SlideShare a Scribd company logo

SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)

Download as PPTX, PDF
Biswajit Bhattacharjee
Biswajit Bhattacharjee
Technology
1 of 34
Biswajit Bhattacharjee (19) & Biswaraj Das Purkayastha (20) Presents SECURITY & CONTROL OF INFORMATION SYSTEM 1
2 O PRESENTED TO : Deepjyoti Choudhury Assistant Professor Assam University, Silchar
 Information system: The term information system describes the organized collection, processing, transmission, and spreading of information in accordance with defined procedures, whether automated or manual.  Security: Policies, procedures and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems  Controls: Methods, policies, and organizational procedures that ensure safety of organization’s assets; accuracy and reliability of its accounting records; and operational adherence to management standards 3
Basic Principles of Information Systems Security A . Confidentiality This principle is applied to information by enforcing rules about who is allowed to know it. Preserving personal privacy is one of the major objectives of confidentiality. It prevents the unauthorized disclosure of information and restricts the data access to only those who are authorized. But today the world is moving towards less authoritative structures, more informality, and fewer rules. Such developments are creating an issue of concern for the principle of confidentiality since the developments are aimed at making information accessible to many, not few. 4
Basic Principles of Information Systems Security (cont…) B. Integrity In any business organization having IS, the values of data stored and manipulated, such as maintaining the correct signs and symbols is an important issue of concern. This issue is referred to integrity within an organization which is the prevention of the unauthorized modification. C. Availability Availability is referred to as accessibility of information and in usable form when and where it is required. Sometimes it is also explained as the prevention of unauthorized withholding of data or resources. Within any organization today availability of resources and data is an important issue of concern since system failure is an organizational security issue 5
System Vulnerability and Abuse Why systems are vulnerable O Accessibility of networks O Hardware problems (breakdowns, configuration errors, damage from improper use or crime) O Software problems (programming errors, installation errors, unauthorized changes) O Disasters O Use of networks/computers outside of firm’s control O Loss and theft of portable devices 6
System Vulnerability and Abuse O Internet vulnerabilities O Network open to anyone O Size of Internet means abuses can have wide impact O Use of fixed Internet addresses with cable or DSL modems creates fixed targets hackers O Unencrypted VOIP O E-mail, P2P, IM O Interception O Attachments with malicious software O Transmitting trade secrets 7
System Vulnerability and Abuse O Wireless security challenges O Radio frequency bands easy to scan O SSIDs (service set identifiers) O Identify access points O Broadcast multiple times O War driving O Eavesdroppers drive by buildings and try to detect SSID and gain access to network and resources O WEP (Wired Equivalent Privacy) O Security standard for 802.11; use is optional O Uses shared password for both users and access point O Users often fail to implement WEP or stronger systems 8
System Vulnerability and Abuse O Malware (malicious software) O Viruses O Rogue software program that attaches itself to other software programs or data files in order to be executed O Worms O Independent computer programs that copy themselves from one computer to other computers over a network. O Trojan horses O Software program that appears to be benign but then does something other than expected. 9
System Vulnerability and Abuse O Malware (cont.) O SQL injection attacks O Hackers submit data to Web forms that exploits site’s unprotected software and sends rogue SQL query to database O Spyware O Small programs install themselves surreptitiously on computers to monitor user Web surfing activity and serve up advertising O Key loggers O Record every keystroke on computer to steal serial numbers, passwords, launch Internet attacks 10
System Vulnerability and Abuse O Hackers and computer crime O Hackers vs. crackers O Activities include O System intrusion O System damage O Cybervandalism O Intentional disruption, defacement, destruction of Web site or corporate information system 11
System Vulnerability and Abuse O Spoofing O Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else O Redirecting Web link to address different from intended one, with site masquerading as intended destination O Sniffer O Eavesdropping program that monitors information traveling over network O Enables hackers to steal proprietary information such as e-mail, company files, etc. 12
System Vulnerability and Abuse O Denial-of-service attacks (DoS) O Flooding server with thousands of false requests to crash the network. O Distributed denial-of-service attacks (DDoS) O Use of numerous computers to launch a DoS O Botnets O Networks of “zombie” PCs infiltrated by bot malware O Worldwide, 6 - 24 million computers serve as zombie PCs in thousands of botnets 13
System Vulnerability and Abuse O Computer crime O Defined as “any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution” O Computer may be target of crime, e.g.: O Breaching confidentiality of protected computerized data O Accessing a computer system without authority O Computer may be instrument of crime, e.g.: O Theft of trade secrets O Using e-mail for threats or harassment 14
