Prof. Dr. K. Adisesha, profile picture
Uploaded byProf. Dr. K. Adisesha
PDF, PPTX569 views

Security and ethical challenges

This document discusses security and ethical challenges related to information technology. It covers several topics: - Identifying ethical issues related to how IT affects employment, individuality, privacy, health, and solving societal problems. - Different types of security management strategies and defenses that can protect business IT applications. - Ways that business managers can help reduce harmful effects and increase benefits of IT use.

Embed presentation

Download as PDF, PPTX
Security and Ethical Challenges
Learning Objectives 1. Identify several ethical issues in how the use of information technologies in business affects employment, individuality, working conditions, privacy crime, health, and solutions to societal problems. 2. Identify several types of security management strategies and defences, and explain how they can be used to ensure the security of business applications of information technology. 3. Propose several ways that business managers and professionals can help to lessen the harmful effects and increase the beneficial effects of the use of information technology.
Security and Ethics • Major Security Challenges • Serious Ethical Questions • Threats to Business and Individuals • Real World Case 1- F-Secure, Microsoft, GM, and Verizon: The Business Challenge of Computer Viruses Click to go to Case 1 K. Adisesha 3
Security and EthicsBusiness/IT Security, Ethics, and Society Employment Health Individuality Privacy Working Conditions Crime Business/IT Security Ethics and Society K. Adisesha 4
Security and Ethics •Business Ethics •Stockholder Theory •Social Contract Theory •Stakeholder Theory Ethical Responsibility K. Adisesha 5
Security and Ethics Ethical Responsibility K. Adisesha 6
Security and Ethics Technology Ethics K. Adisesha 7
Security and Ethics Ethical Guidelines K. Adisesha 8
Security and Ethics Enron Corporation: Failure in Business Ethics • Drove Stock Prices Higher Never Mentioning Any Weaknesses • Promised Much – Delivered Little • Finally Admitted Overstated Earnings by $586 Million in 1997 • 1998 Third Quarter Loss $638 Million – Filed Bankruptcy • Greed and Mismanagement Destroyed a Potentially Successful Business Plan K. Adisesha 9
Security Management • Security is 6 to 8% of IT Budget in Developing Countries • 63% Have or Plan to Have Position of Chief Privacy or Information Officer in the Next Two Years • 40% Have a Chief Privacy Officer and Another 6% Intend One in the Next Two Years • 39% Acknowledge that their Systems Have Been Compromised in the Past Year • 24% Have Cyber Risk Insurance and 5% Intend to Acquire Such Coverage K. Adisesha 10
Antivirus 96% Virtual Private Networks 86% Intrusion-Detection Systems 85% Content Filtering/Monitoring 77% Public-Key Infrastructure 45% Smart Cards 43% Biometrics 19% Security Technology Used Security Management K. Adisesha 11
PayPal, Inc. Cybercrime on the Internet • Online Payment Processing Company • Observed Questionable Accounts Being Opened • Froze Accounts Used to Buy Expensive Goods For Purchasers in Russia • Used Sniffer Software and Located Users Capturing PayPal Ids and Passwords • More than $100,000 in Fraudulent Charges • Crooks Arrested by FBI Security Management K. Adisesha 12
Computer Crime • Hacking • Cyber Theft • Unauthorized Use of Work • Piracy of Intellectual Property • Computer Viruses and Worms Security Management K. Adisesha 13
Examples of Common Hacking Security Management K. Adisesha 14
Recourse Technologies: Insider Computer Crime • Link Between Company Financial Difficulty and Insider Computer Crimes • Use of “Honey Pots” Filled with Phony Data to Attract Hackers • Software Catches Criminal Activity in Seconds • Crime Exposed and Stopped Security Management K. Adisesha 15
Internet Abuses in the Workplace Security Management K. Adisesha 16
Network Monitoring Software Security Management K. Adisesha 17
AGM Container Controls: Stealing Time and Resources • The Net Contains Many Productivity Distractions • Remedies Include Monitoring Internet Use and Blocking Sites Unrelated to Work • Importance of Telling Employees About Monitoring • Use of Software Monitoring Provided Rebuttal Answers To Web Use Discussions Security Management K. Adisesha 18
Copying Music CDs: Intellectual Property Controversy • RIAA Crack Down on Music Piracy • Web Sites Fighting Back • 140 Million Writable Drives In Use • Billions of Blank CDs Sold While Music CD Sales Are Going Down • Pirates Reluctant to Go Away Security Management K. Adisesha 19
Facts About Recent Computer Viruses and Worms Security Management K. Adisesha 20
University of Chicago: The Nimda Worm • Nimda Worm Launch Sept. 18, 2001 Mass Mailing of Malicious Code Attacking MS-Windows • Took Advantage of Back Doors Previously Left Behind • In Four Hours the University of Chicago’s Web Servers were Scanned by 7,000 Unique IPAddresses Looking for Weaknesses • Many Servers Had to Be Disconnected Security Management K. Adisesha 21
Right to Privacy Privacy on the Internet Acxiom, Inc. Challenges to Consumer Privacy • Acxiom – 30 Years Amassing Massive Database • Sells Data to Subscribers • Use by Telemarketers and Credit Firms Privacy Issues K. Adisesha 22
Right to Privacy •Computer Profiling •Computer Matching •Privacy Laws •Computer Libel and Censorship •Spamming •Flaming Privacy Issues K. Adisesha 23
Other Challenges •Employment Challenges •Working Conditions •Individuality Issues •Health Issues Privacy Issues K. Adisesha 24
Ergonomics Privacy Issues K. Adisesha 25
Ergonomics • Job Stress • Cumulative Trauma Disorders (CTDs) • Carpal Tunnel Syndrome • Human Factors Engineering • Societal Solutions Privacy Issues K. Adisesha 26
Security Management of Information Technology • Business Value of Security Management • Protection for all Vital Business Elements Real World Case 2- Geisinger Health Systems and Du Pont: Security Management of Data Resources and Process Control Networks Click to go to Case 2 K. Adisesha 27
Security Management of Information Technology Tools of Security Management
Security Management of Information Technology • Need for Security Management Caused by Increased Use of Links Between Business Units • Greater Openness Means Greater Vulnerabilities • Better Use of Identifying, Authenticating Users and Controlling Access to Data • Theft Should Be Made as Difficult as Possible Providence Health and Cervalis: Security Management Issues K. Adisesha 29
Security Management of Information Technology •Encryption –Public Key –Private Key Graphically… Internetworked Security Defenses K. Adisesha 30
Encryption Security Management of Information Technology K. Adisesha 31
Firewalls Security Management of Information Technology Firewall Intranet Server Firewall Router Router Intranet Server Host System Internet 1 2 3 4 4 5 1 External Firewall Blocks Outsiders 2 Internal Firewall Blocks Restricted Materials 3 Use of Passwords and Browser Security 4 Performs Authentication and Encryption 5 Careful Network Interface Design K. Adisesha 32
Security Management of Information Technology • Worldwide Search for Active IP Addresses • Sophisticated Probes Scan Any Home or Work Location • Personal Firewalls Help Block Intruders • Firewalls Generally Good at Protecting Computers from Most Hacking Efforts Barry Nance: Testing PC Firewall Security K. Adisesha 33
Security Management of Information Technology • MTV.com Website Targeted for Distributed Denial of Service (DDOS) Attacks During Fall Peak Periods • Some People Try to Crash MTV Sites • Parent Viacom Installed Software to Filter out DDOS Attacks • Website Downtime Reduced MTV Networks: Denial of Service Defenses K. Adisesha 34
Defending Against Denial of Service Attacks Security Management of Information Technology K. Adisesha 35
Security Management of Information Technology • e-Sniff Monitoring Device Searches e-Mail by Key Word or Records of Web Sites Visited • 82% of Businesses Monitor Web Use • Close to 100% of Workers Register Some Improper Use Sonalysts, Inc.: Corporate e-Mail Monitoring K. Adisesha 36
Security Management of Information Technology • Much Software Was Unable to Stop Nimda Worm • Software Alone is Often Not Enough to Clean System • Until Better Software is Developed, A Complete System Disconnect and Purge May Be the Only Solution TrueSecure and 724 Inc.: Limitations of Antivirus Software K. Adisesha 37
Example Security Suite Interface Security Management of Information Technology K. Adisesha 38
Other Security Measures Security Management of Information Technology • Security Codes • Multilevel Password System –Smart Cards • Backup Files –Child, Parent, Grandparent Files • System Security Monitors • Biometric Security K. Adisesha 39
Example Security Monitor Security Management of Information Technology K. Adisesha 40
Evaluation of Biometric Security Security Management of Information Technology K. Adisesha 41
Computer Failure Controls Security Management of Information Technology •Fault Tolerant Systems –Fail-Over –Fail-Safe –Fail-Soft •Disaster Recovery K. Adisesha 42
Methods of Fault Tolerance Security Management of Information Technology K. Adisesha 43
Visa International: Fault Tolerant Systems Security Management of Information Technology • Only 100% Uptime is Acceptable • Only 98 Minutes of Downtime in 12 Years • 1 Billion Transactions Worth $2 Trillion in Transactions a Year • 4 Global Processing Centers • Multiple Layers of Redundancy and Backup • Software Testing and Art FormK. Adisesha 44
Systems Controls and Audits • Information System Controls • Garbage-In, Garbage-Out (GIGO) • Auditing IT Security • Audit Trails • Control Logs K. Adisesha 45
