information system and security control
DESCRIPTION
TRANSCRIPT
![Page 1: Information system and security control](https://reader034.vdocuments.mx/reader034/viewer/2022051411/547e118eb37959582b8b541b/html5/thumbnails/1.jpg)
Information System and Security Control
Anthony D.J. Matutino
![Page 2: Information system and security control](https://reader034.vdocuments.mx/reader034/viewer/2022051411/547e118eb37959582b8b541b/html5/thumbnails/2.jpg)
7 CRITERIA TO BE MET BY INFORMATION SYSTEM
Effectiveness Efficiency Confidentiality Integrity Availability Compliance Reliability
![Page 3: Information system and security control](https://reader034.vdocuments.mx/reader034/viewer/2022051411/547e118eb37959582b8b541b/html5/thumbnails/3.jpg)
BUSINESS RISK INVOLVING INFORMATION SYSTEM
Strategic Risk Security Risk Legal Risk Reputational Risk
![Page 4: Information system and security control](https://reader034.vdocuments.mx/reader034/viewer/2022051411/547e118eb37959582b8b541b/html5/thumbnails/4.jpg)
STRATEGIC RISK
Strategic assessment and risk analysis Integration within strategic goal Selection and management of
technological infrastructure Comprehensive process for managing
outsourcing relationships with third party providers
![Page 5: Information system and security control](https://reader034.vdocuments.mx/reader034/viewer/2022051411/547e118eb37959582b8b541b/html5/thumbnails/5.jpg)
SECURITY RISK
Customer security practices Authentication of customers Non-repudiation and accountability of
transactions Segregation of duties Authorization controls within the systems,
databases and applications Internal or external fraud
![Page 6: Information system and security control](https://reader034.vdocuments.mx/reader034/viewer/2022051411/547e118eb37959582b8b541b/html5/thumbnails/6.jpg)
SECURITY RISK
Audit trails for transactions Confidentiality of data during transactions Third-party security risk
![Page 7: Information system and security control](https://reader034.vdocuments.mx/reader034/viewer/2022051411/547e118eb37959582b8b541b/html5/thumbnails/7.jpg)
LEGAL RISK
Disclosures of information to customers Privacy Compliance to laws, rules and statements
of the regulators Exposure to foreign jurisdictions
![Page 8: Information system and security control](https://reader034.vdocuments.mx/reader034/viewer/2022051411/547e118eb37959582b8b541b/html5/thumbnails/8.jpg)
REPUTATIONAL RISK
Service level delivery Level of customer care Business continuity and contingency
planning
![Page 9: Information system and security control](https://reader034.vdocuments.mx/reader034/viewer/2022051411/547e118eb37959582b8b541b/html5/thumbnails/9.jpg)
ACCESS LAYERS
![Page 10: Information system and security control](https://reader034.vdocuments.mx/reader034/viewer/2022051411/547e118eb37959582b8b541b/html5/thumbnails/10.jpg)
SECURITY MEASURES
Policies Firewalls Password Penetration testing and test software Intrusion Detection and Prevention System Encryption
![Page 11: Information system and security control](https://reader034.vdocuments.mx/reader034/viewer/2022051411/547e118eb37959582b8b541b/html5/thumbnails/11.jpg)
SECURITY MEASURES
Digital Signatures Virtual Private Network Anti-virus Program Anti-spyware program Logging and monitoring
![Page 12: Information system and security control](https://reader034.vdocuments.mx/reader034/viewer/2022051411/547e118eb37959582b8b541b/html5/thumbnails/12.jpg)
INTERNET SERVICE AS A MEANS OF INFORMATION SYSTEM
E-mail World Wide Web (WWW) File Transfer Protocol (FTP) News Telnet/remote interactive access Internet Relay Chat (IRC)/Instant
Messaging
![Page 13: Information system and security control](https://reader034.vdocuments.mx/reader034/viewer/2022051411/547e118eb37959582b8b541b/html5/thumbnails/13.jpg)
E-MAIL THREATS
Sender – No one can be sure that the sender of an e-mail is the real sender.
Use of digital signatures
THREATS RECOMMENDATION
![Page 14: Information system and security control](https://reader034.vdocuments.mx/reader034/viewer/2022051411/547e118eb37959582b8b541b/html5/thumbnails/14.jpg)
E-MAIL THREATS
Messages in plain test – It is possible that the message can be intercepted, read and change the message..
