SlideShare ist ein Scribd-Unternehmen logo
1 von 26
Downloaden Sie, um offline zu lesen
ManagementInformation Systemsin Organizations,[object Object],MANAGING,[object Object],SYSTEM SECURITY,[object Object],Prepared by: Jan Wong,[object Object]
The Learning Outcomes,[object Object],At the end of this session you should be able to:,[object Object],the vulnerability of IS and the possible damage from malfunctions,[object Object],EXAMINE,[object Object],the major methods in defending information systems,[object Object],DESCRIBE,[object Object],the security issues of the Web and E-Commerce,[object Object],DISCUSS,[object Object],DESCRIBE,[object Object],security auditing,[object Object]
[object Object]
Planning
Organizing, Acquiring
Maintaining
Securing
Controlling of IT resourcesComputer Systems Management,[object Object]
CASE: DOS ATTACK,[object Object],[object Object]
 The attacker used a method called denial of service (DOS)
By hammering a Web site’s equipment with too many requests for information, an attacker can effectively clog a system
 The total damage worldwide was estimated at $5 -10 billion (U.S.)
 The alleged attacker, from the Philippines, was not prosecuted because he did not break any law in the Philippines,[object Object]
A group installed an ATM in a busy shopping center in Hartford, Connecticut. Customers using the m/c were shown the message “sorry, no transactions possible” after inserting their cards and entering the pin numbers. Using counterfeit cards made from the information given the group netted around $100,000.,[object Object],[object Object]
Security Threats,[object Object]
[object Object]
Hundreds of potential threats exist
Computing resources may be distributed  across many locations – Intranets, Extranets
Computer networks can be outside the organization and difficult to protect
Many individuals control information assetsSecurityProblems,[object Object],“Defending information systems is not a simple or inexpensive task”,[object Object]
[object Object]
Many computer crimes are undetected for a long period of time.
People tend to violate security procedures because they are inconvenient
e.g. Windows VistaSecurityProblems,[object Object],“Defending information systems is not a simple or inexpensive task”,[object Object]
Human errors,[object Object],In the design of hardware and information systems,[object Object],Programming, testing, authorization,[object Object],These errors contribute to the vast majority of control and security related problems.,[object Object],Environmental hazards,[object Object],Earthquakes, hurricanes, floods, lightning strikes etc.,[object Object],Fire, defective air-conditioning, radio-active fallout, water-cooling systems failures.,[object Object],Smoke, heat and water damage resulting from the other environmental hazards.,[object Object],5,[object Object],     Risks in Information Systems,[object Object],“Human errors, environmental hazards, computer system failures, cyber crime & intentional threats”,[object Object]
Computer systems failures,[object Object],[object Object]

Weitere ähnliche Inhalte

Was ist angesagt?

It security controls, plans, and procedures
It security controls, plans, and proceduresIt security controls, plans, and procedures
It security controls, plans, and proceduresCAS
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire
 
1. security management practices
1. security management practices1. security management practices
1. security management practices7wounders
 
Risk Management Approach to Cyber Security
Risk Management  Approach to Cyber Security Risk Management  Approach to Cyber Security
Risk Management Approach to Cyber Security Ernest Staats
 
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Tripwire
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016Ashley Deuble
 
Tripwire IP360 Vulnerability Management
Tripwire IP360 Vulnerability ManagementTripwire IP360 Vulnerability Management
Tripwire IP360 Vulnerability ManagementTripwire
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk ManagementTudor Damian
 
Integrated cyber defense
Integrated cyber defenseIntegrated cyber defense
Integrated cyber defensekajal kumari
 
Remote Deposit Capture Risk Management & FFIEC Complaince
Remote Deposit Capture Risk Management & FFIEC ComplainceRemote Deposit Capture Risk Management & FFIEC Complaince
Remote Deposit Capture Risk Management & FFIEC ComplainceJTLeekley
 
Incident Response
Incident Response Incident Response
Incident Response InnoTech
 
Unintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeUnintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeDavid Mai, MBA
 
Reorganizing Federal IT to Address Today's Threats
Reorganizing Federal IT to Address Today's ThreatsReorganizing Federal IT to Address Today's Threats
Reorganizing Federal IT to Address Today's ThreatsLumension
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskAlienVault
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organizationDan Morrill
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptxPiyush Jain
 
Risk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningRisk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningKeyaan Williams
 
SuprTEK Continuous Monitoring
SuprTEK Continuous MonitoringSuprTEK Continuous Monitoring
SuprTEK Continuous MonitoringTieu Luu
 

Was ist angesagt? (20)

It security controls, plans, and procedures
It security controls, plans, and proceduresIt security controls, plans, and procedures
It security controls, plans, and procedures
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale Peterson
 
