SlideShare a Scribd company logo

MIS chap # 9.....

Download as PPT, PDF
Syed Muhammad Zeejah Hashmi
Syed Muhammad Zeejah Hashmi

this chapter covers the main information about management information system (MIS) of the book "Remond mcleod"....

1 of 31
ORGANIZATIONAL NEEDS FOR SECURITY & CONTROL  Experience inspired industry to: Place security precautions aimed at eliminating or reducing the opportunity of damage or destruction. Provide the organization the ability to continue operations after disruption.  Patriot Act and the Office of Homeland Security 1st issue is security vs. individual rights. 2nd issue is security vs. availability (i.e., HIPPA). 1
INFORMATION SECURITY  System security focuses on protecting hardware, data, software, computer facilities, and personnel.  Information security describes the protection of both computer and non-computer equipment, data, and information from misuse by unauthorized parties. Includes copiers, faxes, all types of media, paper documents 2
OBJECTIVES OF INFORMATION SECURITY  Information security is intended to achieve three main objectives:  Confidentiality:   protecting a firm’s data and information from disclosure to unauthorized persons.  Availability:   making sure that the firm's data and information is only available to those authorized to use it.  Integrity:  information systems should provide an accurate representation of the physical systems that they represent.  Firm’s information systems must protect data and information from misuse, ensure availability to authorized users, display confidence in its accuracy. 3
MANAGEMENT OF INFORMATION SECURITY  Information security management (ISM)  is the activity of keeping information resources secure.  Business continuity management (BCM)  is the activity of keeping the firm and its information resources functioning after a catastrophe.  Corporate information systems security officer (CISSO)  is responsible for the firm’s information systems security.  Corporate information assurance officer (CIAO)  reports to the CEO and manage an information assurance unit. 4
INFORMATION SECURITY MANAGEMENT  Concerned with formulating the firm’s information security policy.  Risk management  approach is basing the security of the firm’s information resources on the risks (threats imposed) that it faces.  Information security benchmark  is a recommended level of security that in normal circumstances should offer reasonable protection against unauthorized intrusion.  Benchmark is a recommended level of performance.  Defined by governments and industry associations  What authorities believe to be components of a good information security program.  Benchmark compliance  is when a firm adheres to the information security benchmark and recommended standards by industry authorities. 5
INFORMATION SECURITY MANAGEMENT (ISM) STRATEGIES 6
THREATS  Information security threat  is a person, organization, mechanism, or event that has potential to inflict harm on the firm’s information resources.  Internal and external threats  Internal include firm’s employees, temporary workers, consultants, contractors, and even business partners.  As high as 81% of computer crimes have been committed by employees.  Internal threats present potentially more serious damage due to more intimate knowledge of the system.  Accidental and deliberate acts 7
UNAUTHORIZED ACTS THREATEN SYSTEM SECURITY OBJECTIVES 8
TYPES OF THREATS  Malicious software (malware)  consists of complete programs or segments of code that can invade a system and perform functions not intended by the system owners (i.e., erase files, halt system, etc.).  Virus  is a computer program that can replicate itself without being observable to the user and embed copies of itself in other programs and boot sectors.  Worm  cannot replicate itself within a system, but it can transmit its copies by means of e-mail.  Trojan horse  is distributed by users as a utility and when the utility is used, it produces unwanted changes in the system’s functionality; can’t replicate nor duplicate itself.  Adware  generates intrusive advertising messages.  Spyware  gathers data from the user’s machine. 9
RISKS  Information security risk is a potential undesirable outcome of a breach of information security by an information security threat. all risks represent unauthorized acts.  Unauthorized disclosure and threats  Unauthorized use  Unauthorized destruction and denial of service  Unauthorized modifications 10
E-COMMERCE CONSIDERATIONS  Disposable credit card (AMEX) – an action aimed at 60 to 70% of consumers who fear credit card fraud arising from Internet use.  Visa’s 10 required security practices for its retailers plus 3 general practices for achieving information security in all retailers’ activities.  Cardholder Information Security Program (CISP) augmented these required practices. 11
RISK MANAGEMENT  Defining risks consists of four substeps.  Identify business assets to be protected from risks.  Recognize the risks.  Determine the level of of impact on the firm should the risks materialize.  Analyze the firm’s vulnerabilities.  Impact severity can be classified as:  Severe impact puts the firm out of business or severely limits its ability to function.  Significant impact causes significant damage and cost, but the firm will survive.  Minor impact causes breakdowns that are typical of day-to-day operations. 12
TABLE 9.1 DEGREE OF IMPACT AND VULNERABILITY DETERMINE CONTROLS 13
RISK ANALYSIS REPORT  The findings of the risk analysis should be documented in a report that contains detailed information such as the following for each risk: A description of the risk Source of the risk Severity of the risk Controls that are being applied to the risk The owner(s) of the risk Recommended action to address the risk Recommended time frame for addressing the risk What was done to mitigate the risk 14
INFORMATION SECURITY POLICY The five phases of implementing: Phase 1: Project Initiation. Phase 2: Policy Development. Phase 3: Consultation and Approval. Phase 4:Awareness and Education. 15
FIGURE 9.3 DEVELOPMENT OF SECURITY POLICY 16
CONTROLS  Control is a mechanism that is implemented to either protect the firm from risks or to minimize the impact of risks on the firm should they occur.  Technical controls are those that are built into systems by the system developers during the systems development life cycle.  Include an internal auditor on project team.  Based on hardware and software technology. 17
TECHNICAL CONTROLS  Access control is the basis for security against threats by unauthorized persons.  Access control three-step process includes:  User identification.  User authentication.  User authorization.  User profiles-descriptions of authorized users; used in identification and authorization. 18
FIGURE 9.4 ACCESS CONTROL FUNCTIONS 19
