SlideShare a Scribd company logo

Management Information Systems Lecture 7 Security Summary

Z
ZeeshanMajeed15

This document summarizes key points from a lecture on information security. It describes the relationships between hackers and viruses, and how information security policies relate to security plans. It also provides examples of three primary security areas: authentication and authorization using passwords, smart cards, or biometrics; prevention and resistance using content filtering, encryption, and firewalls; and detection and response using intrusion detection systems, antivirus software, and unified threat management systems. Vulnerabilities discussed include network accessibility, hardware and software problems, and wireless challenges. Security threats include hackers, malware, spoofing, sniffing, and identity theft. The document emphasizes that people are the biggest security issue and that policies, plans, and technology work together as lines of defense.

Business
1 of 36
Download to read offline
Management Information Systems Gabriella Kereszturi Lecture 7: Information Security
MAIN POINTS Describing the relationships and differences between hackers and viruses Describing the relationship between information security policies and an information security plan Providing an example of each of the three primary security areas: (1) authentication and authorization, (2) prevention and resistance, and (3) detection and response
• Why systems are vulnerable – Accessibility of networks – Hardware problems (breakdowns, configuration errors, damage from improper use or crime) – Software problems (programming errors, installation errors, unauthorized changes) – Disasters – Use of networks/computers outside of firm’s control – Loss and theft of portable devices Systems Vulnerability and Abuse Source: Laudon & Laudon (2016)
The architecture of a Web-based application typically includes a Web client, a server, and corporate information systems linked to databases. Each of these components presents security challenges and vulnerabilities. Floods, fires, power failures, and other electrical problems can cause disruptions at any point in the network. Source: Laudon & Laudon (2016) Security Challenges & Vulnerabilities
• Internet vulnerabilities – Network open to anyone – Size of Internet means abuses can have wide impact – Use of fixed Internet addresses …… creates fixed targets for hackers – E-mail, IM, …. • Interception • Attachments with malicious software • Transmitting trade secrets - Wireless security challenges - Etc… System Vulnerability and Abuse Source: Laudon & Laudon (2016)
Many Wi-Fi networks can be penetrated easily by intruders using sniffer programs to obtain an address to access the resources of a network without authorization. WI-FI Security Challenges Source: Laudon & Laudon (2016)
Protecting Intellectual Assets • Organizational information is intellectual capital - it must be protected • Information security – The protection of information from accidental or intentional misuse by persons inside or outside an organization • Downtime – Refers to a period of time when a system is unavailable
Security Threats Caused by Hackers and Malware • Hacker – Experts in technology who use their knowledge to break into computers and computer networks, either for profit / benefit or just motivated by the challenge – Black-hat hacker – White-hat hacker – Hactivist – Cracker – Cyberterrorist
Hackers • White-hat hackers—work at the request of the system owners to find system vulnerabilities and plug the holes • Black-hat hackers —break into other people’s computer systems and may just look around or may steal and destroy information • Hactivists—have philosophical and political reasons for breaking into systems and will often deface the website as a protest
Hackers • Cracker—a hacker with criminal intent • Cyberterrorists—seek to cause harm to people or to destroy critical systems or information and use the Internet as a weapon of mass destruction
– Viruses • Malicious software program that attaches itself to other software programs or data files in order to be executed – Worms • Independent programs that copy themselves from one computer to other computers over a network. – Worms and viruses spread by • Downloads (drive-by downloads) • E-mail, IM attachments • Downloads on Web sites and social networks Malware (Malicious Software) Source: Laudon & Laudon (2016)
• Denial-of-service attacks (DoS) – Flooding server with thousands of false requests to crash the network • Distributed denial-of-service attacks (DDoS) – Use of numerous computers to launch a DoS Malware (Malicious Software) Source: Laudon & Laudon (2016)
– Trojan horses • Software that appears harmless but does something other than expected – Spyware • Small programs install themselves in secret/by improper means on computers to monitor user Web surfing activities….. Malware (Malicious Software) Source: Laudon & Laudon (2016)
How Malicious Software Spread?
Security threats …. • Malicious code includes a variety of threats (eg viruses, worms, and Trojan horses) • Spoofing is the forging of the return address on an email so that the email message appears to come from someone other than the actual sender. This is not a virus but rather a way by which virus authors hide their identities as they send out viruses.
