The myth of secure computing; management information system; MIS
-
Upload
saazan-shrestha -
Category
Education
-
view
117 -
download
0
description
Transcript of The myth of secure computing; management information system; MIS
![Page 1: The myth of secure computing; management information system; MIS](https://reader038.fdocuments.in/reader038/viewer/2022103018/55893cb3d8b42a37428b458d/html5/thumbnails/1.jpg)
The Myth of Secure ComputingRobert D. Austin andChristopher A.R. Darby
![Page 2: The myth of secure computing; management information system; MIS](https://reader038.fdocuments.in/reader038/viewer/2022103018/55893cb3d8b42a37428b458d/html5/thumbnails/2.jpg)
Presentation onThe Myth of Secure ComputingGroup- 6Daliya BhattaHemant Raj ShresthaMagina ShresthaPratima Kunwar
![Page 3: The myth of secure computing; management information system; MIS](https://reader038.fdocuments.in/reader038/viewer/2022103018/55893cb3d8b42a37428b458d/html5/thumbnails/3.jpg)
What affects 90% of all businesses and causes $17 billion of damage every year?
• Computer Security Breach• E-mail floods
• Insider Hackers
• Viruses
• Why is this a big problem?• Do not pay much attention to digital security
![Page 4: The myth of secure computing; management information system; MIS](https://reader038.fdocuments.in/reader038/viewer/2022103018/55893cb3d8b42a37428b458d/html5/thumbnails/4.jpg)
![Page 5: The myth of secure computing; management information system; MIS](https://reader038.fdocuments.in/reader038/viewer/2022103018/55893cb3d8b42a37428b458d/html5/thumbnails/5.jpg)
Why It happens?• Digital security is extraordinarily
complicated
• Careless or vindictive employees
• Digital security is invisible
![Page 6: The myth of secure computing; management information system; MIS](https://reader038.fdocuments.in/reader038/viewer/2022103018/55893cb3d8b42a37428b458d/html5/thumbnails/6.jpg)
What should a Business Manager do?• Protective measures are expensive
• Should focus on the risk management
• View computer security as an operational rather than technical challenge
• Reduce the business risk to an acceptable level
![Page 7: The myth of secure computing; management information system; MIS](https://reader038.fdocuments.in/reader038/viewer/2022103018/55893cb3d8b42a37428b458d/html5/thumbnails/7.jpg)
Threats to digital security
Three types of threats to digital security:
1. Network attacks• Without breaching the internal working
of an IT system, causes heavy damage to network via internet
• Denial of Service (DoS) attacks• DoS attacks are easy to mount and
difficult to defend against
![Page 8: The myth of secure computing; management information system; MIS](https://reader038.fdocuments.in/reader038/viewer/2022103018/55893cb3d8b42a37428b458d/html5/thumbnails/8.jpg)
Threats cont…
2. Intrusion• They penetrate organization’s internal IT system
• They steal information, erase or alter data, deface websites etc.
• Eavesdropping
• Difficult to figure out what precisely was done
![Page 9: The myth of secure computing; management information system; MIS](https://reader038.fdocuments.in/reader038/viewer/2022103018/55893cb3d8b42a37428b458d/html5/thumbnails/9.jpg)
Threats cont…
3. Malicious Code• Any code in any part of a software system or script that is
intended to cause undesired effect to a system
• It consists of viruses and worms, Trojan horses etc.
• Faster than human hacker
• Target is random
![Page 10: The myth of secure computing; management information system; MIS](https://reader038.fdocuments.in/reader038/viewer/2022103018/55893cb3d8b42a37428b458d/html5/thumbnails/10.jpg)
The operational approach
![Page 11: The myth of secure computing; management information system; MIS](https://reader038.fdocuments.in/reader038/viewer/2022103018/55893cb3d8b42a37428b458d/html5/thumbnails/11.jpg)
1. Identify digital assets and decide how much protection each deserves
What your digital assets are?