Incident handling.final
Incident handling.finalIncident handling.final
Incident handling.final
 
1. security management practices
1. security management practices1. security management practices
1. security management practices
 
Risk Management Approach to Cyber Security
Risk Management  Approach to Cyber Security Risk Management  Approach to Cyber Security
Risk Management Approach to Cyber Security
 
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
 
The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016
 
Tripwire IP360 Vulnerability Management
Tripwire IP360 Vulnerability ManagementTripwire IP360 Vulnerability Management
Tripwire IP360 Vulnerability Management
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
 
Integrated cyber defense
Integrated cyber defenseIntegrated cyber defense
Integrated cyber defense
 
Remote Deposit Capture Risk Management & FFIEC Complaince
Remote Deposit Capture Risk Management & FFIEC ComplainceRemote Deposit Capture Risk Management & FFIEC Complaince
Remote Deposit Capture Risk Management & FFIEC Complaince
 
Incident Response
Incident Response Incident Response
Incident Response
 
Unintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeUnintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric Cole
 
Reorganizing Federal IT to Address Today's Threats
Reorganizing Federal IT to Address Today's ThreatsReorganizing Federal IT to Address Today's Threats
Reorganizing Federal IT to Address Today's Threats
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize Risk
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organization
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptx
 
Risk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningRisk Management and Security in Strategic Planning
Risk Management and Security in Strategic Planning
 
SuprTEK Continuous Monitoring
SuprTEK Continuous MonitoringSuprTEK Continuous Monitoring
SuprTEK Continuous Monitoring
 

Andere mochten auch

MISO L001 Digital Economy (2016)
MISO L001 Digital Economy (2016)MISO L001 Digital Economy (2016)
MISO L001 Digital Economy (2016)Jan Wong
 
MISO L001 digital economy
MISO L001 digital economyMISO L001 digital economy
MISO L001 digital economyJan Wong
 
MISO L006 IT Strategy
MISO L006 IT StrategyMISO L006 IT Strategy
MISO L006 IT StrategyJan Wong
 
MISO L005 Understanding ERP
MISO L005 Understanding ERPMISO L005 Understanding ERP
MISO L005 Understanding ERPJan Wong
 
MISO L004 e commerce.ppt
MISO L004 e commerce.pptMISO L004 e commerce.ppt
MISO L004 e commerce.pptJan Wong
 
MISO L002 it concepts and management
MISO L002 it concepts and managementMISO L002 it concepts and management
MISO L002 it concepts and managementJan Wong
 
Decision Making for Entrepreneurs
Decision Making for EntrepreneursDecision Making for Entrepreneurs
Decision Making for EntrepreneursJan Wong
 
L003 Network Computing (2016)
L003 Network Computing (2016)L003 Network Computing (2016)
L003 Network Computing (2016)Jan Wong
 
L002 IT Concepts & Management (2016)
L002 IT Concepts & Management (2016)L002 IT Concepts & Management (2016)
L002 IT Concepts & Management (2016)Jan Wong
 
MISO L003 network computing
MISO L003 network computingMISO L003 network computing
MISO L003 network computingJan Wong
 
HEC Digital Business. Digital Business
HEC Digital Business. Digital BusinessHEC Digital Business. Digital Business
HEC Digital Business. Digital BusinessAndré Blavier
 
Enterprise digital workflows
Enterprise digital workflowsEnterprise digital workflows
Enterprise digital workflowsZinnov
 
Social Media for Entrepreneurs
Social Media for EntrepreneursSocial Media for Entrepreneurs
Social Media for EntrepreneursJan Wong
 
(PROJEKTURA) Digital Economy for Lider Media 2015
(PROJEKTURA) Digital Economy for Lider Media 2015(PROJEKTURA) Digital Economy for Lider Media 2015
(PROJEKTURA) Digital Economy for Lider Media 2015Ratko Mutavdzic
 
IS CH2 Database Management (p2)
IS CH2 Database Management (p2)IS CH2 Database Management (p2)
IS CH2 Database Management (p2)Jan Wong
 
L006 IT Strategy (2016)
L006 IT Strategy (2016)L006 IT Strategy (2016)
L006 IT Strategy (2016)Jan Wong
 
How to Succeed in Today's Digital Economy - The Emergence of New Business Mod...
How to Succeed in Today's Digital Economy - The Emergence of New Business Mod...How to Succeed in Today's Digital Economy - The Emergence of New Business Mod...
How to Succeed in Today's Digital Economy - The Emergence of New Business Mod...Sirous Kavehercy
 
HEC Digital Business. Sharing Economy and other trends
HEC Digital Business. Sharing Economy and other trendsHEC Digital Business. Sharing Economy and other trends
HEC Digital Business. Sharing Economy and other trendsAndré Blavier
 
