SlideShare a Scribd company logo

How To Secure MIS

Download as PPTX, PDF
AaDi Malik
AaDi Malik

MANAGEMENT INFORMATION SYSTEM

BusinessTechnology
1 of 30
MALIK TOUQEER BBA(HONS) THE ISLAMIA UNIVERSITY BAHAWALPUR PAKISTAN
SECURING MANAGEMENT INFORMATION SYSTEM
Introduction to MIS An MIS provides managers with information and support for effective decision making, and provides feedback on daily operations. MIS is a system, which makes available the Right Information to the Right Person at the Right place at the Right Time in the Right Form and at Right Cost.
 The quality or state of being secure to be free from danger  Security is achieved using several strategies simultaneously or used in combination with one another  Security is recognized as essential to protect vital processes and the systems that provide those processes  Security is not something you buy, it is something you do What is security?
Vulnerability, Threat and Attack  A vulnerability:- is a weakness in security system Can be in design, implementation, etc. Can be hardware, or software  A threat:- is a set of circumstances that has the potential to cause loss or harm Or it’s a potential violation of security Threat can be: Accidental (natural disasters, human error, …) Malicious (attackers, insider fraud, …)  An attack:- is the actual violation of security
Why Systems are Vulnerable?  Hardware problems- • Breakdowns, configuration errors, damage from improper use or crime  Software problems- • Programming errors, installation errors, unauthorized changes)  Disasters- • Power failures, flood, fires, etc.  Use of networks and computers outside of firm’s control - • E.g. with domestic or offshore outsourcing vendors
SO HOW DO WE OVERCOME THESE PROBLEMS???
BUSINESS VALUE OF SECURITY AND CONTROL • Inadequate security and control may create serious legal liability. • Businesses must protect not only their own information assets but also those of customers, employees, and business partners. Failure to do so can lead to costly litigation for data exposure or theft. • A sound security and control framework that protects business information assets can thus produce a high return on investment.
ESTABLISHING A MANAGEMENT FRAMEWORK FOR SECURITY AND CONTROL  General controls: Establish framework for controlling design, security, and use of computer programs • Software controls • Hardware controls • Computer operations controls • Data security controls • Implementation controls
ESTABLISHING A MANAGEMENT FRAMEWORK FOR SECURITY AND CONTROL Application controls: • Input • Processing • Output Unique to each computerized application
CREATING A CONTROL ENVIRONMENT  Controls:- • Methods, policies, and procedures • Ensures protection of organization’s assets • Ensures accuracy and reliability of records, and operational adherence to management standards
Worldwide Damage from Digital Attacks
CREATING A CONTROL ENVIRONMENT  Disaster recovery plan: Runs business in event of computer outage  Load balancing: Distributes large number of requests for access among multiple servers
CREATING A CONTROL ENVIRONMENT • Mirroring: Duplicating all processes and transactions of server on backup server to prevent any interruption • Clustering: Linking two computers together so that a second computer can act as a backup to the primary computer or speed up processing
CREATING A CONTROL ENVIRONMENT Internet Security Challenges  Firewalls:- • Hardware and software controlling flow of incoming and outgoing network traffic • Prevent unauthorized users from accessing private networks • Two types: proxies and stateful inspection  Intrusion Detection System:- • Monitors vulnerable points in network to detect and deter unauthorized intruders
Figure 10-7 A Corporate Firewall
 Because they can  A large fraction of hacker attacks have been pranks  Financial Gain  Espionage  Venting anger at a company or organization  Terrorism Why do Hackers Attack?
Access Control - Physical USER RESPONSIBILITIES • Follow Security Procedures • Wear Identity Cards • Ask unauthorized visitor his credentials • Attend visitors in Reception and Conference Room only • Bring visitors in operations area without prior permission • Bring hazardous and combustible material in secure area • Practice “Piggybacking” • Bring and use pen drives, zip drives, ipods, other storage devices unless and otherwise authorized to do so
Password Guidelines  Always use at least 8 character password with combination of alphabets, numbers and special characters (*, %, @, #, $, ^)  Use passwords that can be easily remembered by you  Change password regularly as per policy  Use password that is significantly different from earlier passwords Use passwords which reveals your personal information or words found in dictionary Write down or Store passwords Share passwords over phone or Email Use passwords which do not match above complexity criteria
 Dictionary Attack  Hacker tries all words in dictionary to crack password  70% of the people use dictionary words as passwords  Brute Force Attack  Try all permutations of the letters & symbols in the alphabet  Hybrid Attack  Words from dictionary and their variations used in attack  Shoulder Surfing  Hackers slyly watch over peoples shoulders to steal passwords  Dumpster Diving  People dump their trash papers in garbage which may contain information to crack passwords Password Attacks - Types
Internet Usage Use internet services for business purposes only  Do not access internet through dial-up connectivity  Do not use internet for accessing auction sites  Do not use internet for hacking other computer systems  Do not use internet to download / upload commercial software / copyrighted material  Technology Department is continuously monitoring Internet Usage. Any illegal use of internet and other assets shall call for Disciplinary Action.
CREATING A CONTROL ENVIRONMENT Antivirus Software  Antivirus software: - Software that checks computer systems and drives for the presence of computer viruses and can eliminate the virus from the infected area • Wi-Fi Protected Access specification
This NEC PC has a biometric fingerprint reader for fast yet secure access to files and networks. New models of PCs are starting to use biometric identification to authenticate users
MANAGEMENT CHALLENGES  Implementing an effective security policy  Applying quality assurance standards in large systems projects  What are the most important software quality assurance techniques?  Why are auditing information systems and safeguarding data quality so important?
Solution Guidelines • Security and control must become a more visible and explicit priority and area of information systems investment. • Support and commitment from top management is required to show that security is indeed a corporate priority and vital to all aspects of the business. • Security and control should be the responsibility of everyone in the organization.
. . . LET US BUILD A HUMAN WALL ALONG WITH FIREWALL Human Wall Is Always Better Than A Firewall
How To Secure MIS
How To Secure MIS

