SlideShare a Scribd company logo

SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)

Download as PPTX, PDF
Biswajit Bhattacharjee
Biswajit Bhattacharjee
Technology
1 of 34
Biswajit Bhattacharjee (19) & Biswaraj Das Purkayastha (20) Presents SECURITY & CONTROL OF INFORMATION SYSTEM 1
2 O PRESENTED TO : Deepjyoti Choudhury Assistant Professor Assam University, Silchar
 Information system: The term information system describes the organized collection, processing, transmission, and spreading of information in accordance with defined procedures, whether automated or manual.  Security: Policies, procedures and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems  Controls: Methods, policies, and organizational procedures that ensure safety of organization’s assets; accuracy and reliability of its accounting records; and operational adherence to management standards 3
Basic Principles of Information Systems Security A . Confidentiality This principle is applied to information by enforcing rules about who is allowed to know it. Preserving personal privacy is one of the major objectives of confidentiality. It prevents the unauthorized disclosure of information and restricts the data access to only those who are authorized. But today the world is moving towards less authoritative structures, more informality, and fewer rules. Such developments are creating an issue of concern for the principle of confidentiality since the developments are aimed at making information accessible to many, not few. 4
Basic Principles of Information Systems Security (cont…) B. Integrity In any business organization having IS, the values of data stored and manipulated, such as maintaining the correct signs and symbols is an important issue of concern. This issue is referred to integrity within an organization which is the prevention of the unauthorized modification. C. Availability Availability is referred to as accessibility of information and in usable form when and where it is required. Sometimes it is also explained as the prevention of unauthorized withholding of data or resources. Within any organization today availability of resources and data is an important issue of concern since system failure is an organizational security issue 5
System Vulnerability and Abuse Why systems are vulnerable O Accessibility of networks O Hardware problems (breakdowns, configuration errors, damage from improper use or crime) O Software problems (programming errors, installation errors, unauthorized changes) O Disasters O Use of networks/computers outside of firm’s control O Loss and theft of portable devices 6
System Vulnerability and Abuse O Internet vulnerabilities O Network open to anyone O Size of Internet means abuses can have wide impact O Use of fixed Internet addresses with cable or DSL modems creates fixed targets hackers O Unencrypted VOIP O E-mail, P2P, IM O Interception O Attachments with malicious software O Transmitting trade secrets 7
System Vulnerability and Abuse O Wireless security challenges O Radio frequency bands easy to scan O SSIDs (service set identifiers) O Identify access points O Broadcast multiple times O War driving O Eavesdroppers drive by buildings and try to detect SSID and gain access to network and resources O WEP (Wired Equivalent Privacy) O Security standard for 802.11; use is optional O Uses shared password for both users and access point O Users often fail to implement WEP or stronger systems 8
System Vulnerability and Abuse O Malware (malicious software) O Viruses O Rogue software program that attaches itself to other software programs or data files in order to be executed O Worms O Independent computer programs that copy themselves from one computer to other computers over a network. O Trojan horses O Software program that appears to be benign but then does something other than expected. 9
System Vulnerability and Abuse O Malware (cont.) O SQL injection attacks O Hackers submit data to Web forms that exploits site’s unprotected software and sends rogue SQL query to database O Spyware O Small programs install themselves surreptitiously on computers to monitor user Web surfing activity and serve up advertising O Key loggers O Record every keystroke on computer to steal serial numbers, passwords, launch Internet attacks 10
System Vulnerability and Abuse O Hackers and computer crime O Hackers vs. crackers O Activities include O System intrusion O System damage O Cybervandalism O Intentional disruption, defacement, destruction of Web site or corporate information system 11
System Vulnerability and Abuse O Spoofing O Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else O Redirecting Web link to address different from intended one, with site masquerading as intended destination O Sniffer O Eavesdropping program that monitors information traveling over network O Enables hackers to steal proprietary information such as e-mail, company files, etc. 12
System Vulnerability and Abuse O Denial-of-service attacks (DoS) O Flooding server with thousands of false requests to crash the network. O Distributed denial-of-service attacks (DDoS) O Use of numerous computers to launch a DoS O Botnets O Networks of “zombie” PCs infiltrated by bot malware O Worldwide, 6 - 24 million computers serve as zombie PCs in thousands of botnets 13
System Vulnerability and Abuse O Computer crime O Defined as “any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution” O Computer may be target of crime, e.g.: O Breaching confidentiality of protected computerized data O Accessing a computer system without authority O Computer may be instrument of crime, e.g.: O Theft of trade secrets O Using e-mail for threats or harassment 14