L004 E-Commerce (2016)
L004 E-Commerce (2016)L004 E-Commerce (2016)
L004 E-Commerce (2016)Jan Wong
 

Andere mochten auch (20)

MISO L001 Digital Economy (2016)
MISO L001 Digital Economy (2016)MISO L001 Digital Economy (2016)
MISO L001 Digital Economy (2016)
 
MISO L001 digital economy
MISO L001 digital economyMISO L001 digital economy
MISO L001 digital economy
 
MISO L006 IT Strategy
MISO L006 IT StrategyMISO L006 IT Strategy
MISO L006 IT Strategy
 
MISO L005 Understanding ERP
MISO L005 Understanding ERPMISO L005 Understanding ERP
MISO L005 Understanding ERP
 
MISO L004 e commerce.ppt
MISO L004 e commerce.pptMISO L004 e commerce.ppt
MISO L004 e commerce.ppt
 
MISO L002 it concepts and management
MISO L002 it concepts and managementMISO L002 it concepts and management
MISO L002 it concepts and management
 
Decision Making for Entrepreneurs
Decision Making for EntrepreneursDecision Making for Entrepreneurs
Decision Making for Entrepreneurs
 
L003 Network Computing (2016)
L003 Network Computing (2016)L003 Network Computing (2016)
L003 Network Computing (2016)
 
MISO L010
MISO L010MISO L010
MISO L010
 
L002 IT Concepts & Management (2016)
L002 IT Concepts & Management (2016)L002 IT Concepts & Management (2016)
L002 IT Concepts & Management (2016)
 
MISO L003 network computing
MISO L003 network computingMISO L003 network computing
MISO L003 network computing
 
HEC Digital Business. Digital Business
HEC Digital Business. Digital BusinessHEC Digital Business. Digital Business
HEC Digital Business. Digital Business
 
Enterprise digital workflows
Enterprise digital workflowsEnterprise digital workflows
Enterprise digital workflows
 
Social Media for Entrepreneurs
Social Media for EntrepreneursSocial Media for Entrepreneurs
Social Media for Entrepreneurs
 
(PROJEKTURA) Digital Economy for Lider Media 2015
(PROJEKTURA) Digital Economy for Lider Media 2015(PROJEKTURA) Digital Economy for Lider Media 2015
(PROJEKTURA) Digital Economy for Lider Media 2015
 
IS CH2 Database Management (p2)
IS CH2 Database Management (p2)IS CH2 Database Management (p2)
IS CH2 Database Management (p2)
 
L006 IT Strategy (2016)
L006 IT Strategy (2016)L006 IT Strategy (2016)
L006 IT Strategy (2016)
 
How to Succeed in Today's Digital Economy - The Emergence of New Business Mod...
How to Succeed in Today's Digital Economy - The Emergence of New Business Mod...How to Succeed in Today's Digital Economy - The Emergence of New Business Mod...
How to Succeed in Today's Digital Economy - The Emergence of New Business Mod...
 
HEC Digital Business. Sharing Economy and other trends
HEC Digital Business. Sharing Economy and other trendsHEC Digital Business. Sharing Economy and other trends
HEC Digital Business. Sharing Economy and other trends
 
L004 E-Commerce (2016)
L004 E-Commerce (2016)L004 E-Commerce (2016)
L004 E-Commerce (2016)
 

Ähnlich wie MISO L007 managing system security

Managing System Security
Managing System SecurityManaging System Security
Managing System SecurityPIREH
 
The Inside Job: Detecting, Preventing and Investigating Data Theft
The Inside Job: Detecting, Preventing and Investigating Data TheftThe Inside Job: Detecting, Preventing and Investigating Data Theft
The Inside Job: Detecting, Preventing and Investigating Data TheftCase IQ
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
InformationSecurity.ppt
InformationSecurity.pptInformationSecurity.ppt
InformationSecurity.pptAnshikaGoel42
 
Ethical and security issues on MIS inte 322 assignment.docx
Ethical and security issues on MIS inte 322 assignment.docxEthical and security issues on MIS inte 322 assignment.docx
Ethical and security issues on MIS inte 322 assignment.docxGogoOmolloFrancis
 
Computing safety
Computing safetyComputing safety
Computing safetytitoferrus
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
Pharmaceutical companies and security
Pharmaceutical companies and securityPharmaceutical companies and security
Pharmaceutical companies and securityJuliette Foine
 
Security & ethical challenges
Security & ethical challengesSecurity & ethical challenges
Security & ethical challengesLouie Medinaceli
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010joevest
 
DATA SECURITY AND CONTROL.ppt
DATA SECURITY AND CONTROL.pptDATA SECURITY AND CONTROL.ppt
DATA SECURITY AND CONTROL.pptWilsonWanjohi5
 