Systems Controls and Audits Security Codes Encryption Data Entry Screens Error Signals Control Totals Security Codes Encryption Control Totals Control Listings End User Feedback Security Codes Encryption Backup Files Library Procedures Database Administration Input Controls Output Controls Storage Controls Processing Controls Software Controls Hardware Controls Firewalls Checkpoints K. Adisesha 46
Summary • Ethical and Societal Dimensions • Ethical Responsibility in Business • Security Management K. Adisesha 47
KEY TERMS Antivirus software Audit trail Auditing business systems Backup files Biometric security Business ethics Computer crime Computer matching Computer monitoring Computer virus Denial of service Disaster recovery Encryption Ergonomics Ethical and Societal Impacts of business/IT a. Employment b. Health c. Individuality d. Societal Solutions e. Working Conditions Ethical foundations Fault tolerant Firewall Flaming Hacking Information system controls Intellectual property piracy Passwords Privacy issues Responsible professional Security management Software piracy Spamming System security monitor Unauthorized use K. Adisesha 48
Real World Case 1 The Business Challenge of Computer Viruses Click to go to Case 1 Real World Case 2 Security Management of Data Resources and Process Control Networks Click to go to Case 2 Optional Case Studies Real World Case 3 Security Management of Windows Software Real World Case 4 Managing Network Security Systems Click to go to Case 3 Click to go to Case 4 K. Adisesha 49
Enterprise and Global Management of Information Technology K. Adisesha 50
1- What security measures should companies, business professionals, and consumers take to protect their systems from being damaged by computer worms and viruses? The Business Challenge of Computer Viruses K. Adisesha 51
The Business Challenge of Computer Viruses • Businesses Should – “Get Serious” About Cyber Security – Stop Relying on Microsoft 's Backbone • Businesses Need Better Procedures for Security Updating • Businesses Should Update Security Defenses Discussion Points Would Include: K. Adisesha 52
2- What is the business and ethical responsibility of Microsoft in helping to prevent the spread of computer viruses? Have they met this responsibility? Why or why not? The Business Challenge of Computer Viruses K. Adisesha 53
The Business Challenge of Computer Viruses Microsoft (95% Market Share) Must Ensure Software is Hostile to Hackers Must Write Better Software Microsoft and Others Must make Security Higher Priority The Responsibility of Security is the User Not Bender Discussion Points Would Include: K. Adisesha 54
3- What are several possible reasons why some companies (like GM) were seriously affected by computer viruses, while others (like Verizon) were not? The Business Challenge of Computer Viruses Return to Cases Page K. Adisesha 55
The Business Challenge of Computer Viruses • Undue Dependence on Microsoft for Quality Software • GM Ignored Security until It was Too Late • Companies Paid More Attention to Bottom Line than Security Reasons Would Include: Return to Cases Page K. Adisesha 56
The Business Challenge of Computer Viruses • Undue Dependence on Microsoft for Quality Software • GM Ignored Security until It was Too Late • Companies Paid More Attention to Bottom Line than Security • Inadequate Planning for Improving Security Reasons Would Include: Return to Cases Page K. Adisesha 57
Security Management of Data Resources and Process Control Networks 1- What are several possible reasons why some companies (like GM) were seriously affected by computer viruses, while others (like Verizon) were not? Return to Cases Page K. Adisesha 58
Security Management of Data Resources and Process Control Networks • Key Components of a Security System: – Understanding Workflow – Assessing Risk – Educating Users • MvChart needed Installed on Hardware Separate from EMK system Discussion Points Would Include: K. Adisesha 59
Security Management of Data Resources and Process Control Networks • Biometric and Proximity Devices Streamline Secure Network Access • Requiring Caregivers Access to Patient Information via the Internet Using: – Electronic Token Identification – A Virtual Private Network • Other Encryption Methods Discussion Points Would Include: K. Adisesha 60
Security Management of Data Resources and Process Control Networks 2- What security measures is Du Pont taking to protect their process control networks? Are these measures adequate? Explain your evaluation. K. Adisesha 61
Security Management of Data Resources and Process Control Networks • Du Pont Co.-The Critical Manufacturing Processes, will Isolate Process Systems from Business systems by: – Not Connecting our Networks, – Or it will Add Firewalls to Control Access Discussion Points Would Include: K. Adisesha 62
Security Management of Data Resources and Process Control Networks • A Team-IT Staffers, Process-Control Engineers, and Manufacturing Employees was Established to: – Discern Control Devices Critical to Manufacturing, Safety and Continuity of Production – Identify Assets of – Hardware, Data, and Software Applications – Testing Fixes and Workarounds for Specific Machines – Recognizing Precise Vulnerabilities Differ by Environment – Determining how to Separate Networks Discussion Points Would Include: K. Adisesha 63
Security Management of Data Resources and Process Control Networks 3- What are several other steps Geisinger and Du Pont could take to increase the security of their data and network resources? Explain the value of your proposals. Return to Cases Page K. Adisesha 64
Security Management of Data Resources and Process Control Networks Include the Concepts Presented in the Chapter Material and Additional Considerations That You Have Located on the Internet Discussion Points Would Include: Return to Cases Page K. Adisesha 65
1- What security problems are typically remedied by Microsoft’s security patches for Windows? Why do such problems arise in the first place? Return to Cases Page Security Management of Windows Software K. Adisesha 66
Security Management of Windows Software • Vulnerability to Computer Viruses (Worms) • Microsoft’s Push to Deliver New Versions – That have not been tested and/or • Designed Properly to Reduce Vulnerability Discussion Points Would Include: K. Adisesha 67
2- What challenges does the process of applying Windows patches pose for many businesses? What are some limitations of the patching process? Security Management of Windows Software K. Adisesha 68
Security Management of Windows Software • Patching Required Companies to Drop Everything with Finite Resources • Larger Companies Need Time to Properly Test • Companies Faced with Limited Scope for Downtime Discussion Points Would Include: K. Adisesha 69
3- Does the business value of applying Windows patches outweigh its costs, limitations, and the demands it places on the IT function? Why or why not? Security Management of Windows Software Return to Cases Page K. Adisesha 70
Security Management of Windows Software • Exploit-Proof Code Patching is Best Strategy • Microsoft’s Windows Update Patch Management Program – Has a Critical Shortcoming – Could Fool Users-They have Been Properly Patched – Users are Really Vulnerable-Patch not Fixed • Users have Reported Patches don't Always Deploy Properly Discussion Points Would Include: Return to Cases Page K. Adisesha 71
Security Management of Windows Software • Exploit-Proof Code Patching is Best Strategy • Microsoft’s Windows Update Patch Management Program – Has a Critical Shortcoming – Could Fool Users-They have Been Properly Patched – Users are Really Vulnerable-Patch not Fixed • Users have Reported Patches don't Always Deploy Properly • Microsoft Patches have Serious Security Vulnerability Discussion Points Would Include: Return to Cases Page K. Adisesha 72
1- What is the function of each of the network security tools identified in this case? Visit the websites of security firms Check Point and NetForensics to help you answer. Return to Cases Page Managing Network Security Systems K. Adisesha 73
Managing Network Security Systems • Network Intrusion-Detection Systems • Firewalls • Anti-Virus Tools • Automating the Process – Gathering – Consolidating – Correlating – Prioritizing Data from Security Event • Collecting Data from Individual Security Systems • “Normalizing” Data to Quickly Identify Potential Attacks Discussion Points Would Include: K. Adisesha 74
2- What is the value of security information management software to a company? Use the companies in this case as examples. Managing Network Security Systems K. Adisesha 75
Managing Network Security Systems • Provides a Single Place To Get Information • Automated Gathering, Consolidating, and Correlating Data –Into a Usable Format to Analyze –Used to Establish Priorities • Permits Businesses to React Faster to Activity • Reduces the Number of False Alerts • Allows Companies to Drill Down into Attach Details Discussion Points Would Include: K. Adisesha 76
3- What can smaller firms who cannot afford the cost of such software do to properly manage and use the information about security from their network security systems? Give several examples. Managing Network Security Systems Return to Cases Page K. Adisesha 77
Managing Network Security Systems •Plan for Having Periodic Audits of IT Security •Review/Update Regularly Control Features of IT •Regularly Change Passwords-To Access System •Develop a Backup Plan and Implement Discussion Points Would Include: Return to Cases Page K. Adisesha 78
Managing Network Security Systems •Plan for Having Periodic Audits of IT Security •Review/Update Regularly Control Features of IT •Regularly Change Passwords-To Access System •Develop a Backup Plan and Implement •Develop Plan for Disaster Recovery Discussion Points Would Include: Return to Cases Page K. Adisesha 79
Security and Ethical Challenges Thank you K. Adisesha 80

