SlideShare a Scribd company logo

Security and ethical challenges

Prof. Dr. K. Adisesha
Prof. Dr. K. Adisesha

This document discusses security and ethical challenges related to information technology. It covers several topics: - Identifying ethical issues related to how IT affects employment, individuality, privacy, health, and solving societal problems. - Different types of security management strategies and defenses that can protect business IT applications. - Ways that business managers can help reduce harmful effects and increase benefits of IT use.

Education
1 of 80
Download to read offline
Security and Ethical Challenges
Learning Objectives 1. Identify several ethical issues in how the use of information technologies in business affects employment, individuality, working conditions, privacy crime, health, and solutions to societal problems. 2. Identify several types of security management strategies and defences, and explain how they can be used to ensure the security of business applications of information technology. 3. Propose several ways that business managers and professionals can help to lessen the harmful effects and increase the beneficial effects of the use of information technology.
Security and Ethics • Major Security Challenges • Serious Ethical Questions • Threats to Business and Individuals • Real World Case 1- F-Secure, Microsoft, GM, and Verizon: The Business Challenge of Computer Viruses Click to go to Case 1 K. Adisesha 3
Security and EthicsBusiness/IT Security, Ethics, and Society Employment Health Individuality Privacy Working Conditions Crime Business/IT Security Ethics and Society K. Adisesha 4
Security and Ethics •Business Ethics •Stockholder Theory •Social Contract Theory •Stakeholder Theory Ethical Responsibility K. Adisesha 5
Security and Ethics Ethical Responsibility K. Adisesha 6
Security and Ethics Technology Ethics K. Adisesha 7
Security and Ethics Ethical Guidelines K. Adisesha 8
Security and Ethics Enron Corporation: Failure in Business Ethics • Drove Stock Prices Higher Never Mentioning Any Weaknesses • Promised Much – Delivered Little • Finally Admitted Overstated Earnings by $586 Million in 1997 • 1998 Third Quarter Loss $638 Million – Filed Bankruptcy • Greed and Mismanagement Destroyed a Potentially Successful Business Plan K. Adisesha 9
Security Management • Security is 6 to 8% of IT Budget in Developing Countries • 63% Have or Plan to Have Position of Chief Privacy or Information Officer in the Next Two Years • 40% Have a Chief Privacy Officer and Another 6% Intend One in the Next Two Years • 39% Acknowledge that their Systems Have Been Compromised in the Past Year • 24% Have Cyber Risk Insurance and 5% Intend to Acquire Such Coverage K. Adisesha 10
Antivirus 96% Virtual Private Networks 86% Intrusion-Detection Systems 85% Content Filtering/Monitoring 77% Public-Key Infrastructure 45% Smart Cards 43% Biometrics 19% Security Technology Used Security Management K. Adisesha 11
PayPal, Inc. Cybercrime on the Internet • Online Payment Processing Company • Observed Questionable Accounts Being Opened • Froze Accounts Used to Buy Expensive Goods For Purchasers in Russia • Used Sniffer Software and Located Users Capturing PayPal Ids and Passwords • More than $100,000 in Fraudulent Charges • Crooks Arrested by FBI Security Management K. Adisesha 12
Computer Crime • Hacking • Cyber Theft • Unauthorized Use of Work • Piracy of Intellectual Property • Computer Viruses and Worms Security Management K. Adisesha 13
Examples of Common Hacking Security Management K. Adisesha 14
Recourse Technologies: Insider Computer Crime • Link Between Company Financial Difficulty and Insider Computer Crimes • Use of “Honey Pots” Filled with Phony Data to Attract Hackers • Software Catches Criminal Activity in Seconds • Crime Exposed and Stopped Security Management K. Adisesha 15
Internet Abuses in the Workplace Security Management K. Adisesha 16
Network Monitoring Software Security Management K. Adisesha 17
AGM Container Controls: Stealing Time and Resources • The Net Contains Many Productivity Distractions • Remedies Include Monitoring Internet Use and Blocking Sites Unrelated to Work • Importance of Telling Employees About Monitoring • Use of Software Monitoring Provided Rebuttal Answers To Web Use Discussions Security Management K. Adisesha 18
Copying Music CDs: Intellectual Property Controversy • RIAA Crack Down on Music Piracy • Web Sites Fighting Back • 140 Million Writable Drives In Use • Billions of Blank CDs Sold While Music CD Sales Are Going Down • Pirates Reluctant to Go Away Security Management K. Adisesha 19
Facts About Recent Computer Viruses and Worms Security Management K. Adisesha 20
University of Chicago: The Nimda Worm • Nimda Worm Launch Sept. 18, 2001 Mass Mailing of Malicious Code Attacking MS-Windows • Took Advantage of Back Doors Previously Left Behind • In Four Hours the University of Chicago’s Web Servers were Scanned by 7,000 Unique IPAddresses Looking for Weaknesses • Many Servers Had to Be Disconnected Security Management K. Adisesha 21
Right to Privacy Privacy on the Internet Acxiom, Inc. Challenges to Consumer Privacy • Acxiom – 30 Years Amassing Massive Database • Sells Data to Subscribers • Use by Telemarketers and Credit Firms Privacy Issues K. Adisesha 22
Right to Privacy •Computer Profiling •Computer Matching •Privacy Laws •Computer Libel and Censorship •Spamming •Flaming Privacy Issues K. Adisesha 23
Other Challenges •Employment Challenges •Working Conditions •Individuality Issues •Health Issues Privacy Issues K. Adisesha 24
Ergonomics Privacy Issues K. Adisesha 25
Ergonomics • Job Stress • Cumulative Trauma Disorders (CTDs) • Carpal Tunnel Syndrome • Human Factors Engineering • Societal Solutions Privacy Issues K. Adisesha 26
Security Management of Information Technology • Business Value of Security Management • Protection for all Vital Business Elements Real World Case 2- Geisinger Health Systems and Du Pont: Security Management of Data Resources and Process Control Networks Click to go to Case 2 K. Adisesha 27
Security Management of Information Technology Tools of Security Management
Security Management of Information Technology • Need for Security Management Caused by Increased Use of Links Between Business Units • Greater Openness Means Greater Vulnerabilities • Better Use of Identifying, Authenticating Users and Controlling Access to Data • Theft Should Be Made as Difficult as Possible Providence Health and Cervalis: Security Management Issues K. Adisesha 29
Security Management of Information Technology •Encryption –Public Key –Private Key Graphically… Internetworked Security Defenses K. Adisesha 30
Encryption Security Management of Information Technology K. Adisesha 31
Firewalls Security Management of Information Technology Firewall Intranet Server Firewall Router Router Intranet Server Host System Internet 1 2 3 4 4 5 1 External Firewall Blocks Outsiders 2 Internal Firewall Blocks Restricted Materials 3 Use of Passwords and Browser Security 4 Performs Authentication and Encryption 5 Careful Network Interface Design K. Adisesha 32
Security Management of Information Technology • Worldwide Search for Active IP Addresses • Sophisticated Probes Scan Any Home or Work Location • Personal Firewalls Help Block Intruders • Firewalls Generally Good at Protecting Computers from Most Hacking Efforts Barry Nance: Testing PC Firewall Security K. Adisesha 33
Security Management of Information Technology • MTV.com Website Targeted for Distributed Denial of Service (DDOS) Attacks During Fall Peak Periods • Some People Try to Crash MTV Sites • Parent Viacom Installed Software to Filter out DDOS Attacks • Website Downtime Reduced MTV Networks: Denial of Service Defenses K. Adisesha 34
Defending Against Denial of Service Attacks Security Management of Information Technology K. Adisesha 35
Security Management of Information Technology • e-Sniff Monitoring Device Searches e-Mail by Key Word or Records of Web Sites Visited • 82% of Businesses Monitor Web Use • Close to 100% of Workers Register Some Improper Use Sonalysts, Inc.: Corporate e-Mail Monitoring K. Adisesha 36
Security Management of Information Technology • Much Software Was Unable to Stop Nimda Worm • Software Alone is Often Not Enough to Clean System • Until Better Software is Developed, A Complete System Disconnect and Purge May Be the Only Solution TrueSecure and 724 Inc.: Limitations of Antivirus Software K. Adisesha 37
Example Security Suite Interface Security Management of Information Technology K. Adisesha 38
Other Security Measures Security Management of Information Technology • Security Codes • Multilevel Password System –Smart Cards • Backup Files –Child, Parent, Grandparent Files • System Security Monitors • Biometric Security K. Adisesha 39
Example Security Monitor Security Management of Information Technology K. Adisesha 40
Evaluation of Biometric Security Security Management of Information Technology K. Adisesha 41
Computer Failure Controls Security Management of Information Technology •Fault Tolerant Systems –Fail-Over –Fail-Safe –Fail-Soft •Disaster Recovery K. Adisesha 42
Methods of Fault Tolerance Security Management of Information Technology K. Adisesha 43
Visa International: Fault Tolerant Systems Security Management of Information Technology • Only 100% Uptime is Acceptable • Only 98 Minutes of Downtime in 12 Years • 1 Billion Transactions Worth $2 Trillion in Transactions a Year • 4 Global Processing Centers • Multiple Layers of Redundancy and Backup • Software Testing and Art FormK. Adisesha 44
Systems Controls and Audits • Information System Controls • Garbage-In, Garbage-Out (GIGO) • Auditing IT Security • Audit Trails • Control Logs K. Adisesha 45