Security threats …. • A sniffer is a program or device that can monitor data traveling over a network. Sniffers can show all the data being transmitted over a network, including passwords and sensitive information. Sniffers tend to be a favorite weapon in the hacker’s arsenal.
• Pharming – Redirects users to a bogus Web page, even when individual types correct Web page address into his or her browser • Identity theft – Theft of personal Information (social security ID, driver’s license, or credit card numbers) to impersonate someone else • Phishing – Sending an e-mail messages that look like from a legitimate businesses to ask users for confidential personal data and this may include a link to a fake Web sites Security threats …. Source: Laudon & Laudon (2016)
The First Line of Defense - People • Organizations must enable employees, customers, and partners to access information electronically • The biggest issue surrounding information security is not a technical issue, but a people issue
The First Line of Defense - People • The first line of defense an organization should follow to help combat insider issues is to develop information security policies and an information security plan – Information security policies – identify the rules required to maintain information security – Information security plan – details how an organization will implement the information security policies
The Second Line of Defense - Technology • There are three primary information technology security areas
Authentication and Authorization • Authentication – A method for confirming users’identities • Authorization – The process of giving someone permission to do or have something • The most secure type of authentication involves 1. Something the user knows 2. Something the user has 3. Something that is part of the user
Something the User Knows Such As a User ID and Password • This is the most common way to identify individual users and typically contains a user ID and a password • This is also the most ineffective form of authentication • Over 50 % of help-desk calls are password related
• Smart cards and tokens are more effective than a user ID and a password – Tokens – Small electronic devices that change user passwords automatically – Smart card – A device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing Something the User has Such As Smart cards and tokens
Something That Is Part Of The User Such As a Fingerprint or Iris • This is by far the best and most effective way to manage authentication – Biometrics – The identification of a user based on a physical characteristic, such as a fingerprint, iris, voice, or handwriting • Unfortunately, this method can be costly and intrusive
Prevention and Resistance • Downtime can cost an organization anywhere from $100 to $1 million per hour • Technologies available to help prevent and build resistance to attacks include 1. Content filtering 2. Encryption 3. Firewalls
Prevention and Resistance • Content filtering - Prevents emails containing sensitive information from transmitting and stops spam and viruses from spreading
Prevention and Resistance • If there is an information security breach and the information was encrypted, the person stealing the information would be unable to read it – Encryption – Public key encryption (PKE)
Prevention and Resistance Encryption – scrambles information into an alternative form that requires a key or password to decrypt the information Public key encryption (PKE) – an encryption system that uses two keys: a public key for everyone and a private key for the recipient
A public key encryption system can be viewed as a series of public and private keys that lock data when they are transmitted and unlock the data when they are received. The sender locates the recipient’s public key in a directory and uses it to encrypt a message. The message is sent in encrypted form over the Internet or a private network. When the encrypted message arrives, the recipient uses his or her private key to decrypt the data and read the message. Public Key Encryption Source: Laudon & Laudon (2016)
Watch this video • https://www.youtube.com/watch?v=E5FEqGYLL0o • https://www.youtube.com/watch?v=EJd8zqN3zTw
Firewall: – Combination of hardware and software that prevents unauthorized users from accessing private networks Prevention and Resistance Source: Laudon & Laudon (2016)
The firewall is placed between the firm’s private network and the public Internet or another distrusted network to protect against unauthorized traffic. Source: Laudon & Laudon (2016) A Corporate Firewall
Detection and Response • If prevention and resistance strategies fail and there is a security breach, an organization can use detection and response technologies to mitigate the damage
• Intrusion detection systems: – Monitors hot spots on corporate networks to detect and deter intruders – Examines events as they are happening to discover attacks in progress • Antivirus and antispyware software: – Checks computers for presence of malware and can often eliminate it as well – Requires continual updating • Unified threat management (UTM) systems Detection and Response Source: Laudon & Laudon (2016)
Task • Read chapter 8 (textbook) and related material and videos.
References • Baltzan, P. ( 2016) Business Driven Information Systems. Global Edition, 5th ed McGraw-Hill/NY. • Laudon K.C. and Laudon J.P. (2016) Management Information Systems, Managing the Digital Firm, 14th ed. Prentice Hall. • Laudon K.C. and Laudon J.P. (2020) Management Information Systems, Managing the Digital Firm, 16th ed. Prentice Hall.

