SlideShare a Scribd company logo

The literature and write report on information system security part 1 of 5 parts

raufik tajuddin
raufik tajuddin

notes

Education
1 of 12
Download to read offline
2015 Mohamed Raufik Tajuddin MBA student :Open University Malaysia 5/1/2015 The literature and paper report on information system security: Part 1 of 5 Parts
1 Table of Contents Executive summary..................................................................................................................2 Introduction..............................................................................................................................3 1.1 information system security..............................................................................................4 1.2 DDoS....................................................................................................................................5 1.2.1 Flood attacks............................................................................................................7 1.2.2 Logic or software attacks ...........................................................................................8 1.3.1 Managing Airport Resources.....................................................................................9 1.3.2 Smart Airport Automation System...........................................................................9 Conclusion ..............................................................................................................................10 References...............................................................................................................................11
2 Executive summary Information systems need to be secure if they are to be reliable. Since many businesses are critically reliant on their information systems for key business processes (e.g. websites, production scheduling, transaction processing), security can be seen to be a very important area for management to get right. However there are other parties that is cashing in into this situation where they will hack into computers and servers and passing on threats into the system, which then cause system breakdown and results in business failure. One of the threats is Distributed denial-of-service (DDoS). On the 10th of October, Narita and Chubu airports in the east of the country, were both subject to DDoS attacks on their websites by the hacktivist group Anonymous, as part of its campaign against dolphin hunting, a practice that, though controversial, is still legal in Japan. (The Japan Times, Oct 29, 2015). A smart airport automation system gathers and reinterprets a wide variety of aircraft and airport related data and information around unattended or non-towered airports. Data is gathered from many different types of sources, and in otherwise incompatible data formats. Cyber threats to the aviation industry, and specifically the computers controlling aircraft, have been highlighted by security consultants and at various hacking conferences. Many of the popular case studies are driven by the curiosity of white hat hackers. Therefore, acknowledge good practises, buildup threat intelligence, regulatory frameworks, education and real time monitoring, and accepting cyber security as a whole, may overcome information security systems failure.
3 Introduction Information systems need to be secure if they are to be reliable. Since many businesses are critically reliant on their information systems for key business processes (e.g. websites, production scheduling, transaction processing), security can be seen to be a very important area for management to get right. However there are other parties that is cashing in into this situation where they will hack into computers and servers and passing on threats into the system, which then cause system breakdown and results in business failure. One of the threats is Distributed denial-of-service (DDoS). On the 10th of October, Narita and Chubu airports in the east of the country, were both subject to DDoS attacks on their websites by the hacktivist group Anonymous, as part of its campaign against dolphin hunting, a practice that, though controversial, is still legal in Japan. (The Japan Times, Oct 29, 2015). DDoS, a denial-of-service attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. There are two general forms of DDoS attacks: those that crash services and those that flood services. A DDoS attack floods a network with traffic, rendering the network useless to its intended users. The attack will either force the target networks to reset or consume its resources so that it is unable to provide its intended service. Crackers will plan his attack during peak traffic to make the impact harsher. While private information was not stolen, the attacks still posed a security threat and inconvenience for customers and the organisation.
4 1.1 information system security According to the UK Government, Information security is: "the practice of ensuring information is only read, heard, changed, broadcast and otherwise used by people who have the right to do so" (Source: UK Online for Business) Information systems need to be secure if they are to be reliable. Since many businesses are critically reliant on their information systems for key business processes (e.g. websites, production scheduling, transaction processing), security can be seen to be a very important area for management to get right. Security and disaster training is identified as the top IT required skill that needs to be taught in IS curriculums (Kim, Hsu, & Stern, 2006). Accordingly, information security and privacy have become core concepts in information system education (Hentea, Dhillon, & Dhillon, 2006; Kroenke, 2012; Laudon & Laudon, 2010). Instructors have several approaches to teach security and privacy concepts. One can take a more traditional lecture based approach or a more hands- on approach that utilizes labs, case studies, etc. (Gregg, 2008). Most of the prominent security case studies focus on how businesses deal with data breaches or privacy issues. For example, McNulty (2007) discusses the impact of a data breach on customers in a retail electronics setting. The case deals with issues of the best way to communicate the breach with customers and, overall, forces the participants to consider disaster response strategy before a disaster occurs. Similarly, Haggerty and Chandrasekhar (2008) highlight the events leading to and the fallout due to a data breach at TJX. These cases highlight the issues of enormous amount of data that retailers generate and the onus on firms to protect the sensitive information. Eisenmann’s (2009) case addresses the severity of growing dependence on technology in the medical industry. The case setting is a hospital (medical industry) where the access to medical records is denied, putting numerous lives at risk. As the hackers try to extort money, the case raises ethical and legal questions and forces participants to make tough decisions. Coutu (2007) raises ethical questions about the growing issue of lack of privacy in the networked world. The case addresses whether the information found on Internet about a person can become a burden in advancing the person’s careers. Ethical and privacy questions related to confidentiality of data and data reuse in business settings are also raised (Davenport & Harris, 2007; Fusaro, 2004; Schenberger
5 & Mark, 2001). Davenport and Harris (2007) present a case that deals with the issue of data reuse. It is a common practice for businesses to share customer data with the businesses’ affiliates. The case in question asks at what stage is the sharing of information detrimental to customers? In a similar vein, Fusaro’s (2004) case asks at what stage do the data collected for customization cross the boundary and become invasion of privacy? DoubleClick’s profiling issues and breach of privacy are also well known (Schenberger & Mark, 2001). Complaints filed with the Federal Trade Commission had a severe impact on the shares of DoubleClick and led to the development of privacy policies (Schenberger & Mark, 2001). Therefore, in my opinion information system security is very crusher if we want to welcome the internet evolution in the business industry. Information systems increase business productivity and we are also may be facing with big data technology. Hence information system security is so important in our future business going forward. However there are other parties that is cashing in into this situation where they will hack into computers and servers and passing on threats into the system, which then cause system breakdown and results in business failure. One of the threats is Distributed denial-of-service (DDoS). 1.2 DDoS Battling distributed denial-of-service (DDoS) and malware attacks is part of everyday business for all organisations; and so is defending against newer cyber threats. DDoS attacks bombards a network or website with traffic (i.e., requests for service) to crash it and leave it vulnerable to other threats.