Systems Controls and Audits Security Codes Encryption Data Entry Screens Error Signals Control Totals Security Codes Encryption Control Totals Control Listings End User Feedback Security Codes Encryption Backup Files Library Procedures Database Administration Input Controls Output Controls Storage Controls Processing Controls Software Controls Hardware Controls Firewalls Checkpoints K. Adisesha 46
Summary • Ethical and Societal Dimensions • Ethical Responsibility in Business • Security Management K. Adisesha 47
KEY TERMS Antivirus software Audit trail Auditing business systems Backup files Biometric security Business ethics Computer crime Computer matching Computer monitoring Computer virus Denial of service Disaster recovery Encryption Ergonomics Ethical and Societal Impacts of business/IT a. Employment b. Health c. Individuality d. Societal Solutions e. Working Conditions Ethical foundations Fault tolerant Firewall Flaming Hacking Information system controls Intellectual property piracy Passwords Privacy issues Responsible professional Security management Software piracy Spamming System security monitor Unauthorized use K. Adisesha 48
Real World Case 1 The Business Challenge of Computer Viruses Click to go to Case 1 Real World Case 2 Security Management of Data Resources and Process Control Networks Click to go to Case 2 Optional Case Studies Real World Case 3 Security Management of Windows Software Real World Case 4 Managing Network Security Systems Click to go to Case 3 Click to go to Case 4 K. Adisesha 49
Enterprise and Global Management of Information Technology K. Adisesha 50
1- What security measures should companies, business professionals, and consumers take to protect their systems from being damaged by computer worms and viruses? The Business Challenge of Computer Viruses K. Adisesha 51
The Business Challenge of Computer Viruses • Businesses Should – “Get Serious” About Cyber Security – Stop Relying on Microsoft 's Backbone • Businesses Need Better Procedures for Security Updating • Businesses Should Update Security Defenses Discussion Points Would Include: K. Adisesha 52
2- What is the business and ethical responsibility of Microsoft in helping to prevent the spread of computer viruses? Have they met this responsibility? Why or why not? The Business Challenge of Computer Viruses K. Adisesha 53
The Business Challenge of Computer Viruses Microsoft (95% Market Share) Must Ensure Software is Hostile to Hackers Must Write Better Software Microsoft and Others Must make Security Higher Priority The Responsibility of Security is the User Not Bender Discussion Points Would Include: K. Adisesha 54
3- What are several possible reasons why some companies (like GM) were seriously affected by computer viruses, while others (like Verizon) were not? The Business Challenge of Computer Viruses Return to Cases Page K. Adisesha 55
The Business Challenge of Computer Viruses • Undue Dependence on Microsoft for Quality Software • GM Ignored Security until It was Too Late • Companies Paid More Attention to Bottom Line than Security Reasons Would Include: Return to Cases Page K. Adisesha 56
The Business Challenge of Computer Viruses • Undue Dependence on Microsoft for Quality Software • GM Ignored Security until It was Too Late • Companies Paid More Attention to Bottom Line than Security • Inadequate Planning for Improving Security Reasons Would Include: Return to Cases Page K. Adisesha 57
Security Management of Data Resources and Process Control Networks 1- What are several possible reasons why some companies (like GM) were seriously affected by computer viruses, while others (like Verizon) were not? Return to Cases Page K. Adisesha 58
Security Management of Data Resources and Process Control Networks • Key Components of a Security System: – Understanding Workflow – Assessing Risk – Educating Users • MvChart needed Installed on Hardware Separate from EMK system Discussion Points Would Include: K. Adisesha 59
Security Management of Data Resources and Process Control Networks • Biometric and Proximity Devices Streamline Secure Network Access • Requiring Caregivers Access to Patient Information via the Internet Using: – Electronic Token Identification – A Virtual Private Network • Other Encryption Methods Discussion Points Would Include: K. Adisesha 60
Security Management of Data Resources and Process Control Networks 2- What security measures is Du Pont taking to protect their process control networks? Are these measures adequate? Explain your evaluation. K. Adisesha 61
Security Management of Data Resources and Process Control Networks • Du Pont Co.-The Critical Manufacturing Processes, will Isolate Process Systems from Business systems by: – Not Connecting our Networks, – Or it will Add Firewalls to Control Access Discussion Points Would Include: K. Adisesha 62
Security Management of Data Resources and Process Control Networks • A Team-IT Staffers, Process-Control Engineers, and Manufacturing Employees was Established to: – Discern Control Devices Critical to Manufacturing, Safety and Continuity of Production – Identify Assets of – Hardware, Data, and Software Applications – Testing Fixes and Workarounds for Specific Machines – Recognizing Precise Vulnerabilities Differ by Environment – Determining how to Separate Networks Discussion Points Would Include: K. Adisesha 63
Security Management of Data Resources and Process Control Networks 3- What are several other steps Geisinger and Du Pont could take to increase the security of their data and network resources? Explain the value of your proposals. Return to Cases Page K. Adisesha 64
Security Management of Data Resources and Process Control Networks Include the Concepts Presented in the Chapter Material and Additional Considerations That You Have Located on the Internet Discussion Points Would Include: Return to Cases Page K. Adisesha 65
1- What security problems are typically remedied by Microsoft’s security patches for Windows? Why do such problems arise in the first place? Return to Cases Page Security Management of Windows Software K. Adisesha 66
Security Management of Windows Software • Vulnerability to Computer Viruses (Worms) • Microsoft’s Push to Deliver New Versions – That have not been tested and/or • Designed Properly to Reduce Vulnerability Discussion Points Would Include: K. Adisesha 67
2- What challenges does the process of applying Windows patches pose for many businesses? What are some limitations of the patching process? Security Management of Windows Software K. Adisesha 68
Security Management of Windows Software • Patching Required Companies to Drop Everything with Finite Resources • Larger Companies Need Time to Properly Test • Companies Faced with Limited Scope for Downtime Discussion Points Would Include: K. Adisesha 69
3- Does the business value of applying Windows patches outweigh its costs, limitations, and the demands it places on the IT function? Why or why not? Security Management of Windows Software Return to Cases Page K. Adisesha 70
Security Management of Windows Software • Exploit-Proof Code Patching is Best Strategy • Microsoft’s Windows Update Patch Management Program – Has a Critical Shortcoming – Could Fool Users-They have Been Properly Patched – Users are Really Vulnerable-Patch not Fixed • Users have Reported Patches don't Always Deploy Properly Discussion Points Would Include: Return to Cases Page K. Adisesha 71
Security Management of Windows Software • Exploit-Proof Code Patching is Best Strategy • Microsoft’s Windows Update Patch Management Program – Has a Critical Shortcoming – Could Fool Users-They have Been Properly Patched – Users are Really Vulnerable-Patch not Fixed • Users have Reported Patches don't Always Deploy Properly • Microsoft Patches have Serious Security Vulnerability Discussion Points Would Include: Return to Cases Page K. Adisesha 72
1- What is the function of each of the network security tools identified in this case? Visit the websites of security firms Check Point and NetForensics to help you answer. Return to Cases Page Managing Network Security Systems K. Adisesha 73
Managing Network Security Systems • Network Intrusion-Detection Systems • Firewalls • Anti-Virus Tools • Automating the Process – Gathering – Consolidating – Correlating – Prioritizing Data from Security Event • Collecting Data from Individual Security Systems • “Normalizing” Data to Quickly Identify Potential Attacks Discussion Points Would Include: K. Adisesha 74
2- What is the value of security information management software to a company? Use the companies in this case as examples. Managing Network Security Systems K. Adisesha 75
Managing Network Security Systems • Provides a Single Place To Get Information • Automated Gathering, Consolidating, and Correlating Data –Into a Usable Format to Analyze –Used to Establish Priorities • Permits Businesses to React Faster to Activity • Reduces the Number of False Alerts • Allows Companies to Drill Down into Attach Details Discussion Points Would Include: K. Adisesha 76
3- What can smaller firms who cannot afford the cost of such software do to properly manage and use the information about security from their network security systems? Give several examples. Managing Network Security Systems Return to Cases Page K. Adisesha 77
Managing Network Security Systems •Plan for Having Periodic Audits of IT Security •Review/Update Regularly Control Features of IT •Regularly Change Passwords-To Access System •Develop a Backup Plan and Implement Discussion Points Would Include: Return to Cases Page K. Adisesha 78
Managing Network Security Systems •Plan for Having Periodic Audits of IT Security •Review/Update Regularly Control Features of IT •Regularly Change Passwords-To Access System •Develop a Backup Plan and Implement •Develop Plan for Disaster Recovery Discussion Points Would Include: Return to Cases Page K. Adisesha 79
Security and Ethical Challenges Thank you K. Adisesha 80

