SlideShare ist ein Scribd-Unternehmen logo

Lecture 7---Security (1).pdf

Z
ZeeshanMajeed15

This document summarizes key points from a lecture on information security. It describes the relationships between hackers and viruses, and how information security policies relate to security plans. It also provides examples of three primary security areas: authentication and authorization using passwords, smart cards, or biometrics; prevention and resistance using content filtering, encryption, and firewalls; and detection and response using intrusion detection systems, antivirus software, and unified threat management systems. Vulnerabilities discussed include network accessibility, hardware and software problems, and wireless challenges. Security threats include hackers, malware, spoofing, sniffing, and identity theft. The document emphasizes that people are the biggest security issue and that policies, plans, and technology work together as lines of defense.

Business
1 von 36
Downloaden Sie, um offline zu lesen
Management Information Systems Gabriella Kereszturi Lecture 7: Information Security
MAIN POINTS Describing the relationships and differences between hackers and viruses Describing the relationship between information security policies and an information security plan Providing an example of each of the three primary security areas: (1) authentication and authorization, (2) prevention and resistance, and (3) detection and response
• Why systems are vulnerable – Accessibility of networks – Hardware problems (breakdowns, configuration errors, damage from improper use or crime) – Software problems (programming errors, installation errors, unauthorized changes) – Disasters – Use of networks/computers outside of firm’s control – Loss and theft of portable devices Systems Vulnerability and Abuse Source: Laudon & Laudon (2016)
The architecture of a Web-based application typically includes a Web client, a server, and corporate information systems linked to databases. Each of these components presents security challenges and vulnerabilities. Floods, fires, power failures, and other electrical problems can cause disruptions at any point in the network. Source: Laudon & Laudon (2016) Security Challenges & Vulnerabilities
• Internet vulnerabilities – Network open to anyone – Size of Internet means abuses can have wide impact – Use of fixed Internet addresses …… creates fixed targets for hackers – E-mail, IM, …. • Interception • Attachments with malicious software • Transmitting trade secrets - Wireless security challenges - Etc… System Vulnerability and Abuse Source: Laudon & Laudon (2016)
Many Wi-Fi networks can be penetrated easily by intruders using sniffer programs to obtain an address to access the resources of a network without authorization. WI-FI Security Challenges Source: Laudon & Laudon (2016)
Protecting Intellectual Assets • Organizational information is intellectual capital - it must be protected • Information security – The protection of information from accidental or intentional misuse by persons inside or outside an organization • Downtime – Refers to a period of time when a system is unavailable
Security Threats Caused by Hackers and Malware • Hacker – Experts in technology who use their knowledge to break into computers and computer networks, either for profit / benefit or just motivated by the challenge – Black-hat hacker – White-hat hacker – Hactivist – Cracker – Cyberterrorist
Hackers • White-hat hackers—work at the request of the system owners to find system vulnerabilities and plug the holes • Black-hat hackers —break into other people’s computer systems and may just look around or may steal and destroy information • Hactivists—have philosophical and political reasons for breaking into systems and will often deface the website as a protest
Hackers • Cracker—a hacker with criminal intent • Cyberterrorists—seek to cause harm to people or to destroy critical systems or information and use the Internet as a weapon of mass destruction
– Viruses • Malicious software program that attaches itself to other software programs or data files in order to be executed – Worms • Independent programs that copy themselves from one computer to other computers over a network. – Worms and viruses spread by • Downloads (drive-by downloads) • E-mail, IM attachments • Downloads on Web sites and social networks Malware (Malicious Software) Source: Laudon & Laudon (2016)
• Denial-of-service attacks (DoS) – Flooding server with thousands of false requests to crash the network • Distributed denial-of-service attacks (DDoS) – Use of numerous computers to launch a DoS Malware (Malicious Software) Source: Laudon & Laudon (2016)
– Trojan horses • Software that appears harmless but does something other than expected – Spyware • Small programs install themselves in secret/by improper means on computers to monitor user Web surfing activities….. Malware (Malicious Software) Source: Laudon & Laudon (2016)
How Malicious Software Spread?
Security threats …. • Malicious code includes a variety of threats (eg viruses, worms, and Trojan horses) • Spoofing is the forging of the return address on an email so that the email message appears to come from someone other than the actual sender. This is not a virus but rather a way by which virus authors hide their identities as they send out viruses.
