securing information systems
DESCRIPTION
Management Information System Chapter 8TRANSCRIPT
![Page 1: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/1.jpg)
SECURING INFORMATION
SYSTEMSATHICHA SOOTHIPHAN 54104001-0
KHAJEEPAN CHAIWANG 54104002-8
NATTAWAN RANGKAEW 54107004-1
PATTADON KAEWINTRA 54103001-1
JAKKRIT PHUWASET 54104020-0
UGYEN DORJI 54103005-2
TSHERING YANGKI 54107017-3
PHUNTSHOK LHAMO 54104024-2
NIKESH MUDBHARY 54104011-9
ABHINAY SWAR 55104020-7
ITTIMA TANGSAHAMAITRI 54104019-2
BENJAPORN NANTAJAI 53104030-1
RAMITA PRODKHORNBURI 52107014-4
![Page 2: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/2.jpg)
SYSTEM VULNERABILITY AND
ABUSE
![Page 3: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/3.jpg)
Accessibility of networks.Hardware Problems. Software Problems. Loss of portable device.Use of networks outside of firm’s control.Disaster Internet Vulnerabilities.Wireless Security Challenges.
WHY SYSTEMS ARE VULNERABLE ?
![Page 4: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/4.jpg)
Network open to anyone.Enormously widespread impactCreates fixed targets for hackersUnencrypted VOIP (Voice Over Internet Protocol)Widespread use of E-mail, P2P (Peer-to-peer) and
IM (Instant Messaging)
INTERNET VULNERABILITIES
![Page 5: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/5.jpg)
Radio Frequency band easy to scan. SSIDs ( Service Set Identifiers)
WIRELESS SECURITY CHALLENGES
![Page 6: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/6.jpg)
Security threats often originate inside an organization Inside knowledge Sloppy security procedures Social engineering
INTERNAL THREATS: EMPLOYEES
![Page 7: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/7.jpg)
Computer VirusesWormsTrojan Horses SQL Injection Attacks Spyware
MALWARE
![Page 8: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/8.jpg)
SnifferCyber terrorism and Cyberwar faceClick FraudPharmingEvil TwinsPhishing Identity theftComputer CrimeDDoS ( Distributed Denial-Of-Service Attacks)DoS ( Denial-Of-Service Attacks )
HACKERS AND COMPUTER CRIME
![Page 9: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/9.jpg)
A weakness in a software that could allow an attacker to compromise the integrity, availability, or confidentiality of that software .
SOFTWARE VULNERABILITY
![Page 10: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/10.jpg)
Hidden bug or the infect of code program is the mistake of the code’s program which make the hacker can hack the software.
Cause of Hidden BugAccidence Made
HIDDEN BUG
![Page 11: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/11.jpg)
The software that fix the hidden bug (usually create after exploits is already happen)
Create by software development
PATCHES
![Page 12: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/12.jpg)
BUSINESS VALUE OF SECURITY AND
CONTROL.
![Page 13: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/13.jpg)
LEGAL AND REGULATORY
REQUIREMENTS FOR ELECTRONIC
RECORDS MANAGEMENT AND
PRIVACY PROTECTION
HIPAA Medical security and privacy rules and
procedures
Gramm-Leach-Billey Act Requires financial institutions to ensure the
security and confidentially of customer data
Sarbanes-Oxley Act Imposes responsibility on companies and
their management to safeguard the accuracy and integrity of financial information that is used internally and released externally
![Page 14: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/14.jpg)
ELECTRONIC EVIDENCE
Evidence for white collar crimes often in digital form Proper control of data can save time and money when responding to legal discovery
request
![Page 15: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/15.jpg)
COMPUTER FORENSICS
The scientific collection, examination, authentication, preservation, and analysis of data held on or retrieved from computer storage media in such a way that the information can be used as evidence in a court of law.
Include recovery of ambient and hidden data
![Page 16: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/16.jpg)
ESTABLISHING A FRAMEWORK FOR
SECURITY AND CONTROLS
![Page 17: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/17.jpg)
Protection of information resources requires a well-designed set of controls. Computer systems are controlled by a combination of general controls and application controls. General controls govern the design, security, and use of computer programs and the security of data files in general throughout the organization’s information technology infrastructure.
Types of Information Systems Controls
![Page 18: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/18.jpg)
General controls include software controls, physical hardware controls, computer operations controls, data security controls, controls over the systems implementation process, and administrative controls.
GENERAL CONTROLS
![Page 19: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/19.jpg)
![Page 20: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/20.jpg)
Application controls include both automated and manual procedures that ensure that only authorized data are completely and accurately processed by that application. Application controls can be classified as (1) input controls, (2) processing controls, and (3) Output controls.
APPLICATION CONTROLS
![Page 21: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/21.jpg)
![Page 22: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/22.jpg)
ESTABLISHING A FRAMEWORK FOR
SECURITY AND CONTROL
SECURITY POLICY
Acceptable use policy (AUP)Authorization polices
EXPOSURE PROBABILITY LOSS RANGE (AVG)EXPECTED
ANNUAL LOSS
Power failure 30% $5K–$200K ($102,500) $30,750
Embezzlement 5% $1K–$50K ($25,500) $1,275
User error 98% $200–$40K ($20,100) $19,698
![Page 23: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/23.jpg)
RISK ASSESSMENT
Type of threat
Probability of occurrence during year
Potential losses, value of threat
Expected annual loss
![Page 24: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/24.jpg)
Identifies And Authorizes Different Categories Of Users
Specifies Which Portion Of System Users Can Access
Authenticating Users And Protects Identities
Captures Access Rules For Different Levels Of Users
IDENTIFY MANAGEMENT SYSTEM
IDENTIFY MANAGEMENT
![Page 25: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/25.jpg)
Identify Firm’s Most Critical System
Determine Impact Of An Outage
Determine Which System Restored First
Disaster Recovery Planning
Business Continuity Planning
![Page 26: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/26.jpg)
Identifies all the controls that govern individual information systems and assesses their effectiveness.
MIS Audit
![Page 27: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/27.jpg)
TECHNOLOGIES & TOOLS FOR PROTECTING
INFORMATION RESOURCES
![Page 28: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/28.jpg)
Identify Management Software
![Page 29: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/29.jpg)
Authentication
![Page 30: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/30.jpg)
Firewalls, Intrusion Detection System, Antivirus and Antispyware
Unified Threat Management System
![Page 31: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/31.jpg)
Ensuring System Availability
Fault-Tolerant Computer System
High-Availability computing
Deep packet inception (DPI)
Recovery-oriented computing
Managed security service provider
![Page 32: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/32.jpg)
Cipher text
Encryption
![Page 33: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/33.jpg)
Cipher text
DIGITAL CERTIFICATE
Public key infrastructure (pki)
![Page 34: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/34.jpg)
Security Issues
SECURING wireless network
![Page 35: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/35.jpg)
Security Issues
Security in the cloud
![Page 36: Securing Information Systems](https://reader033.vdocuments.mx/reader033/viewer/2022052322/557590dad8b42ae7708b4ecd/html5/thumbnails/36.jpg)
Security IssuesSecuring mobile platforms