TECHNICAL CONTROLS (CONT’D)  Intrusion detection systems (IDS) recognize an attempt to break the security before it has an opportunity to inflict damage.  Virus protection software that is effective against viruses transported in e-mail. Identifies virus-carrying message and warns user.  Inside threat prediction tools classify internal threats in categories such as: Possible intentional threat. Potential accidental threat. Suspicious. Harmless. 20
FIREWALLS  Firewall acts as a filter and barrier that restricts the flow of data to and from the firm and the Internet. Three types of firewalls are:  Packet-filtering are routers equipped with data tables of IP addresses that reflect the filtering policy positioned between the Internet and the internal network, it can serve as a firewall.  Router is a network device that directs the flow of network traffic.  IP address is a set of four numbers (each from 0 to 255) that uniquely identify each computer connected to the Internet.  Circuit-level firewall installed between the Internet and the firm’s network but closer to the communications medium (circuit) than the router.  Allows for a high amount of authentication and filtering to be performed.  Application-level firewall located between the router and computer performing the application.  Allows for full power of additional security checks to be performed.21
FIGURE 9.5 LOCATION OF FIREWALLS IN THE NETWORK 22
CRYPTOGRAPHIC AND PHYSICAL CONTROLS  Cryptography is the use of coding by means of mathematical processes.  The data and information can be encrypted as it resides in storage and or transmitted over networks.  If an unauthorized person gains access, the encryption makes the data and information unreadable and prevents its unauthorized use.  Special protocols such as SET (Secure Electronic Transactions) perform security checks using digital signatures developed for use in e-commerce.  Export of encryption technology is prohibited to Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria.  Physical controls against unauthorized intrusions such as door locks, palm prints, voice prints, surveillance cameras, and security guards.  Locate computer centers in remote areas that are less susceptible to natural disasters such as earthquakes, floods, and hurricanes. 23
FORMAL CONTROLS  Formal controls include the establishment of codes of conduct, documentation of expected procedures and practices, monitoring, and preventing behavior that varies from the established guidelines. Management denotes considerable time to devising them. Documented in writing. Expected to be in force for the long term.  Top management must participate actively in their establishment and enforcement. 24
INFORMAL CONTROLS  Education.  Training programs.  Management development programs.  Intended to ensure the firm’s employees both understand and support the security program.  Good business practice is not to spend more for a control than the expected cost of the risk that it addresses.  Establish controls at the proper level. 25
GOVERNMENT AND INDUSTRY ASSISTANCE United Kingdom's BS7799. The UK standards establish a set of baseline controls. They were first published by the British Standards Institute in 1995, then published by the International Standards Organization as ISO 17799 in 2000, and made available to potential adopters online in 2003.  BSI IT Baseline Protection Manual. The baseline approach is also followed by the German Bundesamt fur Sicherheit in der Informationstechnik (BSI). The baselines are intended to provide reasonable security when normal protection requirements are intended. The baselines can also serve as the basis for higher degrees of protection when those are desired.  COBIT. COBIT, from the Information Systems Audit and Control Association and Foundation (ISACAF), focuses on the process that a firm can follow in developing standards, paying special attention to the writing and maintaining of the documentation.  GASSP. Generally Accepted System Security Principles (GASSP) is a product of the U. S. National Research Council. Emphasis is on the rationale for establishing a security policy.  ISF Standard of Good Practice. The Information Security Forum Standard of Good Practice takes a baseline approach, devoting considerable attention to the user behavior that is expected if the program is to be successful. The 2005 edition addresses such topics as secure instant messaging, Web server security, and virus protection. 26
GOVERNMENT LEGISLATION  Both United States and United Kingdom established standards and passed legislation aimed at addressing the increasing importance of information security.  U.S. Government Computer Security Standards. Set of security standards organizations should meet. Availability of software program that grades users’ systems and assists them in configuring their systems to meet standards.  U.K. Anti-terrorism, Crime and Security Act (ATCSA) 2001. 27
INDUSTRY STANDARDS  Center for Internet Security (CIS) is a nonprofit organization dedicated to assisting computer users to make their systems more secure. CIS Benchmarks help users secure their information systems by implementing technology-specific controls. CIS Scoring Tools enables users to calculate their security level, compare it to benchmarks, and prepare reports that guide users and system administrators to secure systems. 28
PROFESSIONAL CERTIFICATION  Beginning in the 1960s the IT profession began offering certification programs:  Information Systems Audit and Control Association (ISACA)  International Information System Security Certification Consortium (ISC)  SANS (SysAdmin, Audit, Network, Security) Institute 29
BUSINESS CONTINUITY MANAGEMENT  Business continuity management (BCM) are activities aimed at continuing operations after an information system disruption.  This activity was called disaster planning, then more positive term contingency planning.  Contingency plan is the key element in contingency planning; it is a formal written document that spells out in detail the actions to be taken in the event that there is a disruption, or threat of disruption, in any part of the firm’s 30
CONTINGENCY SUBPLANS  Emergency plan specifies those measures that ensure the safety of employees when disaster strikes.  Include alarm systems, evacuation procedures, and fire- suppression systems.  Backup plan is the arrangements for backup computing facilities in the event that the regular facilities are destroyed or damaged beyond use. Backup can be achieved by some combination of redundancy, diversity, and mobility.  Vital records are those paper documents, microforms, and magnetic and optical storage media that are necessary for carrying on the firm’s business.  Vital records plan specifies how the vital records will be protected and should include offsite backup copies. 31