More Related Content

PPT
Management Information System: Information, Information System, Management In...
byAshish Hande
 
PPTX
Business Value of Security and Control
bySyama Raveendran
 
PPT
Ethics in functional areas
byJerinBMonachan
 
PPT
Decision Making and Information Systems
byAriful Saimon
 
PPTX
Control and Audit Information System
byarif prasetyo
 
PDF
Compliance Management | Compliance Solutions
byCorporater
 
PPTX
Ppt strategic information system
byamaresh tyagi
 
PPTX
management information system module2
byShifas ibrahim MBA student @ ILAHIA SCHOOL OF MANAGEMENT STUDIES
 
Management Information System: Information, Information System, Management In...
byAshish Hande
 
Business Value of Security and Control
bySyama Raveendran
 
Ethics in functional areas
byJerinBMonachan
 
Decision Making and Information Systems
byAriful Saimon
 
Control and Audit Information System
byarif prasetyo
 
Compliance Management | Compliance Solutions
byCorporater
 
Ppt strategic information system
byamaresh tyagi
 
management information system module2
byShifas ibrahim MBA student @ ILAHIA SCHOOL OF MANAGEMENT STUDIES
 

What's hot

PPTX
Decision Support System - Management Information System
byNijaz N
 
PPTX
Multiple approaches to structure of MIS
byMohammed Jasir PV
 
PPTX
Unit 1.pptx
byVighnesh53
 
PDF
Management information system
byRamya Sree
 
PPTX
Business research methods
bySaeed Akbar
 
PPT
Corporate Compliance Management
byPavan Kumar Vijay
 
PPTX
Factor Analysis in Research
byQasim Raza
 
PPTX
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
byBiswajit Bhattacharjee
 
