class ppt of mis

8/12/2019 Class Ppt of Mis

1/30

Management Information Systems

PreparedBy :

Komal Moradiya

Priya ParekhNiket

Tara

Submitted To :

Utkarsh Trivedi

Ch-8 Securing Information System


2/30

F low of Presentation

- Definition of MIS- System Vulnerability and Abuse

( A)Why system are vulnerable

8.1 Contemporary security challenges andvulnerability

- Internet vulnerabilities

- Wireless security challenges

8.2 WI-FI security challenges

- Malware

- Hackers and computer crime


3/30

- Spoofing- Sniffer- Denial of service attacks

- Distributed denial of service attacks

(B) Computer crime & Cyber terrorism

- Identity theft

- Phishing

- Evil twins- Pharming

- Cyber terrorism & Cyber warfare


4/30

- Internal threats- Software Vulnerability

- Questions

- Reference


5/30

Definition of M IS

An organizedapproach to the studyof the informationneeds of an organization's management at every level in

making operational, tactical, and strategic decisions. Its

objective is to design and implement procedures,

processes, and routines that provide suitably detailed

reportsin an accurate, consistent, and timely manner.
http://www.businessdictionary.com/definition/organized.htmlhttp://www.businessdictionary.com/definition/study.htmlhttp://www.businessdictionary.com/definition/information.htmlhttp://www.businessdictionary.com/definition/need.htmlhttp://www.businessdictionary.com/definition/organization.htmlhttp://www.businessdictionary.com/definition/management.htmlhttp://www.businessdictionary.com/definition/maker.htmlhttp://www.businessdictionary.com/definition/operations.htmlhttp://www.businessdictionary.com/definition/tactical.htmlhttp://www.businessdictionary.com/definition/strategic-decision.htmlhttp://www.businessdictionary.com/definition/objective.htmlhttp://www.businessdictionary.com/definition/design.htmlhttp://www.businessdictionary.com/definition/procedure.htmlhttp://www.businessdictionary.com/definition/process.htmlhttp://www.businessdictionary.com/definition/routine.htmlhttp://www.businessdictionary.com/definition/provide.htmlhttp://www.businessdictionary.com/definition/detailed.htmlhttp://www.businessdictionary.com/definition/report.htmlhttp://www.businessdictionary.com/definition/accurate.htmlhttp://www.businessdictionary.com/definition/consistent.htmlhttp://www.businessdictionary.com/definition/consistent.htmlhttp://www.businessdictionary.com/definition/accurate.htmlhttp://www.businessdictionary.com/definition/report.htmlhttp://www.businessdictionary.com/definition/detailed.htmlhttp://www.businessdictionary.com/definition/provide.htmlhttp://www.businessdictionary.com/definition/routine.htmlhttp://www.businessdictionary.com/definition/process.htmlhttp://www.businessdictionary.com/definition/procedure.htmlhttp://www.businessdictionary.com/definition/design.htmlhttp://www.businessdictionary.com/definition/objective.htmlhttp://www.businessdictionary.com/definition/strategic-decision.htmlhttp://www.businessdictionary.com/definition/strategic-decision.htmlhttp://www.businessdictionary.com/definition/strategic-decision.htmlhttp://www.businessdictionary.com/definition/tactical.htmlhttp://www.businessdictionary.com/definition/operations.htmlhttp://www.businessdictionary.com/definition/maker.htmlhttp://www.businessdictionary.com/definition/management.htmlhttp://www.businessdictionary.com/definition/organization.htmlhttp://www.businessdictionary.com/definition/need.htmlhttp://www.businessdictionary.com/definition/information.htmlhttp://www.businessdictionary.com/definition/study.htmlhttp://www.businessdictionary.com/definition/organized.html


6/30

In a Management Information System, modern,computerized systems continuously gather relevant data,

both from inside and outside an organization.

This data is then processed, integrated, and stored in a

centralized database. where it is constantly updated andmade available to all who have the authorityto accessit,

in a form that suits their purpose.
http://www.businessdictionary.com/definition/system.htmlhttp://www.businessdictionary.com/definition/relevant.htmlhttp://www.businessdictionary.com/definition/data.htmlhttp://www.businessdictionary.com/definition/centralization.htmlhttp://www.businessdictionary.com/definition/database.htmlhttp://www.businessdictionary.com/definition/authority.htmlhttp://www.businessdictionary.com/definition/access.htmlhttp://www.businessdictionary.com/definition/form.htmlhttp://www.businessdictionary.com/definition/form.htmlhttp://www.businessdictionary.com/definition/access.htmlhttp://www.businessdictionary.com/definition/authority.htmlhttp://www.businessdictionary.com/definition/database.htmlhttp://www.businessdictionary.com/definition/centralization.htmlhttp://www.businessdictionary.com/definition/data.htmlhttp://www.businessdictionary.com/definition/relevant.htmlhttp://www.businessdictionary.com/definition/system.html


7/30

System Vulnerabi l i tyand Abuse


8/30

(A) Why system are Vulnerable

Accessibility of networks

Hardware problems (breakdowns, configuration errors,

damage from improper use or crime)

Software problems (programming errors, installationerrors, unauthorized changes)

Disasters

Use of networks/computers outside of firmscontrol

Loss and theft of portable devices


9/30

8.1 Contemporary secur ity challenges and

vulnerabilities

The architecture of a Web-based application typically includes a Web client, a server, and

corporate information systems linked to databases. Each of these components presents

security challenges and vulnerabilities. Floods, fires, power failures, and other electrical

problems can cause disruptions at any point in the network.