System Vulnerability and Abuse O Identity theft O Theft of personal Information (social security id, driver’s license or credit card numbers) to impersonate someone else O Phishing O Setting up fake Web sites or sending e-mail messages that look like legitimate businesses to ask users for confidential personal data. O Evil twins O Wireless networks that pretend to offer trustworthy Wi-Fi connections to the Internet 15
System Vulnerability and Abuse O Pharming O Redirects users to a bogus Web page, even when individual types correct Web page address into his or her browser O Click fraud O Occurs when individual or computer program fraudulently clicks on online ad without any intention of learning more about the advertiser or making a purchase O Cyberterrorism and Cyberwarfare 16
System Vulnerability and Abuse O Internal threats: employees O Security threats often originate inside an organization O Inside knowledge O Sloppy security procedures O User lack of knowledge O Social engineering: O Tricking employees into revealing their passwords by pretending to be legitimate members of the company in need of information 17
System Vulnerability and Abuse O Software vulnerability O Commercial software contains flaws that create security vulnerabilities O Hidden bugs (program code defects) O Zero defects cannot be achieved because complete testing is not possible with large programs O Flaws can open networks to intruders O Patches O Vendors release small pieces of software to repair flaws O However exploits often created faster than patches be released and implemented 18
General controls • Establish framework for controlling design, security, and use of computer programs • Include software, hardware, computer operations, data security, implementation, and administrative controls CREATING A CONTROL ENVIRONMENT General Controls and Application Controls 19
General controls O Software controls O Authorised access to systems O Hardware controls O Physically secure hardware O Monitor for and fix malfunction O Environmental systems and protection O Backup of disk-based data 20
General controls O Computer operations controls O Day-to-day operations of Information Systems O Procedures O System set-up O Job processing O Backup and recovery procedures O Data security controls O Prevent unauthorised access, change or destruction O When data is in use or being stored O Physical access to terminals O Password protection O Data level access controls 21
O Administrative controls O Ensure organisational policies, procedures and standards and enforced O Segregation of functions to reduce errors and fraud O Supervision of personal to ensure policies and procedures are being adhered to 22 General controls
Application controls • Unique to each computerized application • Include input, processing, and output controls CREATING A CONTROL ENVIRONMENT General Controls and Application Controls 23
Application controls O Input controls O Data is accurate and consistent on entry O Direct keying of data, double entry or automated input O Data conversion, editing and error handling O Field validation on entry O Input authorisation and auditing O Checks on totals to catch errors 24
O Processing controls O Data is accurate and complete on processing O Checks on totals to catch errors O Compare to master records to catch errors O Field validation on update 25 Application controls
O Output controls O Data is accurate, complete and properly distributed on output O Checks on totals to catch errors O Review processing logs O Track recipients of data 26 Application controls
• On-line transaction processing: Transactions entered online are immediately processed by computer • Fault-tolerant computer systems: Contain extra hardware, software, and power supply components to provide continuous uninterrupted service CREATING A CONTROL ENVIRONMENT Protecting the Digital Firm 27
• High-availability computing: Tools and technologies enabling system to recover quickly from a crash • Disaster recovery plan: Runs business in event of computer outage • Load balancing: Distributes large number of requests for access among multiple servers CREATING A CONTROL ENVIRONMENT Protecting the Digital Firm 28
• Mirroring: Duplicating all processes and transactions of server on backup server to prevent any interruption in service • Clustering: Linking two computers together so that a second computer can act as a backup to the primary computer or speed up processing CREATING A CONTROL ENVIRONMENT Protecting the Digital Firm 29
Firewalls • Prevent unauthorized users from accessing private networks • Two types: proxies and stateful inspection Intrusion Detection System • Monitors vulnerable points in network to detect and deter unauthorized intruders CREATING A CONTROL ENVIRONMENT Internet Security Challenges 30
• Encryption: Coding and scrambling of messages to prevent their access without authorization • Authentication: Ability of each party in a transaction to ascertain identity of other party • Message integrity: Ability to ascertain that transmitted message has not been copied or altered CREATING A CONTROL ENVIRONMENT Security and Electronic Commerce 31
• Digital signature: Digital code attached to electronically transmitted message to uniquely identify contents and sender • Digital certificate: Attachment to electronic message to verify the sender and to provide receiver with means to encode reply CREATING A CONTROL ENVIRONMENT Security and Electronic Commerce 32
Establishing a Framework for Security and Control O MIS audit O Examines firm’s overall security environment as well as controls governing individual information systems O Reviews technologies, procedures, documentation, training, and personnel. O May even simulate disaster to test response of technology, IS staff, other employees. O Lists and ranks all control weaknesses and estimates probability of their occurrence. O Assesses financial and organizational impact of each threat 33
Thank You… 34