System Vulnerability and Abuse O Identity theft O Theft of personal Information (social security id, driver’s license or credit card numbers) to impersonate someone else O Phishing O Setting up fake Web sites or sending e-mail messages that look like legitimate businesses to ask users for confidential personal data. O Evil twins O Wireless networks that pretend to offer trustworthy Wi-Fi connections to the Internet 15
System Vulnerability and Abuse O Pharming O Redirects users to a bogus Web page, even when individual types correct Web page address into his or her browser O Click fraud O Occurs when individual or computer program fraudulently clicks on online ad without any intention of learning more about the advertiser or making a purchase O Cyberterrorism and Cyberwarfare 16
System Vulnerability and Abuse O Internal threats: employees O Security threats often originate inside an organization O Inside knowledge O Sloppy security procedures O User lack of knowledge O Social engineering: O Tricking employees into revealing their passwords by pretending to be legitimate members of the company in need of information 17
System Vulnerability and Abuse O Software vulnerability O Commercial software contains flaws that create security vulnerabilities O Hidden bugs (program code defects) O Zero defects cannot be achieved because complete testing is not possible with large programs O Flaws can open networks to intruders O Patches O Vendors release small pieces of software to repair flaws O However exploits often created faster than patches be released and implemented 18
General controls • Establish framework for controlling design, security, and use of computer programs • Include software, hardware, computer operations, data security, implementation, and administrative controls CREATING A CONTROL ENVIRONMENT General Controls and Application Controls 19
General controls O Software controls O Authorised access to systems O Hardware controls O Physically secure hardware O Monitor for and fix malfunction O Environmental systems and protection O Backup of disk-based data 20
General controls O Computer operations controls O Day-to-day operations of Information Systems O Procedures O System set-up O Job processing O Backup and recovery procedures O Data security controls O Prevent unauthorised access, change or destruction O When data is in use or being stored O Physical access to terminals O Password protection O Data level access controls 21
O Administrative controls O Ensure organisational policies, procedures and standards and enforced O Segregation of functions to reduce errors and fraud O Supervision of personal to ensure policies and procedures are being adhered to 22 General controls
Application controls • Unique to each computerized application • Include input, processing, and output controls CREATING A CONTROL ENVIRONMENT General Controls and Application Controls 23
Application controls O Input controls O Data is accurate and consistent on entry O Direct keying of data, double entry or automated input O Data conversion, editing and error handling O Field validation on entry O Input authorisation and auditing O Checks on totals to catch errors 24
O Processing controls O Data is accurate and complete on processing O Checks on totals to catch errors O Compare to master records to catch errors O Field validation on update 25 Application controls
O Output controls O Data is accurate, complete and properly distributed on output O Checks on totals to catch errors O Review processing logs O Track recipients of data 26 Application controls
• On-line transaction processing: Transactions entered online are immediately processed by computer • Fault-tolerant computer systems: Contain extra hardware, software, and power supply components to provide continuous uninterrupted service CREATING A CONTROL ENVIRONMENT Protecting the Digital Firm 27
• High-availability computing: Tools and technologies enabling system to recover quickly from a crash • Disaster recovery plan: Runs business in event of computer outage • Load balancing: Distributes large number of requests for access among multiple servers CREATING A CONTROL ENVIRONMENT Protecting the Digital Firm 28
• Mirroring: Duplicating all processes and transactions of server on backup server to prevent any interruption in service • Clustering: Linking two computers together so that a second computer can act as a backup to the primary computer or speed up processing CREATING A CONTROL ENVIRONMENT Protecting the Digital Firm 29
Firewalls • Prevent unauthorized users from accessing private networks • Two types: proxies and stateful inspection Intrusion Detection System • Monitors vulnerable points in network to detect and deter unauthorized intruders CREATING A CONTROL ENVIRONMENT Internet Security Challenges 30
• Encryption: Coding and scrambling of messages to prevent their access without authorization • Authentication: Ability of each party in a transaction to ascertain identity of other party • Message integrity: Ability to ascertain that transmitted message has not been copied or altered CREATING A CONTROL ENVIRONMENT Security and Electronic Commerce 31
• Digital signature: Digital code attached to electronically transmitted message to uniquely identify contents and sender • Digital certificate: Attachment to electronic message to verify the sender and to provide receiver with means to encode reply CREATING A CONTROL ENVIRONMENT Security and Electronic Commerce 32
Establishing a Framework for Security and Control O MIS audit O Examines firm’s overall security environment as well as controls governing individual information systems O Reviews technologies, procedures, documentation, training, and personnel. O May even simulate disaster to test response of technology, IS staff, other employees. O Lists and ranks all control weaknesses and estimates probability of their occurrence. O Assesses financial and organizational impact of each threat 33
Thank You… 34