6 Figure 1.0 : DDoS FLOW CHART Referring to Fig 1.0: DDoS Flow Chart, showing the flow from running client program - handler – compromised – internet – targeted servers.
7 The most serious attacks are distributed and in many or most cases involve forging of IP sender addresses (IP address spoofing) so that the location of the attacking machines cannot easily be identified, nor can filtering be done based on the source address. 1.2.1 Flood attacks A remote system is overwhelmed by a continuous flood of traffic designed to consume resources at the targeted server (CPU cycles and memory) and/or in the network (bandwidth and packet buffers)2. These attacks result in degraded service or a complete site shutdown. 1.2.1.1 TCP SYN Flood Attack: Taking advantage of the flaw of TCP three-way handshaking behaviour, an attacker makes connection requests aimed at the victim server with packets with unreachable source addresses. The server is not able to complete the connection requests and, as a result, the victim wastes all of its network resources. A relatively small flood of bogus packets will tie up memory, CPU, and applications, resulting in shutting down a server. 1.2.1.2 Smurf IP Attack: An attacker sends forged ICMP echo packets to broadcast addresses of vulnerable networks. All the systems on these networks reply to the victim with ICMP echo replies. This rapidly exhausts the bandwidth available to the target, effectively denying its services to legitimate users. 1.2.1.3 UDP Flood Attack: UDP is a connectionless protocol and it does not require any connection setup procedure to transfer data. A UDP Flood Attack is possible when an attacker sends a UDP packet to a random port on the victim system. When the victim system receives a UDP packet, it will determine what application is waiting on the destination port. When it realizes that there is no application that is waiting on the port, it will generate an ICMP packet of destination unreachable to the forged source address. If enough UDP packets are delivered to ports on victim, the system will go down. 1.2.1.4 ICMP Flood Attack: An ICMP attack can come in many forms. There are 2 basic kinds, Floods and Nukes. An ICMP flood is usually accomplished by broadcasting either a bunch of pings (Not IRC pings, ICMP pings. Similar purpose, but handled differently) or UDP packets (which are used in software like PointCast). The idea is, to send so much data to your system, that it slows you down so much that you're disconnected from IRC due to a ping timeout. Nukes exploit bugs in certain Operating systems, Like Windows 95, and Windows
8 NT. The idea is to send a packet of information that the OS can't handle. Usually, they cause your system to lock up. 1.2.2 Logic or software attacks A small number of malformed packets are designed to exploit known software bugs on the target system. These attacks are relatively easy to counter either through the installation of software patches that eliminate the vulnerabilities or by adding specialized firewall rules to filter out malformed packets before they reach the target system. 1.2.2.1 Ping of Death: An attacker sends an ICMP ECHO request packet that is much larger than the maximum IP packet size to victim. Since the received ICMP echo request packet is bigger than the normal IP packet size, the victim cannot reassemble the packets. The OS may be crashed or rebooted as a result. 1.2.2.2 Teardrop: An attacker sends two fragments that cannot be reassembled properly by manipulating the offset value of packet and cause reboot or halt of victim system. Many other variants such as targa, SYNdrop, Boink, Nestea Bonk, TearDrop2 and NewTear are available. 1.2.2.3 Land: An attacker sends a forged packet with the same source and destination IP address. The victim system will be confused and crashed or rebooted 1.2.2.4 Echo/Chargen: The character generator (chargen) service is designed to simply generate a stream of characters. It is primarily used for testing purposes. Remote users/intruders can abuse this service by exhausting system resources. Spoofed network sessions that appear to come from that local system's echo service can be pointed at the chargen service to form a "loop." This session will cause huge amounts of data to be passed in an endless loop that causes heavy load to the system. When this spoofed session is pointed at a remote system's echo service, this denial of service attack will cause heavy network traffic/overhead that considerably slows your network down. It should be noted that an attacker does not need to be on your subnet to perform this attack as he/she can forge the source addresses to these services with relative ease.
9 1.3.1 Managing Airport Resources 1.3.1.1 The airport operator should also ensure that the necessary communications infrastructure is provided, and that all necessary systems and procedures can be installed and operated. It is essential that information exchange between all airport users is coordinated and agreed upon, taking into account the technological solutions and standards best suited to each particular situation, and in accordance with international standards. 1.3.1.2 The goal of the automation system is to make airports as intelligent as possible. Centralized in this concern means that automatic control is done by a single controller or control station. AS has two levels of architecture, the two level architecture consists of a control network level and a common backbone network which together form the automation network (AN). The control network is connecting the field devices. It has small bandwidth in the order of a few K bit/s. The management devices cannot be connected through this control network, control sub networks and management devices are connected via a high-bandwidth backbone network and this network is used to connect AS and foreign networks (e.g. Internet). 1.3.2 Smart Airport Automation System A smart airport automation system gathers and reinterprets a wide variety of aircraft and airport related data and information around unattended or non-towered airports. Data is gathered from many different types of sources, and in otherwise incompatible data formats. The smart airport automation system then decodes, assembles, fuses, and broadcasts structured information, in real-time, to aircraft pilots. The fused information is also useful to remotely located air traffic controllers who monitor non-towered airport operations. The system includes a data fusion and distribution computer that imports aircraft position and velocity, weather, and airport specific data. The data inputs are used to compute safe takeoff and landing sequences, and other airport advisory information for participating aircraft.
10 Conclusion There is no such thing as failsafe security for information systems. It is noted that the majority of data breaches since 2005 .Therefore, it is important to address this segment so that appropriate protections are in place. To this end, Gartner research recommends the use of case studies in educational settings to improve the security (Lowendahl et al., 2006). The events leading up to the breach and the subsequent analysis are presented. When designing security controls, a business needs to address the following factors; Prevention: What can be done to prevent security accidents, errors and breaches? Physical security controls (see more detailed revision note) are a key part of prevention techniques, as are controls designing to ensure the integrity of data (again - see more detailed revision note) Detection: Spotting when things have gone wrong is crucial; detection needs to be done as soon as possible - particularly if the information is commercially sensitive. Detection controls are often combined with prevention controls (e.g. a log of all attempts to achieve unauthorised access to a network). Deterrence: deterrence controls are about discouraging potential security breaches. Data recovery - If something goes wrong (e.g. data is corrupted or hardware breaks down) it is important to be able to recover lost data and information. In conclusion, the case demonstrates the security problems and proposes possible solutions in an educational setting.
11 References 1. "Types of DDoS Attacks". Distributed Denial of Service Attacks(DDoS) Resources, Pervasive Technology Labs at Indiana University. Advanced Networking Management Lab (ANML). December 3, 2009. Archived from the original on 2010- 09-14. Retrieved December 11, 2013. 2. Caruso, J. B. (2003). Information technology security: Governance, strategy, and practice in higher education.ECAR, 1-7. 3. Coutu, D. (2007). We googled you. Harvard Business Review, 2007, 37-42. 4. Davenport, T. H., & Harris, J. G. (2007). The dark side of customer analytics. Harvard Business Review, May, 37–41. 5. Eisenmann, C. (2009). When hackers turn to blackmail. Harvard Business Review, October, 39–42. 6. Haggerty, N. R. D., & Chandrasekhar, R. (2008). Security breach at TJX. Ivey Publishing, 9B08E003. 7. Hentea, M. (2005). A perspective on achieving information security awareness. Issues in Informing Science and Information Technology, 2, 169-178.