Recommended

Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedBule Hora University
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresCarl B. Forkner, Ph.D.
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Data protection and security
Data protection and securityData protection and security
Data protection and securitynazar60
 
chapter13 - Computing Security Ethics.pdf
chapter13 - Computing Security Ethics.pdfchapter13 - Computing Security Ethics.pdf
chapter13 - Computing Security Ethics.pdfsatonaka3
 
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Cengage Learning
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsBilalMehmood44
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITYafaque jaya
 

Recommended

Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedBule Hora University
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresCarl B. Forkner, Ph.D.
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Data protection and security
Data protection and securityData protection and security
Data protection and securitynazar60
 
chapter13 - Computing Security Ethics.pdf
chapter13 - Computing Security Ethics.pdfchapter13 - Computing Security Ethics.pdf
chapter13 - Computing Security Ethics.pdfsatonaka3
 
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Cengage Learning
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsBilalMehmood44
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITYafaque jaya
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
Information security
Information security Information security
Information securityJin Castor
 
Network security
Network securityNetwork security
Network securityhajra azam
 
Lecture 5.1.pptx
Lecture 5.1.pptxLecture 5.1.pptx
Lecture 5.1.pptxDibyesh1
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptxJoselitoJMebolos
 
Unit v
Unit vUnit v
Unit vbharatnaruka90
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxRoshni814224
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptxMsVaishaliKumar
 
Security issues ethics in education chapter 8
Security issues ethics in education chapter 8Security issues ethics in education chapter 8
Security issues ethics in education chapter 8Theresa Ann Rollins-Fanning
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptxKnownId
 
Chapter 13
Chapter 13Chapter 13
Chapter 13bodo-con
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewallsMurali Mohan
 
Information security / Cyber Security ppt
Information security / Cyber Security pptInformation security / Cyber Security ppt
Information security / Cyber Security pptGryffin EJ
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.pptEndAlk15
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingChetanmalviya8
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer SystemManesh T
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentalsManesh T
 
internet securityand cyber law Unit2
internet securityand cyber law Unit2internet securityand cyber law Unit2
internet securityand cyber law Unit2Royalzig Luxury Furniture
 
Complete notes security
Complete notes securityComplete notes security
Complete notes securityKitkat Emoo
 
11 Computer Privacy
11 Computer Privacy11 Computer Privacy
11 Computer PrivacySaqib Raza
 
RE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechRE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechNewman George Leech
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 

More Related Content

Similar to Management Information Systems Lecture 7 Security Summary

attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
Information security
Information security Information security
Information securityJin Castor
 
Network security
Network securityNetwork security
Network securityhajra azam
 
Lecture 5.1.pptx
Lecture 5.1.pptxLecture 5.1.pptx
Lecture 5.1.pptxDibyesh1
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxRoshni814224
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptxKnownId
 
Chapter 13
Chapter 13Chapter 13
Chapter 13bodo-con
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewallsMurali Mohan
 
Information security / Cyber Security ppt
Information security / Cyber Security pptInformation security / Cyber Security ppt
Information security / Cyber Security pptGryffin EJ
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.pptEndAlk15
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer SystemManesh T
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentalsManesh T
 
Complete notes security
Complete notes securityComplete notes security
Complete notes securityKitkat Emoo
 
11 Computer Privacy
11 Computer Privacy11 Computer Privacy
11 Computer PrivacySaqib Raza
 

Similar to Management Information Systems Lecture 7 Security Summary (20)

attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
 
Information security
Information security Information security
Information security
 
Network security
Network securityNetwork security
Network security
 
Lecture 5.1.pptx
Lecture 5.1.pptxLecture 5.1.pptx
Lecture 5.1.pptx
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
 
Unit v
Unit vUnit v
Unit v
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptx
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptx
 
Security issues ethics in education chapter 8
Security issues ethics in education chapter 8Security issues ethics in education chapter 8
Security issues ethics in education chapter 8
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
 
Chapter 13
Chapter 13Chapter 13
Chapter 13
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
 
Information security / Cyber Security ppt
Information security / Cyber Security pptInformation security / Cyber Security ppt
Information security / Cyber Security ppt
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.ppt
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer System
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentals
 
internet securityand cyber law Unit2
internet securityand cyber law Unit2internet securityand cyber law Unit2
internet securityand cyber law Unit2
 
Complete notes security
Complete notes securityComplete notes security
Complete notes security
 
11 Computer Privacy
11 Computer Privacy11 Computer Privacy
11 Computer Privacy
 

Recently uploaded

RE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechRE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechNewman George Leech
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCRsoniya singh
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppelCorporation
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCRashishs7044
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
India Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportIndia Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportMintel Group
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailAriel592675
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCRashishs7044
 