Recommended

Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information SystemSatya P. Joshi
 
MIS-CH08: Securing Information Systems
MIS-CH08: Securing Information SystemsMIS-CH08: Securing Information Systems
MIS-CH08: Securing Information SystemsSukanya Ben
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information systemOnline
 
Security & ethical challenges
Security & ethical challengesSecurity & ethical challenges
Security & ethical challengesLouie Medinaceli
 
Information system for strategic advantage
Information system for strategic advantageInformation system for strategic advantage
Information system for strategic advantageHarmanjeet Kaur
 
Security and control in mis
Security and control in misSecurity and control in mis
Security and control in misGurjit
 
Information system
Information systemInformation system
Information systemরেদওয়ান হৃদয়
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 

Recommended

Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information SystemSatya P. Joshi
 
MIS-CH08: Securing Information Systems
MIS-CH08: Securing Information SystemsMIS-CH08: Securing Information Systems
MIS-CH08: Securing Information SystemsSukanya Ben
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information systemOnline
 
Security & ethical challenges
Security & ethical challengesSecurity & ethical challenges
Security & ethical challengesLouie Medinaceli
 
Information system for strategic advantage
Information system for strategic advantageInformation system for strategic advantage
Information system for strategic advantageHarmanjeet Kaur
 
Security and control in mis
Security and control in misSecurity and control in mis
Security and control in misGurjit
 
Information system
Information systemInformation system
Information systemরেদওয়ান হৃদয়
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
System vulnerability and abuse
System vulnerability and abuseSystem vulnerability and abuse
System vulnerability and abusePrakash Raval
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
Chapter 4 Ethical and Social Issues in Information Systems
Chapter 4 Ethical and Social Issues in Information SystemsChapter 4 Ethical and Social Issues in Information Systems
Chapter 4 Ethical and Social Issues in Information SystemsSammer Qader
 
Three dimensions of information systems
Three dimensions of information systemsThree dimensions of information systems
Three dimensions of information systemsSuleyman Ally
 
Executive Information System
Executive Information SystemExecutive Information System
Executive Information Systemuniversity of education,Lahore
 
Decision Support System(DSS)
Decision Support System(DSS)Decision Support System(DSS)
Decision Support System(DSS)Sayantan Sur
 
Erp ppt
Erp pptErp ppt
Erp pptSONYGURI
 
Functional information system
Functional information systemFunctional information system
Functional information systemamazing19
 
Expert system (mis)
Expert system (mis)Expert system (mis)
Expert system (mis)Quaid e Azam college of commerce (university of peshawar)
 
Mis planning
Mis planningMis planning
Mis planninglaiprabhakar
 
Management information system ( MIS )
Management information system ( MIS )Management information system ( MIS )
Management information system ( MIS )QualitativeIn
 
Ethical And Social Issues in MIS - Management Information System
Ethical And Social Issues in MIS - Management Information SystemEthical And Social Issues in MIS - Management Information System
Ethical And Social Issues in MIS - Management Information SystemFaHaD .H. NooR
 
Business Analytics
Business Analytics Business Analytics
Business Analytics ICFAI Business School
 
strategic information system
strategic information systemstrategic information system
strategic information systemPrateek Singh
 
Management Information System (MIS)
Management Information System (MIS)Management Information System (MIS)
Management Information System (MIS)Navneet Jingar
 
MIS-CH01: Information Systems, Organization, and Strategy
MIS-CH01: Information Systems, Organization, and StrategyMIS-CH01: Information Systems, Organization, and Strategy
MIS-CH01: Information Systems, Organization, and StrategySukanya Ben
 
Information System & Business applications
Information System & Business applicationsInformation System & Business applications
Information System & Business applicationsShubham Upadhyay
 
Information System audit
Information System auditInformation System audit
Information System auditPratapchandra
 
Strategic information system
Strategic information system Strategic information system
Strategic information system Megha_pareek
 
Business information system with explaination
Business information system with explainationBusiness information system with explaination
Business information system with explainationAlana Abraham
 
Information System Security introduction
Information System Security introductionInformation System Security introduction
Information System Security introductionShu Shin
 
The Moral Dimensions of Information Systems
The Moral Dimensions of Information SystemsThe Moral Dimensions of Information Systems
The Moral Dimensions of Information SystemsAlbrecht Jones
 

More Related Content

What's hot

System vulnerability and abuse
System vulnerability and abuseSystem vulnerability and abuse
System vulnerability and abusePrakash Raval
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
Chapter 4 Ethical and Social Issues in Information Systems
Chapter 4 Ethical and Social Issues in Information SystemsChapter 4 Ethical and Social Issues in Information Systems
Chapter 4 Ethical and Social Issues in Information SystemsSammer Qader
 
Three dimensions of information systems
Three dimensions of information systemsThree dimensions of information systems
Three dimensions of information systemsSuleyman Ally
 
Decision Support System(DSS)
Decision Support System(DSS)Decision Support System(DSS)
Decision Support System(DSS)Sayantan Sur
 
Functional information system
Functional information systemFunctional information system
Functional information systemamazing19
 
Management information system ( MIS )
Management information system ( MIS )Management information system ( MIS )
Management information system ( MIS )QualitativeIn
 
Ethical And Social Issues in MIS - Management Information System
Ethical And Social Issues in MIS - Management Information SystemEthical And Social Issues in MIS - Management Information System
Ethical And Social Issues in MIS - Management Information SystemFaHaD .H. NooR
 
strategic information system
strategic information systemstrategic information system
strategic information systemPrateek Singh
 
Management Information System (MIS)
Management Information System (MIS)Management Information System (MIS)
Management Information System (MIS)Navneet Jingar
 
MIS-CH01: Information Systems, Organization, and Strategy
MIS-CH01: Information Systems, Organization, and StrategyMIS-CH01: Information Systems, Organization, and Strategy
MIS-CH01: Information Systems, Organization, and StrategySukanya Ben
 
Information System & Business applications
Information System & Business applicationsInformation System & Business applications
Information System & Business applicationsShubham Upadhyay
 
Information System audit
Information System auditInformation System audit
Information System auditPratapchandra
 
Strategic information system
Strategic information system Strategic information system
Strategic information system Megha_pareek
 
Business information system with explaination
Business information system with explainationBusiness information system with explaination
Business information system with explainationAlana Abraham
 

What's hot (20)

System vulnerability and abuse
System vulnerability and abuseSystem vulnerability and abuse
System vulnerability and abuse
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
 