Recommended

Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information systemOnline
 
Security and control in mis
Security and control in misSecurity and control in mis
Security and control in misGurjit
 
Information System & Business applications
Information System & Business applicationsInformation System & Business applications
Information System & Business applicationsShubham Upadhyay
 
Ethical And Social Issues in MIS - Management Information System
Ethical And Social Issues in MIS - Management Information SystemEthical And Social Issues in MIS - Management Information System
Ethical And Social Issues in MIS - Management Information SystemFaHaD .H. NooR
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
Information System audit
Information System auditInformation System audit
Information System auditPratapchandra
 
Security and ethical challenges in mis
Security and ethical challenges in misSecurity and ethical challenges in mis
Security and ethical challenges in misI P Abir
 
Ethical and social issues in information systems
Ethical and social issues in information systemsEthical and social issues in information systems
Ethical and social issues in information systemsAmity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 

Recommended

Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information systemOnline
 
Security and control in mis
Security and control in misSecurity and control in mis
Security and control in misGurjit
 
Information System & Business applications
Information System & Business applicationsInformation System & Business applications
Information System & Business applicationsShubham Upadhyay
 
Ethical And Social Issues in MIS - Management Information System
Ethical And Social Issues in MIS - Management Information SystemEthical And Social Issues in MIS - Management Information System
Ethical And Social Issues in MIS - Management Information SystemFaHaD .H. NooR
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
Information System audit
Information System auditInformation System audit
Information System auditPratapchandra
 
Security and ethical challenges in mis
Security and ethical challenges in misSecurity and ethical challenges in mis
Security and ethical challenges in misI P Abir
 
Ethical and social issues in information systems
Ethical and social issues in information systemsEthical and social issues in information systems
Ethical and social issues in information systemsAmity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 
introduction to management information systems (MIS)
introduction to management information systems (MIS)introduction to management information systems (MIS)
introduction to management information systems (MIS)Sujan Oli
 
MIS 21 Security and Ethical Challenges
MIS 21 Security and Ethical ChallengesMIS 21 Security and Ethical Challenges
MIS 21 Security and Ethical ChallengesTushar B Kute
 
Conducting an Information Systems Audit
Conducting an Information Systems Audit Conducting an Information Systems Audit
Conducting an Information Systems Audit Sreekanth Narendran
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principlesDivya Tiwari
 
Mis presentation topics bca2
Mis presentation topics bca2Mis presentation topics bca2
Mis presentation topics bca2rupalidhir
 
Importance of MIS
Importance of MISImportance of MIS
Importance of MISVishal Joshi
 
Security & ethical challenges
Security & ethical challengesSecurity & ethical challenges
Security & ethical challengesLouie Medinaceli
 
Information system
Information systemInformation system
Information systemরেদওয়ান হৃদয়
 
Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information SystemSatya P. Joshi
 
Information system and security control
Information system and security controlInformation system and security control
Information system and security controlCheng Olayvar
 
Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information Systemarif prasetyo
 
3c 2 Information Systems Audit
3c 2 Information Systems Audit3c 2 Information Systems Audit
3c 2 Information Systems AuditRajeswaran Muthu Venkatachalam
 
Types o f information systems
Types o f information systemsTypes o f information systems
Types o f information systemsBimbashree K.G
 
Cyber security mis
Cyber security misCyber security mis
Cyber security misAditya Singh Rana
 
Structure of MIS
Structure of MISStructure of MIS
Structure of MISMohammed Jasir PV
 
Cisa domain 1
Cisa domain 1 Cisa domain 1
Cisa domain 1 Ismail aboulezz
 
Types & Fundamentals of Information System
Types & Fundamentals of Information SystemTypes & Fundamentals of Information System
Types & Fundamentals of Information SystemAwais Mansoor Chohan
 
Six major types of information systems
Six major types of information systemsSix major types of information systems
Six major types of information systemsMohanraj V
 
Characteristic of management information system
Characteristic of management information systemCharacteristic of management information system
Characteristic of management information systemManoj Kumar
 
Security and Control.ppt
Security and Control.pptSecurity and Control.ppt
Security and Control.pptAfricaRealInformatic
 
Information System Security introduction
Information System Security introductionInformation System Security introduction
Information System Security introductionShu Shin
 
The Moral Dimensions of Information Systems
The Moral Dimensions of Information SystemsThe Moral Dimensions of Information Systems
The Moral Dimensions of Information SystemsAlbrecht Jones
 

More Related Content

What's hot

introduction to management information systems (MIS)
introduction to management information systems (MIS)introduction to management information systems (MIS)
introduction to management information systems (MIS)Sujan Oli
 
MIS 21 Security and Ethical Challenges
MIS 21 Security and Ethical ChallengesMIS 21 Security and Ethical Challenges
MIS 21 Security and Ethical ChallengesTushar B Kute
 
Conducting an Information Systems Audit
Conducting an Information Systems Audit Conducting an Information Systems Audit
Conducting an Information Systems Audit Sreekanth Narendran
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principlesDivya Tiwari
 
Mis presentation topics bca2
Mis presentation topics bca2Mis presentation topics bca2
Mis presentation topics bca2rupalidhir
 
Security & ethical challenges
Security & ethical challengesSecurity & ethical challenges
Security & ethical challengesLouie Medinaceli
 
Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information SystemSatya P. Joshi
 
Information system and security control
Information system and security controlInformation system and security control
Information system and security controlCheng Olayvar
 
Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information Systemarif prasetyo
 
Types o f information systems
Types o f information systemsTypes o f information systems
Types o f information systemsBimbashree K.G
 
Types & Fundamentals of Information System
Types & Fundamentals of Information SystemTypes & Fundamentals of Information System
Types & Fundamentals of Information SystemAwais Mansoor Chohan
 
Six major types of information systems
Six major types of information systemsSix major types of information systems
Six major types of information systemsMohanraj V
 
Characteristic of management information system
Characteristic of management information systemCharacteristic of management information system
Characteristic of management information systemManoj Kumar
 

What's hot (20)

introduction to management information systems (MIS)
introduction to management information systems (MIS)introduction to management information systems (MIS)
introduction to management information systems (MIS)
 
MIS 21 Security and Ethical Challenges
MIS 21 Security and Ethical ChallengesMIS 21 Security and Ethical Challenges
MIS 21 Security and Ethical Challenges
 
