluetooth and Wi-Fi networks are susceptible to hacking by eavesdroppers. – war driving eavesdroppers drive by buildings or park outside and try to intercept wireless network traffic
  • 12. COMPUTER CRIME ♦ Today, computer criminals are bolder and more creative than ever. With the increased use of the Internet, computer crime is now global ♦ The following is a sample of recent computer crimes:
  • 13. …Computer crimes ♦ A Chilean hacker gathered personal data about 6 million people from various Chilean government sites including names, addresses, phone numbers, ID numbers, and e-mail addresses and posted them to a blog site for all to see. The hacker’s motivation was to protest his country’s weak data security. ♦ A 15-year-old Pennsylvania student broke into an educational network and saved on a flash drive the names, addresses, and Social Security numbers of some 55,000 people. The student was arrested and charged with four offenses of unlawful duplication and theft.
  • 14. …Computer crimes ♦ When customers initially link their brokerage accounts to their bank account to allow the transfer of funds, firms such as E*Trade and Schwab.com use a test procedure to make micro-deposits of a few cents to a few dollars to the bank account to ensure that the account numbers and routing information are correct. A hacker took advantage of a backdoor to this procedure by opening tens of thousands of banking accounts with the brokerages and linked them to fraudulent brokerage accounts to collect the microdeposits. The hacker stole more than $50,000 over six months
  • 15. ♦ Part of what makes computer crime so unique and difficult to combat is its dual nature—the computer can be both the tool used to commit a crime and the object of that crime.
  • 16. THE COMPUTER AS A TOOL TO COMMIT CRIME ♦ Many people who commit computer-related crime claim they do it for the challenge, not for the money. ♦ Criminals need two capabilities to commit most computer crimes. – First, the criminal needs to know how to gain access to the computer system. – Second, the criminal must know how to manipulate the system to produce the desired result ♦ Social engineering – Using social skills to get computer users to provide information to access an information system or its data. ♦ Dumpster diving – Going through the trash cans of an organization to find secret or confidential information, including information needed to access an information system or its data.
  • 17. Cyberterrorism ♦ Cyber-terrorist: Someone who intimidates or coerces a government or organization to advance his political or social objectives by launching computer-based attacks against computers, networks, and the information stored on them. – China, the United States, South Korea, Russia, and Taiwan are currently the sources of most of the world’s malware ♦
  • 18. …Cyberterrorism ♦ The small Baltic nation of Estonia was subjected to a cyberterrorism attack for three weeks in 2007 that disabled government and corporate networks. The attack followed deadly riots by the nation’s ethnic Russian minority in response to the relocation of a Soviet war memorial. Moscow has denied any involvement. ♦ Pro-China cyberterrorists launched a brief denial-of- service attack on the CNN Web site, which they believe has been overly critical of China, to protest the news network’s coverage of Tibet. The attack was cancelled after less than 30 minutes, but the group threatened to launch another attack in the near future.
  • 19. Cyberwarfare ♦ Cyberwarfare is a state-sponsored activity designed to cripple and defeat another state or nation by penetrating its computers or networks for the purposes of causing damage and disruption. – There are 250,000 probes trying to find their way into the U.S. Department of Defense networks every hour – Over the years, hackers have stolen plans for missile tracking systems, satellite navigation devices, surveillance drones, and leading-edge jet fighters. – STUXNET
  • 20. …Cyberwarfare ♦ n July 2010, reports surfaced about a Stuxnet worm that had been targeting Iran’s nuclear facilities ♦ Malicious software had infected the Iranian nuclear facilities and disrupted the nuclear program by disabling the facilities' centrifuges. Wiped 1/5th of it. It delayed Iran 5 years ♦ It is the first visible example of industrial cyberwarfare ♦ TheWindows-based worm had a “dual warhead.” – One part was designed to lay dormant for long periods, then speed up Iran’s nuclear centrifuges so that they spun wildly out of control. – Another secretly recorded what normal operations at the nuclear plant looked like and then played those recordings back to plant operators so it would appear that the centrifuges were operating normally when they were actually tearing themselves apart.