Chapter 4 Ethical and Social Issues in Information Systems
Chapter 4 Ethical and Social Issues in Information SystemsChapter 4 Ethical and Social Issues in Information Systems
Chapter 4 Ethical and Social Issues in Information Systems
 
Three dimensions of information systems
Three dimensions of information systemsThree dimensions of information systems
Three dimensions of information systems
 
Executive Information System
Executive Information SystemExecutive Information System
Executive Information System
 
Decision Support System(DSS)
Decision Support System(DSS)Decision Support System(DSS)
Decision Support System(DSS)
 
Erp ppt
Erp pptErp ppt
Erp ppt
 
Functional information system
Functional information systemFunctional information system
Functional information system
 
Expert system (mis)
Expert system (mis)Expert system (mis)
Expert system (mis)
 
Mis planning
Mis planningMis planning
Mis planning
 
Management information system ( MIS )
Management information system ( MIS )Management information system ( MIS )
Management information system ( MIS )
 
Ethical And Social Issues in MIS - Management Information System
Ethical And Social Issues in MIS - Management Information SystemEthical And Social Issues in MIS - Management Information System
Ethical And Social Issues in MIS - Management Information System
 
Business Analytics
Business Analytics Business Analytics
Business Analytics
 
strategic information system
strategic information systemstrategic information system
strategic information system
 
Management Information System (MIS)
Management Information System (MIS)Management Information System (MIS)
Management Information System (MIS)
 
MIS-CH01: Information Systems, Organization, and Strategy
MIS-CH01: Information Systems, Organization, and StrategyMIS-CH01: Information Systems, Organization, and Strategy
MIS-CH01: Information Systems, Organization, and Strategy
 
Information System & Business applications
Information System & Business applicationsInformation System & Business applications
Information System & Business applications
 
Information System audit
Information System auditInformation System audit
Information System audit
 
Strategic information system
Strategic information system Strategic information system
Strategic information system
 
Business information system with explaination
Business information system with explainationBusiness information system with explaination
Business information system with explaination
 

Viewers also liked

Information System Security introduction
Information System Security introductionInformation System Security introduction
Information System Security introductionShu Shin
 
The Moral Dimensions of Information Systems
The Moral Dimensions of Information SystemsThe Moral Dimensions of Information Systems
The Moral Dimensions of Information SystemsAlbrecht Jones
 
Ethical and social issues in information systems
Ethical and social issues in information systemsEthical and social issues in information systems
Ethical and social issues in information systemsProf. Othman Alsalloum
 
Chapter 6 annual worth analysis
Chapter 6 annual worth analysisChapter 6 annual worth analysis
Chapter 6 annual worth analysisBich Lien Pham
 
Mis of hero honda
Mis of hero hondaMis of hero honda
Mis of hero hondaneelnmanju
 
Management Information Systems in Maruti Suzuki
Management Information Systems in Maruti SuzukiManagement Information Systems in Maruti Suzuki
Management Information Systems in Maruti SuzukiMohammad Mohtashim
 
TYPES OF HACKING
TYPES OF HACKINGTYPES OF HACKING
TYPES OF HACKINGSHERALI445
 
Top 10 Reasons for ERP Project Failure
Top 10 Reasons for ERP Project FailureTop 10 Reasons for ERP Project Failure
Top 10 Reasons for ERP Project FailureJohn Paulson
 
Threats to information security
Threats to information securityThreats to information security
Threats to information securityswapneel07
 
Threats to Information Resources - MIS - Shimna
Threats to Information Resources - MIS - ShimnaThreats to Information Resources - MIS - Shimna
Threats to Information Resources - MIS - ShimnaChinnu Shimna
 
Chapter 6 Mis And Erp
Chapter 6 Mis And ErpChapter 6 Mis And Erp
Chapter 6 Mis And Erpmanagement 2
 
Hacking & its types
Hacking & its typesHacking & its types
Hacking & its typesSai Sakoji
 
Customer relationship management in mis ppt
Customer relationship management in mis pptCustomer relationship management in mis ppt
Customer relationship management in mis pptRanjani Witted
 
MIS 13 Customer Relationship Management
MIS 13 Customer Relationship ManagementMIS 13 Customer Relationship Management
MIS 13 Customer Relationship ManagementTushar B Kute
 

Viewers also liked (20)

Information System Security introduction
Information System Security introductionInformation System Security introduction
Information System Security introduction
 
The Moral Dimensions of Information Systems
The Moral Dimensions of Information SystemsThe Moral Dimensions of Information Systems
The Moral Dimensions of Information Systems
 
Ethical and social issues in information systems
Ethical and social issues in information systemsEthical and social issues in information systems
Ethical and social issues in information systems
 
Chapter 6 annual worth analysis
Chapter 6 annual worth analysisChapter 6 annual worth analysis
Chapter 6 annual worth analysis
 
Cyber security mis
Cyber security misCyber security mis
Cyber security mis
 
Consumer Price Index
Consumer Price IndexConsumer Price Index
Consumer Price Index
 
Mis of hero honda
Mis of hero hondaMis of hero honda
Mis of hero honda
 
Management Information Systems in Maruti Suzuki
Management Information Systems in Maruti SuzukiManagement Information Systems in Maruti Suzuki
Management Information Systems in Maruti Suzuki
 