Conducting an Information Systems Audit
Conducting an Information Systems Audit Conducting an Information Systems Audit
Conducting an Information Systems Audit
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principles
 
Mis presentation topics bca2
Mis presentation topics bca2Mis presentation topics bca2
Mis presentation topics bca2
 
Importance of MIS
Importance of MISImportance of MIS
Importance of MIS
 
Security & ethical challenges
Security & ethical challengesSecurity & ethical challenges
Security & ethical challenges
 
Information system
Information systemInformation system
Information system
 
Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information System
 
Information system and security control
Information system and security controlInformation system and security control
Information system and security control
 
Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information System
 
3c 2 Information Systems Audit
3c 2 Information Systems Audit3c 2 Information Systems Audit
3c 2 Information Systems Audit
 
Types o f information systems
Types o f information systemsTypes o f information systems
Types o f information systems
 
Cyber security mis
Cyber security misCyber security mis
Cyber security mis
 
Structure of MIS
Structure of MISStructure of MIS
Structure of MIS
 
Cisa domain 1
Cisa domain 1 Cisa domain 1
Cisa domain 1
 
Types & Fundamentals of Information System
Types & Fundamentals of Information SystemTypes & Fundamentals of Information System
Types & Fundamentals of Information System
 
Six major types of information systems
Six major types of information systemsSix major types of information systems
Six major types of information systems
 
Characteristic of management information system
Characteristic of management information systemCharacteristic of management information system
Characteristic of management information system
 
Security and Control.ppt
Security and Control.pptSecurity and Control.ppt
Security and Control.ppt
 

Viewers also liked

Information System Security introduction
Information System Security introductionInformation System Security introduction
Information System Security introductionShu Shin
 
The Moral Dimensions of Information Systems
The Moral Dimensions of Information SystemsThe Moral Dimensions of Information Systems
The Moral Dimensions of Information SystemsAlbrecht Jones
 
Ethical and social issues in information systems
Ethical and social issues in information systemsEthical and social issues in information systems
Ethical and social issues in information systemsProf. Othman Alsalloum
 
Chapter 6 annual worth analysis
Chapter 6 annual worth analysisChapter 6 annual worth analysis
Chapter 6 annual worth analysisBich Lien Pham
 
Mis of hero honda
Mis of hero hondaMis of hero honda
Mis of hero hondaneelnmanju
 
Management Information Systems in Maruti Suzuki
Management Information Systems in Maruti SuzukiManagement Information Systems in Maruti Suzuki
Management Information Systems in Maruti SuzukiMohammad Mohtashim
 
TYPES OF HACKING
TYPES OF HACKINGTYPES OF HACKING
TYPES OF HACKINGSHERALI445
 
Top 10 Reasons for ERP Project Failure
Top 10 Reasons for ERP Project FailureTop 10 Reasons for ERP Project Failure
Top 10 Reasons for ERP Project FailureJohn Paulson
 
Threats to information security
Threats to information securityThreats to information security
Threats to information securityswapneel07
 
Threats to Information Resources - MIS - Shimna
Threats to Information Resources - MIS - ShimnaThreats to Information Resources - MIS - Shimna
Threats to Information Resources - MIS - ShimnaChinnu Shimna
 
Chapter 6 Mis And Erp
Chapter 6 Mis And ErpChapter 6 Mis And Erp
Chapter 6 Mis And Erpmanagement 2
 
Hacking & its types
Hacking & its typesHacking & its types
Hacking & its typesSai Sakoji
 
Customer relationship management in mis ppt
Customer relationship management in mis pptCustomer relationship management in mis ppt
Customer relationship management in mis pptRanjani Witted
 
MIS 13 Customer Relationship Management
MIS 13 Customer Relationship ManagementMIS 13 Customer Relationship Management
MIS 13 Customer Relationship ManagementTushar B Kute
 

Viewers also liked (20)

Information System Security introduction
Information System Security introductionInformation System Security introduction
Information System Security introduction
 
The Moral Dimensions of Information Systems
The Moral Dimensions of Information SystemsThe Moral Dimensions of Information Systems
The Moral Dimensions of Information Systems
 
Ethical and social issues in information systems
Ethical and social issues in information systemsEthical and social issues in information systems
Ethical and social issues in information systems
 
Chapter 6 annual worth analysis
Chapter 6 annual worth analysisChapter 6 annual worth analysis
Chapter 6 annual worth analysis
 
Consumer Price Index
Consumer Price IndexConsumer Price Index
Consumer Price Index
 
Mis of hero honda
Mis of hero hondaMis of hero honda
Mis of hero honda
 
Management Information Systems in Maruti Suzuki
Management Information Systems in Maruti SuzukiManagement Information Systems in Maruti Suzuki
Management Information Systems in Maruti Suzuki
 
TYPES OF HACKING
TYPES OF HACKINGTYPES OF HACKING
TYPES OF HACKING
 
Top 10 Reasons for ERP Project Failure
Top 10 Reasons for ERP Project FailureTop 10 Reasons for ERP Project Failure
Top 10 Reasons for ERP Project Failure
 
Threats to information security
Threats to information securityThreats to information security
Threats to information security
 
Threats to Information Resources - MIS - Shimna
Threats to Information Resources - MIS - ShimnaThreats to Information Resources - MIS - Shimna
Threats to Information Resources - MIS - Shimna
 