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...lizamodels9
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxMarkAnthonyAurellano
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Roomdivyansh0kumar0
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionMintel Group
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessAggregage
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In.../:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...lizamodels9
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607dollysharma2066
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menzaictsugar
 
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfpollardmorgan
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfKhaled Al Awadi
 

Recently uploaded (20)

RE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechRE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman Leech
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
India Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportIndia Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample Report
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detail
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
 
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted Version
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for Success
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In.../:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
 
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
 

Management Information Systems Lecture 7 Security Summary

  • 1. Management Information Systems Gabriella Kereszturi Lecture 7: Information Security
  • 2. MAIN POINTS Describing the relationships and differences between hackers and viruses Describing the relationship between information security policies and an information security plan Providing an example of each of the three primary security areas: (1) authentication and authorization, (2) prevention and resistance, and (3) detection and response
  • 3. • Why systems are vulnerable – Accessibility of networks – Hardware problems (breakdowns, configuration errors, damage from improper use or crime) – Software problems (programming errors, installation errors, unauthorized changes) – Disasters – Use of networks/computers outside of firm’s control – Loss and theft of portable devices Systems Vulnerability and Abuse Source: Laudon & Laudon (2016)
  • 4. The architecture of a Web-based application typically includes a Web client, a server, and corporate information systems linked to databases. Each of these components presents security challenges and vulnerabilities. Floods, fires, power failures, and other electrical problems can cause disruptions at any point in the network. Source: Laudon & Laudon (2016) Security Challenges & Vulnerabilities
  • 5. • Internet vulnerabilities – Network open to anyone – Size of Internet means abuses can have wide impact – Use of fixed Internet addresses …… creates fixed targets for hackers – E-mail, IM, …. • Interception • Attachments with malicious software • Transmitting trade secrets - Wireless security challenges - Etc… System Vulnerability and Abuse Source: Laudon & Laudon (2016)
  • 6. Many Wi-Fi networks can be penetrated easily by intruders using sniffer programs to obtain an address to access the resources of a network without authorization. WI-FI Security Challenges Source: Laudon & Laudon (2016)
  • 7. Protecting Intellectual Assets • Organizational information is intellectual capital - it must be protected • Information security – The protection of information from accidental or intentional misuse by persons inside or outside an organization • Downtime – Refers to a period of time when a system is unavailable
  • 8. Security Threats Caused by Hackers and Malware • Hacker – Experts in technology who use their knowledge to break into computers and computer networks, either for profit / benefit or just motivated by the challenge – Black-hat hacker – White-hat hacker – Hactivist – Cracker – Cyberterrorist
  • 9. Hackers • White-hat hackers—work at the request of the system owners to find system vulnerabilities and plug the holes • Black-hat hackers —break into other people’s computer systems and may just look around or may steal and destroy information • Hactivists—have philosophical and political reasons for breaking into systems and will often deface the website as a protest
  • 10. Hackers • Cracker—a hacker with criminal intent • Cyberterrorists—seek to cause harm to people or to destroy critical systems or information and use the Internet as a weapon of mass destruction
  • 11. – Viruses • Malicious software program that attaches itself to other software programs or data files in order to be executed – Worms • Independent programs that copy themselves from one computer to other computers over a network. – Worms and viruses spread by • Downloads (drive-by downloads) • E-mail, IM attachments • Downloads on Web sites and social networks Malware (Malicious Software) Source: Laudon & Laudon (2016)
  • 12. • Denial-of-service attacks (DoS) – Flooding server with thousands of false requests to crash the network • Distributed denial-of-service attacks (DDoS) – Use of numerous computers to launch a DoS Malware (Malicious Software) Source: Laudon & Laudon (2016)
  • 13. – Trojan horses • Software that appears harmless but does something other than expected – Spyware • Small programs install themselves in secret/by improper means on computers to monitor user Web surfing activities….. Malware (Malicious Software) Source: Laudon & Laudon (2016)
  • 15. Security threats …. • Malicious code includes a variety of threats (eg viruses, worms, and Trojan horses) • Spoofing is the forging of the return address on an email so that the email message appears to come from someone other than the actual sender. This is not a virus but rather a way by which virus authors hide their identities as they send out viruses.