PPTX
Multiple approaches to structure of mis
byMohammed Irshad P
 
PPT
Process of Business Research and Types
byDeborah Sharon
 
PDF
Information Security Benchmarking 2015
byCapgemini
 
PDF
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
PPTX
Operational Risk Management
byAsad Hameed
 
PPT
MANAGERIAL ECONOMICS
byvijay rathod
 
PDF
ESG and Compliance: Where do we go from here?
byNimonik
 
PDF
ISO 27001:2022 Introduction
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
PPT
Unethical business practices
byHitesh Kukreja
 
PPTX
strategic information system
byPrateek Singh
 
PPTX
Recent Trends and Development in Business Environment- 2021
byNeeraj Garwal
 
DOCX
Research methodology theory chapt. 1- kotthari
byRubia Bhatia
 
Decision Support System - Management Information System
byNijaz N
 
Multiple approaches to structure of MIS
byMohammed Jasir PV
 
Unit 1.pptx
byVighnesh53
 
Management information system
byRamya Sree
 
Business research methods
bySaeed Akbar
 
Corporate Compliance Management
byPavan Kumar Vijay
 
Factor Analysis in Research
byQasim Raza
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
byBiswajit Bhattacharjee
 
Multiple approaches to structure of mis
byMohammed Irshad P
 
Process of Business Research and Types
byDeborah Sharon
 
Information Security Benchmarking 2015
byCapgemini
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Operational Risk Management
byAsad Hameed
 
MANAGERIAL ECONOMICS
byvijay rathod
 
ESG and Compliance: Where do we go from here?
byNimonik
 
ISO 27001:2022 Introduction
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Unethical business practices
byHitesh Kukreja
 
strategic information system
byPrateek Singh
 
Recent Trends and Development in Business Environment- 2021
byNeeraj Garwal
 
Research methodology theory chapt. 1- kotthari
byRubia Bhatia
 

Similar to Security and ethical challenges

PPT
Security And Ethical Challenges Of Infornation Technology
byparamalways
 
PPT
Rainer+3e Student Pp Ts Ch03
bykbzdox ivanovich
 
PPTX
Presentation1 110616195133-phpapp01(information security)
byBonagiri Rajitha
 
PPTX
Chapter 4: Ethics and Information Security: MIS Business Concerns
bymbroooca
 
PPT
IT-Security-20210426203847.ppt
byIan Dave Balatbat
 
PPT
IT-Security-20210426203847.ppt
byRamaNingaiah
 
PPT
IT-Security-20210426203847.ppt
byssuser6c59cb
 
PPT
IT-Security Assessment for IT assets.ppt
bysantoshsahu190428
 
PDF
7 Best Practices to Protect Critical Business Information [Infographic]
byCitrix
 
PPTX
Information Security and Privacy-Unit-1.pptx
byNiharikaDubey17
 
PPTX
IS Unit II.pptx
byLAVANYAsrietacin
 
PPTX
Information security
byLaxmiprasad Bansod
 
PDF
Cyber Security Threats | Cyberroot Risk Advisory
byCR Group
 
PPTX
ISM-CS5750-01.pptx
byRashidSahito1
 
PDF
Seattle Tech4Good meetup: Data Security and Privacy
bySabra Goldick
 
PPT
Security information for internet and security
bySomesh Kumar
 
PPTX
Project Management
byTanvirsazzad
 
PPTX
ke-1 - Copy cat massunu rahing.pptxdfdff
byAhmadNaswin
 
PDF
InformationSecurity_11141
bysraina2
 
PPT
Legal and Ethical Considerations in Nursing Informatics
byKimarie Brown
 
Security And Ethical Challenges Of Infornation Technology
byparamalways
 
Rainer+3e Student Pp Ts Ch03
bykbzdox ivanovich
 
Presentation1 110616195133-phpapp01(information security)
byBonagiri Rajitha
 
Chapter 4: Ethics and Information Security: MIS Business Concerns
bymbroooca
 
IT-Security-20210426203847.ppt
byIan Dave Balatbat
 
IT-Security-20210426203847.ppt
byRamaNingaiah
 
IT-Security-20210426203847.ppt
byssuser6c59cb
 
IT-Security Assessment for IT assets.ppt
bysantoshsahu190428
 
7 Best Practices to Protect Critical Business Information [Infographic]
byCitrix
 
Information Security and Privacy-Unit-1.pptx
byNiharikaDubey17
 
IS Unit II.pptx
byLAVANYAsrietacin
 
Information security
byLaxmiprasad Bansod
 
Cyber Security Threats | Cyberroot Risk Advisory
byCR Group
 
ISM-CS5750-01.pptx
byRashidSahito1
 
Seattle Tech4Good meetup: Data Security and Privacy
bySabra Goldick
 
Security information for internet and security
bySomesh Kumar
 
Project Management
byTanvirsazzad
 
ke-1 - Copy cat massunu rahing.pptxdfdff
byAhmadNaswin
 
InformationSecurity_11141
bysraina2
 
Legal and Ethical Considerations in Nursing Informatics
byKimarie Brown
 

More from Prof. Dr. K. Adisesha

PDF
MACHINE LEARNING Notes by Dr. K. Adisesha
byProf. Dr. K. Adisesha
 
PDF
Probabilistic and Stochastic Models Unit-3-Adi.pdf
byProf. Dr. K. Adisesha
 
PDF
Genetic Algorithm in Machine Learning PPT by-Adi
byProf. Dr. K. Adisesha
 
PDF
Unsupervised Machine Learning PPT Adi.pdf
byProf. Dr. K. Adisesha
 
PDF
Supervised Machine Learning PPT by K. Adisesha
byProf. Dr. K. Adisesha
 
PDF
Introduction to Machine Learning PPT by K. Adisesha
byProf. Dr. K. Adisesha
 
PPSX
Design and Analysis of Algorithms ppt by K. Adi
byProf. Dr. K. Adisesha
 
PPSX
Data Structure using C by Dr. K Adisesha .ppsx
byProf. Dr. K. Adisesha
 
PDF
Operating System-4 "File Management" by Adi.pdf
byProf. Dr. K. Adisesha
 
PDF
Operating System-3 "Memory Management" by Adi.pdf
byProf. Dr. K. Adisesha
 
PDF
Operating System Concepts Part-1 by_Adi.pdf
byProf. Dr. K. Adisesha
 
PDF
Operating System-2_Process Managementby_Adi.pdf
byProf. Dr. K. Adisesha
 
PDF
Software Engineering notes by K. Adisesha.pdf
byProf. Dr. K. Adisesha
 
PDF
Software Engineering-Unit 1 by Adisesha.pdf
byProf. Dr. K. Adisesha
 
PDF
Software Engineering-Unit 2 "Requirement Engineering" by Adi.pdf
byProf. Dr. K. Adisesha
 