TYPES OF HACKING
TYPES OF HACKINGTYPES OF HACKING
TYPES OF HACKING
 
Top 10 Reasons for ERP Project Failure
Top 10 Reasons for ERP Project FailureTop 10 Reasons for ERP Project Failure
Top 10 Reasons for ERP Project Failure
 
Threats to information security
Threats to information securityThreats to information security
Threats to information security
 
Threats to Information Resources - MIS - Shimna
Threats to Information Resources - MIS - ShimnaThreats to Information Resources - MIS - Shimna
Threats to Information Resources - MIS - Shimna
 
ERP and MIS
ERP and MISERP and MIS
ERP and MIS
 
Erp benefits
Erp benefitsErp benefits
Erp benefits
 
Chapter 6 Mis And Erp
Chapter 6 Mis And ErpChapter 6 Mis And Erp
Chapter 6 Mis And Erp
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
Hacking & its types
Hacking & its typesHacking & its types
Hacking & its types
 
Customer relationship management in mis ppt
Customer relationship management in mis pptCustomer relationship management in mis ppt
Customer relationship management in mis ppt
 
MIS 13 Customer Relationship Management
MIS 13 Customer Relationship ManagementMIS 13 Customer Relationship Management
MIS 13 Customer Relationship Management
 
DATA WAREHOUSING AND DATA MINING
DATA WAREHOUSING AND DATA MININGDATA WAREHOUSING AND DATA MINING
DATA WAREHOUSING AND DATA MINING
 

Similar to SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)

Security and ethical challenges in mis
Security and ethical challenges in misSecurity and ethical challenges in mis
Security and ethical challenges in misI P Abir
 
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...ShivamSharma909
 
Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +infosec train
 
Session 7 - Management challenges in Information security.ppt
Session 7 - Management challenges in Information security.pptSession 7 - Management challenges in Information security.ppt
Session 7 - Management challenges in Information security.pptENRIQUE EGLESIAS
 
Mis security system threads
Mis security system threadsMis security system threads
Mis security system threadsLeena Reddy
 
Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Symptai Consulting Limited
 
Technical seminar on Security
Technical seminar on Security Technical seminar on Security
Technical seminar on Security STS
 
Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.rizwanshafique4321
 
SECURING INFORMATION SYSTEM 1.pptx
SECURING INFORMATION SYSTEM 1.pptxSECURING INFORMATION SYSTEM 1.pptx
SECURING INFORMATION SYSTEM 1.pptxCabdullhiY
 
Okara history and security slides 2017
Okara history and security slides 2017Okara history and security slides 2017
Okara history and security slides 2017TAIMOOR KHAQAN
 
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsMuhammadRobeel3
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010joevest
 
Legal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsLegal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsKimarie Brown
 
e commerce security and fraud protection
e commerce security and fraud protectione commerce security and fraud protection
e commerce security and fraud protectiontumetr1
 

Similar to SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System) (20)

Security and ethical challenges in mis
Security and ethical challenges in misSecurity and ethical challenges in mis
Security and ethical challenges in mis
 
Chapter 5 MIS
Chapter 5 MISChapter 5 MIS
Chapter 5 MIS
 
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
 
Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +
 
CompTIA Security+
CompTIA Security+CompTIA Security+
CompTIA Security+
 
Types of Cyber Crimes and Security Threats
Types of Cyber Crimes and Security ThreatsTypes of Cyber Crimes and Security Threats
Types of Cyber Crimes and Security Threats
 
Session 7 - Management challenges in Information security.ppt
Session 7 - Management challenges in Information security.pptSession 7 - Management challenges in Information security.ppt
Session 7 - Management challenges in Information security.ppt
 
Mis security system threads
Mis security system threadsMis security system threads
Mis security system threads
 
Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?
 
Technical seminar on Security
Technical seminar on Security Technical seminar on Security
Technical seminar on Security
 
Securing information systems
Securing information systemsSecuring information systems
Securing information systems
 
Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.
 
SECURING INFORMATION SYSTEM 1.pptx
SECURING INFORMATION SYSTEM 1.pptxSECURING INFORMATION SYSTEM 1.pptx
SECURING INFORMATION SYSTEM 1.pptx
 
Okara history and security slides 2017
Okara history and security slides 2017Okara history and security slides 2017
Okara history and security slides 2017
 
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guards
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
 
Legal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsLegal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing Informatics
 
Computer security
Computer securityComputer security
Computer security
 
e commerce security and fraud protection
e commerce security and fraud protectione commerce security and fraud protection
e commerce security and fraud protection
 

More from Biswajit Bhattacharjee

Women Entrepreneur - India : Vandana luthra curls & curves india ltd(vlcc)
Women Entrepreneur - India : Vandana luthra curls & curves india ltd(vlcc)Women Entrepreneur - India : Vandana luthra curls & curves india ltd(vlcc)
Women Entrepreneur - India : Vandana luthra curls & curves india ltd(vlcc)Biswajit Bhattacharjee
 
’'Pure for sure’’ with bharat petroleum-Operations Management
’'Pure for sure’’ with bharat petroleum-Operations Management’'Pure for sure’’ with bharat petroleum-Operations Management
’'Pure for sure’’ with bharat petroleum-Operations ManagementBiswajit Bhattacharjee
 
Role and significance of finance in other functional areas
Role and significance of finance in other functional areasRole and significance of finance in other functional areas
Role and significance of finance in other functional areasBiswajit Bhattacharjee
 