Recommended

Ijsrp p5211
Ijsrp p5211Ijsrp p5211
Ijsrp p5211Vishvi Vidanapathirana
 
Final paper1 final paper1
Final paper1 final paper1Final paper1 final paper1
Final paper1 final paper1joney4
 
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkSecurity and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkIOSR Journals
 
softwss
softwsssoftwss
softwssghadatarawneh7
 
PRIVACY IN CLOUD COMPUTING: A SURVEY
PRIVACY IN CLOUD COMPUTING: A SURVEYPRIVACY IN CLOUD COMPUTING: A SURVEY
PRIVACY IN CLOUD COMPUTING: A SURVEYcscpconf
 
Analyzing and Surveying Trust In Cloud Computing Environment
Analyzing and Surveying Trust In Cloud Computing EnvironmentAnalyzing and Surveying Trust In Cloud Computing Environment
Analyzing and Surveying Trust In Cloud Computing Environmentiosrjce
 
Reliable security in cloud computing environment 2-3-4-5-6
Reliable security in cloud computing environment 2-3-4-5-6Reliable security in cloud computing environment 2-3-4-5-6
Reliable security in cloud computing environment 2-3-4-5-6IAEME Publication
 
Internal & External Attacks in cloud computing Environment from confidentiali...
Internal & External Attacks in cloud computing Environment from confidentiali...Internal & External Attacks in cloud computing Environment from confidentiali...
Internal & External Attacks in cloud computing Environment from confidentiali...iosrjce
 

Recommended

Ijsrp p5211
Ijsrp p5211Ijsrp p5211
Ijsrp p5211Vishvi Vidanapathirana
 
Final paper1 final paper1
Final paper1 final paper1Final paper1 final paper1
Final paper1 final paper1joney4
 
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkSecurity and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkIOSR Journals
 
softwss
softwsssoftwss
softwssghadatarawneh7
 
PRIVACY IN CLOUD COMPUTING: A SURVEY
PRIVACY IN CLOUD COMPUTING: A SURVEYPRIVACY IN CLOUD COMPUTING: A SURVEY
PRIVACY IN CLOUD COMPUTING: A SURVEYcscpconf
 
Analyzing and Surveying Trust In Cloud Computing Environment
Analyzing and Surveying Trust In Cloud Computing EnvironmentAnalyzing and Surveying Trust In Cloud Computing Environment
Analyzing and Surveying Trust In Cloud Computing Environmentiosrjce
 
Reliable security in cloud computing environment 2-3-4-5-6
Reliable security in cloud computing environment 2-3-4-5-6Reliable security in cloud computing environment 2-3-4-5-6
Reliable security in cloud computing environment 2-3-4-5-6IAEME Publication
 
Internal & External Attacks in cloud computing Environment from confidentiali...
Internal & External Attacks in cloud computing Environment from confidentiali...Internal & External Attacks in cloud computing Environment from confidentiali...
Internal & External Attacks in cloud computing Environment from confidentiali...iosrjce
 
Research Report on Preserving Data Confidentiality & Data Integrity in ...
Research Report on Preserving Data Confidentiality & Data Integrity in ...Research Report on Preserving Data Confidentiality & Data Integrity in ...
Research Report on Preserving Data Confidentiality & Data Integrity in ...Manish Sahani
 
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
 
Protection and defense against sensitive data leakage problem within organiza...
Protection and defense against sensitive data leakage problem within organiza...Protection and defense against sensitive data leakage problem within organiza...
Protection and defense against sensitive data leakage problem within organiza...Alexander Decker
 
En msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataEn msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataOnline Business
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataEMC
 
IRJET- A Survey on Cloud Data Security Methods and Future Directions
IRJET- A Survey on Cloud Data Security Methods and Future DirectionsIRJET- A Survey on Cloud Data Security Methods and Future Directions
IRJET- A Survey on Cloud Data Security Methods and Future DirectionsIRJET Journal
 
Securing a Collaborative Environment
Securing a Collaborative EnvironmentSecuring a Collaborative Environment
Securing a Collaborative EnvironmentJoseph Pidala
 
Messaging Gateway
Messaging GatewayMessaging Gateway
Messaging Gatewayijsrd.com
 
A study on_security_and_privacy_issues_o
A study on_security_and_privacy_issues_oA study on_security_and_privacy_issues_o
A study on_security_and_privacy_issues_oPradeep Muralidhar
 
Master Thesis Security in Distributed Databases- Ian Lee
Master Thesis Security in Distributed Databases- Ian LeeMaster Thesis Security in Distributed Databases- Ian Lee
Master Thesis Security in Distributed Databases- Ian LeeIan Lee
 
Project 3
Project 3Project 3
Project 3Priyanka Goswami
 
Atos wp-cyberrisks
Atos wp-cyberrisksAtos wp-cyberrisks
Atos wp-cyberrisksHenk van der Tweel
 
Challenges and Security Issues in Future IT Infrastructure Components
Challenges and Security Issues in Future IT Infrastructure ComponentsChallenges and Security Issues in Future IT Infrastructure Components
Challenges and Security Issues in Future IT Infrastructure ComponentsMubashir Ali
 
Paper Titled Information Security in an organization
Paper Titled Information Security in an organizationPaper Titled Information Security in an organization
Paper Titled Information Security in an organizationMohammed Mahfouz Alhassan
 
Cloud Computing Security Issues and Challenges
Cloud Computing Security Issues and ChallengesCloud Computing Security Issues and Challenges
Cloud Computing Security Issues and Challengespaperpublications3
 
Strategic Information Management Through Data Classification
Strategic Information Management Through Data ClassificationStrategic Information Management Through Data Classification
Strategic Information Management Through Data ClassificationBooz Allen Hamilton
 
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-Lillian Ekwosi-Egbulem
 
Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data LeakagePatty Buckley
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
 
Information Security And The Healthcare
Information Security And The HealthcareInformation Security And The Healthcare
Information Security And The HealthcareTracy Berry
 
An Empirical Study on Information Security
An Empirical Study on Information SecurityAn Empirical Study on Information Security
An Empirical Study on Information Securityijtsrd
 
FINAL PAPER1FINAL PAPER1
FINAL PAPER1FINAL PAPER1FINAL PAPER1FINAL PAPER1
FINAL PAPER1FINAL PAPER1ChereCheek752
 

More Related Content

What's hot

Research Report on Preserving Data Confidentiality & Data Integrity in ...
Research Report on Preserving Data Confidentiality & Data Integrity in ...Research Report on Preserving Data Confidentiality & Data Integrity in ...
Research Report on Preserving Data Confidentiality & Data Integrity in ...Manish Sahani
 
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
 
Protection and defense against sensitive data leakage problem within organiza...
Protection and defense against sensitive data leakage problem within organiza...Protection and defense against sensitive data leakage problem within organiza...
Protection and defense against sensitive data leakage problem within organiza...Alexander Decker
 
En msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataEn msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataOnline Business
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataEMC
 
IRJET- A Survey on Cloud Data Security Methods and Future Directions
IRJET- A Survey on Cloud Data Security Methods and Future DirectionsIRJET- A Survey on Cloud Data Security Methods and Future Directions
IRJET- A Survey on Cloud Data Security Methods and Future DirectionsIRJET Journal
 
Securing a Collaborative Environment
Securing a Collaborative EnvironmentSecuring a Collaborative Environment
Securing a Collaborative EnvironmentJoseph Pidala
 
Messaging Gateway
Messaging GatewayMessaging Gateway
Messaging Gatewayijsrd.com
 
A study on_security_and_privacy_issues_o
A study on_security_and_privacy_issues_oA study on_security_and_privacy_issues_o
A study on_security_and_privacy_issues_oPradeep Muralidhar
 
Master Thesis Security in Distributed Databases- Ian Lee
Master Thesis Security in Distributed Databases- Ian LeeMaster Thesis Security in Distributed Databases- Ian Lee
Master Thesis Security in Distributed Databases- Ian LeeIan Lee
 
Challenges and Security Issues in Future IT Infrastructure Components
Challenges and Security Issues in Future IT Infrastructure ComponentsChallenges and Security Issues in Future IT Infrastructure Components
Challenges and Security Issues in Future IT Infrastructure ComponentsMubashir Ali
 
Paper Titled Information Security in an organization
Paper Titled Information Security in an organizationPaper Titled Information Security in an organization
Paper Titled Information Security in an organizationMohammed Mahfouz Alhassan
 
Cloud Computing Security Issues and Challenges
Cloud Computing Security Issues and ChallengesCloud Computing Security Issues and Challenges
Cloud Computing Security Issues and Challengespaperpublications3
 
Strategic Information Management Through Data Classification
Strategic Information Management Through Data ClassificationStrategic Information Management Through Data Classification
Strategic Information Management Through Data ClassificationBooz Allen Hamilton
 
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-Lillian Ekwosi-Egbulem
 

What's hot (17)

Research Report on Preserving Data Confidentiality & Data Integrity in ...
Research Report on Preserving Data Confidentiality & Data Integrity in ...Research Report on Preserving Data Confidentiality & Data Integrity in ...
Research Report on Preserving Data Confidentiality & Data Integrity in ...
 