  • 21. Identity Theft ♦ Identify theft A crime in which an imposter obtains key pieces of personal identification information, such as Social Security or driver’s license numbers, to impersonate someone else. ♦ shoulder surfing—the identity thief simply stands next to someone at a public office, such as the Bureau of Motor Vehicles, and watches as the person fills out personal information on a form
  • 22. THE COMPUTER AS THE OBJECT OF CRIME ♦ A computer can also be the object of the crime, rather than the tool for committing it. ♦ Vulnerability of a computer increases the risk of becoming object of crime
  • 23. Internet Vulnerabilities ♦ Computers that are constantly connected to the Internet by cable modems or digital subscriber line (DSL) lines are more open to penetration by outsiders because they use fixed Internet addresses where they can be easily identified. – With dial-up service, a temporary Internet address is assigned for each session. – A fixed Internet address creates a fixed target for hackers. ♦ Most Voice over IP (VoIP) traffic over the public Internet is not encrypted, so anyone with a network can listen in on conversations ♦ Vulnerability has also increased from widespread use of e- mail, instant messaging (IM), and peer-to-peer file-sharing programs.
  • 24. INTERNAL THREATS: EMPLOYEES ♦ We tend to think the security threats to a business originate outside the organization. In fact, company insiders pose serious security problems. ♦ Studies have found that user lack of knowledge is the single greatest cause of network security breaches ♦ Malicious intruders seeking system access sometimes trick employees ♦ Social engineering Tricking people into revealing their passwords by pretending to be legitimate users or members of a company in need of information
  • 25. …THE COMPUTER AS THE OBJECT OF CRIME ♦ These crimes fall into several categories: – illegal access and use, – Data alteration and destruction, – Information and equipment theft, – Software and Internet piracy, – Computer-related scams, and – international computer crime.
  • 26. Illegal Access and Use ♦ Hacker- A person who enjoys computer technology and spends time learning and using computer systems. ♦ Criminal hacker (cracker)- A computer-savvy person who attempts to gain unauthorized or illegal access to computer systems to steal passwords, corrupt files and programs, or even transfer money ♦ Script bunny- A cracker with little technical savvy who downloads programs called scripts, which automate the job of breaking into computers.
  • 27. ♦ Insider : An employee, dissatisfied or otherwise, working solo or in concert with outsiders to compromise corporate systems ♦ Cyber vandalism- Intentional disruption, defacement, or destruction of a Web site or corporate information system. ♦ Ransomware: Cybercriminals extort money from victims by locking their devices remotely or by obtaining embarrassing photos, documents, and other material that can be dangled for a price. ♦ Rogues / Scareware (Rogue Anti Virus) pretend to be security software. Often, fake warnings are used to make you purchase the security software, which the pirates profit from.
  • 28. …Illegal Access and Use ♦ Some criminals have started phony VoIP phone companies and sold subscriptions for services to unsuspecting customers. ♦ Catching and convicting criminal hackers remains a difficult task.
  • 29. MALICIOUS SOFTWARE: VIRUSES, WORMS, TROJAN HORSES, AND SPYWARE ♦ Malicious software programs are referred to as malware and include a variety of threats, such as computer viruses, worms, and Trojan horses ♦ As many as one of every 10 downloads from the Web includes harmful programs ♦ The amount of harmful software in the world passed the amount of beneficial software in 2007 ♦ The security firm McAfee found nearly 13,000 different kinds of malware targeting mobile devices in 2012, with almost all attacks targeting devices using Google’s Android operating system.
  • 30. ♦ Virus- A computer program file capable of attaching to disks or other files and replicating itself repeatedly, typically without the user’s knowledge or permission ♦ Worm- A parasitic computer program that can create copies of itself on the infected computer or send copies to other computers via a network. – Worms are parasitic computer programs that replicate but, unlike viruses, do not infect other computer program files. ♦ Trojan horse- A malicious program that disguises itself as a useful application or game and purposefully does something the user does not expect – E.g. MMarketPay- Trojan for Android phones. – It has been detected in multiple app stores and has spread to more than 100,000 devices.