Recommended

1. security management practices
1. security management practices1. security management practices
1. security management practices7wounders
 
IT security consultancy company profile
IT security consultancy company profileIT security consultancy company profile
IT security consultancy company profileHK IT solutions... unlimited...
 
Information Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsInformation Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsJack Nichelson
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standardsprimeteacher32
 
Cissp Study notes.pdf
Cissp Study notes.pdfCissp Study notes.pdf
Cissp Study notes.pdfMAHESHUMANATHGOPALAK
 
Snort IDS
Snort IDSSnort IDS
Snort IDSprimeteacher32
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hackingVikram Khanna
 
IEEE Code Of Conduct/Ethics
IEEE Code Of Conduct/EthicsIEEE Code Of Conduct/Ethics
IEEE Code Of Conduct/EthicsMuhammad Amjad Rana
 

Recommended

1. security management practices
1. security management practices1. security management practices
1. security management practices7wounders
 
IT security consultancy company profile
IT security consultancy company profileIT security consultancy company profile
IT security consultancy company profileHK IT solutions... unlimited...
 
Information Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsInformation Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsJack Nichelson
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standardsprimeteacher32
 
Cissp Study notes.pdf
Cissp Study notes.pdfCissp Study notes.pdf
Cissp Study notes.pdfMAHESHUMANATHGOPALAK
 
Snort IDS
Snort IDSSnort IDS
Snort IDSprimeteacher32
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hackingVikram Khanna
 
IEEE Code Of Conduct/Ethics
IEEE Code Of Conduct/EthicsIEEE Code Of Conduct/Ethics
IEEE Code Of Conduct/EthicsMuhammad Amjad Rana
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?SahilRao25
 
Indian it act 2000
Indian it act 2000Indian it act 2000
Indian it act 2000Avinash Katariya
 
Security and personnel bp11521
Security and personnel bp11521Security and personnel bp11521
Security and personnel bp11521Merlin Florrence
 
Cyber security and current trends
Cyber security and current trendsCyber security and current trends
Cyber security and current trendsShreedeep Rayamajhi
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
Hacking ppt
Hacking pptHacking ppt
Hacking pptgiridhar_sadasivuni
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsPECB
 
Security Automation and Machine Learning
Security Automation and Machine LearningSecurity Automation and Machine Learning
Security Automation and Machine LearningSiemplify
 
Security and personnel
Security and personnelSecurity and personnel
Security and personnelDhani Ahmad
 
Computer misuse and criminal law
Computer misuse and criminal lawComputer misuse and criminal law
Computer misuse and criminal lawZaheer Irshad
 
Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & ArchitecturePriyanka Aash
 
100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022Temok IT Services
 
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEthical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEric Vanderburg
 
1 understanding cyber threats
1 understanding cyber threats 1 understanding cyber threats
1 understanding cyber threats mohamad Hamizi
 
Chapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptChapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptShruthi48
 
Cyber security
Cyber securityCyber security
Cyber securityAman Pradhan
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityOlivier Busolini
 
It Amendments Act
It Amendments ActIt Amendments Act
It Amendments Actanthony4web
 
Threat Hunting Workshop
Threat Hunting WorkshopThreat Hunting Workshop
Threat Hunting WorkshopSplunk
 
Management Information System Presentation
Management Information System PresentationManagement Information System Presentation
Management Information System PresentationAaDi Malik
 
Security and control in mis
Security and control in misSecurity and control in mis
Security and control in misGurjit
 

More Related Content

What's hot

INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?SahilRao25
 
Security and personnel bp11521
Security and personnel bp11521Security and personnel bp11521
Security and personnel bp11521Merlin Florrence
 
Cyber security and current trends
Cyber security and current trendsCyber security and current trends
Cyber security and current trendsShreedeep Rayamajhi
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsPECB
 
Security Automation and Machine Learning
Security Automation and Machine LearningSecurity Automation and Machine Learning
Security Automation and Machine LearningSiemplify
 
Security and personnel
Security and personnelSecurity and personnel
Security and personnelDhani Ahmad
 
Computer misuse and criminal law
Computer misuse and criminal lawComputer misuse and criminal law
Computer misuse and criminal lawZaheer Irshad
 
Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & ArchitecturePriyanka Aash
 
100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022Temok IT Services
 
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEthical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEric Vanderburg
 
1 understanding cyber threats
1 understanding cyber threats 1 understanding cyber threats
1 understanding cyber threats mohamad Hamizi
 
Chapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptChapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptShruthi48
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityOlivier Busolini
 
It Amendments Act
It Amendments ActIt Amendments Act
It Amendments Actanthony4web
 
Threat Hunting Workshop
Threat Hunting WorkshopThreat Hunting Workshop
Threat Hunting WorkshopSplunk
 

What's hot (20)

INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
 
Indian it act 2000
Indian it act 2000Indian it act 2000
Indian it act 2000
 
Security and personnel bp11521
Security and personnel bp11521Security and personnel bp11521
Security and personnel bp11521
 
Cyber security and current trends
Cyber security and current trendsCyber security and current trends
Cyber security and current trends
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policy
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
 
Security Automation and Machine Learning
Security Automation and Machine LearningSecurity Automation and Machine Learning
Security Automation and Machine Learning
 
Security and personnel
Security and personnelSecurity and personnel
Security and personnel
 
Computer misuse and criminal law
Computer misuse and criminal lawComputer misuse and criminal law
Computer misuse and criminal law
 
Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture
 
100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022
 
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEthical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
 
1 understanding cyber threats
1 understanding cyber threats 1 understanding cyber threats
1 understanding cyber threats
 
Chapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptChapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.ppt
 
Cyber security
Cyber securityCyber security
Cyber security
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
 
It Amendments Act
It Amendments ActIt Amendments Act
It Amendments Act
 
Threat Hunting Workshop
Threat Hunting WorkshopThreat Hunting Workshop
Threat Hunting Workshop
 

Similar to How To Secure MIS

Management Information System Presentation
Management Information System PresentationManagement Information System Presentation
Management Information System PresentationAaDi Malik
 
Security and control in mis
Security and control in misSecurity and control in mis
Security and control in misGurjit
 
IM Unit 4 Security and its a control.ppt
IM Unit 4 Security and its a control.pptIM Unit 4 Security and its a control.ppt
IM Unit 4 Security and its a control.pptRAJESH S
 
Security & control in mis
Security & control in misSecurity & control in mis
Security & control in misVishal Patyal
 
Meletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis Belsis MPhil/MRes/BSc
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Kirti Ahirrao
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMuhammad Asim
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineeringaizazhussain234
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxwkyra78
 
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Knoldus Inc.
 
chapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crimechapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crimemuhammad awais
 