Role and significance of finance in other functional areas
Role and significance of finance in other functional areasRole and significance of finance in other functional areas
Role and significance of finance in other functional areasBiswajit Bhattacharjee
 
Ipo process, how price band determined, role of merchant banker & underwriter
Ipo process, how price band determined, role of merchant banker & underwriterIpo process, how price band determined, role of merchant banker & underwriter
Ipo process, how price band determined, role of merchant banker & underwriterBiswajit Bhattacharjee
 
Ipo process, how price band determined, role of merchant banker & underwriter
Ipo process, how price band determined, role of merchant banker & underwriterIpo process, how price band determined, role of merchant banker & underwriter
Ipo process, how price band determined, role of merchant banker & underwriterBiswajit Bhattacharjee
 
Management accounting overhead variance
Management accounting overhead varianceManagement accounting overhead variance
Management accounting overhead varianceBiswajit Bhattacharjee
 
Queueing Theory and its BusinessS Applications
Queueing Theory and its BusinessS ApplicationsQueueing Theory and its BusinessS Applications
Queueing Theory and its BusinessS ApplicationsBiswajit Bhattacharjee
 
Ozone Depletion and the Montreal Protocol
Ozone Depletion and the Montreal ProtocolOzone Depletion and the Montreal Protocol
Ozone Depletion and the Montreal ProtocolBiswajit Bhattacharjee
 
RESPONSIBILITY ACCOUNTING WITH SPECIAL REFERENCE TO STANDARD COSTING AND BUDG...
RESPONSIBILITY ACCOUNTING WITH SPECIAL REFERENCE TO STANDARD COSTING AND BUDG...RESPONSIBILITY ACCOUNTING WITH SPECIAL REFERENCE TO STANDARD COSTING AND BUDG...
RESPONSIBILITY ACCOUNTING WITH SPECIAL REFERENCE TO STANDARD COSTING AND BUDG...Biswajit Bhattacharjee
 
Managerial/Business Economics : Macro Economics Aggregates : Concept :GNP GDP...
Managerial/Business Economics : Macro Economics Aggregates : Concept :GNP GDP...Managerial/Business Economics : Macro Economics Aggregates : Concept :GNP GDP...
Managerial/Business Economics : Macro Economics Aggregates : Concept :GNP GDP...Biswajit Bhattacharjee
 
MASLOWS’ NEED HIERARCHY OF MOTIVATION
MASLOWS’ NEED HIERARCHY OF MOTIVATIONMASLOWS’ NEED HIERARCHY OF MOTIVATION
MASLOWS’ NEED HIERARCHY OF MOTIVATIONBiswajit Bhattacharjee
 

More from Biswajit Bhattacharjee (16)

Women Entrepreneur - India : Vandana luthra curls & curves india ltd(vlcc)
Women Entrepreneur - India : Vandana luthra curls & curves india ltd(vlcc)Women Entrepreneur - India : Vandana luthra curls & curves india ltd(vlcc)
Women Entrepreneur - India : Vandana luthra curls & curves india ltd(vlcc)
 
Business environment in india
Business environment in indiaBusiness environment in india
Business environment in india
 
’'Pure for sure’’ with bharat petroleum-Operations Management
’'Pure for sure’’ with bharat petroleum-Operations Management’'Pure for sure’’ with bharat petroleum-Operations Management
’'Pure for sure’’ with bharat petroleum-Operations Management
 
Succession planning
Succession planningSuccession planning
Succession planning
 
Role and significance of finance in other functional areas
Role and significance of finance in other functional areasRole and significance of finance in other functional areas
Role and significance of finance in other functional areas
 
Role and significance of finance in other functional areas
Role and significance of finance in other functional areasRole and significance of finance in other functional areas
Role and significance of finance in other functional areas
 
Ipo process, how price band determined, role of merchant banker & underwriter
Ipo process, how price band determined, role of merchant banker & underwriterIpo process, how price band determined, role of merchant banker & underwriter
Ipo process, how price band determined, role of merchant banker & underwriter
 
Ipo process, how price band determined, role of merchant banker & underwriter
Ipo process, how price band determined, role of merchant banker & underwriterIpo process, how price band determined, role of merchant banker & underwriter
Ipo process, how price band determined, role of merchant banker & underwriter
 
Management accounting overhead variance
Management accounting overhead varianceManagement accounting overhead variance
Management accounting overhead variance
 
Uses of MS Access in Business
Uses of MS Access in Business Uses of MS Access in Business
Uses of MS Access in Business
 
Queueing Theory and its BusinessS Applications
Queueing Theory and its BusinessS ApplicationsQueueing Theory and its BusinessS Applications
Queueing Theory and its BusinessS Applications
 
Ozone Depletion and the Montreal Protocol
Ozone Depletion and the Montreal ProtocolOzone Depletion and the Montreal Protocol
Ozone Depletion and the Montreal Protocol
 
RESPONSIBILITY ACCOUNTING WITH SPECIAL REFERENCE TO STANDARD COSTING AND BUDG...
RESPONSIBILITY ACCOUNTING WITH SPECIAL REFERENCE TO STANDARD COSTING AND BUDG...RESPONSIBILITY ACCOUNTING WITH SPECIAL REFERENCE TO STANDARD COSTING AND BUDG...
RESPONSIBILITY ACCOUNTING WITH SPECIAL REFERENCE TO STANDARD COSTING AND BUDG...
 