  • 31. ♦ Trojans are not viruses because they do not replicate, but they can be just as destructive. ♦ A logic bomb is a type of Trojan horse that executes when specific conditions occur ♦ A rootkit is a set of programs that enable its user to gain administrator level access to a computer or network. ♦ A variant is a modified version of a virus that is produced by the virus’s author or another person who amends the original virus code. – if the changes are significant, the variant might go undetected by antivirus software. ♦ SQL injection attack Attacks against a Web site that take advantage of vulnerabilities in poorly coded SQL applications in order to introduce malicious program code
  • 32. Spoofing ♦ Spoofing is tricking or deceiving computer systems or other computer users by hiding one's identity or faking the identity of another user on the Internet – One increasingly popular tactic is a form of spoofing is phishing. – In a more targeted form of phishing called spear phishing, messages appear to come from a trusted source, such as an individual within the recipient's own company or a friend. – Phishing techniques called evil twins and pharming are harder to detect. – Evil twins- Wireless networks that pretend to be legitimate to entice participants to log on and reveal passwords or credit card numbers – Pharming- Phishing technique that redirects users to a bogus Web page, even when an individual enters the correct Web page address.
  • 33. Sniffing ♦ Sniffing- Type of eavesdropping program that monitors information traveling over a network – When used legitimately, sniffers help identify potential network trouble spots or criminal activity on networks
  • 34. Click fraud ♦ click fraud is falsely clicking on an online ad in pay per click advertising to generate an improper charge per click. ♦ It occurs when an individual or computer program fraudulently clicks on an online ad without any intention of learning more about the advertiser or making a purchase. ♦ Click fraud has become a serious problem at Google and other similar Web sites ♦ Some companies hire third parties (typically from low- wage countries) to fraudulently click ♦ Click fraud can also be carried out with software programs doing the clicking, and botnets are often used for this purpose.
  • 35. Using Antivirus Programs ♦ Some of the most highly rated antivirus software for 2015 include – Bitdefender Antivirus Plus – Kaspersky Anti-Virus – McAfee AntiVirus Plus – Norton Security – Trend Micro Antivirus+ Security – Avira Antivirus pro – BullGuard Antivirus – Escan Antivirus – Zone Alarm Antivirus – G-Data Antivirus – Avast Pro Antivirus – AVG AntiVirus – Malwarebytes Anti-Exploit – Webroot SecureAnywhere Antivirus – Emsisoft Anti-Malware – F-Secure Anti-Virus – Panda Antivirus Pro – ESET NOD32 Antivirus
  • 36. ♦ Future antivirus programs might incorporate “nature-based models” that check for unusual or unfamiliar computer code. ♦ The advantage of this type of antivirus program is the ability to detect new viruses that are not part of an antivirus database.
  • 37. ♦ Hoax, or false, viruses are another problem. ♦ Criminal hackers sometimes warn the public of a new and devastating virus that doesn’t exist to create fear ♦ Companies sometimes spend hundreds of hours warning employees and taking preventive action against a nonexistent virus.
  • 38. ♦ Spyware Software that is installed on a personal computer to intercept or take partial control over the user’s interaction with the computer without knowledge or permission of the user. ♦ Key loggers are forms of spyware which record every keystroke made on a computer to – steal serial numbers for software, – to launch Internet attacks, – to gain access to e-mail accounts, – to obtain passwords to protected computer systems, or – to pick up personal information such as credit card numbers.
  • 40. Information and Equipment Theft ♦ Password sniffer- A small program hidden in a network or a computer system that records identification numbers and passwords.