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
 
Protection and defense against sensitive data leakage problem within organiza...
Protection and defense against sensitive data leakage problem within organiza...Protection and defense against sensitive data leakage problem within organiza...
Protection and defense against sensitive data leakage problem within organiza...
 
En msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataEn msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdata
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud Data
 
IRJET- A Survey on Cloud Data Security Methods and Future Directions
IRJET- A Survey on Cloud Data Security Methods and Future DirectionsIRJET- A Survey on Cloud Data Security Methods and Future Directions
IRJET- A Survey on Cloud Data Security Methods and Future Directions
 
Securing a Collaborative Environment
Securing a Collaborative EnvironmentSecuring a Collaborative Environment
Securing a Collaborative Environment
 
Messaging Gateway
Messaging GatewayMessaging Gateway
Messaging Gateway
 
A study on_security_and_privacy_issues_o
A study on_security_and_privacy_issues_oA study on_security_and_privacy_issues_o
A study on_security_and_privacy_issues_o
 
Master Thesis Security in Distributed Databases- Ian Lee
Master Thesis Security in Distributed Databases- Ian LeeMaster Thesis Security in Distributed Databases- Ian Lee
Master Thesis Security in Distributed Databases- Ian Lee
 
Project 3
Project 3Project 3
Project 3
 
Atos wp-cyberrisks
Atos wp-cyberrisksAtos wp-cyberrisks
Atos wp-cyberrisks
 
Challenges and Security Issues in Future IT Infrastructure Components
Challenges and Security Issues in Future IT Infrastructure ComponentsChallenges and Security Issues in Future IT Infrastructure Components
Challenges and Security Issues in Future IT Infrastructure Components
 
Paper Titled Information Security in an organization
Paper Titled Information Security in an organizationPaper Titled Information Security in an organization
Paper Titled Information Security in an organization
 
Cloud Computing Security Issues and Challenges
Cloud Computing Security Issues and ChallengesCloud Computing Security Issues and Challenges
Cloud Computing Security Issues and Challenges
 
Strategic Information Management Through Data Classification
Strategic Information Management Through Data ClassificationStrategic Information Management Through Data Classification
Strategic Information Management Through Data Classification
 
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
 

Similar to The literature and write report on information system security part 1 of 5 parts

Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data LeakagePatty Buckley
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
 
Information Security And The Healthcare
Information Security And The HealthcareInformation Security And The Healthcare
Information Security And The HealthcareTracy Berry
 
An Empirical Study on Information Security
An Empirical Study on Information SecurityAn Empirical Study on Information Security
An Empirical Study on Information Securityijtsrd
 
FINAL PAPER1FINAL PAPER1
FINAL PAPER1FINAL PAPER1FINAL PAPER1FINAL PAPER1
FINAL PAPER1FINAL PAPER1ChereCheek752
 
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESE-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESIJNSA Journal
 
Security Issues Concerning CryptosystemsStudents NameInstitu.docx
Security Issues Concerning CryptosystemsStudents NameInstitu.docxSecurity Issues Concerning CryptosystemsStudents NameInstitu.docx
Security Issues Concerning CryptosystemsStudents NameInstitu.docxjeffreye3
 
Research Paper TopicITS835 – Enterprise Risk Managemen.docx
Research Paper TopicITS835 – Enterprise Risk Managemen.docxResearch Paper TopicITS835 – Enterprise Risk Managemen.docx
Research Paper TopicITS835 – Enterprise Risk Managemen.docxaudeleypearl
 
INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...
INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...
INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...Hansa Edirisinghe
 
Data Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network AnalysisData Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network AnalysisIJERD Editor
 
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdfControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdfsulu98
 
An Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an OrganizationAn Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an OrganizationIJERA Editor
 
Risk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docxRisk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docxmalbert5
 
Running Head DATA BREACH .docx
Running Head DATA BREACH .docxRunning Head DATA BREACH .docx
Running Head DATA BREACH .docxtodd271
 
MULTI-LEVEL PARSING BASED APPROACH AGAINST PHISHING ATTACKS WITH THE HELP OF ...
MULTI-LEVEL PARSING BASED APPROACH AGAINST PHISHING ATTACKS WITH THE HELP OF ...MULTI-LEVEL PARSING BASED APPROACH AGAINST PHISHING ATTACKS WITH THE HELP OF ...
MULTI-LEVEL PARSING BASED APPROACH AGAINST PHISHING ATTACKS WITH THE HELP OF ...IJNSA Journal
 
Introduction Over the past years, there have been increasing ca.docx
Introduction Over the past years, there have been increasing ca.docxIntroduction Over the past years, there have been increasing ca.docx
Introduction Over the past years, there have been increasing ca.docxnormanibarber20063
 
IRJET- A Review of Information Systems Security: Types, Security Issues, and ...
IRJET- A Review of Information Systems Security: Types, Security Issues, and ...IRJET- A Review of Information Systems Security: Types, Security Issues, and ...
IRJET- A Review of Information Systems Security: Types, Security Issues, and ...IRJET Journal
 
Network Security and Privacy in Medium Scale Businesses in Nigeria
Network Security and Privacy in Medium Scale Businesses in NigeriaNetwork Security and Privacy in Medium Scale Businesses in Nigeria
Network Security and Privacy in Medium Scale Businesses in NigeriaINFOGAIN PUBLICATION
 
Classmate 1Cybersecurity risk can be characterized as the ris.docx
Classmate 1Cybersecurity risk can be characterized as the ris.docxClassmate 1Cybersecurity risk can be characterized as the ris.docx
Classmate 1Cybersecurity risk can be characterized as the ris.docxbartholomeocoombs
 