Recommended

Managing Information Technology
Managing Information TechnologyManaging Information Technology
Managing Information Technology
Prof. Dr. K. Adisesha
 
Management information systems
Management information systemsManagement information systems
Management information systems
Prof. Dr. K. Adisesha
 
Operations Management
Operations ManagementOperations Management
Operations Management
Prof. Dr. K. Adisesha
 
Chapter 1
Chapter 1Chapter 1
Chapter 1
faizanfive
 
Management Information System James O Brien Study Notes
Management Information System James O Brien Study NotesManagement Information System James O Brien Study Notes
Management Information System James O Brien Study Notes
sau275
 
Comprehending Information Technology Governance
Comprehending Information Technology GovernanceComprehending Information Technology Governance
Comprehending Information Technology Governance
Goutama Bachtiar
 
Transaction processing
Transaction processingTransaction processing
Transaction processing
Prof. Dr. K. Adisesha
 
Information Management Life Cycle
Information Management Life CycleInformation Management Life Cycle
Information Management Life Cycle
Collabor8now Ltd
 

Recommended

Managing Information Technology
Managing Information TechnologyManaging Information Technology
Managing Information Technology
Prof. Dr. K. Adisesha
 
Management information systems
Management information systemsManagement information systems
Management information systems
Prof. Dr. K. Adisesha
 
Operations Management
Operations ManagementOperations Management
Operations Management
Prof. Dr. K. Adisesha
 
Chapter 1
Chapter 1Chapter 1
Chapter 1
faizanfive
 
Management Information System James O Brien Study Notes
Management Information System James O Brien Study NotesManagement Information System James O Brien Study Notes
Management Information System James O Brien Study Notes
sau275
 
Comprehending Information Technology Governance
Comprehending Information Technology GovernanceComprehending Information Technology Governance
Comprehending Information Technology Governance
Goutama Bachtiar
 
Transaction processing
Transaction processingTransaction processing
Transaction processing
Prof. Dr. K. Adisesha
 
Information Management Life Cycle
Information Management Life CycleInformation Management Life Cycle
Information Management Life Cycle
Collabor8now Ltd
 
Why we need strategy for information system and information technology?
Why we need strategy for information system and information technology?Why we need strategy for information system and information technology?
Why we need strategy for information system and information technology?
Uva Wellassa University Of Sri Lanka
 
Running head organizational information system1 organizational
Running head organizational information system1 organizational Running head organizational information system1 organizational
Running head organizational information system1 organizational
AKHIL969626
 
How to implement Electronic Records Management?
How to implement Electronic Records Management?How to implement Electronic Records Management?
How to implement Electronic Records Management?
Atle Skjekkeland
 
Benefits of Enterprise Content Management (ECM) for Human Resources
Benefits of Enterprise Content Management (ECM) for Human ResourcesBenefits of Enterprise Content Management (ECM) for Human Resources
Benefits of Enterprise Content Management (ECM) for Human Resources
The Dayhuff Group
 
It governance
It governanceIt governance
It governance
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Governance Of Enterprise Information Technology V3
Governance Of Enterprise Information Technology V3Governance Of Enterprise Information Technology V3
Governance Of Enterprise Information Technology V3
pjmartinez
 
Information system in global business uwsb
Information system in global business uwsbInformation system in global business uwsb
Information system in global business uwsb
Arnab Roy Chowdhury
 
Characterization of strategic information systems
Characterization of strategic information systemsCharacterization of strategic information systems
Characterization of strategic information systems
Suresh Kumar
 
IT Governance Made Easy
IT Governance Made EasyIT Governance Made Easy
IT Governance Made Easy
Jerry Bishop
 
Mis
MisMis
Mis
Anchal Awasthi
 
Chapter 3 MIS
Chapter 3 MISChapter 3 MIS
Chapter 3 MIS
Amirul Shafiq Ahmad Zuperi
 
IT Governance - OpenThinking Day
IT Governance - OpenThinking DayIT Governance - OpenThinking Day
IT Governance - OpenThinking Day
Iyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
 
Information system in business an introduction
Information system in business an introductionInformation system in business an introduction
Information system in business an introduction
Ravi Sidhu
 
Information system
Information systemInformation system
Information system
Dhani Ahmad
 
Corporate governance of INFORMATION TECHNOLOGY (IT)
Corporate governance of INFORMATION TECHNOLOGY (IT)Corporate governance of INFORMATION TECHNOLOGY (IT)
Corporate governance of INFORMATION TECHNOLOGY (IT)
Osman Hasan
 
Chap001
Chap001Chap001
Chap001
Arshian Siddiqui
 
Laudon mis12 ppt01
Laudon mis12 ppt01Laudon mis12 ppt01
Laudon mis12 ppt01
Norazila Mat
 
Chap01 edit
Chap01 editChap01 edit
Chap01 edit
rpvgb
 
What Every Executive Needs To Know About IT Governance
What Every Executive Needs To Know About IT GovernanceWhat Every Executive Needs To Know About IT Governance
What Every Executive Needs To Know About IT Governance
Bill Lisse
 
Information Governance
Information GovernanceInformation Governance
Information Governance
Lorne Rogers, ECM-M, PMP [Open Networker]
 
GDPR: The Application Security Twist
GDPR: The Application Security TwistGDPR: The Application Security Twist
GDPR: The Application Security Twist
Security Innovation
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data Breach
Jim Brashear
 

More Related Content

What's hot

Why we need strategy for information system and information technology?
Why we need strategy for information system and information technology?Why we need strategy for information system and information technology?
Why we need strategy for information system and information technology?
Uva Wellassa University Of Sri Lanka
 
Running head organizational information system1 organizational
Running head organizational information system1 organizational Running head organizational information system1 organizational
Running head organizational information system1 organizational
AKHIL969626
 
How to implement Electronic Records Management?
How to implement Electronic Records Management?How to implement Electronic Records Management?
How to implement Electronic Records Management?
Atle Skjekkeland
 
Benefits of Enterprise Content Management (ECM) for Human Resources
Benefits of Enterprise Content Management (ECM) for Human ResourcesBenefits of Enterprise Content Management (ECM) for Human Resources
Benefits of Enterprise Content Management (ECM) for Human Resources
The Dayhuff Group
 
It governance
It governanceIt governance
It governance
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Governance Of Enterprise Information Technology V3
Governance Of Enterprise Information Technology V3Governance Of Enterprise Information Technology V3
Governance Of Enterprise Information Technology V3
pjmartinez
 
Information system in global business uwsb
Information system in global business uwsbInformation system in global business uwsb
Information system in global business uwsb
Arnab Roy Chowdhury
 
Characterization of strategic information systems
Characterization of strategic information systemsCharacterization of strategic information systems
Characterization of strategic information systems
Suresh Kumar
 
IT Governance Made Easy
IT Governance Made EasyIT Governance Made Easy
IT Governance Made Easy
Jerry Bishop
 
Mis
MisMis
Mis
Anchal Awasthi
 
Chapter 3 MIS
Chapter 3 MISChapter 3 MIS
Chapter 3 MIS
Amirul Shafiq Ahmad Zuperi
 
IT Governance - OpenThinking Day
IT Governance - OpenThinking DayIT Governance - OpenThinking Day
IT Governance - OpenThinking Day
Iyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
 
Information system in business an introduction
Information system in business an introductionInformation system in business an introduction
Information system in business an introduction
Ravi Sidhu
 
Information system
Information systemInformation system
Information system
Dhani Ahmad
 
Corporate governance of INFORMATION TECHNOLOGY (IT)
Corporate governance of INFORMATION TECHNOLOGY (IT)Corporate governance of INFORMATION TECHNOLOGY (IT)
Corporate governance of INFORMATION TECHNOLOGY (IT)
Osman Hasan
 
Chap001
Chap001Chap001
Chap001
Arshian Siddiqui
 
Laudon mis12 ppt01
Laudon mis12 ppt01Laudon mis12 ppt01
Laudon mis12 ppt01
Norazila Mat
 
Chap01 edit
Chap01 editChap01 edit
Chap01 edit
rpvgb
 
What Every Executive Needs To Know About IT Governance
What Every Executive Needs To Know About IT GovernanceWhat Every Executive Needs To Know About IT Governance
What Every Executive Needs To Know About IT Governance
Bill Lisse
 
Information Governance
Information GovernanceInformation Governance
Information Governance
Lorne Rogers, ECM-M, PMP [Open Networker]
 

What's hot (20)

Why we need strategy for information system and information technology?
Why we need strategy for information system and information technology?Why we need strategy for information system and information technology?
Why we need strategy for information system and information technology?
 