Recommended

MIS chap # 4.......
MIS chap # 4.......MIS chap # 4.......
MIS chap # 4.......
Syed Muhammad Zeejah Hashmi
 
MIS Chap # 3.......
MIS Chap # 3.......MIS Chap # 3.......
MIS Chap # 3.......
Syed Muhammad Zeejah Hashmi
 
MIS chap # 10..
MIS chap # 10..MIS chap # 10..
MIS chap # 10..
Syed Muhammad Zeejah Hashmi
 
Mis Chap # 1..........
Mis Chap # 1..........Mis Chap # 1..........
Mis Chap # 1..........
Syed Muhammad Zeejah Hashmi
 
MIS Chap # 5...
MIS Chap # 5...MIS Chap # 5...
MIS Chap # 5...
Syed Muhammad Zeejah Hashmi
 
Electronic Commerce
Electronic CommerceElectronic Commerce
Electronic Commerceellamee27
 
Gr 12 Difference Between IT an Information Systems
Gr 12 Difference Between IT an Information SystemsGr 12 Difference Between IT an Information Systems
Gr 12 Difference Between IT an Information Systems
university of education,Lahore
 
Business Plan: ITfit
Business Plan: ITfitBusiness Plan: ITfit
Business Plan: ITfit
Temi Vasco
 

Recommended

MIS chap # 4.......
MIS chap # 4.......MIS chap # 4.......
MIS chap # 4.......
Syed Muhammad Zeejah Hashmi
 
MIS Chap # 3.......
MIS Chap # 3.......MIS Chap # 3.......
MIS Chap # 3.......
Syed Muhammad Zeejah Hashmi
 
MIS chap # 10..
MIS chap # 10..MIS chap # 10..
MIS chap # 10..
Syed Muhammad Zeejah Hashmi
 
Mis Chap # 1..........
Mis Chap # 1..........Mis Chap # 1..........
Mis Chap # 1..........
Syed Muhammad Zeejah Hashmi
 
MIS Chap # 5...
MIS Chap # 5...MIS Chap # 5...
MIS Chap # 5...
Syed Muhammad Zeejah Hashmi
 
Electronic Commerce
Electronic CommerceElectronic Commerce
Electronic Commerceellamee27
 
Gr 12 Difference Between IT an Information Systems
Gr 12 Difference Between IT an Information SystemsGr 12 Difference Between IT an Information Systems
Gr 12 Difference Between IT an Information Systems
university of education,Lahore
 
Business Plan: ITfit
Business Plan: ITfitBusiness Plan: ITfit
Business Plan: ITfit
Temi Vasco
 
Chap06 Telecomunications and Networks
Chap06 Telecomunications and NetworksChap06 Telecomunications and Networks
Chap06 Telecomunications and Networks
Aqib Syed
 
Chap07 Electronic Business Systems
Chap07 Electronic Business SystemsChap07 Electronic Business Systems
Chap07 Electronic Business Systems
Aqib Syed
 
Chap04
Chap04Chap04
Chap04Fathur Rohman
 
Information System and Information Technology
Information System and Information TechnologyInformation System and Information Technology
Information System and Information Technology
megat zainurul anuar
 
Gr 2: Current Focus on Information Use
Gr 2: Current Focus on Information UseGr 2: Current Focus on Information Use
Gr 2: Current Focus on Information Use
university of education,Lahore
 
IBM Solutions for Connectivity and Integration in the Insurance Industry
IBM Solutions for Connectivity and Integration in the Insurance IndustryIBM Solutions for Connectivity and Integration in the Insurance Industry
IBM Solutions for Connectivity and Integration in the Insurance Industry
Lightwell
 
comparision between IT and Information system
comparision between IT and Information systemcomparision between IT and Information system
comparision between IT and Information system
tayyab3052
 
Chap01 Foundations of Information Systems in Business
Chap01 Foundations of Information Systems in BusinessChap01 Foundations of Information Systems in Business
Chap01 Foundations of Information Systems in Business
Aqib Syed
 
Improving decision making and managing knowledge
Improving decision making and managing knowledgeImproving decision making and managing knowledge
Improving decision making and managing knowledgeProf. Othman Alsalloum
 
Information 2nd lesson
Information 2nd lessonInformation 2nd lesson
Information 2nd lesson
Anne ndolo
 
K018146372
K018146372K018146372
K018146372
IOSR Journals
 
Chap03 Computer Hardware
Chap03 Computer HardwareChap03 Computer Hardware
Chap03 Computer Hardware
Aqib Syed
 
E commerce security 4
E commerce security 4E commerce security 4
E commerce security 4
Anne ndolo
 
Information technology uses in insurance industry
Information technology uses in insurance industryInformation technology uses in insurance industry
Information technology uses in insurance industry
Sujay Kumar
 
Information system
Information systemInformation system
Information system
Softtech Engineers Pvt. Ltd.,Pune India (www.softtech-engr.com)
 
Information system infrastructure
Information system infrastructureInformation system infrastructure
Information system infrastructure
AssignmentPartner
 
Information Technology for Business
Information Technology for BusinessInformation Technology for Business
Information Technology for Business
METHODIST COLLEGE OF ENGG & TECH
 
MIS-CH05: IT Infrastructure and Emerging Technologies
MIS-CH05: IT Infrastructure and Emerging TechnologiesMIS-CH05: IT Infrastructure and Emerging Technologies
MIS-CH05: IT Infrastructure and Emerging Technologies
Sukanya Ben
 
Technology overview of_mobil_247134-1
Technology overview of_mobil_247134-1Technology overview of_mobil_247134-1
Technology overview of_mobil_247134-1
lverb
 
BYOD: Six Essentials for Success
BYOD: Six Essentials for SuccessBYOD: Six Essentials for Success
BYOD: Six Essentials for Success
DMIMarketing
 
Mis security system threads
Mis security system threadsMis security system threads
Mis security system threadsLeena Reddy
 
FREE LEADERSHIP FOLLOW UP LECTURE by Protrainers global Network
FREE LEADERSHIP FOLLOW UP LECTURE by Protrainers global NetworkFREE LEADERSHIP FOLLOW UP LECTURE by Protrainers global Network
FREE LEADERSHIP FOLLOW UP LECTURE by Protrainers global Network
D G Business School
 

More Related Content

What's hot

Chap06 Telecomunications and Networks
Chap06 Telecomunications and NetworksChap06 Telecomunications and Networks
Chap06 Telecomunications and Networks
Aqib Syed
 
Chap07 Electronic Business Systems
Chap07 Electronic Business SystemsChap07 Electronic Business Systems
Chap07 Electronic Business Systems
Aqib Syed
 