Security threats …. • A sniffer is a program or device that can monitor data traveling over a network. Sniffers can show all the data being transmitted over a network, including passwords and sensitive information. Sniffers tend to be a favorite weapon in the hacker’s arsenal.
• Pharming – Redirects users to a bogus Web page, even when individual types correct Web page address into his or her browser • Identity theft – Theft of personal Information (social security ID, driver’s license, or credit card numbers) to impersonate someone else • Phishing – Sending an e-mail messages that look like from a legitimate businesses to ask users for confidential personal data and this may include a link to a fake Web sites Security threats …. Source: Laudon & Laudon (2016)
The First Line of Defense - People • Organizations must enable employees, customers, and partners to access information electronically • The biggest issue surrounding information security is not a technical issue, but a people issue
The First Line of Defense - People • The first line of defense an organization should follow to help combat insider issues is to develop information security policies and an information security plan – Information security policies – identify the rules required to maintain information security – Information security plan – details how an organization will implement the information security policies
The Second Line of Defense - Technology • There are three primary information technology security areas
Authentication and Authorization • Authentication – A method for confirming users’identities • Authorization – The process of giving someone permission to do or have something • The most secure type of authentication involves 1. Something the user knows 2. Something the user has 3. Something that is part of the user
Something the User Knows Such As a User ID and Password • This is the most common way to identify individual users and typically contains a user ID and a password • This is also the most ineffective form of authentication • Over 50 % of help-desk calls are password related
• Smart cards and tokens are more effective than a user ID and a password – Tokens – Small electronic devices that change user passwords automatically – Smart card – A device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing Something the User has Such As Smart cards and tokens
Something That Is Part Of The User Such As a Fingerprint or Iris • This is by far the best and most effective way to manage authentication – Biometrics – The identification of a user based on a physical characteristic, such as a fingerprint, iris, voice, or handwriting • Unfortunately, this method can be costly and intrusive
Prevention and Resistance • Downtime can cost an organization anywhere from $100 to $1 million per hour • Technologies available to help prevent and build resistance to attacks include 1. Content filtering 2. Encryption 3. Firewalls
Prevention and Resistance • Content filtering - Prevents emails containing sensitive information from transmitting and stops spam and viruses from spreading
Prevention and Resistance • If there is an information security breach and the information was encrypted, the person stealing the information would be unable to read it – Encryption – Public key encryption (PKE)
Prevention and Resistance Encryption – scrambles information into an alternative form that requires a key or password to decrypt the information Public key encryption (PKE) – an encryption system that uses two keys: a public key for everyone and a private key for the recipient
A public key encryption system can be viewed as a series of public and private keys that lock data when they are transmitted and unlock the data when they are received. The sender locates the recipient’s public key in a directory and uses it to encrypt a message. The message is sent in encrypted form over the Internet or a private network. When the encrypted message arrives, the recipient uses his or her private key to decrypt the data and read the message. Public Key Encryption Source: Laudon & Laudon (2016)
Watch this video • https://www.youtube.com/watch?v=E5FEqGYLL0o • https://www.youtube.com/watch?v=EJd8zqN3zTw
Firewall: – Combination of hardware and software that prevents unauthorized users from accessing private networks Prevention and Resistance Source: Laudon & Laudon (2016)
The firewall is placed between the firm’s private network and the public Internet or another distrusted network to protect against unauthorized traffic. Source: Laudon & Laudon (2016) A Corporate Firewall
Detection and Response • If prevention and resistance strategies fail and there is a security breach, an organization can use detection and response technologies to mitigate the damage
• Intrusion detection systems: – Monitors hot spots on corporate networks to detect and deter intruders – Examines events as they are happening to discover attacks in progress • Antivirus and antispyware software: – Checks computers for presence of malware and can often eliminate it as well – Requires continual updating • Unified threat management (UTM) systems Detection and Response Source: Laudon & Laudon (2016)
Task • Read chapter 8 (textbook) and related material and videos.
References • Baltzan, P. ( 2016) Business Driven Information Systems. Global Edition, 5th ed McGraw-Hill/NY. • Laudon K.C. and Laudon J.P. (2016) Management Information Systems, Managing the Digital Firm, 14th ed. Prentice Hall. • Laudon K.C. and Laudon J.P. (2020) Management Information Systems, Managing the Digital Firm, 16th ed. Prentice Hall.