  • 16. Security threats …. • A sniffer is a program or device that can monitor data traveling over a network. Sniffers can show all the data being transmitted over a network, including passwords and sensitive information. Sniffers tend to be a favorite weapon in the hacker’s arsenal.
  • 17. • Pharming – Redirects users to a bogus Web page, even when individual types correct Web page address into his or her browser • Identity theft – Theft of personal Information (social security ID, driver’s license, or credit card numbers) to impersonate someone else • Phishing – Sending an e-mail messages that look like from a legitimate businesses to ask users for confidential personal data and this may include a link to a fake Web sites Security threats …. Source: Laudon & Laudon (2016)
  • 18. The First Line of Defense - People • Organizations must enable employees, customers, and partners to access information electronically • The biggest issue surrounding information security is not a technical issue, but a people issue
  • 19. The First Line of Defense - People • The first line of defense an organization should follow to help combat insider issues is to develop information security policies and an information security plan – Information security policies – identify the rules required to maintain information security – Information security plan – details how an organization will implement the information security policies
  • 20. The Second Line of Defense - Technology • There are three primary information technology security areas
  • 21. Authentication and Authorization • Authentication – A method for confirming users’identities • Authorization – The process of giving someone permission to do or have something • The most secure type of authentication involves 1. Something the user knows 2. Something the user has 3. Something that is part of the user
  • 22. Something the User Knows Such As a User ID and Password • This is the most common way to identify individual users and typically contains a user ID and a password • This is also the most ineffective form of authentication • Over 50 % of help-desk calls are password related
  • 23. • Smart cards and tokens are more effective than a user ID and a password – Tokens – Small electronic devices that change user passwords automatically – Smart card – A device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing Something the User has Such As Smart cards and tokens
  • 24. Something That Is Part Of The User Such As a Fingerprint or Iris • This is by far the best and most effective way to manage authentication – Biometrics – The identification of a user based on a physical characteristic, such as a fingerprint, iris, voice, or handwriting • Unfortunately, this method can be costly and intrusive
  • 25. Prevention and Resistance • Downtime can cost an organization anywhere from $100 to $1 million per hour • Technologies available to help prevent and build resistance to attacks include 1. Content filtering 2. Encryption 3. Firewalls
  • 26. Prevention and Resistance • Content filtering - Prevents emails containing sensitive information from transmitting and stops spam and viruses from spreading
  • 27. Prevention and Resistance • If there is an information security breach and the information was encrypted, the person stealing the information would be unable to read it – Encryption – Public key encryption (PKE)
  • 28. Prevention and Resistance Encryption – scrambles information into an alternative form that requires a key or password to decrypt the information Public key encryption (PKE) – an encryption system that uses two keys: a public key for everyone and a private key for the recipient
  • 29. A public key encryption system can be viewed as a series of public and private keys that lock data when they are transmitted and unlock the data when they are received. The sender locates the recipient’s public key in a directory and uses it to encrypt a message. The message is sent in encrypted form over the Internet or a private network. When the encrypted message arrives, the recipient uses his or her private key to decrypt the data and read the message. Public Key Encryption Source: Laudon & Laudon (2016)
  • 30. Watch this video • https://www.youtube.com/watch?v=E5FEqGYLL0o • https://www.youtube.com/watch?v=EJd8zqN3zTw
  • 31. Firewall: – Combination of hardware and software that prevents unauthorized users from accessing private networks Prevention and Resistance Source: Laudon & Laudon (2016)
  • 32. The firewall is placed between the firm’s private network and the public Internet or another distrusted network to protect against unauthorized traffic. Source: Laudon & Laudon (2016) A Corporate Firewall
  • 33. Detection and Response • If prevention and resistance strategies fail and there is a security breach, an organization can use detection and response technologies to mitigate the damage
  • 34. • Intrusion detection systems: – Monitors hot spots on corporate networks to detect and deter intruders – Examines events as they are happening to discover attacks in progress • Antivirus and antispyware software: – Checks computers for presence of malware and can often eliminate it as well – Requires continual updating • Unified threat management (UTM) systems Detection and Response Source: Laudon & Laudon (2016)
  • 35. Task • Read chapter 8 (textbook) and related material and videos.
  • 36. References • Baltzan, P. ( 2016) Business Driven Information Systems. Global Edition, 5th ed McGraw-Hill/NY. • Laudon K.C. and Laudon J.P. (2016) Management Information Systems, Managing the Digital Firm, 14th ed. Prentice Hall. • Laudon K.C. and Laudon J.P. (2020) Management Information Systems, Managing the Digital Firm, 16th ed. Prentice Hall.