ERP and MIS
ERP and MISERP and MIS
ERP and MIS
 
Erp benefits
Erp benefitsErp benefits
Erp benefits
 
Chapter 6 Mis And Erp
Chapter 6 Mis And ErpChapter 6 Mis And Erp
Chapter 6 Mis And Erp
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
Hacking & its types
Hacking & its typesHacking & its types
Hacking & its types
 
Customer relationship management in mis ppt
Customer relationship management in mis pptCustomer relationship management in mis ppt
Customer relationship management in mis ppt
 
MIS 13 Customer Relationship Management
MIS 13 Customer Relationship ManagementMIS 13 Customer Relationship Management
MIS 13 Customer Relationship Management
 
DATA WAREHOUSING AND DATA MINING
DATA WAREHOUSING AND DATA MININGDATA WAREHOUSING AND DATA MINING
DATA WAREHOUSING AND DATA MINING
 
McDonald's information systems
McDonald's information systemsMcDonald's information systems
McDonald's information systems
 

Similar to SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)

Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...ShivamSharma909
 
Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +infosec train
 
Session 7 - Management challenges in Information security.ppt
Session 7 - Management challenges in Information security.pptSession 7 - Management challenges in Information security.ppt
Session 7 - Management challenges in Information security.pptENRIQUE EGLESIAS
 
Mis security system threads
Mis security system threadsMis security system threads
Mis security system threadsLeena Reddy
 
Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Symptai Consulting Limited
 
Technical seminar on Security
Technical seminar on Security Technical seminar on Security
Technical seminar on Security STS
 
Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.rizwanshafique4321
 
SECURING INFORMATION SYSTEM 1.pptx
SECURING INFORMATION SYSTEM 1.pptxSECURING INFORMATION SYSTEM 1.pptx
SECURING INFORMATION SYSTEM 1.pptxCabdullhiY
 
Okara history and security slides 2017
Okara history and security slides 2017Okara history and security slides 2017
Okara history and security slides 2017TAIMOOR KHAQAN
 
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsMuhammadRobeel3
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010joevest
 
Legal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsLegal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsKimarie Brown
 
e commerce security and fraud protection
e commerce security and fraud protectione commerce security and fraud protection
e commerce security and fraud protectiontumetr1
 
Keeping up with the Revolution in IT Security
Keeping up with the Revolution in IT SecurityKeeping up with the Revolution in IT Security
Keeping up with the Revolution in IT SecurityDistil Networks
 

Similar to SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System) (20)

Chapter 5 MIS
Chapter 5 MISChapter 5 MIS
Chapter 5 MIS
 
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
 
Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +
 
CompTIA Security+
CompTIA Security+CompTIA Security+
CompTIA Security+
 
Types of Cyber Crimes and Security Threats
Types of Cyber Crimes and Security ThreatsTypes of Cyber Crimes and Security Threats
Types of Cyber Crimes and Security Threats
 
Session 7 - Management challenges in Information security.ppt
Session 7 - Management challenges in Information security.pptSession 7 - Management challenges in Information security.ppt
Session 7 - Management challenges in Information security.ppt
 
Mis security system threads
Mis security system threadsMis security system threads
Mis security system threads
 
Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?
 
Technical seminar on Security
Technical seminar on Security Technical seminar on Security
Technical seminar on Security
 
Securing information systems
Securing information systemsSecuring information systems
Securing information systems
 
Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.
 
SECURING INFORMATION SYSTEM 1.pptx
SECURING INFORMATION SYSTEM 1.pptxSECURING INFORMATION SYSTEM 1.pptx
SECURING INFORMATION SYSTEM 1.pptx
 
Okara history and security slides 2017
Okara history and security slides 2017Okara history and security slides 2017
Okara history and security slides 2017
 
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guards
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
 
Legal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsLegal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing Informatics
 
Computer security
Computer securityComputer security
Computer security
 
e commerce security and fraud protection
e commerce security and fraud protectione commerce security and fraud protection
e commerce security and fraud protection
 
Keeping up with the Revolution in IT Security
Keeping up with the Revolution in IT SecurityKeeping up with the Revolution in IT Security
Keeping up with the Revolution in IT Security
 

More from Biswajit Bhattacharjee

Women Entrepreneur - India : Vandana luthra curls & curves india ltd(vlcc)
Women Entrepreneur - India : Vandana luthra curls & curves india ltd(vlcc)Women Entrepreneur - India : Vandana luthra curls & curves india ltd(vlcc)
Women Entrepreneur - India : Vandana luthra curls & curves india ltd(vlcc)Biswajit Bhattacharjee
 
’'Pure for sure’’ with bharat petroleum-Operations Management
’'Pure for sure’’ with bharat petroleum-Operations Management’'Pure for sure’’ with bharat petroleum-Operations Management
’'Pure for sure’’ with bharat petroleum-Operations ManagementBiswajit Bhattacharjee
 
Role and significance of finance in other functional areas
Role and significance of finance in other functional areasRole and significance of finance in other functional areas
Role and significance of finance in other functional areasBiswajit Bhattacharjee
 
Role and significance of finance in other functional areas
Role and significance of finance in other functional areasRole and significance of finance in other functional areas
Role and significance of finance in other functional areasBiswajit Bhattacharjee
 