Empfohlen

Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedBule Hora University
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresCarl B. Forkner, Ph.D.
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Data protection and security
Data protection and securityData protection and security
Data protection and securitynazar60
 
chapter13 - Computing Security Ethics.pdf
chapter13 - Computing Security Ethics.pdfchapter13 - Computing Security Ethics.pdf
chapter13 - Computing Security Ethics.pdfsatonaka3
 
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Cengage Learning
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsBilalMehmood44
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITYafaque jaya
 

Empfohlen

Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedBule Hora University
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresCarl B. Forkner, Ph.D.
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Data protection and security
Data protection and securityData protection and security
Data protection and securitynazar60
 
chapter13 - Computing Security Ethics.pdf
chapter13 - Computing Security Ethics.pdfchapter13 - Computing Security Ethics.pdf
chapter13 - Computing Security Ethics.pdfsatonaka3
 
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Cengage Learning
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsBilalMehmood44
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITYafaque jaya
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
Information security
Information security Information security
Information securityJin Castor
 
Network security
Network securityNetwork security
Network securityhajra azam
 
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptx
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptxMateri Keamanan Siber Prinsip Keamanan Jaringan.pptx
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptxBernad Bear
 
Lecture 5.1.pptx
Lecture 5.1.pptxLecture 5.1.pptx
Lecture 5.1.pptxDibyesh1
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptxJoselitoJMebolos
 
Unit v
Unit vUnit v
Unit vbharatnaruka90
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxRoshni814224
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptxMsVaishaliKumar
 
Security issues ethics in education chapter 8
Security issues ethics in education chapter 8Security issues ethics in education chapter 8
Security issues ethics in education chapter 8Theresa Ann Rollins-Fanning
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptxKnownId
 
Chapter 13
Chapter 13Chapter 13
Chapter 13bodo-con
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewallsMurali Mohan
 
Information security / Cyber Security ppt
Information security / Cyber Security pptInformation security / Cyber Security ppt
Information security / Cyber Security pptGryffin EJ
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.pptEndAlk15
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingChetanmalviya8
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer SystemManesh T
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentalsManesh T
 
internet securityand cyber law Unit2
internet securityand cyber law Unit2internet securityand cyber law Unit2
internet securityand cyber law Unit2Royalzig Luxury Furniture
 
Complete notes security
Complete notes securityComplete notes security
Complete notes securityKitkat Emoo
 
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...ssuserf63bd7
 
New 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck TemplateNew 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck TemplateCannaBusinessPlans
 

Weitere ähnliche Inhalte

Ähnlich wie Lecture 7---Security (1).pdf

attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
Information security
Information security Information security
Information securityJin Castor
 
Network security
Network securityNetwork security
Network securityhajra azam
 
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptx
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptxMateri Keamanan Siber Prinsip Keamanan Jaringan.pptx
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptxBernad Bear
 
Lecture 5.1.pptx
Lecture 5.1.pptxLecture 5.1.pptx
Lecture 5.1.pptxDibyesh1
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxRoshni814224
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptxKnownId
 
Chapter 13
Chapter 13Chapter 13
Chapter 13bodo-con
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewallsMurali Mohan
 
Information security / Cyber Security ppt
Information security / Cyber Security pptInformation security / Cyber Security ppt
Information security / Cyber Security pptGryffin EJ
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.pptEndAlk15
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer SystemManesh T
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentalsManesh T
 
Complete notes security
Complete notes securityComplete notes security
Complete notes securityKitkat Emoo
 

Ähnlich wie Lecture 7---Security (1).pdf (20)

attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
 
Information security
Information security Information security
Information security
 
Network security
Network securityNetwork security
Network security
 
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptx
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptxMateri Keamanan Siber Prinsip Keamanan Jaringan.pptx
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptx
 
Lecture 5.1.pptx
Lecture 5.1.pptxLecture 5.1.pptx
Lecture 5.1.pptx
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
 
Unit v
Unit vUnit v
Unit v
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptx
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptx
 
Security issues ethics in education chapter 8
Security issues ethics in education chapter 8Security issues ethics in education chapter 8
Security issues ethics in education chapter 8
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
 
Chapter 13
Chapter 13Chapter 13
Chapter 13
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
 
Information security / Cyber Security ppt
Information security / Cyber Security pptInformation security / Cyber Security ppt
Information security / Cyber Security ppt
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.ppt
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer System
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentals
 
internet securityand cyber law Unit2
internet securityand cyber law Unit2internet securityand cyber law Unit2
internet securityand cyber law Unit2
 
Complete notes security
Complete notes securityComplete notes security
Complete notes security
 

Kürzlich hochgeladen

Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...ssuserf63bd7
 
New 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck TemplateNew 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck TemplateCannaBusinessPlans
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...daisycvs
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel
 
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGpr788182
 
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptxQSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptxDitasDelaCruz
 
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGpr788182
 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxRoofing Contractor
 
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All TimeCall 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Timegargpaaro
 