Similar to The literature and write report on information system security part 1 of 5 parts (20)

Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data Leakage
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrate
 
Information Security And The Healthcare
Information Security And The HealthcareInformation Security And The Healthcare
Information Security And The Healthcare
 
An Empirical Study on Information Security
An Empirical Study on Information SecurityAn Empirical Study on Information Security
An Empirical Study on Information Security
 
FINAL PAPER1FINAL PAPER1
FINAL PAPER1FINAL PAPER1FINAL PAPER1FINAL PAPER1
FINAL PAPER1FINAL PAPER1
 
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESE-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
 
Security Issues Concerning CryptosystemsStudents NameInstitu.docx
Security Issues Concerning CryptosystemsStudents NameInstitu.docxSecurity Issues Concerning CryptosystemsStudents NameInstitu.docx
Security Issues Concerning CryptosystemsStudents NameInstitu.docx
 
Research Paper TopicITS835 – Enterprise Risk Managemen.docx
Research Paper TopicITS835 – Enterprise Risk Managemen.docxResearch Paper TopicITS835 – Enterprise Risk Managemen.docx
Research Paper TopicITS835 – Enterprise Risk Managemen.docx
 
INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...
INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...
INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...
 
Data Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network AnalysisData Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network Analysis
 
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdfControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
 
An Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an OrganizationAn Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an Organization
 
Risk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docxRisk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docx
 
Running Head DATA BREACH .docx
Running Head DATA BREACH .docxRunning Head DATA BREACH .docx
Running Head DATA BREACH .docx
 
MULTI-LEVEL PARSING BASED APPROACH AGAINST PHISHING ATTACKS WITH THE HELP OF ...
MULTI-LEVEL PARSING BASED APPROACH AGAINST PHISHING ATTACKS WITH THE HELP OF ...MULTI-LEVEL PARSING BASED APPROACH AGAINST PHISHING ATTACKS WITH THE HELP OF ...
MULTI-LEVEL PARSING BASED APPROACH AGAINST PHISHING ATTACKS WITH THE HELP OF ...
 
Introduction Over the past years, there have been increasing ca.docx
Introduction Over the past years, there have been increasing ca.docxIntroduction Over the past years, there have been increasing ca.docx
Introduction Over the past years, there have been increasing ca.docx
 
IRJET- A Review of Information Systems Security: Types, Security Issues, and ...
IRJET- A Review of Information Systems Security: Types, Security Issues, and ...IRJET- A Review of Information Systems Security: Types, Security Issues, and ...
IRJET- A Review of Information Systems Security: Types, Security Issues, and ...
 
Ijnsa050215
Ijnsa050215Ijnsa050215
Ijnsa050215
 
Network Security and Privacy in Medium Scale Businesses in Nigeria
Network Security and Privacy in Medium Scale Businesses in NigeriaNetwork Security and Privacy in Medium Scale Businesses in Nigeria
Network Security and Privacy in Medium Scale Businesses in Nigeria
 
Classmate 1Cybersecurity risk can be characterized as the ris.docx
Classmate 1Cybersecurity risk can be characterized as the ris.docxClassmate 1Cybersecurity risk can be characterized as the ris.docx
Classmate 1Cybersecurity risk can be characterized as the ris.docx
 

Recently uploaded

18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerunnathinaik
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitolTechU
 

Recently uploaded (20)

18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developer
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptx
 