Information System and Information Technology
Information System and Information TechnologyInformation System and Information Technology
Information System and Information Technology
megat zainurul anuar
 
Gr 2: Current Focus on Information Use
Gr 2: Current Focus on Information UseGr 2: Current Focus on Information Use
Gr 2: Current Focus on Information Use
university of education,Lahore
 
IBM Solutions for Connectivity and Integration in the Insurance Industry
IBM Solutions for Connectivity and Integration in the Insurance IndustryIBM Solutions for Connectivity and Integration in the Insurance Industry
IBM Solutions for Connectivity and Integration in the Insurance Industry
Lightwell
 
comparision between IT and Information system
comparision between IT and Information systemcomparision between IT and Information system
comparision between IT and Information system
tayyab3052
 
Chap01 Foundations of Information Systems in Business
Chap01 Foundations of Information Systems in BusinessChap01 Foundations of Information Systems in Business
Chap01 Foundations of Information Systems in Business
Aqib Syed
 
Improving decision making and managing knowledge
Improving decision making and managing knowledgeImproving decision making and managing knowledge
Improving decision making and managing knowledgeProf. Othman Alsalloum
 
Information 2nd lesson
Information 2nd lessonInformation 2nd lesson
Information 2nd lesson
Anne ndolo
 
K018146372
K018146372K018146372
K018146372
IOSR Journals
 
Chap03 Computer Hardware
Chap03 Computer HardwareChap03 Computer Hardware
Chap03 Computer Hardware
Aqib Syed
 
E commerce security 4
E commerce security 4E commerce security 4
E commerce security 4
Anne ndolo
 
Information technology uses in insurance industry
Information technology uses in insurance industryInformation technology uses in insurance industry
Information technology uses in insurance industry
Sujay Kumar
 
Information system infrastructure
Information system infrastructureInformation system infrastructure
Information system infrastructure
AssignmentPartner
 
Information Technology for Business
Information Technology for BusinessInformation Technology for Business
Information Technology for Business
METHODIST COLLEGE OF ENGG & TECH
 
MIS-CH05: IT Infrastructure and Emerging Technologies
MIS-CH05: IT Infrastructure and Emerging TechnologiesMIS-CH05: IT Infrastructure and Emerging Technologies
MIS-CH05: IT Infrastructure and Emerging Technologies
Sukanya Ben
 
Technology overview of_mobil_247134-1
Technology overview of_mobil_247134-1Technology overview of_mobil_247134-1
Technology overview of_mobil_247134-1
lverb
 
BYOD: Six Essentials for Success
BYOD: Six Essentials for SuccessBYOD: Six Essentials for Success
BYOD: Six Essentials for Success
DMIMarketing
 

What's hot (20)

Chap06 Telecomunications and Networks
Chap06 Telecomunications and NetworksChap06 Telecomunications and Networks
Chap06 Telecomunications and Networks
 
Chap07 Electronic Business Systems
Chap07 Electronic Business SystemsChap07 Electronic Business Systems
Chap07 Electronic Business Systems
 
Chap04
Chap04Chap04
Chap04
 
Information System and Information Technology
Information System and Information TechnologyInformation System and Information Technology
Information System and Information Technology
 
Gr 2: Current Focus on Information Use
Gr 2: Current Focus on Information UseGr 2: Current Focus on Information Use
Gr 2: Current Focus on Information Use
 
IBM Solutions for Connectivity and Integration in the Insurance Industry
IBM Solutions for Connectivity and Integration in the Insurance IndustryIBM Solutions for Connectivity and Integration in the Insurance Industry
IBM Solutions for Connectivity and Integration in the Insurance Industry
 
comparision between IT and Information system
comparision between IT and Information systemcomparision between IT and Information system
comparision between IT and Information system
 
Chap01 Foundations of Information Systems in Business
Chap01 Foundations of Information Systems in BusinessChap01 Foundations of Information Systems in Business
Chap01 Foundations of Information Systems in Business
 
Improving decision making and managing knowledge
Improving decision making and managing knowledgeImproving decision making and managing knowledge
Improving decision making and managing knowledge
 
Information 2nd lesson
Information 2nd lessonInformation 2nd lesson
Information 2nd lesson
 
K018146372
K018146372K018146372
K018146372
 
Chap03 Computer Hardware
Chap03 Computer HardwareChap03 Computer Hardware
Chap03 Computer Hardware
 
E commerce security 4
E commerce security 4E commerce security 4
E commerce security 4
 
Information technology uses in insurance industry
Information technology uses in insurance industryInformation technology uses in insurance industry
Information technology uses in insurance industry
 
Information system
Information systemInformation system
Information system
 
Information system infrastructure
Information system infrastructureInformation system infrastructure
Information system infrastructure
 
Information Technology for Business
Information Technology for BusinessInformation Technology for Business
Information Technology for Business
 
MIS-CH05: IT Infrastructure and Emerging Technologies
MIS-CH05: IT Infrastructure and Emerging TechnologiesMIS-CH05: IT Infrastructure and Emerging Technologies
MIS-CH05: IT Infrastructure and Emerging Technologies
 
Technology overview of_mobil_247134-1
Technology overview of_mobil_247134-1Technology overview of_mobil_247134-1
Technology overview of_mobil_247134-1
 
BYOD: Six Essentials for Success
BYOD: Six Essentials for SuccessBYOD: Six Essentials for Success
BYOD: Six Essentials for Success
 

Viewers also liked

Mis security system threads
Mis security system threadsMis security system threads
Mis security system threadsLeena Reddy
 
FREE LEADERSHIP FOLLOW UP LECTURE by Protrainers global Network
FREE LEADERSHIP FOLLOW UP LECTURE by Protrainers global NetworkFREE LEADERSHIP FOLLOW UP LECTURE by Protrainers global Network
FREE LEADERSHIP FOLLOW UP LECTURE by Protrainers global Network
D G Business School
 