PDF
Software Engineering-Unit 3 "System Modelling" by Adi.pdf
byProf. Dr. K. Adisesha
 
PDF
Software Engineering-Unit 4 "Architectural Design" by Adi.pdf
byProf. Dr. K. Adisesha
 
PDF
Software Engineering-Unit 5 "Software Testing"by Adi.pdf
byProf. Dr. K. Adisesha
 
PDF
Computer Networks Notes by -Dr. K. Adisesha
byProf. Dr. K. Adisesha
 
PDF
CCN Unit-1&2 Data Communication &Networking by K. Adiaesha
byProf. Dr. K. Adisesha
 
MACHINE LEARNING Notes by Dr. K. Adisesha
byProf. Dr. K. Adisesha
 
Probabilistic and Stochastic Models Unit-3-Adi.pdf
byProf. Dr. K. Adisesha
 
Genetic Algorithm in Machine Learning PPT by-Adi
byProf. Dr. K. Adisesha
 
Unsupervised Machine Learning PPT Adi.pdf
byProf. Dr. K. Adisesha
 
Supervised Machine Learning PPT by K. Adisesha
byProf. Dr. K. Adisesha
 
Introduction to Machine Learning PPT by K. Adisesha
byProf. Dr. K. Adisesha
 
Design and Analysis of Algorithms ppt by K. Adi
byProf. Dr. K. Adisesha
 
Data Structure using C by Dr. K Adisesha .ppsx
byProf. Dr. K. Adisesha
 
Operating System-4 "File Management" by Adi.pdf
byProf. Dr. K. Adisesha
 
Operating System-3 "Memory Management" by Adi.pdf
byProf. Dr. K. Adisesha
 
Operating System Concepts Part-1 by_Adi.pdf
byProf. Dr. K. Adisesha
 
Operating System-2_Process Managementby_Adi.pdf
byProf. Dr. K. Adisesha
 
Software Engineering notes by K. Adisesha.pdf
byProf. Dr. K. Adisesha
 
Software Engineering-Unit 1 by Adisesha.pdf
byProf. Dr. K. Adisesha
 
Software Engineering-Unit 2 "Requirement Engineering" by Adi.pdf
byProf. Dr. K. Adisesha
 
Software Engineering-Unit 3 "System Modelling" by Adi.pdf
byProf. Dr. K. Adisesha
 
Software Engineering-Unit 4 "Architectural Design" by Adi.pdf
byProf. Dr. K. Adisesha
 
Software Engineering-Unit 5 "Software Testing"by Adi.pdf
byProf. Dr. K. Adisesha
 
Computer Networks Notes by -Dr. K. Adisesha
byProf. Dr. K. Adisesha
 
CCN Unit-1&2 Data Communication &Networking by K. Adiaesha
byProf. Dr. K. Adisesha
 

Recently uploaded

PPTX
PRE TERM LABOR ( PREMATURE LABOUR IN PREGNANCY)
byMuthu Kumar
 
PPTX
Simulation Learning in Health Sciences and Human Service programs at Camosun ...
bygabitouss
 
PDF
BP801T BIOSTATISITCS AND RESEARCH METHODOLOGY (Theory) Unit 2 Part 1
byRushi Mandali
 
PPTX
Renal Physiology- Functional anatomy of Kidney.pptx
byDisha Soriya
 
PDF
A Study of W. H. Auden’s September 1, 1939
bypriyarathod315
 
PPTX
Greengnorance Toolkit Module 6 Water Resources
byKarl Donert
 
PPTX
13 February 2026 - Bullying in education prevalence, impact and responses acr...
byEduSkills OECD
 
PDF
Intellectual Property Rights III Types (IPR)
byAmit Gangwal
 
PPTX
Plant fibres used as surgical dressings & Sutures – Surgical Catgut and Ligat...
bySai Meer College of Pharmacy
 
PDF
Biological source, chemical constituents, and therapeutic efficacy of the fol...
bySai Meer College of Pharmacy
 
PPTX
Greengnorance Toolkit Module 4 Active Mobility and Transport
byKarl Donert
 
PDF
BP809ET COSMETIC SCIENCE (Theory) Unit 1
byRushi Mandali
 
PDF
BP502T Industrial Pharmacy I (Theory) UNIT– I (Part 1)
byRushi Mandali
 
PDF
Holm Community Heritage at St Nicholas Kirk - 2025 AGM Minutes (30.04.2025)
byAntoine Pietri
 
PPTX
Overview of How to set priority in Odoo 19 Todo
byCeline George
 
PPTX
S.Y. B. Pharm Medicinal Chemistry I Unit-I
byMs. Ashatai Patil
 
PPTX
A Memory of Two Mondays by Arthur Miller
byDhatriParmar
 
PPTX
Renal Physiology- Juxtaglomerular Apparatus.pptx
byDisha Soriya
 
PDF
AI Is a Tool, Not a Voice: Radio, Trust, and the Human Factor
byN.A. Shah Ansari
 
PPTX
Greengnorance Toolkit Module 5 Waste Management
byKarl Donert
 
PRE TERM LABOR ( PREMATURE LABOUR IN PREGNANCY)
byMuthu Kumar
 
Simulation Learning in Health Sciences and Human Service programs at Camosun ...
bygabitouss
 
BP801T BIOSTATISITCS AND RESEARCH METHODOLOGY (Theory) Unit 2 Part 1
byRushi Mandali
 
Renal Physiology- Functional anatomy of Kidney.pptx
byDisha Soriya
 
A Study of W. H. Auden’s September 1, 1939
bypriyarathod315
 
Greengnorance Toolkit Module 6 Water Resources
byKarl Donert
 
13 February 2026 - Bullying in education prevalence, impact and responses acr...
byEduSkills OECD
 
Intellectual Property Rights III Types (IPR)
byAmit Gangwal
 
Plant fibres used as surgical dressings & Sutures – Surgical Catgut and Ligat...
bySai Meer College of Pharmacy
 
Biological source, chemical constituents, and therapeutic efficacy of the fol...
bySai Meer College of Pharmacy
 
Greengnorance Toolkit Module 4 Active Mobility and Transport
byKarl Donert
 
BP809ET COSMETIC SCIENCE (Theory) Unit 1
byRushi Mandali
 
BP502T Industrial Pharmacy I (Theory) UNIT– I (Part 1)
byRushi Mandali
 
Holm Community Heritage at St Nicholas Kirk - 2025 AGM Minutes (30.04.2025)
byAntoine Pietri
 