The literature and write report on information system security part 1 of 5 parts

  • 1. 2015 Mohamed Raufik Tajuddin MBA student :Open University Malaysia 5/1/2015 The literature and paper report on information system security: Part 1 of 5 Parts
  • 2. 1 Table of Contents Executive summary..................................................................................................................2 Introduction..............................................................................................................................3 1.1 information system security..............................................................................................4 1.2 DDoS....................................................................................................................................5 1.2.1 Flood attacks............................................................................................................7 1.2.2 Logic or software attacks ...........................................................................................8 1.3.1 Managing Airport Resources.....................................................................................9 1.3.2 Smart Airport Automation System...........................................................................9 Conclusion ..............................................................................................................................10 References...............................................................................................................................11
  • 3. 2 Executive summary Information systems need to be secure if they are to be reliable. Since many businesses are critically reliant on their information systems for key business processes (e.g. websites, production scheduling, transaction processing), security can be seen to be a very important area for management to get right. However there are other parties that is cashing in into this situation where they will hack into computers and servers and passing on threats into the system, which then cause system breakdown and results in business failure. One of the threats is Distributed denial-of-service (DDoS). On the 10th of October, Narita and Chubu airports in the east of the country, were both subject to DDoS attacks on their websites by the hacktivist group Anonymous, as part of its campaign against dolphin hunting, a practice that, though controversial, is still legal in Japan. (The Japan Times, Oct 29, 2015). A smart airport automation system gathers and reinterprets a wide variety of aircraft and airport related data and information around unattended or non-towered airports. Data is gathered from many different types of sources, and in otherwise incompatible data formats. Cyber threats to the aviation industry, and specifically the computers controlling aircraft, have been highlighted by security consultants and at various hacking conferences. Many of the popular case studies are driven by the curiosity of white hat hackers. Therefore, acknowledge good practises, buildup threat intelligence, regulatory frameworks, education and real time monitoring, and accepting cyber security as a whole, may overcome information security systems failure.
  • 4. 3 Introduction Information systems need to be secure if they are to be reliable. Since many businesses are critically reliant on their information systems for key business processes (e.g. websites, production scheduling, transaction processing), security can be seen to be a very important area for management to get right. However there are other parties that is cashing in into this situation where they will hack into computers and servers and passing on threats into the system, which then cause system breakdown and results in business failure. One of the threats is Distributed denial-of-service (DDoS). On the 10th of October, Narita and Chubu airports in the east of the country, were both subject to DDoS attacks on their websites by the hacktivist group Anonymous, as part of its campaign against dolphin hunting, a practice that, though controversial, is still legal in Japan. (The Japan Times, Oct 29, 2015). DDoS, a denial-of-service attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. There are two general forms of DDoS attacks: those that crash services and those that flood services. A DDoS attack floods a network with traffic, rendering the network useless to its intended users. The attack will either force the target networks to reset or consume its resources so that it is unable to provide its intended service. Crackers will plan his attack during peak traffic to make the impact harsher. While private information was not stolen, the attacks still posed a security threat and inconvenience for customers and the organisation.
  • 5. 4 1.1 information system security According to the UK Government, Information security is: "the practice of ensuring information is only read, heard, changed, broadcast and otherwise used by people who have the right to do so" (Source: UK Online for Business) Information systems need to be secure if they are to be reliable. Since many businesses are critically reliant on their information systems for key business processes (e.g. websites, production scheduling, transaction processing), security can be seen to be a very important area for management to get right. Security and disaster training is identified as the top IT required skill that needs to be taught in IS curriculums (Kim, Hsu, & Stern, 2006). Accordingly, information security and privacy have become core concepts in information system education (Hentea, Dhillon, & Dhillon, 2006; Kroenke, 2012; Laudon & Laudon, 2010). Instructors have several approaches to teach security and privacy concepts. One can take a more traditional lecture based approach or a more hands- on approach that utilizes labs, case studies, etc. (Gregg, 2008). Most of the prominent security case studies focus on how businesses deal with data breaches or privacy issues. For example, McNulty (2007) discusses the impact of a data breach on customers in a retail electronics setting. The case deals with issues of the best way to communicate the breach with customers and, overall, forces the participants to consider disaster response strategy before a disaster occurs. Similarly, Haggerty and Chandrasekhar (2008) highlight the events leading to and the fallout due to a data breach at TJX. These cases highlight the issues of enormous amount of data that retailers generate and the onus on firms to protect the sensitive information. Eisenmann’s (2009) case addresses the severity of growing dependence on technology in the medical industry. The case setting is a hospital (medical industry) where the access to medical records is denied, putting numerous lives at risk. As the hackers try to extort money, the case raises ethical and legal questions and forces participants to make tough decisions. Coutu (2007) raises ethical questions about the growing issue of lack of privacy in the networked world. The case addresses whether the information found on Internet about a person can become a burden in advancing the person’s careers. Ethical and privacy questions related to confidentiality of data and data reuse in business settings are also raised (Davenport & Harris, 2007; Fusaro, 2004; Schenberger
  • 6. 5 & Mark, 2001). Davenport and Harris (2007) present a case that deals with the issue of data reuse. It is a common practice for businesses to share customer data with the businesses’ affiliates. The case in question asks at what stage is the sharing of information detrimental to customers? In a similar vein, Fusaro’s (2004) case asks at what stage do the data collected for customization cross the boundary and become invasion of privacy? DoubleClick’s profiling issues and breach of privacy are also well known (Schenberger & Mark, 2001). Complaints filed with the Federal Trade Commission had a severe impact on the shares of DoubleClick and led to the development of privacy policies (Schenberger & Mark, 2001). Therefore, in my opinion information system security is very crusher if we want to welcome the internet evolution in the business industry. Information systems increase business productivity and we are also may be facing with big data technology. Hence information system security is so important in our future business going forward. However there are other parties that is cashing in into this situation where they will hack into computers and servers and passing on threats into the system, which then cause system breakdown and results in business failure. One of the threats is Distributed denial-of-service (DDoS). 1.2 DDoS Battling distributed denial-of-service (DDoS) and malware attacks is part of everyday business for all organisations; and so is defending against newer cyber threats. DDoS attacks bombards a network or website with traffic (i.e., requests for service) to crash it and leave it vulnerable to other threats.
  • 7. 6 Figure 1.0 : DDoS FLOW CHART Referring to Fig 1.0: DDoS Flow Chart, showing the flow from running client program - handler – compromised – internet – targeted servers.