The Open Group - ZT Commandments and Reference Model.pptx
The Open Group - ZT Commandments and Reference Model.pptxThe Open Group - ZT Commandments and Reference Model.pptx
The Open Group - ZT Commandments and Reference Model.pptxMark Simos
 
MS. Cybersecurity Reference Architecture
MS. Cybersecurity Reference ArchitectureMS. Cybersecurity Reference Architecture
MS. Cybersecurity Reference Architectureangelohammond
 
Week 09_Cyber security u.pdf
Week 09_Cyber security u.pdfWeek 09_Cyber security u.pdf
Week 09_Cyber security u.pdfdhanywahyudi17
 

Similar to How To Secure MIS (20)

Management Information System Presentation
Management Information System PresentationManagement Information System Presentation
Management Information System Presentation
 
Security and control in mis
Security and control in misSecurity and control in mis
Security and control in mis
 
IM Unit 4 Security and its a control.ppt
IM Unit 4 Security and its a control.pptIM Unit 4 Security and its a control.ppt
IM Unit 4 Security and its a control.ppt
 
Security & control in mis
Security & control in misSecurity & control in mis
Security & control in mis
 
Meletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information security
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
 
Security and Control.ppt
Security and Control.pptSecurity and Control.ppt
Security and Control.ppt
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
 
Presentation 10.pptx
Presentation 10.pptxPresentation 10.pptx
Presentation 10.pptx
 
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
 
chapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crimechapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crime
 
The Open Group - ZT Commandments and Reference Model.pptx
The Open Group - ZT Commandments and Reference Model.pptxThe Open Group - ZT Commandments and Reference Model.pptx
The Open Group - ZT Commandments and Reference Model.pptx
 
MS. Cybersecurity Reference Architecture
MS. Cybersecurity Reference ArchitectureMS. Cybersecurity Reference Architecture
MS. Cybersecurity Reference Architecture
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 
Week 09_Cyber security u.pdf
Week 09_Cyber security u.pdfWeek 09_Cyber security u.pdf
Week 09_Cyber security u.pdf
 
It security cognic_systems
It security cognic_systemsIt security cognic_systems
It security cognic_systems
 
Cyber Security # Lec 5
Cyber Security # Lec 5Cyber Security # Lec 5
Cyber Security # Lec 5
 
Information Security Seminar
Information Security SeminarInformation Security Seminar
Information Security Seminar
 

Recently uploaded

Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Roland Driesen
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesDipal Arora
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Neil Kimberley
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...lizamodels9
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataExhibitors Data
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfAdmir Softic
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...Paul Menig
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfAmzadHosen3
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyEthan lee
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxWorkforce Group
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 

Recently uploaded (20)

Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors Data
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdf
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 