MIS CIRCLE 151
MIS CIRCLE 151MIS CIRCLE 151
MIS CIRCLE 151
Odai Shammout
 
Multiple choice questions 9182
Multiple choice questions 9182Multiple choice questions 9182
Multiple choice questions 9182abdul.470109548
 
Ob chp10
Ob chp10Ob chp10
Ob chp10
Dytan
 
6. Security Threats with E-Commerce
6. Security Threats with E-Commerce6. Security Threats with E-Commerce
6. Security Threats with E-CommerceJitendra Tomar
 

Viewers also liked (6)

Mis security system threads
Mis security system threadsMis security system threads
Mis security system threads
 
FREE LEADERSHIP FOLLOW UP LECTURE by Protrainers global Network
FREE LEADERSHIP FOLLOW UP LECTURE by Protrainers global NetworkFREE LEADERSHIP FOLLOW UP LECTURE by Protrainers global Network
FREE LEADERSHIP FOLLOW UP LECTURE by Protrainers global Network
 
MIS CIRCLE 151
MIS CIRCLE 151MIS CIRCLE 151
MIS CIRCLE 151
 
Multiple choice questions 9182
Multiple choice questions 9182Multiple choice questions 9182
Multiple choice questions 9182
 
Ob chp10
Ob chp10Ob chp10
Ob chp10
 
6. Security Threats with E-Commerce
6. Security Threats with E-Commerce6. Security Threats with E-Commerce
6. Security Threats with E-Commerce
 

Similar to MIS chap # 9.....

An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
Ahmad Sharifi
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
IOSR Journals
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
IRJET Journal
 
Mis 1
Mis 1Mis 1
Mis 1
Rohit Garg
 
Computer Security Policy
Computer Security PolicyComputer Security Policy
Computer Security Policy
everestsky66
 
Ea3212451252
Ea3212451252Ea3212451252
Ea3212451252IJMER
 
Information Security
Information SecurityInformation Security
Information Securitysteffiann88
 
I0516064
I0516064I0516064
I0516064
IOSR Journals
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
madunix
 
Introduction to cyber security i
Introduction to cyber security iIntroduction to cyber security i
Introduction to cyber security i
Emmanuel Gbenga Dada (BSc, MSc, PhD)
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
DMIMarketing
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
DMIMarketing
 
Enhanced method for intrusion detection over kdd cup 99 dataset
Enhanced method for intrusion detection over kdd cup 99 datasetEnhanced method for intrusion detection over kdd cup 99 dataset
Enhanced method for intrusion detection over kdd cup 99 dataset
ijctet
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
ijtsrd
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligence
wbesse
 
Computing safety
Computing safetyComputing safety
Computing safety
titoferrus
 
46 102-112
46 102-11246 102-112
46 102-112
idescitation
 
Chapter 8 securing information systems MIS
Chapter 8 securing information systems MISChapter 8 securing information systems MIS
Chapter 8 securing information systems MIS
Amirul Shafiq Ahmad Zuperi
 
IT Audit - Shadow IT Systems
IT Audit - Shadow IT SystemsIT Audit - Shadow IT Systems
IT Audit - Shadow IT Systems
Dam Frank
 
New Developments in Cybersecurity and Technology for RDOs: Howland
New Developments in Cybersecurity and Technology for RDOs: HowlandNew Developments in Cybersecurity and Technology for RDOs: Howland
New Developments in Cybersecurity and Technology for RDOs: Howland
nado-web
 

Similar to MIS chap # 9..... (20)

An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Mis 1
Mis 1Mis 1
Mis 1
 
Computer Security Policy
Computer Security PolicyComputer Security Policy
Computer Security Policy
 
Ea3212451252
Ea3212451252Ea3212451252
Ea3212451252
 
Information Security
Information SecurityInformation Security
Information Security
 
I0516064
I0516064I0516064
I0516064
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
 
Introduction to cyber security i
Introduction to cyber security iIntroduction to cyber security i
Introduction to cyber security i
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 
Enhanced method for intrusion detection over kdd cup 99 dataset
Enhanced method for intrusion detection over kdd cup 99 datasetEnhanced method for intrusion detection over kdd cup 99 dataset
Enhanced method for intrusion detection over kdd cup 99 dataset
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligence
 
Computing safety
Computing safetyComputing safety
Computing safety
 
46 102-112
46 102-11246 102-112
46 102-112
 
Chapter 8 securing information systems MIS
Chapter 8 securing information systems MISChapter 8 securing information systems MIS
Chapter 8 securing information systems MIS
 
IT Audit - Shadow IT Systems
IT Audit - Shadow IT SystemsIT Audit - Shadow IT Systems
IT Audit - Shadow IT Systems
 
New Developments in Cybersecurity and Technology for RDOs: Howland
New Developments in Cybersecurity and Technology for RDOs: HowlandNew Developments in Cybersecurity and Technology for RDOs: Howland
New Developments in Cybersecurity and Technology for RDOs: Howland
 

More from Syed Muhammad Zeejah Hashmi

Corporate social responsibility
Corporate social responsibilityCorporate social responsibility
Corporate social responsibility
Syed Muhammad Zeejah Hashmi
 
Digital divide
Digital divideDigital divide
Digital divide
Syed Muhammad Zeejah Hashmi
 
Human development index (HDI)
Human development index (HDI)Human development index (HDI)
Human development index (HDI)
Syed Muhammad Zeejah Hashmi
 
Meeting Scheduler using android and web application (UML Diagrams)
Meeting Scheduler using android and web application (UML Diagrams)Meeting Scheduler using android and web application (UML Diagrams)
Meeting Scheduler using android and web application (UML Diagrams)
Syed Muhammad Zeejah Hashmi
 
Genetic algorithm
Genetic algorithmGenetic algorithm
Genetic algorithm
Syed Muhammad Zeejah Hashmi
 
Android controller by SMS [control one android phone from another]
Android controller by SMS [control one android phone from another]Android controller by SMS [control one android phone from another]
Android controller by SMS [control one android phone from another]
Syed Muhammad Zeejah Hashmi
 