Overview of How to set priority in Odoo 19 Todo
byCeline George
 
S.Y. B. Pharm Medicinal Chemistry I Unit-I
byMs. Ashatai Patil
 
A Memory of Two Mondays by Arthur Miller
byDhatriParmar
 
Renal Physiology- Juxtaglomerular Apparatus.pptx
byDisha Soriya
 
AI Is a Tool, Not a Voice: Radio, Trust, and the Human Factor
byN.A. Shah Ansari
 
Greengnorance Toolkit Module 5 Waste Management
byKarl Donert
 

Security and ethical challenges

  • 1.
  • 2.
    Learning Objectives 1. Identifyseveral ethical issues in how the use of information technologies in business affects employment, individuality, working conditions, privacy crime, health, and solutions to societal problems. 2. Identify several types of security management strategies and defences, and explain how they can be used to ensure the security of business applications of information technology. 3. Propose several ways that business managers and professionals can help to lessen the harmful effects and increase the beneficial effects of the use of information technology.
  • 3.
    Security and Ethics •Major Security Challenges • Serious Ethical Questions • Threats to Business and Individuals • Real World Case 1- F-Secure, Microsoft, GM, and Verizon: The Business Challenge of Computer Viruses Click to go to Case 1 K. Adisesha 3
  • 4.
    Security and EthicsBusiness/ITSecurity, Ethics, and Society Employment Health Individuality Privacy Working Conditions Crime Business/IT Security Ethics and Society K. Adisesha 4
  • 5.
    Security and Ethics •BusinessEthics •Stockholder Theory •Social Contract Theory •Stakeholder Theory Ethical Responsibility K. Adisesha 5
  • 6.
    Security and Ethics EthicalResponsibility K. Adisesha 6
  • 7.
    Security and Ethics TechnologyEthics K. Adisesha 7
  • 8.
    Security and Ethics EthicalGuidelines K. Adisesha 8
  • 9.
    Security and Ethics EnronCorporation: Failure in Business Ethics • Drove Stock Prices Higher Never Mentioning Any Weaknesses • Promised Much – Delivered Little • Finally Admitted Overstated Earnings by $586 Million in 1997 • 1998 Third Quarter Loss $638 Million – Filed Bankruptcy • Greed and Mismanagement Destroyed a Potentially Successful Business Plan K. Adisesha 9
  • 10.
    Security Management • Securityis 6 to 8% of IT Budget in Developing Countries • 63% Have or Plan to Have Position of Chief Privacy or Information Officer in the Next Two Years • 40% Have a Chief Privacy Officer and Another 6% Intend One in the Next Two Years • 39% Acknowledge that their Systems Have Been Compromised in the Past Year • 24% Have Cyber Risk Insurance and 5% Intend to Acquire Such Coverage K. Adisesha 10
  • 11.
    Antivirus 96% Virtual Private Networks 86% Intrusion-DetectionSystems 85% Content Filtering/Monitoring 77% Public-Key Infrastructure 45% Smart Cards 43% Biometrics 19% Security Technology Used Security Management K. Adisesha 11
  • 12.
    PayPal, Inc. Cybercrimeon the Internet • Online Payment Processing Company • Observed Questionable Accounts Being Opened • Froze Accounts Used to Buy Expensive Goods For Purchasers in Russia • Used Sniffer Software and Located Users Capturing PayPal Ids and Passwords • More than $100,000 in Fraudulent Charges • Crooks Arrested by FBI Security Management K. Adisesha 12
  • 13.
    Computer Crime • Hacking •Cyber Theft • Unauthorized Use of Work • Piracy of Intellectual Property • Computer Viruses and Worms Security Management K. Adisesha 13
  • 14.
    Examples of CommonHacking Security Management K. Adisesha 14
  • 15.
    Recourse Technologies: Insider ComputerCrime • Link Between Company Financial Difficulty and Insider Computer Crimes • Use of “Honey Pots” Filled with Phony Data to Attract Hackers • Software Catches Criminal Activity in Seconds • Crime Exposed and Stopped Security Management K. Adisesha 15
  • 16.
    Internet Abuses inthe Workplace Security Management K. Adisesha 16
  • 17.
    Network Monitoring Software SecurityManagement K. Adisesha 17
  • 18.
    AGM Container Controls: StealingTime and Resources • The Net Contains Many Productivity Distractions • Remedies Include Monitoring Internet Use and Blocking Sites Unrelated to Work • Importance of Telling Employees About Monitoring • Use of Software Monitoring Provided Rebuttal Answers To Web Use Discussions Security Management K. Adisesha 18
  • 19.
    Copying Music CDs:Intellectual Property Controversy • RIAA Crack Down on Music Piracy • Web Sites Fighting Back • 140 Million Writable Drives In Use • Billions of Blank CDs Sold While Music CD Sales Are Going Down • Pirates Reluctant to Go Away Security Management K. Adisesha 19
  • 20.
    Facts About RecentComputer Viruses and Worms Security Management K. Adisesha 20
  • 21.
    University of Chicago:The Nimda Worm • Nimda Worm Launch Sept. 18, 2001 Mass Mailing of Malicious Code Attacking MS-Windows • Took Advantage of Back Doors Previously Left Behind • In Four Hours the University of Chicago’s Web Servers were Scanned by 7,000 Unique IPAddresses Looking for Weaknesses • Many Servers Had to Be Disconnected Security Management K. Adisesha 21
  • 22.
    Right to Privacy Privacyon the Internet Acxiom, Inc. Challenges to Consumer Privacy • Acxiom – 30 Years Amassing Massive Database • Sells Data to Subscribers • Use by Telemarketers and Credit Firms Privacy Issues K. Adisesha 22
  • 23.
    Right to Privacy •ComputerProfiling •Computer Matching •Privacy Laws •Computer Libel and Censorship •Spamming •Flaming Privacy Issues K. Adisesha 23
  • 24.
    Other Challenges •Employment Challenges •WorkingConditions •Individuality Issues •Health Issues Privacy Issues K. Adisesha 24
  • 25.
  • 26.
    Ergonomics • Job Stress •Cumulative Trauma Disorders (CTDs) • Carpal Tunnel Syndrome • Human Factors Engineering • Societal Solutions Privacy Issues K. Adisesha 26
  • 27.
    Security Management of InformationTechnology • Business Value of Security Management • Protection for all Vital Business Elements Real World Case 2- Geisinger Health Systems and Du Pont: Security Management of Data Resources and Process Control Networks Click to go to Case 2 K. Adisesha 27
  • 28.
    Security Management of InformationTechnology Tools of Security Management
  • 29.
    Security Management of InformationTechnology • Need for Security Management Caused by Increased Use of Links Between Business Units • Greater Openness Means Greater Vulnerabilities • Better Use of Identifying, Authenticating Users and Controlling Access to Data • Theft Should Be Made as Difficult as Possible Providence Health and Cervalis: Security Management Issues K. Adisesha 29
  • 30.
    Security Management of InformationTechnology •Encryption –Public Key –Private Key Graphically… Internetworked Security Defenses K. Adisesha 30