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book nowGUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book nowkapoorjyoti4444
 
Arti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdfArti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdfwill854175
 
Falcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon investment
 
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTSJAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTSkajalroy875762
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon investment
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptxnandhinijagan9867
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfAdmir Softic
 
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Adnet Communications
 
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTSDurg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTSkajalroy875762
 
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book nowPARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book nowkapoorjyoti4444
 

Kürzlich hochgeladen (20)

Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
 
New 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck TemplateNew 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck Template
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptxQSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
 
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptx
 
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All TimeCall 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
 
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book nowGUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
 
Arti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdfArti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdf
 
Falcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business Potential
 
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTSJAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business Growth
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
 
Buy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail AccountsBuy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail Accounts
 
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTSDurg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
 
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book nowPARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
 

Lecture 7---Security (1).pdf

  • 1. Management Information Systems Gabriella Kereszturi Lecture 7: Information Security
  • 2. MAIN POINTS Describing the relationships and differences between hackers and viruses Describing the relationship between information security policies and an information security plan Providing an example of each of the three primary security areas: (1) authentication and authorization, (2) prevention and resistance, and (3) detection and response
  • 3. • Why systems are vulnerable – Accessibility of networks – Hardware problems (breakdowns, configuration errors, damage from improper use or crime) – Software problems (programming errors, installation errors, unauthorized changes) – Disasters – Use of networks/computers outside of firm’s control – Loss and theft of portable devices Systems Vulnerability and Abuse Source: Laudon & Laudon (2016)
  • 4. The architecture of a Web-based application typically includes a Web client, a server, and corporate information systems linked to databases. Each of these components presents security challenges and vulnerabilities. Floods, fires, power failures, and other electrical problems can cause disruptions at any point in the network. Source: Laudon & Laudon (2016) Security Challenges & Vulnerabilities
  • 5. • Internet vulnerabilities – Network open to anyone – Size of Internet means abuses can have wide impact – Use of fixed Internet addresses …… creates fixed targets for hackers – E-mail, IM, …. • Interception • Attachments with malicious software • Transmitting trade secrets - Wireless security challenges - Etc… System Vulnerability and Abuse Source: Laudon & Laudon (2016)
  • 6. Many Wi-Fi networks can be penetrated easily by intruders using sniffer programs to obtain an address to access the resources of a network without authorization. WI-FI Security Challenges Source: Laudon & Laudon (2016)
  • 7. Protecting Intellectual Assets • Organizational information is intellectual capital - it must be protected • Information security – The protection of information from accidental or intentional misuse by persons inside or outside an organization • Downtime – Refers to a period of time when a system is unavailable
  • 8. Security Threats Caused by Hackers and Malware • Hacker – Experts in technology who use their knowledge to break into computers and computer networks, either for profit / benefit or just motivated by the challenge – Black-hat hacker – White-hat hacker – Hactivist – Cracker – Cyberterrorist
  • 9. Hackers • White-hat hackers—work at the request of the system owners to find system vulnerabilities and plug the holes • Black-hat hackers —break into other people’s computer systems and may just look around or may steal and destroy information • Hactivists—have philosophical and political reasons for breaking into systems and will often deface the website as a protest
  • 10. Hackers • Cracker—a hacker with criminal intent • Cyberterrorists—seek to cause harm to people or to destroy critical systems or information and use the Internet as a weapon of mass destruction
  • 11. – Viruses • Malicious software program that attaches itself to other software programs or data files in order to be executed – Worms • Independent programs that copy themselves from one computer to other computers over a network. – Worms and viruses spread by • Downloads (drive-by downloads) • E-mail, IM attachments • Downloads on Web sites and social networks Malware (Malicious Software) Source: Laudon & Laudon (2016)
  • 12. • Denial-of-service attacks (DoS) – Flooding server with thousands of false requests to crash the network • Distributed denial-of-service attacks (DDoS) – Use of numerous computers to launch a DoS Malware (Malicious Software) Source: Laudon & Laudon (2016)
