Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.
-
Upload
patrick-griffin -
Category
Documents
-
view
215 -
download
0
Transcript of Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.
![Page 1: Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649f1f5503460f94c3702b/html5/thumbnails/1.jpg)
Prepared by Natalie Rose 1
Managing Information Resources, Control and Security
Lecture 9
![Page 2: Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649f1f5503460f94c3702b/html5/thumbnails/2.jpg)
Prepared by Natalie Rose 2
Risks to Information Systems
• Risks to Hardware
– Natural disasters
– Blackouts and brownouts
– Vandalism
![Page 3: Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649f1f5503460f94c3702b/html5/thumbnails/3.jpg)
Prepared by Natalie Rose 3
Risks to Information Systems (Cont.)
• Risks to Applications and Data
– Theft of information
– Social engineering and identity theft
– Data alteration, data destruction, and Web defacement
– Computer viruses, worms, and logic bombs
– Nonmalicious mishaps
![Page 4: Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649f1f5503460f94c3702b/html5/thumbnails/4.jpg)
Prepared by Natalie Rose 4
• Denial of service
• Hijacking
• Spoofing
Risks to Online Operations
![Page 5: Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649f1f5503460f94c3702b/html5/thumbnails/5.jpg)
Prepared by Natalie Rose 5
Risks to Online Operations
![Page 6: Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649f1f5503460f94c3702b/html5/thumbnails/6.jpg)
Prepared by Natalie Rose 6
Controls
![Page 7: Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649f1f5503460f94c3702b/html5/thumbnails/7.jpg)
Prepared by Natalie Rose 7
Controls (Cont.)• Program Robustness and Data Entry Controls
– Provide a clear and sound interface with the user
– Menus and limits
• Backup– Periodic duplication of all data
• Access Controls– Ensure that only authorized people can gain access to systems
and files
– Access codes and passwords
![Page 8: Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649f1f5503460f94c3702b/html5/thumbnails/8.jpg)
Prepared by Natalie Rose 8
Controls (Cont.)
![Page 9: Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649f1f5503460f94c3702b/html5/thumbnails/9.jpg)
Prepared by Natalie Rose 9
Controls (Cont.)• Atomic Transactions
– Ensures that transaction data are recorded properly in all the pertinent files to ensure integrity
• Audit Trails
– Built into an IS so that transactions can be traced to people, times, and authorization information
![Page 10: Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649f1f5503460f94c3702b/html5/thumbnails/10.jpg)
Prepared by Natalie Rose 10
Controls (Cont.)
![Page 11: Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649f1f5503460f94c3702b/html5/thumbnails/11.jpg)
Prepared by Natalie Rose 11
Security Measures• Firewalls
– Defense against unauthorized access to systems over the Internet
– Controls communication between a trusted network and the “untrusted” Internet
– Proxy Server: represents another server for all information requests and acts as a buffer
![Page 12: Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649f1f5503460f94c3702b/html5/thumbnails/12.jpg)
Prepared by Natalie Rose 12
Security Measures (Cont.)
![Page 13: Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649f1f5503460f94c3702b/html5/thumbnails/13.jpg)
Prepared by Natalie Rose 13
• Keeps communications secret
• Authentication: the process of ensuring the identity of the person sending the message
• Encryption: coding a message into a form unreadable to an interceptor
Authentication and Encryption
![Page 14: Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649f1f5503460f94c3702b/html5/thumbnails/14.jpg)
Prepared by Natalie Rose 14
Authentication and Encryption (Cont.)
![Page 15: Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649f1f5503460f94c3702b/html5/thumbnails/15.jpg)
Prepared by Natalie Rose 15
• Encryption Strength
• Distribution Restrictions
• Public-key Encryptions
– Symmetric and asymmetric encryption
• Secure Sockets Layer and Secure Hypertext Transport Protocol
• Pretty Good Privacy
Authentication and Encryption (Cont.)
![Page 16: Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649f1f5503460f94c3702b/html5/thumbnails/16.jpg)
Prepared by Natalie Rose 16
Authentication and Encryption (Cont.)
![Page 17: Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649f1f5503460f94c3702b/html5/thumbnails/17.jpg)
Prepared by Natalie Rose 17
Authentication and Encryption (Cont.)
![Page 18: Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649f1f5503460f94c3702b/html5/thumbnails/18.jpg)
Prepared by Natalie Rose 18
• Electronic Signatures
• Digital Signatures
• Digital Certificates
Digital Signatures and Digital Certificates
![Page 19: Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649f1f5503460f94c3702b/html5/thumbnails/19.jpg)
Prepared by Natalie Rose 19
Digital Signatures and Digital Certificates (Cont.)
![Page 20: Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649f1f5503460f94c3702b/html5/thumbnails/20.jpg)
Prepared by Natalie Rose 20
Digital Signatures and Digital Certificates (Cont.)
![Page 21: Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649f1f5503460f94c3702b/html5/thumbnails/21.jpg)
Prepared by Natalie Rose 21
• Obtain management’s commitment to the plan
• Establish a planning committee
• Perform risk assessment and impact analysis
• Prioritize recovery needs: critical, vital, sensitive, noncritical
The business recovery plan
![Page 22: Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649f1f5503460f94c3702b/html5/thumbnails/22.jpg)
Prepared by Natalie Rose 22
• Select a recovery plan
• Select vendors
• Develop and implement the plan
• Test the plan
• Continually test and evaluate
The business recovery plan (Cont.)
![Page 23: Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649f1f5503460f94c3702b/html5/thumbnails/23.jpg)
Prepared by Natalie Rose 23
• Companies that specialize in either disaster recovery planning or provision of alternate sites
• Small companies can opt for Web-based services
Recovery plan providers
![Page 24: Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649f1f5503460f94c3702b/html5/thumbnails/24.jpg)
Prepared by Natalie Rose 24
The IS Security Budget
![Page 25: Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649f1f5503460f94c3702b/html5/thumbnails/25.jpg)
Prepared by Natalie Rose 25
• How much security is enough security?
• Calculating downtime
The IS Security Budget (Cont.)
![Page 26: Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649f1f5503460f94c3702b/html5/thumbnails/26.jpg)
Prepared by Natalie Rose 26
The IS Security Budget (Cont.)
![Page 27: Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649f1f5503460f94c3702b/html5/thumbnails/27.jpg)
Prepared by Natalie Rose 27
Ethical and Societal IssuesTerrorism, Carnivores, and Echelons
• Carnivorous methods
– FBI developed Carnivore
• Device is attached to the ISP servers to monitor email
• Top Echelon
– Surveillance system