Managerial/Business Economics : Macro Economics Aggregates : Concept :GNP GDP...
Managerial/Business Economics : Macro Economics Aggregates : Concept :GNP GDP...Managerial/Business Economics : Macro Economics Aggregates : Concept :GNP GDP...
Managerial/Business Economics : Macro Economics Aggregates : Concept :GNP GDP...
 
MASLOWS’ NEED HIERARCHY OF MOTIVATION
MASLOWS’ NEED HIERARCHY OF MOTIVATIONMASLOWS’ NEED HIERARCHY OF MOTIVATION
MASLOWS’ NEED HIERARCHY OF MOTIVATION
 
Intrinsic and Extrinsic Motivation
Intrinsic and Extrinsic MotivationIntrinsic and Extrinsic Motivation
Intrinsic and Extrinsic Motivation
 

Recently uploaded

My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 

Recently uploaded (20)

My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 

SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)

  • 1. Biswajit Bhattacharjee (19) & Biswaraj Das Purkayastha (20) Presents SECURITY & CONTROL OF INFORMATION SYSTEM 1
  • 2. 2 O PRESENTED TO : Deepjyoti Choudhury Assistant Professor Assam University, Silchar
  • 3.  Information system: The term information system describes the organized collection, processing, transmission, and spreading of information in accordance with defined procedures, whether automated or manual.  Security: Policies, procedures and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems  Controls: Methods, policies, and organizational procedures that ensure safety of organization’s assets; accuracy and reliability of its accounting records; and operational adherence to management standards 3
  • 4. Basic Principles of Information Systems Security A . Confidentiality This principle is applied to information by enforcing rules about who is allowed to know it. Preserving personal privacy is one of the major objectives of confidentiality. It prevents the unauthorized disclosure of information and restricts the data access to only those who are authorized. But today the world is moving towards less authoritative structures, more informality, and fewer rules. Such developments are creating an issue of concern for the principle of confidentiality since the developments are aimed at making information accessible to many, not few. 4
  • 5. Basic Principles of Information Systems Security (cont…) B. Integrity In any business organization having IS, the values of data stored and manipulated, such as maintaining the correct signs and symbols is an important issue of concern. This issue is referred to integrity within an organization which is the prevention of the unauthorized modification. C. Availability Availability is referred to as accessibility of information and in usable form when and where it is required. Sometimes it is also explained as the prevention of unauthorized withholding of data or resources. Within any organization today availability of resources and data is an important issue of concern since system failure is an organizational security issue 5
  • 6. System Vulnerability and Abuse Why systems are vulnerable O Accessibility of networks O Hardware problems (breakdowns, configuration errors, damage from improper use or crime) O Software problems (programming errors, installation errors, unauthorized changes) O Disasters O Use of networks/computers outside of firm’s control O Loss and theft of portable devices 6
  • 7. System Vulnerability and Abuse O Internet vulnerabilities O Network open to anyone O Size of Internet means abuses can have wide impact O Use of fixed Internet addresses with cable or DSL modems creates fixed targets hackers O Unencrypted VOIP O E-mail, P2P, IM O Interception O Attachments with malicious software O Transmitting trade secrets 7
  • 8. System Vulnerability and Abuse O Wireless security challenges O Radio frequency bands easy to scan O SSIDs (service set identifiers) O Identify access points O Broadcast multiple times O War driving O Eavesdroppers drive by buildings and try to detect SSID and gain access to network and resources O WEP (Wired Equivalent Privacy) O Security standard for 802.11; use is optional O Uses shared password for both users and access point O Users often fail to implement WEP or stronger systems 8
  • 9. System Vulnerability and Abuse O Malware (malicious software) O Viruses O Rogue software program that attaches itself to other software programs or data files in order to be executed O Worms O Independent computer programs that copy themselves from one computer to other computers over a network. O Trojan horses O Software program that appears to be benign but then does something other than expected. 9
  • 10. System Vulnerability and Abuse O Malware (cont.) O SQL injection attacks O Hackers submit data to Web forms that exploits site’s unprotected software and sends rogue SQL query to database O Spyware O Small programs install themselves surreptitiously on computers to monitor user Web surfing activity and serve up advertising O Key loggers O Record every keystroke on computer to steal serial numbers, passwords, launch Internet attacks 10
  • 11. System Vulnerability and Abuse O Hackers and computer crime O Hackers vs. crackers O Activities include O System intrusion O System damage O Cybervandalism O Intentional disruption, defacement, destruction of Web site or corporate information system 11
  • 12. System Vulnerability and Abuse O Spoofing O Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else O Redirecting Web link to address different from intended one, with site masquerading as intended destination O Sniffer O Eavesdropping program that monitors information traveling over network O Enables hackers to steal proprietary information such as e-mail, company files, etc. 12
  • 13. System Vulnerability and Abuse O Denial-of-service attacks (DoS) O Flooding server with thousands of false requests to crash the network. O Distributed denial-of-service attacks (DDoS) O Use of numerous computers to launch a DoS O Botnets O Networks of “zombie” PCs infiltrated by bot malware O Worldwide, 6 - 24 million computers serve as zombie PCs in thousands of botnets 13
  • 14. System Vulnerability and Abuse O Computer crime O Defined as “any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution” O Computer may be target of crime, e.g.: O Breaching confidentiality of protected computerized data O Accessing a computer system without authority O Computer may be instrument of crime, e.g.: O Theft of trade secrets O Using e-mail for threats or harassment 14