Running head organizational information system1 organizational
Running head organizational information system1 organizational Running head organizational information system1 organizational
Running head organizational information system1 organizational
 
How to implement Electronic Records Management?
How to implement Electronic Records Management?How to implement Electronic Records Management?
How to implement Electronic Records Management?
 
Benefits of Enterprise Content Management (ECM) for Human Resources
Benefits of Enterprise Content Management (ECM) for Human ResourcesBenefits of Enterprise Content Management (ECM) for Human Resources
Benefits of Enterprise Content Management (ECM) for Human Resources
 
It governance
It governanceIt governance
It governance
 
Governance Of Enterprise Information Technology V3
Governance Of Enterprise Information Technology V3Governance Of Enterprise Information Technology V3
Governance Of Enterprise Information Technology V3
 
Information system in global business uwsb
Information system in global business uwsbInformation system in global business uwsb
Information system in global business uwsb
 
Characterization of strategic information systems
Characterization of strategic information systemsCharacterization of strategic information systems
Characterization of strategic information systems
 
IT Governance Made Easy
IT Governance Made EasyIT Governance Made Easy
IT Governance Made Easy
 
Mis
MisMis
Mis
 
Chapter 3 MIS
Chapter 3 MISChapter 3 MIS
Chapter 3 MIS
 
IT Governance - OpenThinking Day
IT Governance - OpenThinking DayIT Governance - OpenThinking Day
IT Governance - OpenThinking Day
 
Information system in business an introduction
Information system in business an introductionInformation system in business an introduction
Information system in business an introduction
 
Information system
Information systemInformation system
Information system
 
Corporate governance of INFORMATION TECHNOLOGY (IT)
Corporate governance of INFORMATION TECHNOLOGY (IT)Corporate governance of INFORMATION TECHNOLOGY (IT)
Corporate governance of INFORMATION TECHNOLOGY (IT)
 
Chap001
Chap001Chap001
Chap001
 
Laudon mis12 ppt01
Laudon mis12 ppt01Laudon mis12 ppt01
Laudon mis12 ppt01
 
Chap01 edit
Chap01 editChap01 edit
Chap01 edit
 
What Every Executive Needs To Know About IT Governance
What Every Executive Needs To Know About IT GovernanceWhat Every Executive Needs To Know About IT Governance
What Every Executive Needs To Know About IT Governance
 
Information Governance
Information GovernanceInformation Governance
Information Governance
 

Similar to Security and ethical challenges

GDPR: The Application Security Twist
GDPR: The Application Security TwistGDPR: The Application Security Twist
GDPR: The Application Security Twist
Security Innovation
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data Breach
Jim Brashear
 
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfWhat Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
SecureCurve
 
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
sikandar girgoukar
 
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
SharudinBoriak1
 
CYBER SECURITY ppt.pptx
CYBER SECURITY ppt.pptxCYBER SECURITY ppt.pptx
CYBER SECURITY ppt.pptx
tanyamudgal4
 
What are the benefits of cyber security.pdf
What are the benefits of cyber security.pdfWhat are the benefits of cyber security.pdf
What are the benefits of cyber security.pdf
Bytecode Security
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
Perry Slack
 
ComResource Business Solutions
ComResource Business SolutionsComResource Business Solutions
ComResource Business Solutions
Anthony Dials
 
Session#7; securing information systems
Session#7; securing information systemsSession#7; securing information systems
Session#7; securing information systems
Omid Aminzadeh Gohari
 
IT Security Essentials
IT Security EssentialsIT Security Essentials
IT Security Essentials
Skoda Minotti
 
Securing Your Digital Files from Legal Threats
Securing Your Digital Files from Legal ThreatsSecuring Your Digital Files from Legal Threats
Securing Your Digital Files from Legal Threats
Abbie Hosta
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the art
James Mulhern
 
Cybersecurity.pptx
Cybersecurity.pptxCybersecurity.pptx
Cybersecurity.pptx
NOUREDDINEOUNINISSE
 
Practical SME Security on a Shoestring
Practical SME Security on a ShoestringPractical SME Security on a Shoestring
Practical SME Security on a Shoestring
NCC Group
 
ITIL Basic introduction for the beginners
ITIL Basic introduction for the beginnersITIL Basic introduction for the beginners
ITIL Basic introduction for the beginners
zamankhanbd23
 
Legal Issues Associated with Third-Party Cyber Risk
Legal Issues Associated with Third-Party Cyber RiskLegal Issues Associated with Third-Party Cyber Risk
Legal Issues Associated with Third-Party Cyber Risk
Shawn Tuma
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
Information Technology Society Nepal
 
security and ethical challenges in information systems
security and ethical challenges in information systemssecurity and ethical challenges in information systems
security and ethical challenges in information systems
hilal12
 
Cyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counselCyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counsel
OCTF Industry Engagement
 

Similar to Security and ethical challenges (20)

GDPR: The Application Security Twist
GDPR: The Application Security TwistGDPR: The Application Security Twist
GDPR: The Application Security Twist
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data Breach
 
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfWhat Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
 
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
 
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
 
CYBER SECURITY ppt.pptx
CYBER SECURITY ppt.pptxCYBER SECURITY ppt.pptx
CYBER SECURITY ppt.pptx
 
What are the benefits of cyber security.pdf
What are the benefits of cyber security.pdfWhat are the benefits of cyber security.pdf
What are the benefits of cyber security.pdf
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
 
ComResource Business Solutions
ComResource Business SolutionsComResource Business Solutions
ComResource Business Solutions
 
Session#7; securing information systems
Session#7; securing information systemsSession#7; securing information systems
Session#7; securing information systems
 
IT Security Essentials
IT Security EssentialsIT Security Essentials
IT Security Essentials
 
Securing Your Digital Files from Legal Threats
Securing Your Digital Files from Legal ThreatsSecuring Your Digital Files from Legal Threats
Securing Your Digital Files from Legal Threats
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the art
 
Cybersecurity.pptx
Cybersecurity.pptxCybersecurity.pptx
Cybersecurity.pptx
 
Practical SME Security on a Shoestring
Practical SME Security on a ShoestringPractical SME Security on a Shoestring
Practical SME Security on a Shoestring
 
ITIL Basic introduction for the beginners
ITIL Basic introduction for the beginnersITIL Basic introduction for the beginners
ITIL Basic introduction for the beginners
 
Legal Issues Associated with Third-Party Cyber Risk
Legal Issues Associated with Third-Party Cyber RiskLegal Issues Associated with Third-Party Cyber Risk
Legal Issues Associated with Third-Party Cyber Risk
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
 
security and ethical challenges in information systems
security and ethical challenges in information systemssecurity and ethical challenges in information systems
security and ethical challenges in information systems
 
Cyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counselCyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counsel
 

More from Prof. Dr. K. Adisesha

Data Structure using C by Dr. K Adisesha .ppsx
Data Structure using C by Dr. K Adisesha .ppsxData Structure using C by Dr. K Adisesha .ppsx
Data Structure using C by Dr. K Adisesha .ppsx
Prof. Dr. K. Adisesha
 
Operating System-4 "File Management" by Adi.pdf
Operating System-4 "File Management" by Adi.pdfOperating System-4 "File Management" by Adi.pdf
Operating System-4 "File Management" by Adi.pdf
Prof. Dr. K. Adisesha
 
Operating System-3 "Memory Management" by Adi.pdf
Operating System-3 "Memory Management" by Adi.pdfOperating System-3 "Memory Management" by Adi.pdf
Operating System-3 "Memory Management" by Adi.pdf
Prof. Dr. K. Adisesha
 
