Professional Documents
Culture Documents
15
Security of
Information and
Information Systems
1
Reading Materials
Laudon and Laudon (2002)
Chap. 14
2
IS Security
The process of protecting
and safeguarding data and
information from
accidental, intentional, or
natural disasters through
policies, procedures, tools,
techniques, and methods.
3
Vulnerability of Systems
Vulnerability:
A flaw, problem, or other
condition that makes an
information system
exposed to threats.
4
Vulnerability of Systems
IS are vulnerable because of:
increased access to systems;
increase system complexity;
cyber terrorism on the Internet;
network environment;
complacent management
5
Risks
Potential losses (direct or
indirect) to a firm.
total loss
partial loss
temporary loss
6
Threat
People, action, event, or
other situations that could
trigger losses.
Three categories:
Accidental of unintentional errors;
Intentional errors;
Natural disasters.
7
Hacker
A person who gains
unauthorized access to a
computer system for profit,
criminal activity or
personal pleasure.
8
Hacker
CLIENT NETWORK SERVER
Insider Jobs
Hacking
Application
Web Servers
Servers
Databas
e
Servers
9
Virus
A computer virus is a
hidden program which
inserts itself into the
computer system and
clones itself.
10
Worm
A program designed to
replicate itself and travels
between machines and
across network
connections. It does not
require a host.
11
Development Controls
CLIENT NETWORK SERVER
Viruses
Worms
Application
Web Servers
Servers
Databas
e
Servers
12
IS Controls
A control is a tool for
controlling risks.
It is used to identify,
prevent, or reduce the risk
of a security breach, or to
minimize the harm done.
13
IS Controls
Security Exposure:
Minimize the probability of it
happening.
Minimizing the damage, if it
does happen.
Recover from the damage.
14
IS Controls
Application Controls
Development
(Implementation) Controls
Physical Facility Controls
15
Application Controls
Provides security to the
input, processes, output,
and storage phases of a
system.
Login IDs, Passwords
Backups
16
Application Controls
Backups: Creating
duplicate copies of a file or
program and storing it on a
separate disk or other
medium in a different
location from the original
file or program.
17
Development Controls
Security measures that are
part of each phase of the
development life cycle of an
information system.
Encryption
Digital Signatures
Firewalls
18
Development Controls
Encryption
CLIENT NETWORK SERVER
Application
Web Servers
Servers
Cryptography
Instruction:ENCRYPTION djgoshrj68sj:DECRYPTION Instruction:
Databas
Buy 100 apples ... Wt9e uy22 sl0ytl; ... Buy
e 100 apples ...
Servers
19
Development Controls
Cryptography: A collection of
technologies for securing
electronic messages and
transactions by encryption
Instruction: djgoshrj68sj:
Buy 100 units of ... ENCRYPTION Wt9e uy22 sl0ytl; ...
20
Development Controls
Encryption
SENDER RECEIVER
Algorithm Algorithm
Key Key
21
Development Controls
Digital Signatures
Plain Plain Plain
Encrypt
Text Text Text
Message Message
Hashing Digest Encrypt Digest Cipher
Text
Private Public
Private Public
Receivers Keys
Senders Keys
23
Development Controls
Digital Certificates
Senders Keys CAs Keys
Public Public
Identification Identification Encrypt
Information Information
Message
Hashing Digest Digital
Certificate
24
Development Controls
Digital Certificates
Plain Plain Plain
Encrypt
Text Text Text
Message Message
Hashing Digest Encrypt Digest Cipher
Digital Text
Certificate
Private Public
Receivers Keys
Private Public
CAs Keys 26
Development Controls
Firewall INTERNET
FW
DMZ
Servers
27
Physical Facility Controls
Fire alarms
Security personnel
Restricted access
Temperature and humidity
monitors
28
Vulnerability of the Internet
CLIENT NETWORK SERVER
Consumer/User Internet Network Company/Retailer
Cookies Tapping Insider Jobs
Spyware Spoofing Hacking
Viruses
Application
Web Servers
Servers
Databas
e
Servers
29
Security Policy
The setting, implementing,
and enforcing security
policies and procedures.
Developed from the view
point of getting the right
balance for the business.
30
Business Continuity Plan
Components:
Preparation Prevention Recovery Restoration
Examples:
31
Business Continuity Plan
34
Business Continuity Plan