How To Secure MIS

  • 1.
  • 2.
  • 3. MALIK TOUQEER BBA(HONS) THE ISLAMIA UNIVERSITY BAHAWALPUR PAKISTAN
  • 5. Introduction to MIS An MIS provides managers with information and support for effective decision making, and provides feedback on daily operations. MIS is a system, which makes available the Right Information to the Right Person at the Right place at the Right Time in the Right Form and at Right Cost.
  • 6.  The quality or state of being secure to be free from danger  Security is achieved using several strategies simultaneously or used in combination with one another  Security is recognized as essential to protect vital processes and the systems that provide those processes  Security is not something you buy, it is something you do What is security?
  • 7. Vulnerability, Threat and Attack  A vulnerability:- is a weakness in security system Can be in design, implementation, etc. Can be hardware, or software  A threat:- is a set of circumstances that has the potential to cause loss or harm Or it’s a potential violation of security Threat can be: Accidental (natural disasters, human error, …) Malicious (attackers, insider fraud, …)  An attack:- is the actual violation of security
  • 8. Why Systems are Vulnerable?  Hardware problems- • Breakdowns, configuration errors, damage from improper use or crime  Software problems- • Programming errors, installation errors, unauthorized changes)  Disasters- • Power failures, flood, fires, etc.  Use of networks and computers outside of firm’s control - • E.g. with domestic or offshore outsourcing vendors
  • 9. SO HOW DO WE OVERCOME THESE PROBLEMS???
  • 10. BUSINESS VALUE OF SECURITY AND CONTROL • Inadequate security and control may create serious legal liability. • Businesses must protect not only their own information assets but also those of customers, employees, and business partners. Failure to do so can lead to costly litigation for data exposure or theft. • A sound security and control framework that protects business information assets can thus produce a high return on investment.
  • 11. ESTABLISHING A MANAGEMENT FRAMEWORK FOR SECURITY AND CONTROL  General controls: Establish framework for controlling design, security, and use of computer programs • Software controls • Hardware controls • Computer operations controls • Data security controls • Implementation controls
  • 12. ESTABLISHING A MANAGEMENT FRAMEWORK FOR SECURITY AND CONTROL Application controls: • Input • Processing • Output Unique to each computerized application
  • 13. CREATING A CONTROL ENVIRONMENT  Controls:- • Methods, policies, and procedures • Ensures protection of organization’s assets • Ensures accuracy and reliability of records, and operational adherence to management standards
  • 14. Worldwide Damage from Digital Attacks
  • 15. CREATING A CONTROL ENVIRONMENT  Disaster recovery plan: Runs business in event of computer outage  Load balancing: Distributes large number of requests for access among multiple servers
  • 16. CREATING A CONTROL ENVIRONMENT • Mirroring: Duplicating all processes and transactions of server on backup server to prevent any interruption • Clustering: Linking two computers together so that a second computer can act as a backup to the primary computer or speed up processing
  • 17. CREATING A CONTROL ENVIRONMENT Internet Security Challenges  Firewalls:- • Hardware and software controlling flow of incoming and outgoing network traffic • Prevent unauthorized users from accessing private networks • Two types: proxies and stateful inspection  Intrusion Detection System:- • Monitors vulnerable points in network to detect and deter unauthorized intruders
  • 19.  Because they can  A large fraction of hacker attacks have been pranks  Financial Gain  Espionage  Venting anger at a company or organization  Terrorism Why do Hackers Attack?
  • 20. Access Control - Physical USER RESPONSIBILITIES • Follow Security Procedures • Wear Identity Cards • Ask unauthorized visitor his credentials • Attend visitors in Reception and Conference Room only • Bring visitors in operations area without prior permission • Bring hazardous and combustible material in secure area • Practice “Piggybacking” • Bring and use pen drives, zip drives, ipods, other storage devices unless and otherwise authorized to do so
  • 21. Password Guidelines  Always use at least 8 character password with combination of alphabets, numbers and special characters (*, %, @, #, $, ^)  Use passwords that can be easily remembered by you  Change password regularly as per policy  Use password that is significantly different from earlier passwords Use passwords which reveals your personal information or words found in dictionary Write down or Store passwords Share passwords over phone or Email Use passwords which do not match above complexity criteria
  • 22.  Dictionary Attack  Hacker tries all words in dictionary to crack password  70% of the people use dictionary words as passwords  Brute Force Attack  Try all permutations of the letters & symbols in the alphabet  Hybrid Attack  Words from dictionary and their variations used in attack  Shoulder Surfing  Hackers slyly watch over peoples shoulders to steal passwords  Dumpster Diving  People dump their trash papers in garbage which may contain information to crack passwords Password Attacks - Types
  • 23. Internet Usage Use internet services for business purposes only  Do not access internet through dial-up connectivity  Do not use internet for accessing auction sites  Do not use internet for hacking other computer systems  Do not use internet to download / upload commercial software / copyrighted material  Technology Department is continuously monitoring Internet Usage. Any illegal use of internet and other assets shall call for Disciplinary Action.
  • 24. CREATING A CONTROL ENVIRONMENT Antivirus Software  Antivirus software: - Software that checks computer systems and drives for the presence of computer viruses and can eliminate the virus from the infected area • Wi-Fi Protected Access specification
  • 25. This NEC PC has a biometric fingerprint reader for fast yet secure access to files and networks. New models of PCs are starting to use biometric identification to authenticate users
  • 26. MANAGEMENT CHALLENGES  Implementing an effective security policy  Applying quality assurance standards in large systems projects  What are the most important software quality assurance techniques?  Why are auditing information systems and safeguarding data quality so important?
  • 27. Solution Guidelines • Security and control must become a more visible and explicit priority and area of information systems investment. • Support and commitment from top management is required to show that security is indeed a corporate priority and vital to all aspects of the business. • Security and control should be the responsibility of everyone in the organization.
  • 28. . . . LET US BUILD A HUMAN WALL ALONG WITH FIREWALL Human Wall Is Always Better Than A Firewall