Operating System Concepts Part-1 by_Adi.pdf
Operating System Concepts Part-1 by_Adi.pdfOperating System Concepts Part-1 by_Adi.pdf
Operating System Concepts Part-1 by_Adi.pdf
Prof. Dr. K. Adisesha
 
Operating System-2_Process Managementby_Adi.pdf
Operating System-2_Process Managementby_Adi.pdfOperating System-2_Process Managementby_Adi.pdf
Operating System-2_Process Managementby_Adi.pdf
Prof. Dr. K. Adisesha
 
Software Engineering notes by K. Adisesha.pdf
Software Engineering notes by K. Adisesha.pdfSoftware Engineering notes by K. Adisesha.pdf
Software Engineering notes by K. Adisesha.pdf
Prof. Dr. K. Adisesha
 
Software Engineering-Unit 1 by Adisesha.pdf
Software Engineering-Unit 1 by Adisesha.pdfSoftware Engineering-Unit 1 by Adisesha.pdf
Software Engineering-Unit 1 by Adisesha.pdf
Prof. Dr. K. Adisesha
 
Software Engineering-Unit 2 "Requirement Engineering" by Adi.pdf
Software Engineering-Unit 2 "Requirement Engineering" by Adi.pdfSoftware Engineering-Unit 2 "Requirement Engineering" by Adi.pdf
Software Engineering-Unit 2 "Requirement Engineering" by Adi.pdf
Prof. Dr. K. Adisesha
 
Software Engineering-Unit 3 "System Modelling" by Adi.pdf
Software Engineering-Unit 3 "System Modelling" by Adi.pdfSoftware Engineering-Unit 3 "System Modelling" by Adi.pdf
Software Engineering-Unit 3 "System Modelling" by Adi.pdf
Prof. Dr. K. Adisesha
 
Software Engineering-Unit 4 "Architectural Design" by Adi.pdf
Software Engineering-Unit 4 "Architectural Design" by Adi.pdfSoftware Engineering-Unit 4 "Architectural Design" by Adi.pdf
Software Engineering-Unit 4 "Architectural Design" by Adi.pdf
Prof. Dr. K. Adisesha
 
Software Engineering-Unit 5 "Software Testing"by Adi.pdf
Software Engineering-Unit 5 "Software Testing"by Adi.pdfSoftware Engineering-Unit 5 "Software Testing"by Adi.pdf
Software Engineering-Unit 5 "Software Testing"by Adi.pdf
Prof. Dr. K. Adisesha
 
Computer Networks Notes by -Dr. K. Adisesha
Computer Networks Notes by -Dr. K. AdiseshaComputer Networks Notes by -Dr. K. Adisesha
Computer Networks Notes by -Dr. K. Adisesha
Prof. Dr. K. Adisesha
 
CCN Unit-1&2 Data Communication &Networking by K. Adiaesha
CCN Unit-1&2 Data Communication &Networking by K. AdiaeshaCCN Unit-1&2 Data Communication &Networking by K. Adiaesha
CCN Unit-1&2 Data Communication &Networking by K. Adiaesha
Prof. Dr. K. Adisesha
 
CCN Unit-3 Data Link Layer by Dr. K. Adisesha
CCN Unit-3 Data Link Layer by Dr. K. AdiseshaCCN Unit-3 Data Link Layer by Dr. K. Adisesha
CCN Unit-3 Data Link Layer by Dr. K. Adisesha
Prof. Dr. K. Adisesha
 
CCN Unit-4 Network Layer by Dr. K. Adisesha
CCN Unit-4 Network Layer by Dr. K. AdiseshaCCN Unit-4 Network Layer by Dr. K. Adisesha
CCN Unit-4 Network Layer by Dr. K. Adisesha
Prof. Dr. K. Adisesha
 
CCN Unit-5 Transport & Application Layer by Adi.pdf
CCN Unit-5 Transport & Application Layer by Adi.pdfCCN Unit-5 Transport & Application Layer by Adi.pdf
CCN Unit-5 Transport & Application Layer by Adi.pdf
Prof. Dr. K. Adisesha
 
Introduction to Computers.pdf
Introduction to Computers.pdfIntroduction to Computers.pdf
Introduction to Computers.pdf
Prof. Dr. K. Adisesha
 
R_Programming.pdf
R_Programming.pdfR_Programming.pdf
R_Programming.pdf
Prof. Dr. K. Adisesha
 
Scholarship.pdf
Scholarship.pdfScholarship.pdf
Scholarship.pdf
Prof. Dr. K. Adisesha
 
Operating System-2 by Adi.pdf
Operating System-2 by Adi.pdfOperating System-2 by Adi.pdf
Operating System-2 by Adi.pdf
Prof. Dr. K. Adisesha
 

More from Prof. Dr. K. Adisesha (20)

Data Structure using C by Dr. K Adisesha .ppsx
Data Structure using C by Dr. K Adisesha .ppsxData Structure using C by Dr. K Adisesha .ppsx
Data Structure using C by Dr. K Adisesha .ppsx
 
Operating System-4 "File Management" by Adi.pdf
Operating System-4 "File Management" by Adi.pdfOperating System-4 "File Management" by Adi.pdf
Operating System-4 "File Management" by Adi.pdf
 
Operating System-3 "Memory Management" by Adi.pdf
Operating System-3 "Memory Management" by Adi.pdfOperating System-3 "Memory Management" by Adi.pdf
Operating System-3 "Memory Management" by Adi.pdf
 
Operating System Concepts Part-1 by_Adi.pdf
Operating System Concepts Part-1 by_Adi.pdfOperating System Concepts Part-1 by_Adi.pdf
Operating System Concepts Part-1 by_Adi.pdf
 
Operating System-2_Process Managementby_Adi.pdf
Operating System-2_Process Managementby_Adi.pdfOperating System-2_Process Managementby_Adi.pdf
Operating System-2_Process Managementby_Adi.pdf
 
Software Engineering notes by K. Adisesha.pdf
Software Engineering notes by K. Adisesha.pdfSoftware Engineering notes by K. Adisesha.pdf
Software Engineering notes by K. Adisesha.pdf
 
Software Engineering-Unit 1 by Adisesha.pdf
Software Engineering-Unit 1 by Adisesha.pdfSoftware Engineering-Unit 1 by Adisesha.pdf
Software Engineering-Unit 1 by Adisesha.pdf
 
Software Engineering-Unit 2 "Requirement Engineering" by Adi.pdf
Software Engineering-Unit 2 "Requirement Engineering" by Adi.pdfSoftware Engineering-Unit 2 "Requirement Engineering" by Adi.pdf
Software Engineering-Unit 2 "Requirement Engineering" by Adi.pdf
 
Software Engineering-Unit 3 "System Modelling" by Adi.pdf
Software Engineering-Unit 3 "System Modelling" by Adi.pdfSoftware Engineering-Unit 3 "System Modelling" by Adi.pdf
Software Engineering-Unit 3 "System Modelling" by Adi.pdf
 
Software Engineering-Unit 4 "Architectural Design" by Adi.pdf
Software Engineering-Unit 4 "Architectural Design" by Adi.pdfSoftware Engineering-Unit 4 "Architectural Design" by Adi.pdf
Software Engineering-Unit 4 "Architectural Design" by Adi.pdf
 
Software Engineering-Unit 5 "Software Testing"by Adi.pdf
Software Engineering-Unit 5 "Software Testing"by Adi.pdfSoftware Engineering-Unit 5 "Software Testing"by Adi.pdf
Software Engineering-Unit 5 "Software Testing"by Adi.pdf
 
Computer Networks Notes by -Dr. K. Adisesha
Computer Networks Notes by -Dr. K. AdiseshaComputer Networks Notes by -Dr. K. Adisesha
Computer Networks Notes by -Dr. K. Adisesha
 
CCN Unit-1&2 Data Communication &Networking by K. Adiaesha
CCN Unit-1&2 Data Communication &Networking by K. AdiaeshaCCN Unit-1&2 Data Communication &Networking by K. Adiaesha
CCN Unit-1&2 Data Communication &Networking by K. Adiaesha
 
CCN Unit-3 Data Link Layer by Dr. K. Adisesha
CCN Unit-3 Data Link Layer by Dr. K. AdiseshaCCN Unit-3 Data Link Layer by Dr. K. Adisesha
CCN Unit-3 Data Link Layer by Dr. K. Adisesha
 