10/30

Internet vulnerabilities

Network open to anyone

Size of Internet means abuses can have wide impact

Use of fixed Internet addresses with cable or DSL

modems creates fixed targets hackers

Unencrypted VOIP

E-mail, P2P, IM

Interception

Attachments with malicious software

Transmitting trade secrets


11/30

Wireless security challenges

Radio frequency bands easy to scan

SSIDs (service set identifiers)

Identify access points

Broadcast multiple times

War driving

Eavesdroppers drive by buildings and try to detect

SSID and gain access to network and resources

WEP (Wired Equivalent Privacy)

Security standard for 802.11; use is optional

Uses shared password for both users and access point

Users often fail to implement WEP or stronger systems


12/30

8.2 WI -F I Secur i ty challenges

Many Wi-Fi networks can be

penetrated easily by intruders

using sniffer programs to

obtain an address to access the

resources of a network without

authorization.


13/30

Malware (malicious software)

Viruses

Rogue software program that attaches itself to other

software programs or data files in order to be executed

Worms Independent computer programs that copy themselves

from one computer to other computers over a network.

Trojan horses

Software program that appears to be benign but then

does something other than expected.


14/30

Malware (cont.)

SQL injection attacks

Hackers submit data to Web forms that exploits sites

unprotected software and sends rogue SQL query to

database Spyware

Small programs install themselves surreptitiously on

computers to monitor user Web surfing activity and

serve up advertising Key loggers

Record every keystroke on computer to steal serial

numbers, passwords, launch Internet attacks


15/30

Hackers and computer crime

Hackers vs. crackersHackerone who gains unauthorized computer access, but

without doing damage

Crackerone who breaks into computer systems for the

purpose of doing damage

Activities include

System intrusion

System damage

Cyber vandalism

Intentional disruption, defacement, destruction of Web

site or corporate information system


16/30

Spoofing Misrepresenting oneself by using fake e-mail

addresses or masquerading as someone else

Redirecting Web link to address different from

intended one, with site masquerading as intended

destination

Sniffer

Eavesdropping program that monitors informationtraveling over network

Enables hackers to steal proprietary information

such as e-mail, company files, etc.


17/30

Denial-of-service attacks (DoS) Flooding server with thousands of false requests to

crash the network.

Distributed denial-of-service attacks (DDoS)

Use of numerous computers to launch a DoS

Botnets

Networks of zombie PCs infiltrated by bot malware

Worldwide, 6 - 24 million computers serve as zombie PCsin thousands of botnets


18/30

(B) Defini tion of Computer Crime

Any crime in which computer related technology is

encountered.

The commission of illegal acts through the use of a

computer or against a computer system.


19/30

Computer crime

Defined as any violations of criminal law that

involve a knowledge of computer technology for

their perpetration, investigation, or prosecution

Computer may be target of crime, e.g.: Breaching confidentiality of protected computerized data

Accessing a computer system without authority

Computer may be instrument of crime, e.g.: Theft of trade secrets

Using e-mail for threats or harassment


20/30

Identity theft Theft of personal Information (social security id,

drivers license or credit card numbers) to

impersonate someone else

Phishing

Setting up fake Web sites or sending e-mail

messages that look like legitimate businesses to

ask users for confidential personal data. Evil twins

Wireless networks that pretend to offer trustworthy

Wi-Fi connections to the Internet


21/30

Pharming

Redirects users to a bogus Web page, even when individual

types correct Web page address into his or her browser

Click fraud

Occurs when individual or computer program fraudulentlyclicks on online ad without any intention of learning more

about the advertiser or making a purchase

Cyber terrorism and Cyber warfare cyber terrorism or cyber warfare and cripple networks

controlling essential services such as electrical grids and

air traffic control systems.


22/30

Internal threats: employees Security threats often originate inside an

organization

Inside knowledge

Sloppy security procedures

User lack of knowledge

Social engineering:

Tricking employees into revealing their passwords bypretending to be legitimate members of the company in

need of information


23/30

Software vulnerability Commercial software contains flaws that create

security vulnerabilities

Hidden bugs (program code defects)

Zero defects cannot be achieved because complete testing is notpossible with large programs

Flaws can open networks to intruders

Patches

Vendors release small pieces of software to repair flaws

However exploits often created faster than patches be

released and implemented


24/30


25/30

Famous hackers in history

Ian Murphy Kevin Mitnick Johan Helsinguis Mark Abene

Linus Torvalds Robert Morris Jonathan James

NASA

Stephen Watt

NY based coder


26/30

Conclusion

Obviously computer crime is on the rise, but so is theawareness and ability to fight it. Law enforcement

realizes that it is happening more often than it is

reported and are doing there best to improve existing

laws and create new laws as appropriate. The problemis not with the awareness or the laws, but with actually

reporting that a crime has occurred. Hopefully people

will begin to realize that unless they report these crimes

and get convictions, those committing computer crimeswill continue to do so.


27/30


28/30

When antivirus software cripples your computers

What management, organization, and technology factors were

responsible for McAfees software problem?

What was the business impact of this software problem, both for

McAfee and for its customers?

If you were a McAfee enterprise customer, would you consider

McAfees response to the problem be acceptable? Why or why

not?

What should McAfee do in the future to avoid similar problems?

Discuss the following questions:


29/30

References

http://www.businessdictionary.com/definition/management-information-system-M IS.html#ixzz2u3f7a6FG

Management I nformation System

Kenneth C. Laudon

Jane P. Laudon

Pearson Prentice Hall

Sixed Impression - 2011
http://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.html


30/30

class ppt of mis

Documents