Ipo process, how price band determined, role of merchant banker & underwriter
Ipo process, how price band determined, role of merchant banker & underwriterIpo process, how price band determined, role of merchant banker & underwriter
Ipo process, how price band determined, role of merchant banker & underwriterBiswajit Bhattacharjee
 
Ipo process, how price band determined, role of merchant banker & underwriter
Ipo process, how price band determined, role of merchant banker & underwriterIpo process, how price band determined, role of merchant banker & underwriter
Ipo process, how price band determined, role of merchant banker & underwriterBiswajit Bhattacharjee
 
Management accounting overhead variance
Management accounting overhead varianceManagement accounting overhead variance
Management accounting overhead varianceBiswajit Bhattacharjee
 
Queueing Theory and its BusinessS Applications
Queueing Theory and its BusinessS ApplicationsQueueing Theory and its BusinessS Applications
Queueing Theory and its BusinessS ApplicationsBiswajit Bhattacharjee
 
Ozone Depletion and the Montreal Protocol
Ozone Depletion and the Montreal ProtocolOzone Depletion and the Montreal Protocol
Ozone Depletion and the Montreal ProtocolBiswajit Bhattacharjee
 
RESPONSIBILITY ACCOUNTING WITH SPECIAL REFERENCE TO STANDARD COSTING AND BUDG...
RESPONSIBILITY ACCOUNTING WITH SPECIAL REFERENCE TO STANDARD COSTING AND BUDG...RESPONSIBILITY ACCOUNTING WITH SPECIAL REFERENCE TO STANDARD COSTING AND BUDG...
RESPONSIBILITY ACCOUNTING WITH SPECIAL REFERENCE TO STANDARD COSTING AND BUDG...Biswajit Bhattacharjee
 
Managerial/Business Economics : Macro Economics Aggregates : Concept :GNP GDP...
Managerial/Business Economics : Macro Economics Aggregates : Concept :GNP GDP...Managerial/Business Economics : Macro Economics Aggregates : Concept :GNP GDP...
Managerial/Business Economics : Macro Economics Aggregates : Concept :GNP GDP...Biswajit Bhattacharjee
 
MASLOWS’ NEED HIERARCHY OF MOTIVATION
MASLOWS’ NEED HIERARCHY OF MOTIVATIONMASLOWS’ NEED HIERARCHY OF MOTIVATION
MASLOWS’ NEED HIERARCHY OF MOTIVATIONBiswajit Bhattacharjee
 

More from Biswajit Bhattacharjee (16)

Women Entrepreneur - India : Vandana luthra curls & curves india ltd(vlcc)
Women Entrepreneur - India : Vandana luthra curls & curves india ltd(vlcc)Women Entrepreneur - India : Vandana luthra curls & curves india ltd(vlcc)
Women Entrepreneur - India : Vandana luthra curls & curves india ltd(vlcc)
 
Business environment in india
Business environment in indiaBusiness environment in india
Business environment in india
 
’'Pure for sure’’ with bharat petroleum-Operations Management
’'Pure for sure’’ with bharat petroleum-Operations Management’'Pure for sure’’ with bharat petroleum-Operations Management
’'Pure for sure’’ with bharat petroleum-Operations Management
 
Succession planning
Succession planningSuccession planning
Succession planning
 
Role and significance of finance in other functional areas
Role and significance of finance in other functional areasRole and significance of finance in other functional areas
Role and significance of finance in other functional areas
 
Role and significance of finance in other functional areas
Role and significance of finance in other functional areasRole and significance of finance in other functional areas
Role and significance of finance in other functional areas
 
Ipo process, how price band determined, role of merchant banker & underwriter
Ipo process, how price band determined, role of merchant banker & underwriterIpo process, how price band determined, role of merchant banker & underwriter
Ipo process, how price band determined, role of merchant banker & underwriter
 
Ipo process, how price band determined, role of merchant banker & underwriter
Ipo process, how price band determined, role of merchant banker & underwriterIpo process, how price band determined, role of merchant banker & underwriter
Ipo process, how price band determined, role of merchant banker & underwriter
 
Management accounting overhead variance
Management accounting overhead varianceManagement accounting overhead variance
Management accounting overhead variance
 
Uses of MS Access in Business
Uses of MS Access in Business Uses of MS Access in Business
Uses of MS Access in Business
 
Queueing Theory and its BusinessS Applications
Queueing Theory and its BusinessS ApplicationsQueueing Theory and its BusinessS Applications
Queueing Theory and its BusinessS Applications
 
Ozone Depletion and the Montreal Protocol
Ozone Depletion and the Montreal ProtocolOzone Depletion and the Montreal Protocol
Ozone Depletion and the Montreal Protocol
 
RESPONSIBILITY ACCOUNTING WITH SPECIAL REFERENCE TO STANDARD COSTING AND BUDG...
RESPONSIBILITY ACCOUNTING WITH SPECIAL REFERENCE TO STANDARD COSTING AND BUDG...RESPONSIBILITY ACCOUNTING WITH SPECIAL REFERENCE TO STANDARD COSTING AND BUDG...
RESPONSIBILITY ACCOUNTING WITH SPECIAL REFERENCE TO STANDARD COSTING AND BUDG...
 