Encrypt the message
THREATS RECOMMENDATION
![Page 15: Information system and security control](https://reader034.vdocuments.mx/reader034/viewer/2022051411/547e118eb37959582b8b541b/html5/thumbnails/15.jpg)
E-MAIL THREATS
There are no guarantees of secure delivery
Certificate of posting function
THREATS RECOMMENDATION
![Page 16: Information system and security control](https://reader034.vdocuments.mx/reader034/viewer/2022051411/547e118eb37959582b8b541b/html5/thumbnails/16.jpg)
E-MAIL THREATS
Large attachments can clog the e-mail system and/or server
Set a limit on how large the attachments are that e-mail is allowed to receive and make guidelines for downloading, archiving and deletion of e-mails.
THREATS RECOMMENDATION
![Page 17: Information system and security control](https://reader034.vdocuments.mx/reader034/viewer/2022051411/547e118eb37959582b8b541b/html5/thumbnails/17.jpg)
E-MAIL THREATS
Spam (unwanted e-mails)
Set filter to remove/separate spams from legitimate messages.
THREATS RECOMMENDATION
![Page 18: Information system and security control](https://reader034.vdocuments.mx/reader034/viewer/2022051411/547e118eb37959582b8b541b/html5/thumbnails/18.jpg)
WORLD WIDE WEB
Information quality Reader should be cautious and as much as possible, try to verify the information.
THREATS RECOMMENDATION
![Page 19: Information system and security control](https://reader034.vdocuments.mx/reader034/viewer/2022051411/547e118eb37959582b8b541b/html5/thumbnails/19.jpg)
WORLD WIDE WEB
Tracks Browser Plug-ins Cookies
Firewall Set your computer to
clear history Use InPrivate
browsing
THREATS RECOMMENDATION
![Page 20: Information system and security control](https://reader034.vdocuments.mx/reader034/viewer/2022051411/547e118eb37959582b8b541b/html5/thumbnails/20.jpg)
FILE TRANSFER PROTOCOL
File Transfer Protocol has basically no security.
Proper configuration can only minimize the risk Scan all incoming
files
THREATS RECOMMENDATION
![Page 21: Information system and security control](https://reader034.vdocuments.mx/reader034/viewer/2022051411/547e118eb37959582b8b541b/html5/thumbnails/21.jpg)
NEWS
Reputation risk – the news/blog can be regarded as organization’s official view.
It is possible to block access to news. This is a matter of organizational policy
THREATS RECOMMENDATION
![Page 22: Information system and security control](https://reader034.vdocuments.mx/reader034/viewer/2022051411/547e118eb37959582b8b541b/html5/thumbnails/22.jpg)
TELNET
Username and password are usually sent in plain text. It is simple for intruders to read user information and use it for unauthorized access.
One-time or frequent password change and other encryptions should be used
THREATS RECOMMENDATION
![Page 23: Information system and security control](https://reader034.vdocuments.mx/reader034/viewer/2022051411/547e118eb37959582b8b541b/html5/thumbnails/23.jpg)
INTERNET RELAY CHAT
Most IRCs bypass the anti-virus softwares
IRCs with external access should be avoided. If it is necessary to download a file, avoid direct execution of files.
THREATS RECOMMENDATION
![Page 24: Information system and security control](https://reader034.vdocuments.mx/reader034/viewer/2022051411/547e118eb37959582b8b541b/html5/thumbnails/24.jpg)
COMMON SIGNS OF VIRUS
Unusual message appear on your screen Decreased system performance Missing data Inability to access your hard drives Settings are automatically changed
![Page 25: Information system and security control](https://reader034.vdocuments.mx/reader034/viewer/2022051411/547e118eb37959582b8b541b/html5/thumbnails/25.jpg)
![Page 26: Information system and security control](https://reader034.vdocuments.mx/reader034/viewer/2022051411/547e118eb37959582b8b541b/html5/thumbnails/26.jpg)
Chrome - Incognito
![Page 27: Information system and security control](https://reader034.vdocuments.mx/reader034/viewer/2022051411/547e118eb37959582b8b541b/html5/thumbnails/27.jpg)
IE – InPrivate Browsing
![Page 28: Information system and security control](https://reader034.vdocuments.mx/reader034/viewer/2022051411/547e118eb37959582b8b541b/html5/thumbnails/28.jpg)
Firefox – Private Browsing
![Page 29: Information system and security control](https://reader034.vdocuments.mx/reader034/viewer/2022051411/547e118eb37959582b8b541b/html5/thumbnails/29.jpg)
Always test policy on a test computer before applying it to
any other computers
![Page 30: Information system and security control](https://reader034.vdocuments.mx/reader034/viewer/2022051411/547e118eb37959582b8b541b/html5/thumbnails/30.jpg)
Videos
Anti-spyware
Basic PC Security
Anti-virus and other malware
![Page 31: Information system and security control](https://reader034.vdocuments.mx/reader034/viewer/2022051411/547e118eb37959582b8b541b/html5/thumbnails/31.jpg)
SUMMARY