CCN Unit-4 Network Layer by Dr. K. Adisesha
CCN Unit-4 Network Layer by Dr. K. AdiseshaCCN Unit-4 Network Layer by Dr. K. Adisesha
CCN Unit-4 Network Layer by Dr. K. Adisesha
 
CCN Unit-5 Transport & Application Layer by Adi.pdf
CCN Unit-5 Transport & Application Layer by Adi.pdfCCN Unit-5 Transport & Application Layer by Adi.pdf
CCN Unit-5 Transport & Application Layer by Adi.pdf
 
Introduction to Computers.pdf
Introduction to Computers.pdfIntroduction to Computers.pdf
Introduction to Computers.pdf
 
R_Programming.pdf
R_Programming.pdfR_Programming.pdf
R_Programming.pdf
 
Scholarship.pdf
Scholarship.pdfScholarship.pdf
Scholarship.pdf
 
Operating System-2 by Adi.pdf
Operating System-2 by Adi.pdfOperating System-2 by Adi.pdf
Operating System-2 by Adi.pdf
 

Recently uploaded

RESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptxRESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
zuzanka
 
How to Fix [Errno 98] address already in use
How to Fix [Errno 98] address already in useHow to Fix [Errno 98] address already in use
How to Fix [Errno 98] address already in use
Celine George
 
A Free 200-Page eBook ~ Brain and Mind Exercise.pptx
A Free 200-Page eBook ~ Brain and Mind Exercise.pptxA Free 200-Page eBook ~ Brain and Mind Exercise.pptx
A Free 200-Page eBook ~ Brain and Mind Exercise.pptx
OH TEIK BIN
 
Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...
Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...
Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...
EduSkills OECD
 
مصحف القراءات العشر أعد أحرف الخلاف سمير بسيوني.pdf
مصحف القراءات العشر أعد أحرف الخلاف سمير بسيوني.pdfمصحف القراءات العشر أعد أحرف الخلاف سمير بسيوني.pdf
مصحف القراءات العشر أعد أحرف الخلاف سمير بسيوني.pdf
سمير بسيوني
 
Haunted Houses by H W Longfellow for class 10
Haunted Houses by H W Longfellow for class 10Haunted Houses by H W Longfellow for class 10
Haunted Houses by H W Longfellow for class 10
nitinpv4ai
 
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptx
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptxCapTechTalks Webinar Slides June 2024 Donovan Wright.pptx
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptx
CapitolTechU
 
How to Predict Vendor Bill Product in Odoo 17
How to Predict Vendor Bill Product in Odoo 17How to Predict Vendor Bill Product in Odoo 17
How to Predict Vendor Bill Product in Odoo 17
Celine George
 
Temple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation resultsTemple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation results
Krassimira Luka
 
Pharmaceutics Pharmaceuticals best of brub
Pharmaceutics Pharmaceuticals best of brubPharmaceutics Pharmaceuticals best of brub
Pharmaceutics Pharmaceuticals best of brub
danielkiash986
 
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptxNEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
iammrhaywood
 
Educational Technology in the Health Sciences
Educational Technology in the Health SciencesEducational Technology in the Health Sciences
Educational Technology in the Health Sciences
Iris Thiele Isip-Tan
 
Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...
Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...
Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...
ImMuslim
 
Benner "Expanding Pathways to Publishing Careers"
Benner "Expanding Pathways to Publishing Careers"Benner "Expanding Pathways to Publishing Careers"
Benner "Expanding Pathways to Publishing Careers"
National Information Standards Organization (NISO)
 
skeleton System.pdf (skeleton system wow)
skeleton System.pdf (skeleton system wow)skeleton System.pdf (skeleton system wow)
skeleton System.pdf (skeleton system wow)
Mohammad Al-Dhahabi
 
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
TechSoup
 
Bossa N’ Roll Records by Ismael Vazquez.
Bossa N’ Roll Records by Ismael Vazquez.Bossa N’ Roll Records by Ismael Vazquez.
Bossa N’ Roll Records by Ismael Vazquez.
IsmaelVazquez38
 
Electric Fetus - Record Store Scavenger Hunt
Electric Fetus - Record Store Scavenger HuntElectric Fetus - Record Store Scavenger Hunt
Electric Fetus - Record Store Scavenger Hunt
RamseyBerglund
 
CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...
Nguyen Thanh Tu Collection
 
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) CurriculumPhilippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
MJDuyan
 

Recently uploaded (20)

RESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptxRESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
 
How to Fix [Errno 98] address already in use
How to Fix [Errno 98] address already in useHow to Fix [Errno 98] address already in use
How to Fix [Errno 98] address already in use
 
A Free 200-Page eBook ~ Brain and Mind Exercise.pptx
A Free 200-Page eBook ~ Brain and Mind Exercise.pptxA Free 200-Page eBook ~ Brain and Mind Exercise.pptx
A Free 200-Page eBook ~ Brain and Mind Exercise.pptx
 
Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...
Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...
Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...
 
مصحف القراءات العشر أعد أحرف الخلاف سمير بسيوني.pdf
مصحف القراءات العشر أعد أحرف الخلاف سمير بسيوني.pdfمصحف القراءات العشر أعد أحرف الخلاف سمير بسيوني.pdf
مصحف القراءات العشر أعد أحرف الخلاف سمير بسيوني.pdf
 
Haunted Houses by H W Longfellow for class 10
Haunted Houses by H W Longfellow for class 10Haunted Houses by H W Longfellow for class 10
Haunted Houses by H W Longfellow for class 10
 
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptx
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptxCapTechTalks Webinar Slides June 2024 Donovan Wright.pptx
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptx
 
How to Predict Vendor Bill Product in Odoo 17
How to Predict Vendor Bill Product in Odoo 17How to Predict Vendor Bill Product in Odoo 17
How to Predict Vendor Bill Product in Odoo 17
 
Temple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation resultsTemple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation results
 
Pharmaceutics Pharmaceuticals best of brub
Pharmaceutics Pharmaceuticals best of brubPharmaceutics Pharmaceuticals best of brub
Pharmaceutics Pharmaceuticals best of brub
 
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptxNEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
 
Educational Technology in the Health Sciences
Educational Technology in the Health SciencesEducational Technology in the Health Sciences
Educational Technology in the Health Sciences
 
Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...
Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...
Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...
 
Benner "Expanding Pathways to Publishing Careers"
Benner "Expanding Pathways to Publishing Careers"Benner "Expanding Pathways to Publishing Careers"
Benner "Expanding Pathways to Publishing Careers"
 
skeleton System.pdf (skeleton system wow)
skeleton System.pdf (skeleton system wow)skeleton System.pdf (skeleton system wow)
skeleton System.pdf (skeleton system wow)
 
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
 
Bossa N’ Roll Records by Ismael Vazquez.
Bossa N’ Roll Records by Ismael Vazquez.Bossa N’ Roll Records by Ismael Vazquez.
Bossa N’ Roll Records by Ismael Vazquez.
 
Electric Fetus - Record Store Scavenger Hunt
Electric Fetus - Record Store Scavenger HuntElectric Fetus - Record Store Scavenger Hunt
Electric Fetus - Record Store Scavenger Hunt
 
CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...
 
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) CurriculumPhilippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
 

