Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
The myth of secure computing; management information system; MIS
1. The Myth of Secure
Computing
Robert D. Austin and
Christopher A.R. Darby
2. Presentation on
The Myth of Secure
Computing
Group- 6
Daliya Bhatta
Hemant Raj Shrestha
Magina Shrestha
Pratima Kunwar
3. What affects 90% of all businesses and
causes $17 billion of damage every year?
• Computer Security Breach
• E-mail floods
• Insider Hackers
• Viruses
• Why is this a big problem?
• Do not pay much attention to digital security
4.
5. Why It happens?
• Digital security is extraordinarily
complicated
• Careless or vindictive employees
• Digital security is invisible
6. What should a Business Manager do?
• Protective measures are expensive
• Should focus on the risk management
• View computer security as an operational rather than
technical challenge
• Reduce the business risk to an acceptable level
7. Threats to digital security
Three types of threats to digital security:
1. Network attacks
• Without breaching the internal working of an
IT system, causes heavy damage to network
via internet
• Denial of Service (DoS) attacks
• DoS attacks are easy to mount and difficult to
defend against
8. Threats cont…
2. Intrusion
• They penetrate organization’s internal IT system
• They steal information, erase or alter data, deface websites etc.
• Eavesdropping
• Difficult to figure out what precisely was done
9. Threats cont…
3. Malicious Code
• Any code in any part of a software system or script that is intended to
cause undesired effect to a system
• It consists of viruses and worms, Trojan horses etc.
• Faster than human hacker
• Target is random
11. 1. Identify digital assets and decide how
much protection each deserves
What your digital assets are?
Assess how valuable each assets are
Decide how much risk company can
absorb for each asset
Review people, process and technologies
that support the assets
12. 2. Define appropriate use of IT resources
Managers should ask people questions about
Authority for remote access to corporate
network
Safeguards to implement for remote location
access
Identify the normal behavior for jobs along with do’s and
don'ts
Companies should explain the rationale for the limitations
implemented
13. 3. Control access to your systems
System should determine who access the specified
information
Use of firewalls, authentication and authorization systems, and
encryption
System should be configured to reflect choices of the critical
assets
Monitor the use of the IT systems to log network activities
14. 4. Insist in secure software
Demand reasonable levels of security from software vendors
15. Insist…
In case of in-house software, developers should follow secure
coding and test practices
Companies should consider the issue of earnings vs. security
16. 5. Know what software is running
Must document every modification of system
In case of breach, it provides current records along with digital
forensics
Allow IT people to make changes quickly
Never procrastinate in updating patches
17. 6. Test and benchmark
Bad guys always gets in
Focus should be on:
How easy is to get in?
What systems or programs were exposed?
Do not rely heavily on audits
Hire external auditors periodically to benchmark the security
standards
18. 7. Rehearse your response
• Difficulty in making decisions in crisis mode
• Helps to have procedures in place and specify who should be
involved in problem-solving activities
• Enables decision makers to act more confidently and
effectively during real events
• Always have a backup plan
19. 8. Analyze the root causes of security
problems
• Detailed analysis of root cause is necessary
• Quality assurance tools can be used:
• Fish-bone diagram,
• Eight step process,
• Plan-do-check-act cycles, etc.
• Toyota uses “The 5 Whys” approach
20. The Bottom Line
• Complete computer security is a MYTH
• New threats and new capabilities are always emerging
• Complications in risk management
• Managers attitude
• Estimation of cost and probabilities
• Well-defined management actions not applicable in all situations
• Addressing serious risk are expensive
21. Recommendation
• Focus on serious risks rather than just spending
• Risk-management is all about business trade-off