Managerial/Business Economics : Macro Economics Aggregates : Concept :GNP GDP...
Managerial/Business Economics : Macro Economics Aggregates : Concept :GNP GDP...Managerial/Business Economics : Macro Economics Aggregates : Concept :GNP GDP...
Managerial/Business Economics : Macro Economics Aggregates : Concept :GNP GDP...
 
MASLOWS’ NEED HIERARCHY OF MOTIVATION
MASLOWS’ NEED HIERARCHY OF MOTIVATIONMASLOWS’ NEED HIERARCHY OF MOTIVATION
MASLOWS’ NEED HIERARCHY OF MOTIVATION
 
Intrinsic and Extrinsic Motivation
Intrinsic and Extrinsic MotivationIntrinsic and Extrinsic Motivation
Intrinsic and Extrinsic Motivation
 

Recently uploaded

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Recently uploaded (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)

  • 1. Biswajit Bhattacharjee (19) & Biswaraj Das Purkayastha (20) Presents SECURITY & CONTROL OF INFORMATION SYSTEM 1
  • 2. 2 O PRESENTED TO : Deepjyoti Choudhury Assistant Professor Assam University, Silchar
  • 3.  Information system: The term information system describes the organized collection, processing, transmission, and spreading of information in accordance with defined procedures, whether automated or manual.  Security: Policies, procedures and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems  Controls: Methods, policies, and organizational procedures that ensure safety of organization’s assets; accuracy and reliability of its accounting records; and operational adherence to management standards 3
  • 4. Basic Principles of Information Systems Security A . Confidentiality This principle is applied to information by enforcing rules about who is allowed to know it. Preserving personal privacy is one of the major objectives of confidentiality. It prevents the unauthorized disclosure of information and restricts the data access to only those who are authorized. But today the world is moving towards less authoritative structures, more informality, and fewer rules. Such developments are creating an issue of concern for the principle of confidentiality since the developments are aimed at making information accessible to many, not few. 4
  • 5. Basic Principles of Information Systems Security (cont…) B. Integrity In any business organization having IS, the values of data stored and manipulated, such as maintaining the correct signs and symbols is an important issue of concern. This issue is referred to integrity within an organization which is the prevention of the unauthorized modification. C. Availability Availability is referred to as accessibility of information and in usable form when and where it is required. Sometimes it is also explained as the prevention of unauthorized withholding of data or resources. Within any organization today availability of resources and data is an important issue of concern since system failure is an organizational security issue 5
  • 6. System Vulnerability and Abuse Why systems are vulnerable O Accessibility of networks O Hardware problems (breakdowns, configuration errors, damage from improper use or crime) O Software problems (programming errors, installation errors, unauthorized changes) O Disasters O Use of networks/computers outside of firm’s control O Loss and theft of portable devices 6
  • 7. System Vulnerability and Abuse O Internet vulnerabilities O Network open to anyone O Size of Internet means abuses can have wide impact O Use of fixed Internet addresses with cable or DSL modems creates fixed targets hackers O Unencrypted VOIP O E-mail, P2P, IM O Interception O Attachments with malicious software O Transmitting trade secrets 7
  • 8. System Vulnerability and Abuse O Wireless security challenges O Radio frequency bands easy to scan O SSIDs (service set identifiers) O Identify access points O Broadcast multiple times O War driving O Eavesdroppers drive by buildings and try to detect SSID and gain access to network and resources O WEP (Wired Equivalent Privacy) O Security standard for 802.11; use is optional O Uses shared password for both users and access point O Users often fail to implement WEP or stronger systems 8
  • 9. System Vulnerability and Abuse O Malware (malicious software) O Viruses O Rogue software program that attaches itself to other software programs or data files in order to be executed O Worms O Independent computer programs that copy themselves from one computer to other computers over a network. O Trojan horses O Software program that appears to be benign but then does something other than expected. 9
  • 10. System Vulnerability and Abuse O Malware (cont.) O SQL injection attacks O Hackers submit data to Web forms that exploits site’s unprotected software and sends rogue SQL query to database O Spyware O Small programs install themselves surreptitiously on computers to monitor user Web surfing activity and serve up advertising O Key loggers O Record every keystroke on computer to steal serial numbers, passwords, launch Internet attacks 10
  • 11. System Vulnerability and Abuse O Hackers and computer crime O Hackers vs. crackers O Activities include O System intrusion O System damage O Cybervandalism O Intentional disruption, defacement, destruction of Web site or corporate information system 11
  • 12. System Vulnerability and Abuse O Spoofing O Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else O Redirecting Web link to address different from intended one, with site masquerading as intended destination O Sniffer O Eavesdropping program that monitors information traveling over network O Enables hackers to steal proprietary information such as e-mail, company files, etc. 12
  • 13. System Vulnerability and Abuse O Denial-of-service attacks (DoS) O Flooding server with thousands of false requests to crash the network. O Distributed denial-of-service attacks (DDoS) O Use of numerous computers to launch a DoS O Botnets O Networks of “zombie” PCs infiltrated by bot malware O Worldwide, 6 - 24 million computers serve as zombie PCs in thousands of botnets 13
  • 14. System Vulnerability and Abuse O Computer crime O Defined as “any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution” O Computer may be target of crime, e.g.: O Breaching confidentiality of protected computerized data O Accessing a computer system without authority O Computer may be instrument of crime, e.g.: O Theft of trade secrets O Using e-mail for threats or harassment 14