Security and ethical challenges

  • 2. Learning Objectives 1. Identify several ethical issues in how the use of information technologies in business affects employment, individuality, working conditions, privacy crime, health, and solutions to societal problems. 2. Identify several types of security management strategies and defences, and explain how they can be used to ensure the security of business applications of information technology. 3. Propose several ways that business managers and professionals can help to lessen the harmful effects and increase the beneficial effects of the use of information technology.
  • 3. Security and Ethics • Major Security Challenges • Serious Ethical Questions • Threats to Business and Individuals • Real World Case 1- F-Secure, Microsoft, GM, and Verizon: The Business Challenge of Computer Viruses Click to go to Case 1 K. Adisesha 3
  • 4. Security and EthicsBusiness/IT Security, Ethics, and Society Employment Health Individuality Privacy Working Conditions Crime Business/IT Security Ethics and Society K. Adisesha 4
  • 5. Security and Ethics •Business Ethics •Stockholder Theory •Social Contract Theory •Stakeholder Theory Ethical Responsibility K. Adisesha 5
  • 6. Security and Ethics Ethical Responsibility K. Adisesha 6
  • 7. Security and Ethics Technology Ethics K. Adisesha 7
  • 8. Security and Ethics Ethical Guidelines K. Adisesha 8
  • 9. Security and Ethics Enron Corporation: Failure in Business Ethics • Drove Stock Prices Higher Never Mentioning Any Weaknesses • Promised Much – Delivered Little • Finally Admitted Overstated Earnings by $586 Million in 1997 • 1998 Third Quarter Loss $638 Million – Filed Bankruptcy • Greed and Mismanagement Destroyed a Potentially Successful Business Plan K. Adisesha 9
  • 10. Security Management • Security is 6 to 8% of IT Budget in Developing Countries • 63% Have or Plan to Have Position of Chief Privacy or Information Officer in the Next Two Years • 40% Have a Chief Privacy Officer and Another 6% Intend One in the Next Two Years • 39% Acknowledge that their Systems Have Been Compromised in the Past Year • 24% Have Cyber Risk Insurance and 5% Intend to Acquire Such Coverage K. Adisesha 10
  • 11. Antivirus 96% Virtual Private Networks 86% Intrusion-Detection Systems 85% Content Filtering/Monitoring 77% Public-Key Infrastructure 45% Smart Cards 43% Biometrics 19% Security Technology Used Security Management K. Adisesha 11
  • 12. PayPal, Inc. Cybercrime on the Internet • Online Payment Processing Company • Observed Questionable Accounts Being Opened • Froze Accounts Used to Buy Expensive Goods For Purchasers in Russia • Used Sniffer Software and Located Users Capturing PayPal Ids and Passwords • More than $100,000 in Fraudulent Charges • Crooks Arrested by FBI Security Management K. Adisesha 12
  • 13. Computer Crime • Hacking • Cyber Theft • Unauthorized Use of Work • Piracy of Intellectual Property • Computer Viruses and Worms Security Management K. Adisesha 13
  • 14. Examples of Common Hacking Security Management K. Adisesha 14
  • 15. Recourse Technologies: Insider Computer Crime • Link Between Company Financial Difficulty and Insider Computer Crimes • Use of “Honey Pots” Filled with Phony Data to Attract Hackers • Software Catches Criminal Activity in Seconds • Crime Exposed and Stopped Security Management K. Adisesha 15
  • 16. Internet Abuses in the Workplace Security Management K. Adisesha 16
  • 17. Network Monitoring Software Security Management K. Adisesha 17
  • 18. AGM Container Controls: Stealing Time and Resources • The Net Contains Many Productivity Distractions • Remedies Include Monitoring Internet Use and Blocking Sites Unrelated to Work • Importance of Telling Employees About Monitoring • Use of Software Monitoring Provided Rebuttal Answers To Web Use Discussions Security Management K. Adisesha 18
  • 19. Copying Music CDs: Intellectual Property Controversy • RIAA Crack Down on Music Piracy • Web Sites Fighting Back • 140 Million Writable Drives In Use • Billions of Blank CDs Sold While Music CD Sales Are Going Down • Pirates Reluctant to Go Away Security Management K. Adisesha 19
  • 20. Facts About Recent Computer Viruses and Worms Security Management K. Adisesha 20
  • 21. University of Chicago: The Nimda Worm • Nimda Worm Launch Sept. 18, 2001 Mass Mailing of Malicious Code Attacking MS-Windows • Took Advantage of Back Doors Previously Left Behind • In Four Hours the University of Chicago’s Web Servers were Scanned by 7,000 Unique IPAddresses Looking for Weaknesses • Many Servers Had to Be Disconnected Security Management K. Adisesha 21
  • 22. Right to Privacy Privacy on the Internet Acxiom, Inc. Challenges to Consumer Privacy • Acxiom – 30 Years Amassing Massive Database • Sells Data to Subscribers • Use by Telemarketers and Credit Firms Privacy Issues K. Adisesha 22
  • 23. Right to Privacy •Computer Profiling •Computer Matching •Privacy Laws •Computer Libel and Censorship •Spamming •Flaming Privacy Issues K. Adisesha 23
  • 24. Other Challenges •Employment Challenges •Working Conditions •Individuality Issues •Health Issues Privacy Issues K. Adisesha 24
  • 26. Ergonomics • Job Stress • Cumulative Trauma Disorders (CTDs) • Carpal Tunnel Syndrome • Human Factors Engineering • Societal Solutions Privacy Issues K. Adisesha 26
  • 27. Security Management of Information Technology • Business Value of Security Management • Protection for all Vital Business Elements Real World Case 2- Geisinger Health Systems and Du Pont: Security Management of Data Resources and Process Control Networks Click to go to Case 2 K. Adisesha 27
  • 28. Security Management of Information Technology Tools of Security Management
  • 29. Security Management of Information Technology • Need for Security Management Caused by Increased Use of Links Between Business Units • Greater Openness Means Greater Vulnerabilities • Better Use of Identifying, Authenticating Users and Controlling Access to Data • Theft Should Be Made as Difficult as Possible Providence Health and Cervalis: Security Management Issues K. Adisesha 29
  • 30. Security Management of Information Technology •Encryption –Public Key –Private Key Graphically… Internetworked Security Defenses K. Adisesha 30
  • 32. Firewalls Security Management of Information Technology Firewall Intranet Server Firewall Router Router Intranet Server Host System Internet 1 2 3 4 4 5 1 External Firewall Blocks Outsiders 2 Internal Firewall Blocks Restricted Materials 3 Use of Passwords and Browser Security 4 Performs Authentication and Encryption 5 Careful Network Interface Design K. Adisesha 32
  • 33. Security Management of Information Technology • Worldwide Search for Active IP Addresses • Sophisticated Probes Scan Any Home or Work Location • Personal Firewalls Help Block Intruders • Firewalls Generally Good at Protecting Computers from Most Hacking Efforts Barry Nance: Testing PC Firewall Security K. Adisesha 33
  • 34. Security Management of Information Technology • MTV.com Website Targeted for Distributed Denial of Service (DDOS) Attacks During Fall Peak Periods • Some People Try to Crash MTV Sites • Parent Viacom Installed Software to Filter out DDOS Attacks • Website Downtime Reduced MTV Networks: Denial of Service Defenses K. Adisesha 34
  • 35. Defending Against Denial of Service Attacks Security Management of Information Technology K. Adisesha 35
  • 36. Security Management of Information Technology • e-Sniff Monitoring Device Searches e-Mail by Key Word or Records of Web Sites Visited • 82% of Businesses Monitor Web Use • Close to 100% of Workers Register Some Improper Use Sonalysts, Inc.: Corporate e-Mail Monitoring K. Adisesha 36
  • 37. Security Management of Information Technology • Much Software Was Unable to Stop Nimda Worm • Software Alone is Often Not Enough to Clean System • Until Better Software is Developed, A Complete System Disconnect and Purge May Be the Only Solution TrueSecure and 724 Inc.: Limitations of Antivirus Software K. Adisesha 37
  • 38. Example Security Suite Interface Security Management of Information Technology K. Adisesha 38
  • 39. Other Security Measures Security Management of Information Technology • Security Codes • Multilevel Password System –Smart Cards • Backup Files –Child, Parent, Grandparent Files • System Security Monitors • Biometric Security K. Adisesha 39
  • 40. Example Security Monitor Security Management of Information Technology K. Adisesha 40
  • 41. Evaluation of Biometric Security Security Management of Information Technology K. Adisesha 41
  • 42. Computer Failure Controls Security Management of Information Technology •Fault Tolerant Systems –Fail-Over –Fail-Safe –Fail-Soft •Disaster Recovery K. Adisesha 42
  • 43. Methods of Fault Tolerance Security Management of Information Technology K. Adisesha 43
  • 44. Visa International: Fault Tolerant Systems Security Management of Information Technology • Only 100% Uptime is Acceptable • Only 98 Minutes of Downtime in 12 Years • 1 Billion Transactions Worth $2 Trillion in Transactions a Year • 4 Global Processing Centers • Multiple Layers of Redundancy and Backup • Software Testing and Art FormK. Adisesha 44
  • 45. Systems Controls and Audits • Information System Controls • Garbage-In, Garbage-Out (GIGO) • Auditing IT Security • Audit Trails • Control Logs K. Adisesha 45
  • 46. Systems Controls and Audits Security Codes Encryption Data Entry Screens Error Signals Control Totals Security Codes Encryption Control Totals Control Listings End User Feedback Security Codes Encryption Backup Files Library Procedures Database Administration Input Controls Output Controls Storage Controls Processing Controls Software Controls Hardware Controls Firewalls Checkpoints K. Adisesha 46