  • 31.
  • 32.
    Firewalls Security Management of InformationTechnology Firewall Intranet Server Firewall Router Router Intranet Server Host System Internet 1 2 3 4 4 5 1 External Firewall Blocks Outsiders 2 Internal Firewall Blocks Restricted Materials 3 Use of Passwords and Browser Security 4 Performs Authentication and Encryption 5 Careful Network Interface Design K. Adisesha 32
  • 33.
    Security Management of InformationTechnology • Worldwide Search for Active IP Addresses • Sophisticated Probes Scan Any Home or Work Location • Personal Firewalls Help Block Intruders • Firewalls Generally Good at Protecting Computers from Most Hacking Efforts Barry Nance: Testing PC Firewall Security K. Adisesha 33
  • 34.
    Security Management of InformationTechnology • MTV.com Website Targeted for Distributed Denial of Service (DDOS) Attacks During Fall Peak Periods • Some People Try to Crash MTV Sites • Parent Viacom Installed Software to Filter out DDOS Attacks • Website Downtime Reduced MTV Networks: Denial of Service Defenses K. Adisesha 34
  • 35.
    Defending Against Denialof Service Attacks Security Management of Information Technology K. Adisesha 35
  • 36.
    Security Management of InformationTechnology • e-Sniff Monitoring Device Searches e-Mail by Key Word or Records of Web Sites Visited • 82% of Businesses Monitor Web Use • Close to 100% of Workers Register Some Improper Use Sonalysts, Inc.: Corporate e-Mail Monitoring K. Adisesha 36
  • 37.
    Security Management of InformationTechnology • Much Software Was Unable to Stop Nimda Worm • Software Alone is Often Not Enough to Clean System • Until Better Software is Developed, A Complete System Disconnect and Purge May Be the Only Solution TrueSecure and 724 Inc.: Limitations of Antivirus Software K. Adisesha 37
  • 38.
    Example Security SuiteInterface Security Management of Information Technology K. Adisesha 38
  • 39.
    Other Security Measures SecurityManagement of Information Technology • Security Codes • Multilevel Password System –Smart Cards • Backup Files –Child, Parent, Grandparent Files • System Security Monitors • Biometric Security K. Adisesha 39
  • 40.
    Example Security Monitor SecurityManagement of Information Technology K. Adisesha 40
  • 41.
    Evaluation of Biometric Security SecurityManagement of Information Technology K. Adisesha 41
  • 42.
    Computer Failure Controls SecurityManagement of Information Technology •Fault Tolerant Systems –Fail-Over –Fail-Safe –Fail-Soft •Disaster Recovery K. Adisesha 42
  • 43.
    Methods of FaultTolerance Security Management of Information Technology K. Adisesha 43
  • 44.
    Visa International: Fault TolerantSystems Security Management of Information Technology • Only 100% Uptime is Acceptable • Only 98 Minutes of Downtime in 12 Years • 1 Billion Transactions Worth $2 Trillion in Transactions a Year • 4 Global Processing Centers • Multiple Layers of Redundancy and Backup • Software Testing and Art FormK. Adisesha 44
  • 45.
    Systems Controls and Audits •Information System Controls • Garbage-In, Garbage-Out (GIGO) • Auditing IT Security • Audit Trails • Control Logs K. Adisesha 45
  • 46.
    Systems Controls and Audits SecurityCodes Encryption Data Entry Screens Error Signals Control Totals Security Codes Encryption Control Totals Control Listings End User Feedback Security Codes Encryption Backup Files Library Procedures Database Administration Input Controls Output Controls Storage Controls Processing Controls Software Controls Hardware Controls Firewalls Checkpoints K. Adisesha 46
  • 47.
    Summary • Ethical andSocietal Dimensions • Ethical Responsibility in Business • Security Management K. Adisesha 47
  • 48.
    KEY TERMS Antivirus software Audittrail Auditing business systems Backup files Biometric security Business ethics Computer crime Computer matching Computer monitoring Computer virus Denial of service Disaster recovery Encryption Ergonomics Ethical and Societal Impacts of business/IT a. Employment b. Health c. Individuality d. Societal Solutions e. Working Conditions Ethical foundations Fault tolerant Firewall Flaming Hacking Information system controls Intellectual property piracy Passwords Privacy issues Responsible professional Security management Software piracy Spamming System security monitor Unauthorized use K. Adisesha 48
  • 49.
    Real World Case1 The Business Challenge of Computer Viruses Click to go to Case 1 Real World Case 2 Security Management of Data Resources and Process Control Networks Click to go to Case 2 Optional Case Studies Real World Case 3 Security Management of Windows Software Real World Case 4 Managing Network Security Systems Click to go to Case 3 Click to go to Case 4 K. Adisesha 49
  • 50.
    Enterprise and Global Managementof Information Technology K. Adisesha 50
  • 51.
    1- What securitymeasures should companies, business professionals, and consumers take to protect their systems from being damaged by computer worms and viruses? The Business Challenge of Computer Viruses K. Adisesha 51
  • 52.
    The Business Challenge ofComputer Viruses • Businesses Should – “Get Serious” About Cyber Security – Stop Relying on Microsoft 's Backbone • Businesses Need Better Procedures for Security Updating • Businesses Should Update Security Defenses Discussion Points Would Include: K. Adisesha 52
  • 53.
    2- What isthe business and ethical responsibility of Microsoft in helping to prevent the spread of computer viruses? Have they met this responsibility? Why or why not? The Business Challenge of Computer Viruses K. Adisesha 53
  • 54.
    The Business Challenge ofComputer Viruses Microsoft (95% Market Share) Must Ensure Software is Hostile to Hackers Must Write Better Software Microsoft and Others Must make Security Higher Priority The Responsibility of Security is the User Not Bender Discussion Points Would Include: K. Adisesha 54
  • 55.
    3- What areseveral possible reasons why some companies (like GM) were seriously affected by computer viruses, while others (like Verizon) were not? The Business Challenge of Computer Viruses Return to Cases Page K. Adisesha 55
  • 56.
    The Business Challenge ofComputer Viruses • Undue Dependence on Microsoft for Quality Software • GM Ignored Security until It was Too Late • Companies Paid More Attention to Bottom Line than Security Reasons Would Include: Return to Cases Page K. Adisesha 56
  • 57.
    The Business Challenge ofComputer Viruses • Undue Dependence on Microsoft for Quality Software • GM Ignored Security until It was Too Late • Companies Paid More Attention to Bottom Line than Security • Inadequate Planning for Improving Security Reasons Would Include: Return to Cases Page K. Adisesha 57
  • 58.