  • 15. System Vulnerability and Abuse O Identity theft O Theft of personal Information (social security id, driver’s license or credit card numbers) to impersonate someone else O Phishing O Setting up fake Web sites or sending e-mail messages that look like legitimate businesses to ask users for confidential personal data. O Evil twins O Wireless networks that pretend to offer trustworthy Wi-Fi connections to the Internet 15
  • 16. System Vulnerability and Abuse O Pharming O Redirects users to a bogus Web page, even when individual types correct Web page address into his or her browser O Click fraud O Occurs when individual or computer program fraudulently clicks on online ad without any intention of learning more about the advertiser or making a purchase O Cyberterrorism and Cyberwarfare 16
  • 17. System Vulnerability and Abuse O Internal threats: employees O Security threats often originate inside an organization O Inside knowledge O Sloppy security procedures O User lack of knowledge O Social engineering: O Tricking employees into revealing their passwords by pretending to be legitimate members of the company in need of information 17
  • 18. System Vulnerability and Abuse O Software vulnerability O Commercial software contains flaws that create security vulnerabilities O Hidden bugs (program code defects) O Zero defects cannot be achieved because complete testing is not possible with large programs O Flaws can open networks to intruders O Patches O Vendors release small pieces of software to repair flaws O However exploits often created faster than patches be released and implemented 18
  • 19. General controls • Establish framework for controlling design, security, and use of computer programs • Include software, hardware, computer operations, data security, implementation, and administrative controls CREATING A CONTROL ENVIRONMENT General Controls and Application Controls 19
  • 20. General controls O Software controls O Authorised access to systems O Hardware controls O Physically secure hardware O Monitor for and fix malfunction O Environmental systems and protection O Backup of disk-based data 20
  • 21. General controls O Computer operations controls O Day-to-day operations of Information Systems O Procedures O System set-up O Job processing O Backup and recovery procedures O Data security controls O Prevent unauthorised access, change or destruction O When data is in use or being stored O Physical access to terminals O Password protection O Data level access controls 21
  • 22. O Administrative controls O Ensure organisational policies, procedures and standards and enforced O Segregation of functions to reduce errors and fraud O Supervision of personal to ensure policies and procedures are being adhered to 22 General controls
  • 23. Application controls • Unique to each computerized application • Include input, processing, and output controls CREATING A CONTROL ENVIRONMENT General Controls and Application Controls 23
  • 24. Application controls O Input controls O Data is accurate and consistent on entry O Direct keying of data, double entry or automated input O Data conversion, editing and error handling O Field validation on entry O Input authorisation and auditing O Checks on totals to catch errors 24
  • 25. O Processing controls O Data is accurate and complete on processing O Checks on totals to catch errors O Compare to master records to catch errors O Field validation on update 25 Application controls
  • 26. O Output controls O Data is accurate, complete and properly distributed on output O Checks on totals to catch errors O Review processing logs O Track recipients of data 26 Application controls
  • 27. • On-line transaction processing: Transactions entered online are immediately processed by computer • Fault-tolerant computer systems: Contain extra hardware, software, and power supply components to provide continuous uninterrupted service CREATING A CONTROL ENVIRONMENT Protecting the Digital Firm 27
  • 28. • High-availability computing: Tools and technologies enabling system to recover quickly from a crash • Disaster recovery plan: Runs business in event of computer outage • Load balancing: Distributes large number of requests for access among multiple servers CREATING A CONTROL ENVIRONMENT Protecting the Digital Firm 28
  • 29. • Mirroring: Duplicating all processes and transactions of server on backup server to prevent any interruption in service • Clustering: Linking two computers together so that a second computer can act as a backup to the primary computer or speed up processing CREATING A CONTROL ENVIRONMENT Protecting the Digital Firm 29
  • 30. Firewalls • Prevent unauthorized users from accessing private networks • Two types: proxies and stateful inspection Intrusion Detection System • Monitors vulnerable points in network to detect and deter unauthorized intruders CREATING A CONTROL ENVIRONMENT Internet Security Challenges 30
  • 31. • Encryption: Coding and scrambling of messages to prevent their access without authorization • Authentication: Ability of each party in a transaction to ascertain identity of other party • Message integrity: Ability to ascertain that transmitted message has not been copied or altered CREATING A CONTROL ENVIRONMENT Security and Electronic Commerce 31
  • 32. • Digital signature: Digital code attached to electronically transmitted message to uniquely identify contents and sender • Digital certificate: Attachment to electronic message to verify the sender and to provide receiver with means to encode reply CREATING A CONTROL ENVIRONMENT Security and Electronic Commerce 32
  • 33. Establishing a Framework for Security and Control O MIS audit O Examines firm’s overall security environment as well as controls governing individual information systems O Reviews technologies, procedures, documentation, training, and personnel. O May even simulate disaster to test response of technology, IS staff, other employees. O Lists and ranks all control weaknesses and estimates probability of their occurrence. O Assesses financial and organizational impact of each threat 33