Online Job Portal (UML Diagrams)
Online Job Portal (UML Diagrams)Online Job Portal (UML Diagrams)
Online Job Portal (UML Diagrams)
Syed Muhammad Zeejah Hashmi
 
Khalil Gibran by Zee Production
Khalil Gibran by Zee ProductionKhalil Gibran by Zee Production
Khalil Gibran by Zee Production
Syed Muhammad Zeejah Hashmi
 
Can ethics be taught..!!
Can ethics be taught..!!Can ethics be taught..!!
Can ethics be taught..!!
Syed Muhammad Zeejah Hashmi
 
Can ethics be taught.?
Can ethics be taught.?Can ethics be taught.?
Can ethics be taught.?
Syed Muhammad Zeejah Hashmi
 
Co-factor matrix..
Co-factor matrix..Co-factor matrix..
Co-factor matrix..
Syed Muhammad Zeejah Hashmi
 
Importance of learning business communication skills
Importance of learning business communication skillsImportance of learning business communication skills
Importance of learning business communication skills
Syed Muhammad Zeejah Hashmi
 
Accounting Project
Accounting ProjectAccounting Project
Accounting Project
Syed Muhammad Zeejah Hashmi
 
Poverty
PovertyPoverty
Poverty
Syed Muhammad Zeejah Hashmi
 
MIS chap # 11.....
MIS chap # 11.....MIS chap # 11.....
MIS chap # 11.....
Syed Muhammad Zeejah Hashmi
 
MIS chap # 8.....
MIS chap # 8.....MIS chap # 8.....
MIS chap # 8.....
Syed Muhammad Zeejah Hashmi
 
MIS Chap # 7.....
MIS Chap # 7.....MIS Chap # 7.....
MIS Chap # 7.....
Syed Muhammad Zeejah Hashmi
 
MIS chap # 6....
MIS chap # 6....MIS chap # 6....
MIS chap # 6....
Syed Muhammad Zeejah Hashmi
 
MIS Chap # 2.........
MIS Chap # 2.........MIS Chap # 2.........
MIS Chap # 2.........
Syed Muhammad Zeejah Hashmi
 
[Airline Information System] in Database Project presntation
[Airline Information System] in Database Project presntation[Airline Information System] in Database Project presntation
[Airline Information System] in Database Project presntation
Syed Muhammad Zeejah Hashmi
 

More from Syed Muhammad Zeejah Hashmi (20)

Corporate social responsibility
Corporate social responsibilityCorporate social responsibility
Corporate social responsibility
 
Digital divide
Digital divideDigital divide
Digital divide
 
Human development index (HDI)
Human development index (HDI)Human development index (HDI)
Human development index (HDI)
 
Meeting Scheduler using android and web application (UML Diagrams)
Meeting Scheduler using android and web application (UML Diagrams)Meeting Scheduler using android and web application (UML Diagrams)
Meeting Scheduler using android and web application (UML Diagrams)
 
Genetic algorithm
Genetic algorithmGenetic algorithm
Genetic algorithm
 
Android controller by SMS [control one android phone from another]
Android controller by SMS [control one android phone from another]Android controller by SMS [control one android phone from another]
Android controller by SMS [control one android phone from another]
 
Online Job Portal (UML Diagrams)
Online Job Portal (UML Diagrams)Online Job Portal (UML Diagrams)
Online Job Portal (UML Diagrams)
 
Khalil Gibran by Zee Production
Khalil Gibran by Zee ProductionKhalil Gibran by Zee Production
Khalil Gibran by Zee Production
 
Can ethics be taught..!!
Can ethics be taught..!!Can ethics be taught..!!
Can ethics be taught..!!
 
Can ethics be taught.?
Can ethics be taught.?Can ethics be taught.?
Can ethics be taught.?
 
Co-factor matrix..
Co-factor matrix..Co-factor matrix..
Co-factor matrix..
 
Importance of learning business communication skills
Importance of learning business communication skillsImportance of learning business communication skills
Importance of learning business communication skills
 
Accounting Project
Accounting ProjectAccounting Project
Accounting Project
 
Poverty
PovertyPoverty
Poverty
 
MIS chap # 11.....
MIS chap # 11.....MIS chap # 11.....
MIS chap # 11.....
 
MIS chap # 8.....
MIS chap # 8.....MIS chap # 8.....
MIS chap # 8.....
 
MIS Chap # 7.....
MIS Chap # 7.....MIS Chap # 7.....
MIS Chap # 7.....
 
MIS chap # 6....
MIS chap # 6....MIS chap # 6....
MIS chap # 6....
 
MIS Chap # 2.........
MIS Chap # 2.........MIS Chap # 2.........
MIS Chap # 2.........
 
[Airline Information System] in Database Project presntation
[Airline Information System] in Database Project presntation[Airline Information System] in Database Project presntation
[Airline Information System] in Database Project presntation
 

Recently uploaded

Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345
beazzy04
 
How to Break the cycle of negative Thoughts
How to Break the cycle of negative ThoughtsHow to Break the cycle of negative Thoughts
How to Break the cycle of negative Thoughts
Col Mukteshwar Prasad
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
Celine George
 
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCECLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
BhavyaRajput3
 
Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.
Atul Kumar Singh
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
Delapenabediema
 
How to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERPHow to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERP
Celine George
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
Jisc
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
EugeneSaldivar
 
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfWelcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
TechSoup
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
Tamralipta Mahavidyalaya
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
Balvir Singh
 
Basic phrases for greeting and assisting costumers
Basic phrases for greeting and assisting costumersBasic phrases for greeting and assisting costumers
Basic phrases for greeting and assisting costumers
PedroFerreira53928
 
Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
Vikramjit Singh
 
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptxMARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
bennyroshan06
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
MysoreMuleSoftMeetup
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
MIRIAMSALINAS13
 
Instructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxInstructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptx
Jheel Barad
 