  • 47. Summary • Ethical and Societal Dimensions • Ethical Responsibility in Business • Security Management K. Adisesha 47
  • 48. KEY TERMS Antivirus software Audit trail Auditing business systems Backup files Biometric security Business ethics Computer crime Computer matching Computer monitoring Computer virus Denial of service Disaster recovery Encryption Ergonomics Ethical and Societal Impacts of business/IT a. Employment b. Health c. Individuality d. Societal Solutions e. Working Conditions Ethical foundations Fault tolerant Firewall Flaming Hacking Information system controls Intellectual property piracy Passwords Privacy issues Responsible professional Security management Software piracy Spamming System security monitor Unauthorized use K. Adisesha 48
  • 49. Real World Case 1 The Business Challenge of Computer Viruses Click to go to Case 1 Real World Case 2 Security Management of Data Resources and Process Control Networks Click to go to Case 2 Optional Case Studies Real World Case 3 Security Management of Windows Software Real World Case 4 Managing Network Security Systems Click to go to Case 3 Click to go to Case 4 K. Adisesha 49
  • 50. Enterprise and Global Management of Information Technology K. Adisesha 50
  • 51. 1- What security measures should companies, business professionals, and consumers take to protect their systems from being damaged by computer worms and viruses? The Business Challenge of Computer Viruses K. Adisesha 51
  • 52. The Business Challenge of Computer Viruses • Businesses Should – “Get Serious” About Cyber Security – Stop Relying on Microsoft 's Backbone • Businesses Need Better Procedures for Security Updating • Businesses Should Update Security Defenses Discussion Points Would Include: K. Adisesha 52
  • 53. 2- What is the business and ethical responsibility of Microsoft in helping to prevent the spread of computer viruses? Have they met this responsibility? Why or why not? The Business Challenge of Computer Viruses K. Adisesha 53
  • 54. The Business Challenge of Computer Viruses Microsoft (95% Market Share) Must Ensure Software is Hostile to Hackers Must Write Better Software Microsoft and Others Must make Security Higher Priority The Responsibility of Security is the User Not Bender Discussion Points Would Include: K. Adisesha 54
  • 55. 3- What are several possible reasons why some companies (like GM) were seriously affected by computer viruses, while others (like Verizon) were not? The Business Challenge of Computer Viruses Return to Cases Page K. Adisesha 55
  • 56. The Business Challenge of Computer Viruses • Undue Dependence on Microsoft for Quality Software • GM Ignored Security until It was Too Late • Companies Paid More Attention to Bottom Line than Security Reasons Would Include: Return to Cases Page K. Adisesha 56
  • 57. The Business Challenge of Computer Viruses • Undue Dependence on Microsoft for Quality Software • GM Ignored Security until It was Too Late • Companies Paid More Attention to Bottom Line than Security • Inadequate Planning for Improving Security Reasons Would Include: Return to Cases Page K. Adisesha 57
  • 58. Security Management of Data Resources and Process Control Networks 1- What are several possible reasons why some companies (like GM) were seriously affected by computer viruses, while others (like Verizon) were not? Return to Cases Page K. Adisesha 58
  • 59. Security Management of Data Resources and Process Control Networks • Key Components of a Security System: – Understanding Workflow – Assessing Risk – Educating Users • MvChart needed Installed on Hardware Separate from EMK system Discussion Points Would Include: K. Adisesha 59
  • 60. Security Management of Data Resources and Process Control Networks • Biometric and Proximity Devices Streamline Secure Network Access • Requiring Caregivers Access to Patient Information via the Internet Using: – Electronic Token Identification – A Virtual Private Network • Other Encryption Methods Discussion Points Would Include: K. Adisesha 60
  • 61. Security Management of Data Resources and Process Control Networks 2- What security measures is Du Pont taking to protect their process control networks? Are these measures adequate? Explain your evaluation. K. Adisesha 61
  • 62. Security Management of Data Resources and Process Control Networks • Du Pont Co.-The Critical Manufacturing Processes, will Isolate Process Systems from Business systems by: – Not Connecting our Networks, – Or it will Add Firewalls to Control Access Discussion Points Would Include: K. Adisesha 62
  • 63. Security Management of Data Resources and Process Control Networks • A Team-IT Staffers, Process-Control Engineers, and Manufacturing Employees was Established to: – Discern Control Devices Critical to Manufacturing, Safety and Continuity of Production – Identify Assets of – Hardware, Data, and Software Applications – Testing Fixes and Workarounds for Specific Machines – Recognizing Precise Vulnerabilities Differ by Environment – Determining how to Separate Networks Discussion Points Would Include: K. Adisesha 63
  • 64. Security Management of Data Resources and Process Control Networks 3- What are several other steps Geisinger and Du Pont could take to increase the security of their data and network resources? Explain the value of your proposals. Return to Cases Page K. Adisesha 64
  • 65. Security Management of Data Resources and Process Control Networks Include the Concepts Presented in the Chapter Material and Additional Considerations That You Have Located on the Internet Discussion Points Would Include: Return to Cases Page K. Adisesha 65
  • 66. 1- What security problems are typically remedied by Microsoft’s security patches for Windows? Why do such problems arise in the first place? Return to Cases Page Security Management of Windows Software K. Adisesha 66
  • 67. Security Management of Windows Software • Vulnerability to Computer Viruses (Worms) • Microsoft’s Push to Deliver New Versions – That have not been tested and/or • Designed Properly to Reduce Vulnerability Discussion Points Would Include: K. Adisesha 67
  • 68. 2- What challenges does the process of applying Windows patches pose for many businesses? What are some limitations of the patching process? Security Management of Windows Software K. Adisesha 68
  • 69. Security Management of Windows Software • Patching Required Companies to Drop Everything with Finite Resources • Larger Companies Need Time to Properly Test • Companies Faced with Limited Scope for Downtime Discussion Points Would Include: K. Adisesha 69
  • 70. 3- Does the business value of applying Windows patches outweigh its costs, limitations, and the demands it places on the IT function? Why or why not? Security Management of Windows Software Return to Cases Page K. Adisesha 70
  • 71. Security Management of Windows Software • Exploit-Proof Code Patching is Best Strategy • Microsoft’s Windows Update Patch Management Program – Has a Critical Shortcoming – Could Fool Users-They have Been Properly Patched – Users are Really Vulnerable-Patch not Fixed • Users have Reported Patches don't Always Deploy Properly Discussion Points Would Include: Return to Cases Page K. Adisesha 71
  • 72. Security Management of Windows Software • Exploit-Proof Code Patching is Best Strategy • Microsoft’s Windows Update Patch Management Program – Has a Critical Shortcoming – Could Fool Users-They have Been Properly Patched – Users are Really Vulnerable-Patch not Fixed • Users have Reported Patches don't Always Deploy Properly • Microsoft Patches have Serious Security Vulnerability Discussion Points Would Include: Return to Cases Page K. Adisesha 72
  • 73. 1- What is the function of each of the network security tools identified in this case? Visit the websites of security firms Check Point and NetForensics to help you answer. Return to Cases Page Managing Network Security Systems K. Adisesha 73
  • 74. Managing Network Security Systems • Network Intrusion-Detection Systems • Firewalls • Anti-Virus Tools • Automating the Process – Gathering – Consolidating – Correlating – Prioritizing Data from Security Event • Collecting Data from Individual Security Systems • “Normalizing” Data to Quickly Identify Potential Attacks Discussion Points Would Include: K. Adisesha 74
  • 75. 2- What is the value of security information management software to a company? Use the companies in this case as examples. Managing Network Security Systems K. Adisesha 75
  • 76. Managing Network Security Systems • Provides a Single Place To Get Information • Automated Gathering, Consolidating, and Correlating Data –Into a Usable Format to Analyze –Used to Establish Priorities • Permits Businesses to React Faster to Activity • Reduces the Number of False Alerts • Allows Companies to Drill Down into Attach Details Discussion Points Would Include: K. Adisesha 76
  • 77. 3- What can smaller firms who cannot afford the cost of such software do to properly manage and use the information about security from their network security systems? Give several examples. Managing Network Security Systems Return to Cases Page K. Adisesha 77
  • 78. Managing Network Security Systems •Plan for Having Periodic Audits of IT Security •Review/Update Regularly Control Features of IT •Regularly Change Passwords-To Access System •Develop a Backup Plan and Implement Discussion Points Would Include: Return to Cases Page K. Adisesha 78
  • 79. Managing Network Security Systems •Plan for Having Periodic Audits of IT Security •Review/Update Regularly Control Features of IT •Regularly Change Passwords-To Access System •Develop a Backup Plan and Implement •Develop Plan for Disaster Recovery Discussion Points Would Include: Return to Cases Page K. Adisesha 79
  • 80. Security and Ethical Challenges Thank you K. Adisesha 80