  • 41. ….Information and Equipment Theft To fight computer crime, many companies use devices that disable the disk drive or lock the computer to the desk
  • 42. Safe Disposal of Personal Computers ♦ Donation of personal computers no longer needed ♦ Sell at a deep discount to employees or auction. ♦ However, care must be taken to ensure that all traces of any personal or company confidential data is completely removed. ♦ Simply deleting files and emptying the Recycle Bin does not make it impossible for determined individuals to view the data. ♦ Be sure to use disk-wiping software utilities that overwrite all sectors of your disk making all data unrecoverable. ♦ Darik’s Boot and Nuke (DBAN) is free and can be downloaded from the SourceForge Web site.
  • 43. Patent and Copyright Violations ♦ Software piracy- The act of unauthorized copying or distribution of copyrighted software – It involves the copying, downloading, sharing, selling, or installing of multiple copies onto personal or work computers ♦ When you purchase software, you are purchasing a license to use it; you do not own the actual software.
  • 44. Computer-Related Scams ♦ Scam: works by sending customers an e-mail including a link that seems to direct users to their bank’s Web site. ♦ At the site, they are greeted with a pop-up box asking them for their full debit card numbers, their personal identification numbers, and their credit card expiration dates. ♦ The problem is that the Web site customers are directed to is a fake site operated by someone trying to gain access to their private information. As discussed previously, this form of scam is called phishing.
  • 45. Using Intrusion Detection Software ♦ Intrusion detection system (IDS) Software that monitors system and network resources and notifies network security personnel when it senses a possible intrusion. ♦ Examples of suspicious activities include – repeated failed logon attempts, – attempts to download a program to a server, and – access to a system at unusual hours
  • 46. Security Dashboard ♦ Security dashboard is software that provides a comprehensive display on a single computer screen of all the vital data related to an organization’s security defenses including threats, exposures, policy compliance and incident alerts ♦ The goal is to reduce the effort required for monitoring and to identify threats earlier. ♦ Data comes from a variety of sources including firewalls, applications, servers, and other software and hardware devices
  • 47. Internet Libel Concerns ♦ A publisher, such as a newspaper, can be sued for libel, which involves publishing an intentionally false written statement that is damaging to a person’s reputation ♦ Geolocation tools match the user’s IP address with outside information to determine the actual geographic location of the online user where the customer’s computer signal enters the Internet. ♦ But there are differences which you need to understand when the false statements are made on-line. ♦
  • 48. …Internet Libel concerns ♦ Defamation: An unprivileged false statement of fact which tends to harm the reputation of a person or company. This is a catch-all term for both libel and slander. ♦ Libel: Defamation which is written such as on a web site. Most on-line defamation occurs through libel by posting a web page, comment, bulletin board post, review, rating or blog post. ♦ Slander: Defamation that is spoken such as through an transcribed video, podcast or audio file
  • 49. THE ROLE OF AUDITING ♦ An MIS audit examines the firm’s overall security environment as well as controls governing individual information systems.
  • 51. Business value of security and control ♦ Information assets, such as confidential employee records, trade secrets, or business plans, lose much of their value if they are revealed to outsiders or if they expose the firm to legal liability. ♦ New laws require companies to practice stringent electronic records management and adhere to strict standards for security, privacy, and control. ♦ Legal actions requiring electronic evidence and computer forensics also require firms to pay more attention to security and electronic records management.
  • 52. Framework for security and control ♦ Firms need to establish a good set of both general and application controls for their information systems. ♦ Risk assessment evaluates information assets, identifies control points and control weaknesses, and determines the most cost-effective set of controls ♦ Firms must also develop a coherent corporate security policy and plans for continuing business operations in the event of disaster or disruption. ♦ Comprehensive and systematic MIS auditing helps organizations determine the effectiveness of security and controls for their information systems.
  • 53. Tools and technologies for security ♦ Passwords, tokens, smart cards, and biometric authentication are used to authenticate system users ♦ Anti Virus, Anti spyware ♦ Encryption ♦ Digital certificates(an electronic document used to prove ownership of a public key) ♦ Companies can use fault-tolerant computer systems or create high-availability computing environments to make sure that their information systems are always available. ♦ Use of software metrics and rigorous software testing help improve software quality and reliability