3. IT SECURITY & ETHICS
The use of IT in business has had major
impacts on society & thus raises ethical
issues ion the area of crime , privacy,
individuality, employment, health & working
conditions.
Hence IT has both negative & positive
impacts.
So the responsibility of a business
professional is to manage the high quality
products & maintaining it.
5. Need for Security
1. Reduce the risk of systems and
organizations ceasing operations.
2. Maintaining information confidentiality.
3. Ensure the integrity and reliability of
data resources.
4. Ensure the uninterrupted availability of
data resources and online operations.
5. Ensure compliance with policies & laws
regarding security & privacy.
7. Goal of SecurityGoal of Security
ManagementManagement
– Minimize errors, fraud, and losses in the
e-business systems that interconnect
businesses with their customers,
suppliers, and other stakeholders
10. Encryption
– Passwords, messages, files, and other
data is transmitted in scrambled form
and unscrambled for authorized users
– Involves using special mathematical
algorithms to transform digital data in
scrambled code
– Most widely used method uses a pair of
public and private keys unique to each
individual
11. Types of Encryption
Secret Key Algorithm , (symmetric
encryption):
Symmetric or private key, encryption is
based on a secret key that is shared by
both communicating parties. The sending
party uses the secret key as part of the
mathematical operation to encipher plain
text to cipher text. The receiving party
uses the same secret key to decipher the
cipher text to plain text.
12. Types of encrption
(contd..)
Public Key Algorithm (Asymmetric
Encryption):
It uses two different keys for each user;
one is private key known only to this one
user, the other is corresponding public
key, which is accessible to anyone. The
private & public keys are mathematically
related by the encryption algorithm. One
key is used for encryption and the other
for decryption, depending on the nature of
the communication service.
13. Firewalls
Serves as a
“gatekeeper”
system that
protects a company’s
intranets and other
computer networks
from intrusion
Provides a filter and
safe transfer point
Screens all network
traffic for proper
passwords or other
security codes
14. Advantages of Firewalls
Provides security to both inbound &
outbound traffic.
Response time is very high in case of
high end firewalls.
Software firewalls are usually
cheaper and preferred for individual
computers where as hardware
firewalls are for organizations and
are costly.
15. Disadvantages of
Firewalls
• Firewalls cannot protect the system
from insider attacks.
• Installation & maintenance costs
often become an overhead.
• Users surfing capabilities are
reduced.
• If the firewall is configured with
stringent rules, it constantly annoys
user with False positives.
16. Denial of Service
Defenses
These assaults depend on
three layers of networked
computer systems
Victim’s website
Victim’s ISP
Sites of “zombie” or slave
computers
Defensive measures and
security precautions must be
taken at all three levels
17. Security Measures (cont..)
• E-mail Monitoring
“Spot checks just aren’t good enough anymore.
The tide is turning toward systematic
monitoring of corporate e-mail traffic using
content-monitoring software that scans for
troublesome words that might compromise
corporate security.”
• Virus Defenses
Protection may accomplished through
Centralized distribution and updating of antivirus
software
Outsourcing the virus protection responsibility to
ISPs or to telecommunications or security
management companies
18. Security Measures (cont..)
Security codes
Multilevel password system:-
Log onto the computer system, Gain
access into the system, Access
individual files
Backup Files
Duplicate files of data or programs
File retention measures
Sometimes several generations of files
are kept for control purposes
19. CYBER TERRORISM
• Cyber terrorism is the
convergence of terrorism
and cyberspace. It is
generally understood to
mean unlawful attacks
and threats of attack
against computers,
networks, and the
information stored
therein when done to
intimidate or coerce a
government or its people
in furtherance of
political or social
objectives.
21. Basic facts about cyber
terrorism
• Cyber attacks immediately follow
physical attacks
• Cyber attacks are increasing in
volume, sophistication, and
coordination
• Cyber attackers are attracted to
high-value targets
• Many, if not most, targets would
probably be commercial computer and
communications systems
22. What can we do..???
Go on the defensive now
– Educate senior management on risks of cyber
warfare
– Make infosec a top priority
– Beef up your security technology
– Insist on flawless execution: compliance to
security standards in all areas
Work with other companies, government
agencies
– NIPC
– IT ISAC
– SAINT