    Security Management ofData Resources and Process Control Networks 1- What are several possible reasons why some companies (like GM) were seriously affected by computer viruses, while others (like Verizon) were not? Return to Cases Page K. Adisesha 58
  • 59.
    Security Management ofData Resources and Process Control Networks • Key Components of a Security System: – Understanding Workflow – Assessing Risk – Educating Users • MvChart needed Installed on Hardware Separate from EMK system Discussion Points Would Include: K. Adisesha 59
  • 60.
    Security Management ofData Resources and Process Control Networks • Biometric and Proximity Devices Streamline Secure Network Access • Requiring Caregivers Access to Patient Information via the Internet Using: – Electronic Token Identification – A Virtual Private Network • Other Encryption Methods Discussion Points Would Include: K. Adisesha 60
  • 61.
    Security Management ofData Resources and Process Control Networks 2- What security measures is Du Pont taking to protect their process control networks? Are these measures adequate? Explain your evaluation. K. Adisesha 61
  • 62.
    Security Management ofData Resources and Process Control Networks • Du Pont Co.-The Critical Manufacturing Processes, will Isolate Process Systems from Business systems by: – Not Connecting our Networks, – Or it will Add Firewalls to Control Access Discussion Points Would Include: K. Adisesha 62
  • 63.
    Security Management ofData Resources and Process Control Networks • A Team-IT Staffers, Process-Control Engineers, and Manufacturing Employees was Established to: – Discern Control Devices Critical to Manufacturing, Safety and Continuity of Production – Identify Assets of – Hardware, Data, and Software Applications – Testing Fixes and Workarounds for Specific Machines – Recognizing Precise Vulnerabilities Differ by Environment – Determining how to Separate Networks Discussion Points Would Include: K. Adisesha 63
  • 64.
    Security Management ofData Resources and Process Control Networks 3- What are several other steps Geisinger and Du Pont could take to increase the security of their data and network resources? Explain the value of your proposals. Return to Cases Page K. Adisesha 64
  • 65.
    Security Management ofData Resources and Process Control Networks Include the Concepts Presented in the Chapter Material and Additional Considerations That You Have Located on the Internet Discussion Points Would Include: Return to Cases Page K. Adisesha 65
  • 66.
    1- What securityproblems are typically remedied by Microsoft’s security patches for Windows? Why do such problems arise in the first place? Return to Cases Page Security Management of Windows Software K. Adisesha 66
  • 67.
    Security Management ofWindows Software • Vulnerability to Computer Viruses (Worms) • Microsoft’s Push to Deliver New Versions – That have not been tested and/or • Designed Properly to Reduce Vulnerability Discussion Points Would Include: K. Adisesha 67
  • 68.
    2- What challengesdoes the process of applying Windows patches pose for many businesses? What are some limitations of the patching process? Security Management of Windows Software K. Adisesha 68
  • 69.
    Security Management ofWindows Software • Patching Required Companies to Drop Everything with Finite Resources • Larger Companies Need Time to Properly Test • Companies Faced with Limited Scope for Downtime Discussion Points Would Include: K. Adisesha 69
  • 70.
    3- Does thebusiness value of applying Windows patches outweigh its costs, limitations, and the demands it places on the IT function? Why or why not? Security Management of Windows Software Return to Cases Page K. Adisesha 70
  • 71.
    Security Management ofWindows Software • Exploit-Proof Code Patching is Best Strategy • Microsoft’s Windows Update Patch Management Program – Has a Critical Shortcoming – Could Fool Users-They have Been Properly Patched – Users are Really Vulnerable-Patch not Fixed • Users have Reported Patches don't Always Deploy Properly Discussion Points Would Include: Return to Cases Page K. Adisesha 71
  • 72.
    Security Management ofWindows Software • Exploit-Proof Code Patching is Best Strategy • Microsoft’s Windows Update Patch Management Program – Has a Critical Shortcoming – Could Fool Users-They have Been Properly Patched – Users are Really Vulnerable-Patch not Fixed • Users have Reported Patches don't Always Deploy Properly • Microsoft Patches have Serious Security Vulnerability Discussion Points Would Include: Return to Cases Page K. Adisesha 72
  • 73.
    1- What isthe function of each of the network security tools identified in this case? Visit the websites of security firms Check Point and NetForensics to help you answer. Return to Cases Page Managing Network Security Systems K. Adisesha 73
  • 74.
    Managing Network Security Systems •Network Intrusion-Detection Systems • Firewalls • Anti-Virus Tools • Automating the Process – Gathering – Consolidating – Correlating – Prioritizing Data from Security Event • Collecting Data from Individual Security Systems • “Normalizing” Data to Quickly Identify Potential Attacks Discussion Points Would Include: K. Adisesha 74
  • 75.
    2- What isthe value of security information management software to a company? Use the companies in this case as examples. Managing Network Security Systems K. Adisesha 75
  • 76.
    Managing Network SecuritySystems • Provides a Single Place To Get Information • Automated Gathering, Consolidating, and Correlating Data –Into a Usable Format to Analyze –Used to Establish Priorities • Permits Businesses to React Faster to Activity • Reduces the Number of False Alerts • Allows Companies to Drill Down into Attach Details Discussion Points Would Include: K. Adisesha 76
  • 77.
    3- What cansmaller firms who cannot afford the cost of such software do to properly manage and use the information about security from their network security systems? Give several examples. Managing Network Security Systems Return to Cases Page K. Adisesha 77
  • 78.
    Managing Network SecuritySystems •Plan for Having Periodic Audits of IT Security •Review/Update Regularly Control Features of IT •Regularly Change Passwords-To Access System •Develop a Backup Plan and Implement Discussion Points Would Include: Return to Cases Page K. Adisesha 78
  • 79.
    Managing Network Security Systems •Planfor Having Periodic Audits of IT Security •Review/Update Regularly Control Features of IT •Regularly Change Passwords-To Access System •Develop a Backup Plan and Implement •Develop Plan for Disaster Recovery Discussion Points Would Include: Return to Cases Page K. Adisesha 79
  • 80.
    Security and EthicalChallenges Thank you K. Adisesha 80