Assess how valuable each assets are
Decide how much risk company can absorb for each asset
Review people, process and technologies that support the assets
![Page 12: The myth of secure computing; management information system; MIS](https://reader038.fdocuments.in/reader038/viewer/2022103018/55893cb3d8b42a37428b458d/html5/thumbnails/12.jpg)
2. Define appropriate use of IT resources
Managers should ask people questions aboutAuthority for remote access to corporate
network
Safeguards to implement for remote location
access
Identify the normal behavior for jobs along with do’s and don'ts
Companies should explain the rationale for the limitations implemented
![Page 13: The myth of secure computing; management information system; MIS](https://reader038.fdocuments.in/reader038/viewer/2022103018/55893cb3d8b42a37428b458d/html5/thumbnails/13.jpg)
3. Control access to your systems
System should determine who access the specified information
Use of firewalls, authentication and authorization systems, and encryption
System should be configured to reflect choices of the critical assets
Monitor the use of the IT systems to log network activities
![Page 14: The myth of secure computing; management information system; MIS](https://reader038.fdocuments.in/reader038/viewer/2022103018/55893cb3d8b42a37428b458d/html5/thumbnails/14.jpg)
4. Insist in secure software
Demand reasonable levels of security from software vendors
![Page 15: The myth of secure computing; management information system; MIS](https://reader038.fdocuments.in/reader038/viewer/2022103018/55893cb3d8b42a37428b458d/html5/thumbnails/15.jpg)
Insist…
In case of in-house software, developers should follow secure coding and test practices
Companies should consider the issue of earnings vs. security
![Page 16: The myth of secure computing; management information system; MIS](https://reader038.fdocuments.in/reader038/viewer/2022103018/55893cb3d8b42a37428b458d/html5/thumbnails/16.jpg)
5. Know what software is running
Must document every modification of system
In case of breach, it provides current records along with digital forensics
Allow IT people to make changes quickly
Never procrastinate in updating patches
![Page 17: The myth of secure computing; management information system; MIS](https://reader038.fdocuments.in/reader038/viewer/2022103018/55893cb3d8b42a37428b458d/html5/thumbnails/17.jpg)
6. Test and benchmark
Bad guys always gets in
Focus should be on:How easy is to get in?
What systems or programs were exposed?
Do not rely heavily on audits
Hire external auditors periodically to benchmark the security standards
![Page 18: The myth of secure computing; management information system; MIS](https://reader038.fdocuments.in/reader038/viewer/2022103018/55893cb3d8b42a37428b458d/html5/thumbnails/18.jpg)
7. Rehearse your response• Difficulty in making decisions in crisis mode
• Helps to have procedures in place and specify who should be involved in problem-solving activities
• Enables decision makers to act more confidently and effectively during real events
• Always have a backup plan
![Page 19: The myth of secure computing; management information system; MIS](https://reader038.fdocuments.in/reader038/viewer/2022103018/55893cb3d8b42a37428b458d/html5/thumbnails/19.jpg)
8. Analyze the root causes of security problems • Detailed analysis of root cause is necessary
• Quality assurance tools can be used:• Fish-bone diagram,
• Eight step process,
• Plan-do-check-act cycles, etc.
• Toyota uses “The 5 Whys” approach
![Page 20: The myth of secure computing; management information system; MIS](https://reader038.fdocuments.in/reader038/viewer/2022103018/55893cb3d8b42a37428b458d/html5/thumbnails/20.jpg)
The Bottom Line• Complete computer security is a MYTH
• New threats and new capabilities are always emerging
• Complications in risk management• Managers attitude
• Estimation of cost and probabilities
• Well-defined management actions not applicable in all situations
• Addressing serious risk are expensive
![Page 21: The myth of secure computing; management information system; MIS](https://reader038.fdocuments.in/reader038/viewer/2022103018/55893cb3d8b42a37428b458d/html5/thumbnails/21.jpg)
Recommendation• Focus on serious risks rather than just spending
• Risk-management is all about business trade-off
![Page 22: The myth of secure computing; management information system; MIS](https://reader038.fdocuments.in/reader038/viewer/2022103018/55893cb3d8b42a37428b458d/html5/thumbnails/22.jpg)
Thank- You