  • 8. 7 The most serious attacks are distributed and in many or most cases involve forging of IP sender addresses (IP address spoofing) so that the location of the attacking machines cannot easily be identified, nor can filtering be done based on the source address. 1.2.1 Flood attacks A remote system is overwhelmed by a continuous flood of traffic designed to consume resources at the targeted server (CPU cycles and memory) and/or in the network (bandwidth and packet buffers)2. These attacks result in degraded service or a complete site shutdown. 1.2.1.1 TCP SYN Flood Attack: Taking advantage of the flaw of TCP three-way handshaking behaviour, an attacker makes connection requests aimed at the victim server with packets with unreachable source addresses. The server is not able to complete the connection requests and, as a result, the victim wastes all of its network resources. A relatively small flood of bogus packets will tie up memory, CPU, and applications, resulting in shutting down a server. 1.2.1.2 Smurf IP Attack: An attacker sends forged ICMP echo packets to broadcast addresses of vulnerable networks. All the systems on these networks reply to the victim with ICMP echo replies. This rapidly exhausts the bandwidth available to the target, effectively denying its services to legitimate users. 1.2.1.3 UDP Flood Attack: UDP is a connectionless protocol and it does not require any connection setup procedure to transfer data. A UDP Flood Attack is possible when an attacker sends a UDP packet to a random port on the victim system. When the victim system receives a UDP packet, it will determine what application is waiting on the destination port. When it realizes that there is no application that is waiting on the port, it will generate an ICMP packet of destination unreachable to the forged source address. If enough UDP packets are delivered to ports on victim, the system will go down. 1.2.1.4 ICMP Flood Attack: An ICMP attack can come in many forms. There are 2 basic kinds, Floods and Nukes. An ICMP flood is usually accomplished by broadcasting either a bunch of pings (Not IRC pings, ICMP pings. Similar purpose, but handled differently) or UDP packets (which are used in software like PointCast). The idea is, to send so much data to your system, that it slows you down so much that you're disconnected from IRC due to a ping timeout. Nukes exploit bugs in certain Operating systems, Like Windows 95, and Windows
  • 9. 8 NT. The idea is to send a packet of information that the OS can't handle. Usually, they cause your system to lock up. 1.2.2 Logic or software attacks A small number of malformed packets are designed to exploit known software bugs on the target system. These attacks are relatively easy to counter either through the installation of software patches that eliminate the vulnerabilities or by adding specialized firewall rules to filter out malformed packets before they reach the target system. 1.2.2.1 Ping of Death: An attacker sends an ICMP ECHO request packet that is much larger than the maximum IP packet size to victim. Since the received ICMP echo request packet is bigger than the normal IP packet size, the victim cannot reassemble the packets. The OS may be crashed or rebooted as a result. 1.2.2.2 Teardrop: An attacker sends two fragments that cannot be reassembled properly by manipulating the offset value of packet and cause reboot or halt of victim system. Many other variants such as targa, SYNdrop, Boink, Nestea Bonk, TearDrop2 and NewTear are available. 1.2.2.3 Land: An attacker sends a forged packet with the same source and destination IP address. The victim system will be confused and crashed or rebooted 1.2.2.4 Echo/Chargen: The character generator (chargen) service is designed to simply generate a stream of characters. It is primarily used for testing purposes. Remote users/intruders can abuse this service by exhausting system resources. Spoofed network sessions that appear to come from that local system's echo service can be pointed at the chargen service to form a "loop." This session will cause huge amounts of data to be passed in an endless loop that causes heavy load to the system. When this spoofed session is pointed at a remote system's echo service, this denial of service attack will cause heavy network traffic/overhead that considerably slows your network down. It should be noted that an attacker does not need to be on your subnet to perform this attack as he/she can forge the source addresses to these services with relative ease.
  • 10. 9 1.3.1 Managing Airport Resources 1.3.1.1 The airport operator should also ensure that the necessary communications infrastructure is provided, and that all necessary systems and procedures can be installed and operated. It is essential that information exchange between all airport users is coordinated and agreed upon, taking into account the technological solutions and standards best suited to each particular situation, and in accordance with international standards. 1.3.1.2 The goal of the automation system is to make airports as intelligent as possible. Centralized in this concern means that automatic control is done by a single controller or control station. AS has two levels of architecture, the two level architecture consists of a control network level and a common backbone network which together form the automation network (AN). The control network is connecting the field devices. It has small bandwidth in the order of a few K bit/s. The management devices cannot be connected through this control network, control sub networks and management devices are connected via a high-bandwidth backbone network and this network is used to connect AS and foreign networks (e.g. Internet). 1.3.2 Smart Airport Automation System A smart airport automation system gathers and reinterprets a wide variety of aircraft and airport related data and information around unattended or non-towered airports. Data is gathered from many different types of sources, and in otherwise incompatible data formats. The smart airport automation system then decodes, assembles, fuses, and broadcasts structured information, in real-time, to aircraft pilots. The fused information is also useful to remotely located air traffic controllers who monitor non-towered airport operations. The system includes a data fusion and distribution computer that imports aircraft position and velocity, weather, and airport specific data. The data inputs are used to compute safe takeoff and landing sequences, and other airport advisory information for participating aircraft.
  • 11. 10 Conclusion There is no such thing as failsafe security for information systems. It is noted that the majority of data breaches since 2005 .Therefore, it is important to address this segment so that appropriate protections are in place. To this end, Gartner research recommends the use of case studies in educational settings to improve the security (Lowendahl et al., 2006). The events leading up to the breach and the subsequent analysis are presented. When designing security controls, a business needs to address the following factors; Prevention: What can be done to prevent security accidents, errors and breaches? Physical security controls (see more detailed revision note) are a key part of prevention techniques, as are controls designing to ensure the integrity of data (again - see more detailed revision note) Detection: Spotting when things have gone wrong is crucial; detection needs to be done as soon as possible - particularly if the information is commercially sensitive. Detection controls are often combined with prevention controls (e.g. a log of all attempts to achieve unauthorised access to a network). Deterrence: deterrence controls are about discouraging potential security breaches. Data recovery - If something goes wrong (e.g. data is corrupted or hardware breaks down) it is important to be able to recover lost data and information. In conclusion, the case demonstrates the security problems and proposes possible solutions in an educational setting.
  • 12. 11 References 1. "Types of DDoS Attacks". Distributed Denial of Service Attacks(DDoS) Resources, Pervasive Technology Labs at Indiana University. Advanced Networking Management Lab (ANML). December 3, 2009. Archived from the original on 2010- 09-14. Retrieved December 11, 2013. 2. Caruso, J. B. (2003). Information technology security: Governance, strategy, and practice in higher education.ECAR, 1-7. 3. Coutu, D. (2007). We googled you. Harvard Business Review, 2007, 37-42. 4. Davenport, T. H., & Harris, J. G. (2007). The dark side of customer analytics. Harvard Business Review, May, 37–41. 5. Eisenmann, C. (2009). When hackers turn to blackmail. Harvard Business Review, October, 39–42. 6. Haggerty, N. R. D., & Chandrasekhar, R. (2008). Security breach at TJX. Ivey Publishing, 9B08E003. 7. Hentea, M. (2005). A perspective on achieving information security awareness. Issues in Informing Science and Information Technology, 2, 169-178.