  • 15. System Vulnerability and Abuse O Identity theft O Theft of personal Information (social security id, driver’s license or credit card numbers) to impersonate someone else O Phishing O Setting up fake Web sites or sending e-mail messages that look like legitimate businesses to ask users for confidential personal data. O Evil twins O Wireless networks that pretend to offer trustworthy Wi-Fi connections to the Internet 15
  • 16. System Vulnerability and Abuse O Pharming O Redirects users to a bogus Web page, even when individual types correct Web page address into his or her browser O Click fraud O Occurs when individual or computer program fraudulently clicks on online ad without any intention of learning more about the advertiser or making a purchase O Cyberterrorism and Cyberwarfare 16
  • 17. System Vulnerability and Abuse O Internal threats: employees O Security threats often originate inside an organization O Inside knowledge O Sloppy security procedures O User lack of knowledge O Social engineering: O Tricking employees into revealing their passwords by pretending to be legitimate members of the company in need of information 17
  • 18. System Vulnerability and Abuse O Software vulnerability O Commercial software contains flaws that create security vulnerabilities O Hidden bugs (program code defects) O Zero defects cannot be achieved because complete testing is not possible with large programs O Flaws can open networks to intruders O Patches O Vendors release small pieces of software to repair flaws O However exploits often created faster than patches be released and implemented 18
  • 19. General controls • Establish framework for controlling design, security, and use of computer programs • Include software, hardware, computer operations, data security, implementation, and administrative controls CREATING A CONTROL ENVIRONMENT General Controls and Application Controls 19
  • 20. General controls O Software controls O Authorised access to systems O Hardware controls O Physically secure hardware O Monitor for and fix malfunction O Environmental systems and protection O Backup of disk-based data 20
  • 21. General controls O Computer operations controls O Day-to-day operations of Information Systems O Procedures O System set-up O Job processing O Backup and recovery procedures O Data security controls O Prevent unauthorised access, change or destruction O When data is in use or being stored O Physical access to terminals O Password protection O Data level access controls 21
  • 22. O Administrative controls O Ensure organisational policies, procedures and standards and enforced O Segregation of functions to reduce errors and fraud O Supervision of personal to ensure policies and procedures are being adhered to 22 General controls
  • 23. Application controls • Unique to each computerized application • Include input, processing, and output controls CREATING A CONTROL ENVIRONMENT General Controls and Application Controls 23
  • 24. Application controls O Input controls O Data is accurate and consistent on entry O Direct keying of data, double entry or automated input O Data conversion, editing and error handling O Field validation on entry O Input authorisation and auditing O Checks on totals to catch errors 24
  • 25. O Processing controls O Data is accurate and complete on processing O Checks on totals to catch errors O Compare to master records to catch errors O Field validation on update 25 Application controls
  • 26. O Output controls O Data is accurate, complete and properly distributed on output O Checks on totals to catch errors O Review processing logs O Track recipients of data 26 Application controls
  • 27. • On-line transaction processing: Transactions entered online are immediately processed by computer • Fault-tolerant computer systems: Contain extra hardware, software, and power supply components to provide continuous uninterrupted service CREATING A CONTROL ENVIRONMENT Protecting the Digital Firm 27
  • 28. • High-availability computing: Tools and technologies enabling system to recover quickly from a crash • Disaster recovery plan: Runs business in event of computer outage • Load balancing: Distributes large number of requests for access among multiple servers CREATING A CONTROL ENVIRONMENT Protecting the Digital Firm 28
  • 29. • Mirroring: Duplicating all processes and transactions of server on backup server to prevent any interruption in service • Clustering: Linking two computers together so that a second computer can act as a backup to the primary computer or speed up processing CREATING A CONTROL ENVIRONMENT Protecting the Digital Firm 29
  • 30. Firewalls • Prevent unauthorized users from accessing private networks • Two types: proxies and stateful inspection Intrusion Detection System • Monitors vulnerable points in network to detect and deter unauthorized intruders CREATING A CONTROL ENVIRONMENT Internet Security Challenges 30
  • 31. • Encryption: Coding and scrambling of messages to prevent their access without authorization • Authentication: Ability of each party in a transaction to ascertain identity of other party • Message integrity: Ability to ascertain that transmitted message has not been copied or altered CREATING A CONTROL ENVIRONMENT Security and Electronic Commerce 31
  • 32. • Digital signature: Digital code attached to electronically transmitted message to uniquely identify contents and sender • Digital certificate: Attachment to electronic message to verify the sender and to provide receiver with means to encode reply CREATING A CONTROL ENVIRONMENT Security and Electronic Commerce 32
  • 33. Establishing a Framework for Security and Control O MIS audit O Examines firm’s overall security environment as well as controls governing individual information systems O Reviews technologies, procedures, documentation, training, and personnel. O May even simulate disaster to test response of technology, IS staff, other employees. O Lists and ranks all control weaknesses and estimates probability of their occurrence. O Assesses financial and organizational impact of each threat 33