Heartlandpt3
Heartlandpt3Heartlandpt3
Heartlandpt3grimesjo
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentationAlan Holyoke
 
Cat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsCat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsSimeon Ogao
 

Ähnlich wie MISO L007 managing system security (20)

Managing System Security
Managing System SecurityManaging System Security
Managing System Security
 
I0516064
I0516064I0516064
I0516064
 
The Inside Job: Detecting, Preventing and Investigating Data Theft
The Inside Job: Detecting, Preventing and Investigating Data TheftThe Inside Job: Detecting, Preventing and Investigating Data Theft
The Inside Job: Detecting, Preventing and Investigating Data Theft
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
InformationSecurity.ppt
InformationSecurity.pptInformationSecurity.ppt
InformationSecurity.ppt
 
Unit v
Unit vUnit v
Unit v
 
Bis Chapter15
Bis Chapter15Bis Chapter15
Bis Chapter15
 
Ethical and security issues on MIS inte 322 assignment.docx
Ethical and security issues on MIS inte 322 assignment.docxEthical and security issues on MIS inte 322 assignment.docx
Ethical and security issues on MIS inte 322 assignment.docx
 
C018131821
C018131821C018131821
C018131821
 
Computing safety
Computing safetyComputing safety
Computing safety
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
Pharmaceutical companies and security
Pharmaceutical companies and securityPharmaceutical companies and security
Pharmaceutical companies and security
 
Security & ethical challenges
Security & ethical challengesSecurity & ethical challenges
Security & ethical challenges
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
 
E04 05 2841
E04 05 2841E04 05 2841
E04 05 2841
 
DATA SECURITY AND CONTROL.ppt
DATA SECURITY AND CONTROL.pptDATA SECURITY AND CONTROL.ppt
DATA SECURITY AND CONTROL.ppt
 
Heartlandpt3
Heartlandpt3Heartlandpt3
Heartlandpt3
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentation
 
Cat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsCat21:Development Mangement Information Systems
Cat21:Development Mangement Information Systems
 

Mehr von Jan Wong

IS L06 Communications and Networks
IS L06 Communications and NetworksIS L06 Communications and Networks
IS L06 Communications and NetworksJan Wong
 
IS L05 Multimedia
IS L05 MultimediaIS L05 Multimedia
IS L05 MultimediaJan Wong
 
IS L04 Programming Language
IS L04 Programming LanguageIS L04 Programming Language
IS L04 Programming LanguageJan Wong
 
IS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and PrivacyIS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and PrivacyJan Wong
 
IS L03 - Database Management
IS L03 - Database ManagementIS L03 - Database Management
IS L03 - Database ManagementJan Wong
 
IS L02 - Development of Information Systems
IS L02 - Development of Information SystemsIS L02 - Development of Information Systems
IS L02 - Development of Information SystemsJan Wong
 
IS L01 - Introduction to Information Systems (2019)
IS L01 - Introduction to Information Systems (2019)IS L01 - Introduction to Information Systems (2019)
IS L01 - Introduction to Information Systems (2019)Jan Wong
 
IS CH2 Database Management (p1)
IS CH2 Database Management (p1)IS CH2 Database Management (p1)
IS CH2 Database Management (p1)Jan Wong
 
IS CH1 Introduction to Information Systems
IS CH1 Introduction to Information SystemsIS CH1 Introduction to Information Systems
IS CH1 Introduction to Information SystemsJan Wong
 

Mehr von Jan Wong (9)

IS L06 Communications and Networks
IS L06 Communications and NetworksIS L06 Communications and Networks
IS L06 Communications and Networks
 
IS L05 Multimedia
IS L05 MultimediaIS L05 Multimedia
IS L05 Multimedia
 
IS L04 Programming Language
IS L04 Programming LanguageIS L04 Programming Language
IS L04 Programming Language
 
IS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and PrivacyIS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and Privacy
 
IS L03 - Database Management
IS L03 - Database ManagementIS L03 - Database Management
IS L03 - Database Management
 
IS L02 - Development of Information Systems
IS L02 - Development of Information SystemsIS L02 - Development of Information Systems
IS L02 - Development of Information Systems
 
IS L01 - Introduction to Information Systems (2019)
IS L01 - Introduction to Information Systems (2019)IS L01 - Introduction to Information Systems (2019)
IS L01 - Introduction to Information Systems (2019)
 
IS CH2 Database Management (p1)
IS CH2 Database Management (p1)IS CH2 Database Management (p1)
IS CH2 Database Management (p1)
 
IS CH1 Introduction to Information Systems
IS CH1 Introduction to Information SystemsIS CH1 Introduction to Information Systems
IS CH1 Introduction to Information Systems
 

MISO L007 managing system security