Scribd Logo
Upload

Welcome to Scribd!

  • BIS4225.15 - Security of Information and Information Systems

    Uploaded by

    vicrattlehead2013
    23 views35 pages

    Original Title

    BIS4225.15 - Security of Information and Information Systems.ppt

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    23 views35 pages

    BIS4225.15 - Security of Information and Information Systems

    Uploaded by

    vicrattlehead2013

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 35

    BIS4225.

    15
    Security of
    Information and
    Information Systems
    1
    Reading Materials
    Laudon and Laudon (2002)
    Chap. 14

    2
    IS Security
    The process of protecting
    and safeguarding data and
    information from
    accidental, intentional, or
    natural disasters through
    policies, procedures, tools,
    techniques, and methods.
    3
    Vulnerability of Systems
    Vulnerability:
    A flaw, problem, or other
    condition that makes an
    information system
    exposed to threats.

    4
    Vulnerability of Systems
    IS are vulnerable because of:
    increased access to systems;
    increase system complexity;
    cyber terrorism on the Internet;
    network environment;
    complacent management

    5
    Risks
    Potential losses (direct or
    indirect) to a firm.
    total loss
    partial loss
    temporary loss

    6
    Threat
    People, action, event, or
    other situations that could
    trigger losses.
    Three categories:
    Accidental of unintentional errors;
    Intentional errors;
    Natural disasters.
    7
    Hacker
    A person who gains
    unauthorized access to a
    computer system for profit,
    criminal activity or
    personal pleasure.

    8
    Hacker
    CLIENT NETWORK SERVER
    Insider Jobs
    Hacking

    Application
    Web Servers
    Servers

    Databas
    e
    Servers
    9
    Virus
    A computer virus is a
    hidden program which
    inserts itself into the
    computer system and
    clones itself.

    10
    Worm
    A program designed to
    replicate itself and travels
    between machines and
    across network
    connections. It does not
    require a host.

    11
    Development Controls
    CLIENT NETWORK SERVER

    Viruses
    Worms

    Application
    Web Servers
    Servers

    Databas
    e
    Servers
    12
    IS Controls
    A control is a tool for
    controlling risks.
    It is used to identify,
    prevent, or reduce the risk
    of a security breach, or to
    minimize the harm done.

    13
    IS Controls
    Security Exposure:
    Minimize the probability of it
    happening.
    Minimizing the damage, if it
    does happen.
    Recover from the damage.
    14
    IS Controls
    Application Controls
    Development
    (Implementation) Controls
    Physical Facility Controls

    15
    Application Controls
    Provides security to the
    input, processes, output,
    and storage phases of a
    system.
    Login IDs, Passwords
    Backups
    16
    Application Controls
    Backups: Creating
    duplicate copies of a file or
    program and storing it on a
    separate disk or other
    medium in a different
    location from the original
    file or program.
    17
    Development Controls
    Security measures that are
    part of each phase of the
    development life cycle of an
    information system.
    Encryption
    Digital Signatures
    Firewalls
    18
    Development Controls
    Encryption
    CLIENT NETWORK SERVER

    Application
    Web Servers
    Servers

    Cryptography
    Instruction:ENCRYPTION djgoshrj68sj:DECRYPTION Instruction:
    Databas
    Buy 100 apples ... Wt9e uy22 sl0ytl; ... Buy
    e 100 apples ...
    Servers
    19
    Development Controls
    Cryptography: A collection of
    technologies for securing
    electronic messages and
    transactions by encryption
    Instruction: djgoshrj68sj:
    Buy 100 units of ... ENCRYPTION Wt9e uy22 sl0ytl; ...

    20
    Development Controls
    Encryption
    SENDER RECEIVER

    Algorithm Algorithm

    Plain Cipher Plain


    Encrypt Decrypt
    Text Text Text
    (in transmission)

    Key Key

    21
    Development Controls
    Digital Signatures
    Plain Plain Plain
    Encrypt
    Text Text Text

    Message Message
    Hashing Digest Encrypt Digest Cipher
    Text

    Senders Keys Private Public

    Receivers Keys Private Public


    22
    Development Controls
    Message
    Digital
    Hashing
    Digest
    C
    Signatures Cipher
    O
    M
    Text
    P
    A
    Plain Plain
    R Text Text
    E
    Message Message Message Decrypt
    Digest Digest Decrypt Digest

    Private Public
    Private Public
    Receivers Keys
    Senders Keys

    23
    Development Controls
    Digital Certificates
    Senders Keys CAs Keys

    Private Public Private Public

    Public Public
    Identification Identification Encrypt
    Information Information
    Message
    Hashing Digest Digital
    Certificate

    24
    Development Controls
    Digital Certificates
    Plain Plain Plain
    Encrypt
    Text Text Text

    Message Message
    Hashing Digest Encrypt Digest Cipher
    Digital Text
    Certificate

    Senders Keys Private Public

    Receivers Keys Private Public


    25
    Development Controls
    Digital
    Private Public
    Certificates Cipher
    Text
    Senders Keys C
    O
    M Follows Plain
    P Digital Text
    A
    Signature
    R
    Process Message Decrypt
    E
    Digest
    Digital
    Public Decrypt Certificate

    Private Public
    Receivers Keys
    Private Public
    CAs Keys 26
    Development Controls
    Firewall INTERNET

    FW
    DMZ

    Internal Local Area Network

    Servers

    27
    Physical Facility Controls
    Fire alarms
    Security personnel
    Restricted access
    Temperature and humidity
    monitors

    28
    Vulnerability of the Internet
    CLIENT NETWORK SERVER
    Consumer/User Internet Network Company/Retailer
    Cookies Tapping Insider Jobs
    Spyware Spoofing Hacking
    Viruses
    Application
    Web Servers
    Servers

    Databas
    e
    Servers
    29
    Security Policy
    The setting, implementing,
    and enforcing security
    policies and procedures.
    Developed from the view
    point of getting the right
    balance for the business.

    30
    Business Continuity Plan
    Components:
    Preparation Prevention Recovery Restoration

    Examples:

    Flood Fire Lightning Sabotage

    31
    Business Continuity Plan

    Preparation Prevention Recovery Restoration

    training of systems personnel to face


    disasters;
    documenting the system components;
    regular back-up of the system.
    32
    Business Continuity Plan

    Preparation Prevention Recovery Restoration

    to reduce the probability of disruptions to


    computer systems, for example:
    prevent fire: no smoking enforcement.
    prevent water: relocate away from water-
    prone areas.
    33
    Business Continuity Plan

    Preparation Prevention Recovery Restoration

    procedures to recover the system in the


    shortest possible time in order to
    resume operations, for example, setting
    up temporary facilities.

    34
    Business Continuity Plan

    Preparation Prevention Recovery Restoration

    salvage of reusable equipment;


    re-establish the operational capability of the
    existing premises; or establish new premises;
    changeover from the temporary system to
    restored system.
    35

    You might also like