PART A. Introduction to Costumer Service
PART A. Introduction to Costumer ServicePART A. Introduction to Costumer Service
PART A. Introduction to Costumer Service
PedroFerreira53928
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
EverAndrsGuerraGuerr
 

Recently uploaded (20)

Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345
 
How to Break the cycle of negative Thoughts
How to Break the cycle of negative ThoughtsHow to Break the cycle of negative Thoughts
How to Break the cycle of negative Thoughts
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
 
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCECLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
 
Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
 
How to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERPHow to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERP
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
 
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfWelcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
 
Basic phrases for greeting and assisting costumers
Basic phrases for greeting and assisting costumersBasic phrases for greeting and assisting costumers
Basic phrases for greeting and assisting costumers
 
Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
 
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptxMARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
 
Instructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxInstructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptx
 
PART A. Introduction to Costumer Service
PART A. Introduction to Costumer ServicePART A. Introduction to Costumer Service
PART A. Introduction to Costumer Service
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
 

MIS chap # 9.....

  • 1. ORGANIZATIONAL NEEDS FOR SECURITY & CONTROL  Experience inspired industry to: Place security precautions aimed at eliminating or reducing the opportunity of damage or destruction. Provide the organization the ability to continue operations after disruption.  Patriot Act and the Office of Homeland Security 1st issue is security vs. individual rights. 2nd issue is security vs. availability (i.e., HIPPA). 1
  • 2. INFORMATION SECURITY  System security focuses on protecting hardware, data, software, computer facilities, and personnel.  Information security describes the protection of both computer and non-computer equipment, data, and information from misuse by unauthorized parties. Includes copiers, faxes, all types of media, paper documents 2
  • 3. OBJECTIVES OF INFORMATION SECURITY  Information security is intended to achieve three main objectives:  Confidentiality:   protecting a firm’s data and information from disclosure to unauthorized persons.  Availability:   making sure that the firm's data and information is only available to those authorized to use it.  Integrity:  information systems should provide an accurate representation of the physical systems that they represent.  Firm’s information systems must protect data and information from misuse, ensure availability to authorized users, display confidence in its accuracy. 3
  • 4. MANAGEMENT OF INFORMATION SECURITY  Information security management (ISM)  is the activity of keeping information resources secure.  Business continuity management (BCM)  is the activity of keeping the firm and its information resources functioning after a catastrophe.  Corporate information systems security officer (CISSO)  is responsible for the firm’s information systems security.  Corporate information assurance officer (CIAO)  reports to the CEO and manage an information assurance unit. 4
  • 5. INFORMATION SECURITY MANAGEMENT  Concerned with formulating the firm’s information security policy.  Risk management  approach is basing the security of the firm’s information resources on the risks (threats imposed) that it faces.  Information security benchmark  is a recommended level of security that in normal circumstances should offer reasonable protection against unauthorized intrusion.  Benchmark is a recommended level of performance.  Defined by governments and industry associations  What authorities believe to be components of a good information security program.  Benchmark compliance  is when a firm adheres to the information security benchmark and recommended standards by industry authorities. 5
  • 7. THREATS  Information security threat  is a person, organization, mechanism, or event that has potential to inflict harm on the firm’s information resources.  Internal and external threats  Internal include firm’s employees, temporary workers, consultants, contractors, and even business partners.  As high as 81% of computer crimes have been committed by employees.  Internal threats present potentially more serious damage due to more intimate knowledge of the system.  Accidental and deliberate acts 7
  • 9. TYPES OF THREATS  Malicious software (malware)  consists of complete programs or segments of code that can invade a system and perform functions not intended by the system owners (i.e., erase files, halt system, etc.).  Virus  is a computer program that can replicate itself without being observable to the user and embed copies of itself in other programs and boot sectors.  Worm  cannot replicate itself within a system, but it can transmit its copies by means of e-mail.  Trojan horse  is distributed by users as a utility and when the utility is used, it produces unwanted changes in the system’s functionality; can’t replicate nor duplicate itself.  Adware  generates intrusive advertising messages.  Spyware  gathers data from the user’s machine. 9
  • 10. RISKS  Information security risk is a potential undesirable outcome of a breach of information security by an information security threat. all risks represent unauthorized acts.  Unauthorized disclosure and threats  Unauthorized use  Unauthorized destruction and denial of service  Unauthorized modifications 10
  • 11. E-COMMERCE CONSIDERATIONS  Disposable credit card (AMEX) – an action aimed at 60 to 70% of consumers who fear credit card fraud arising from Internet use.  Visa’s 10 required security practices for its retailers plus 3 general practices for achieving information security in all retailers’ activities.  Cardholder Information Security Program (CISP) augmented these required practices. 11
  • 12. RISK MANAGEMENT  Defining risks consists of four substeps.  Identify business assets to be protected from risks.  Recognize the risks.  Determine the level of of impact on the firm should the risks materialize.  Analyze the firm’s vulnerabilities.  Impact severity can be classified as:  Severe impact puts the firm out of business or severely limits its ability to function.  Significant impact causes significant damage and cost, but the firm will survive.  Minor impact causes breakdowns that are typical of day-to-day operations. 12
  • 13. TABLE 9.1 DEGREE OF IMPACT AND VULNERABILITY DETERMINE CONTROLS 13
  • 14. RISK ANALYSIS REPORT  The findings of the risk analysis should be documented in a report that contains detailed information such as the following for each risk: A description of the risk Source of the risk Severity of the risk Controls that are being applied to the risk The owner(s) of the risk Recommended action to address the risk Recommended time frame for addressing the risk What was done to mitigate the risk 14
  • 15. INFORMATION SECURITY POLICY The five phases of implementing: Phase 1: Project Initiation. Phase 2: Policy Development. Phase 3: Consultation and Approval. Phase 4:Awareness and Education. 15
  • 16. FIGURE 9.3 DEVELOPMENT OF SECURITY POLICY 16