  • 13. – Trojan horses • Software that appears harmless but does something other than expected – Spyware • Small programs install themselves in secret/by improper means on computers to monitor user Web surfing activities….. Malware (Malicious Software) Source: Laudon & Laudon (2016)
  • 15. Security threats …. • Malicious code includes a variety of threats (eg viruses, worms, and Trojan horses) • Spoofing is the forging of the return address on an email so that the email message appears to come from someone other than the actual sender. This is not a virus but rather a way by which virus authors hide their identities as they send out viruses.
  • 16. Security threats …. • A sniffer is a program or device that can monitor data traveling over a network. Sniffers can show all the data being transmitted over a network, including passwords and sensitive information. Sniffers tend to be a favorite weapon in the hacker’s arsenal.
  • 17. • Pharming – Redirects users to a bogus Web page, even when individual types correct Web page address into his or her browser • Identity theft – Theft of personal Information (social security ID, driver’s license, or credit card numbers) to impersonate someone else • Phishing – Sending an e-mail messages that look like from a legitimate businesses to ask users for confidential personal data and this may include a link to a fake Web sites Security threats …. Source: Laudon & Laudon (2016)
  • 18. The First Line of Defense - People • Organizations must enable employees, customers, and partners to access information electronically • The biggest issue surrounding information security is not a technical issue, but a people issue
  • 19. The First Line of Defense - People • The first line of defense an organization should follow to help combat insider issues is to develop information security policies and an information security plan – Information security policies – identify the rules required to maintain information security – Information security plan – details how an organization will implement the information security policies
  • 20. The Second Line of Defense - Technology • There are three primary information technology security areas
  • 21. Authentication and Authorization • Authentication – A method for confirming users’identities • Authorization – The process of giving someone permission to do or have something • The most secure type of authentication involves 1. Something the user knows 2. Something the user has 3. Something that is part of the user
  • 22. Something the User Knows Such As a User ID and Password • This is the most common way to identify individual users and typically contains a user ID and a password • This is also the most ineffective form of authentication • Over 50 % of help-desk calls are password related
  • 23. • Smart cards and tokens are more effective than a user ID and a password – Tokens – Small electronic devices that change user passwords automatically – Smart card – A device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing Something the User has Such As Smart cards and tokens
  • 24. Something That Is Part Of The User Such As a Fingerprint or Iris • This is by far the best and most effective way to manage authentication – Biometrics – The identification of a user based on a physical characteristic, such as a fingerprint, iris, voice, or handwriting • Unfortunately, this method can be costly and intrusive
  • 25. Prevention and Resistance • Downtime can cost an organization anywhere from $100 to $1 million per hour • Technologies available to help prevent and build resistance to attacks include 1. Content filtering 2. Encryption 3. Firewalls
  • 26. Prevention and Resistance • Content filtering - Prevents emails containing sensitive information from transmitting and stops spam and viruses from spreading
  • 27. Prevention and Resistance • If there is an information security breach and the information was encrypted, the person stealing the information would be unable to read it – Encryption – Public key encryption (PKE)
  • 28. Prevention and Resistance Encryption – scrambles information into an alternative form that requires a key or password to decrypt the information Public key encryption (PKE) – an encryption system that uses two keys: a public key for everyone and a private key for the recipient
  • 29. A public key encryption system can be viewed as a series of public and private keys that lock data when they are transmitted and unlock the data when they are received. The sender locates the recipient’s public key in a directory and uses it to encrypt a message. The message is sent in encrypted form over the Internet or a private network. When the encrypted message arrives, the recipient uses his or her private key to decrypt the data and read the message. Public Key Encryption Source: Laudon & Laudon (2016)
  • 30. Watch this video • https://www.youtube.com/watch?v=E5FEqGYLL0o • https://www.youtube.com/watch?v=EJd8zqN3zTw
  • 31. Firewall: – Combination of hardware and software that prevents unauthorized users from accessing private networks Prevention and Resistance Source: Laudon & Laudon (2016)
  • 32. The firewall is placed between the firm’s private network and the public Internet or another distrusted network to protect against unauthorized traffic. Source: Laudon & Laudon (2016) A Corporate Firewall
  • 33. Detection and Response • If prevention and resistance strategies fail and there is a security breach, an organization can use detection and response technologies to mitigate the damage
  • 34. • Intrusion detection systems: – Monitors hot spots on corporate networks to detect and deter intruders – Examines events as they are happening to discover attacks in progress • Antivirus and antispyware software: – Checks computers for presence of malware and can often eliminate it as well – Requires continual updating • Unified threat management (UTM) systems Detection and Response Source: Laudon & Laudon (2016)
  • 35. Task • Read chapter 8 (textbook) and related material and videos.
  • 36. References • Baltzan, P. ( 2016) Business Driven Information Systems. Global Edition, 5th ed McGraw-Hill/NY. • Laudon K.C. and Laudon J.P. (2016) Management Information Systems, Managing the Digital Firm, 14th ed. Prentice Hall. • Laudon K.C. and Laudon J.P. (2020) Management Information Systems, Managing the Digital Firm, 16th ed. Prentice Hall.