  • 17. CONTROLS  Control is a mechanism that is implemented to either protect the firm from risks or to minimize the impact of risks on the firm should they occur.  Technical controls are those that are built into systems by the system developers during the systems development life cycle.  Include an internal auditor on project team.  Based on hardware and software technology. 17
  • 18. TECHNICAL CONTROLS  Access control is the basis for security against threats by unauthorized persons.  Access control three-step process includes:  User identification.  User authentication.  User authorization.  User profiles-descriptions of authorized users; used in identification and authorization. 18
  • 20. TECHNICAL CONTROLS (CONT’D)  Intrusion detection systems (IDS) recognize an attempt to break the security before it has an opportunity to inflict damage.  Virus protection software that is effective against viruses transported in e-mail. Identifies virus-carrying message and warns user.  Inside threat prediction tools classify internal threats in categories such as: Possible intentional threat. Potential accidental threat. Suspicious. Harmless. 20
  • 21. FIREWALLS  Firewall acts as a filter and barrier that restricts the flow of data to and from the firm and the Internet. Three types of firewalls are:  Packet-filtering are routers equipped with data tables of IP addresses that reflect the filtering policy positioned between the Internet and the internal network, it can serve as a firewall.  Router is a network device that directs the flow of network traffic.  IP address is a set of four numbers (each from 0 to 255) that uniquely identify each computer connected to the Internet.  Circuit-level firewall installed between the Internet and the firm’s network but closer to the communications medium (circuit) than the router.  Allows for a high amount of authentication and filtering to be performed.  Application-level firewall located between the router and computer performing the application.  Allows for full power of additional security checks to be performed.21
  • 22. FIGURE 9.5 LOCATION OF FIREWALLS IN THE NETWORK 22
  • 23. CRYPTOGRAPHIC AND PHYSICAL CONTROLS  Cryptography is the use of coding by means of mathematical processes.  The data and information can be encrypted as it resides in storage and or transmitted over networks.  If an unauthorized person gains access, the encryption makes the data and information unreadable and prevents its unauthorized use.  Special protocols such as SET (Secure Electronic Transactions) perform security checks using digital signatures developed for use in e-commerce.  Export of encryption technology is prohibited to Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria.  Physical controls against unauthorized intrusions such as door locks, palm prints, voice prints, surveillance cameras, and security guards.  Locate computer centers in remote areas that are less susceptible to natural disasters such as earthquakes, floods, and hurricanes. 23
  • 24. FORMAL CONTROLS  Formal controls include the establishment of codes of conduct, documentation of expected procedures and practices, monitoring, and preventing behavior that varies from the established guidelines. Management denotes considerable time to devising them. Documented in writing. Expected to be in force for the long term.  Top management must participate actively in their establishment and enforcement. 24
  • 25. INFORMAL CONTROLS  Education.  Training programs.  Management development programs.  Intended to ensure the firm’s employees both understand and support the security program.  Good business practice is not to spend more for a control than the expected cost of the risk that it addresses.  Establish controls at the proper level. 25
  • 26. GOVERNMENT AND INDUSTRY ASSISTANCE United Kingdom's BS7799. The UK standards establish a set of baseline controls. They were first published by the British Standards Institute in 1995, then published by the International Standards Organization as ISO 17799 in 2000, and made available to potential adopters online in 2003.  BSI IT Baseline Protection Manual. The baseline approach is also followed by the German Bundesamt fur Sicherheit in der Informationstechnik (BSI). The baselines are intended to provide reasonable security when normal protection requirements are intended. The baselines can also serve as the basis for higher degrees of protection when those are desired.  COBIT. COBIT, from the Information Systems Audit and Control Association and Foundation (ISACAF), focuses on the process that a firm can follow in developing standards, paying special attention to the writing and maintaining of the documentation.  GASSP. Generally Accepted System Security Principles (GASSP) is a product of the U. S. National Research Council. Emphasis is on the rationale for establishing a security policy.  ISF Standard of Good Practice. The Information Security Forum Standard of Good Practice takes a baseline approach, devoting considerable attention to the user behavior that is expected if the program is to be successful. The 2005 edition addresses such topics as secure instant messaging, Web server security, and virus protection. 26
  • 27. GOVERNMENT LEGISLATION  Both United States and United Kingdom established standards and passed legislation aimed at addressing the increasing importance of information security.  U.S. Government Computer Security Standards. Set of security standards organizations should meet. Availability of software program that grades users’ systems and assists them in configuring their systems to meet standards.  U.K. Anti-terrorism, Crime and Security Act (ATCSA) 2001. 27
  • 28. INDUSTRY STANDARDS  Center for Internet Security (CIS) is a nonprofit organization dedicated to assisting computer users to make their systems more secure. CIS Benchmarks help users secure their information systems by implementing technology-specific controls. CIS Scoring Tools enables users to calculate their security level, compare it to benchmarks, and prepare reports that guide users and system administrators to secure systems. 28
  • 29. PROFESSIONAL CERTIFICATION  Beginning in the 1960s the IT profession began offering certification programs:  Information Systems Audit and Control Association (ISACA)  International Information System Security Certification Consortium (ISC)  SANS (SysAdmin, Audit, Network, Security) Institute 29
  • 30. BUSINESS CONTINUITY MANAGEMENT  Business continuity management (BCM) are activities aimed at continuing operations after an information system disruption.  This activity was called disaster planning, then more positive term contingency planning.  Contingency plan is the key element in contingency planning; it is a formal written document that spells out in detail the actions to be taken in the event that there is a disruption, or threat of disruption, in any part of the firm’s 30
  • 31. CONTINGENCY SUBPLANS  Emergency plan specifies those measures that ensure the safety of employees when disaster strikes.  Include alarm systems, evacuation procedures, and fire- suppression systems.  Backup plan is the arrangements for backup computing facilities in the event that the regular facilities are destroyed or damaged beyond use. Backup can be achieved by some combination of redundancy, diversity, and mobility.  Vital records are those paper documents, microforms, and magnetic and optical storage media that are necessary for carrying on the firm’s business.  Vital records plan specifies how the vital records will be protected and should include offsite backup copies. 31