SlideShare ist ein Scribd-Unternehmen logo

The myth of secure computing; management information system; MIS

Als PPSX, PDF herunterladen
Saazan Shrestha
Saazan Shrestha

this is a presentation based on a harvard busniess review with the title of the same.

Bildung
1 von 22
The Myth of Secure Computing Robert D. Austin and Christopher A.R. Darby
Presentation on The Myth of Secure Computing Group- 6 Daliya Bhatta Hemant Raj Shrestha Magina Shrestha Pratima Kunwar
What affects 90% of all businesses and causes $17 billion of damage every year? • Computer Security Breach • E-mail floods • Insider Hackers • Viruses • Why is this a big problem? • Do not pay much attention to digital security
Why It happens? • Digital security is extraordinarily complicated • Careless or vindictive employees • Digital security is invisible
What should a Business Manager do? • Protective measures are expensive • Should focus on the risk management • View computer security as an operational rather than technical challenge • Reduce the business risk to an acceptable level
Threats to digital security Three types of threats to digital security: 1. Network attacks • Without breaching the internal working of an IT system, causes heavy damage to network via internet • Denial of Service (DoS) attacks • DoS attacks are easy to mount and difficult to defend against
Threats cont… 2. Intrusion • They penetrate organization’s internal IT system • They steal information, erase or alter data, deface websites etc. • Eavesdropping • Difficult to figure out what precisely was done
Threats cont… 3. Malicious Code • Any code in any part of a software system or script that is intended to cause undesired effect to a system • It consists of viruses and worms, Trojan horses etc. • Faster than human hacker • Target is random
The operational approach
1. Identify digital assets and decide how much protection each deserves What your digital assets are? Assess how valuable each assets are Decide how much risk company can absorb for each asset Review people, process and technologies that support the assets
2. Define appropriate use of IT resources Managers should ask people questions about Authority for remote access to corporate network Safeguards to implement for remote location access Identify the normal behavior for jobs along with do’s and don'ts Companies should explain the rationale for the limitations implemented
3. Control access to your systems System should determine who access the specified information Use of firewalls, authentication and authorization systems, and encryption System should be configured to reflect choices of the critical assets Monitor the use of the IT systems to log network activities
4. Insist in secure software Demand reasonable levels of security from software vendors
Insist… In case of in-house software, developers should follow secure coding and test practices Companies should consider the issue of earnings vs. security
5. Know what software is running Must document every modification of system In case of breach, it provides current records along with digital forensics Allow IT people to make changes quickly Never procrastinate in updating patches
6. Test and benchmark Bad guys always gets in Focus should be on: How easy is to get in? What systems or programs were exposed? Do not rely heavily on audits Hire external auditors periodically to benchmark the security standards
7. Rehearse your response • Difficulty in making decisions in crisis mode • Helps to have procedures in place and specify who should be involved in problem-solving activities • Enables decision makers to act more confidently and effectively during real events • Always have a backup plan
8. Analyze the root causes of security problems • Detailed analysis of root cause is necessary • Quality assurance tools can be used: • Fish-bone diagram, • Eight step process, • Plan-do-check-act cycles, etc. • Toyota uses “The 5 Whys” approach
The Bottom Line • Complete computer security is a MYTH • New threats and new capabilities are always emerging • Complications in risk management • Managers attitude • Estimation of cost and probabilities • Well-defined management actions not applicable in all situations • Addressing serious risk are expensive
Recommendation • Focus on serious risks rather than just spending • Risk-management is all about business trade-off
Thank- You

Empfohlen

Chap2 2007 Cisa Review Course
Chap2 2007 Cisa Review CourseChap2 2007 Cisa Review Course
Chap2 2007 Cisa Review CourseDesmond Devendran
 
DerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For YouDerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For YouAdam Caudill
 
SolarWinds Government and Education Webinar: Virtual Technology Briefing 08.0...
SolarWinds Government and Education Webinar: Virtual Technology Briefing 08.0...SolarWinds Government and Education Webinar: Virtual Technology Briefing 08.0...
SolarWinds Government and Education Webinar: Virtual Technology Briefing 08.0...SolarWinds
 
CISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityCISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityKarthikeyan Dhayalan
 
Dragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos, Inc.
 
Mashaweer Case Study
Mashaweer Case StudyMashaweer Case Study
Mashaweer Case StudyMd. Mostain Billah Jubair
 
Target data breach presentation
Target data breach presentationTarget data breach presentation
Target data breach presentationSreejith Nair
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited ResourcesLogRhythm
 

Empfohlen

Chap2 2007 Cisa Review Course
Chap2 2007 Cisa Review CourseChap2 2007 Cisa Review Course
Chap2 2007 Cisa Review CourseDesmond Devendran
 
DerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For YouDerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For YouAdam Caudill
 
SolarWinds Government and Education Webinar: Virtual Technology Briefing 08.0...
SolarWinds Government and Education Webinar: Virtual Technology Briefing 08.0...SolarWinds Government and Education Webinar: Virtual Technology Briefing 08.0...
SolarWinds Government and Education Webinar: Virtual Technology Briefing 08.0...SolarWinds
 
CISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityCISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityKarthikeyan Dhayalan
 
Dragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos, Inc.
 
Mashaweer Case Study
Mashaweer Case StudyMashaweer Case Study
Mashaweer Case StudyMd. Mostain Billah Jubair
 
Target data breach presentation
Target data breach presentationTarget data breach presentation
Target data breach presentationSreejith Nair
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited ResourcesLogRhythm
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
Vulnerability Management Whitepaper PowerPoint Presentation Slides
Vulnerability Management Whitepaper PowerPoint Presentation SlidesVulnerability Management Whitepaper PowerPoint Presentation Slides
Vulnerability Management Whitepaper PowerPoint Presentation SlidesSlideTeam
 
お客様からのセキュリティチェックを乗り越えるための SaaS のアプローチ.pptx
お客様からのセキュリティチェックを乗り越えるための SaaS のアプローチ.pptxお客様からのセキュリティチェックを乗り越えるための SaaS のアプローチ.pptx
お客様からのセキュリティチェックを乗り越えるための SaaS のアプローチ.pptxmkoda
 
SolarWinds Technology Briefing- San Diego CA
SolarWinds Technology Briefing- San Diego CASolarWinds Technology Briefing- San Diego CA
SolarWinds Technology Briefing- San Diego CASolarWinds
 
Taj Group Of Hotels
Taj Group Of Hotels Taj Group Of Hotels
Taj Group Of Hotels Shaji Shajakhan
 
Real-time tracking for logistics
Real-time tracking for logisticsReal-time tracking for logistics
Real-time tracking for logisticsRakuten Group, Inc.
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Misauditchecklist 121023080803-phpapp01
Misauditchecklist 121023080803-phpapp01Misauditchecklist 121023080803-phpapp01
Misauditchecklist 121023080803-phpapp01Ravikrishnan Nc
 
Iso27001 Audit Services
Iso27001 Audit ServicesIso27001 Audit Services
Iso27001 Audit Servicesmcloete
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
Security Presentation
Security PresentationSecurity Presentation
Security PresentationGerhard Peens
 
5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response PlanResilient Systems
 
Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...The University of Texas (UTRGV)
 
Business Continuity A Primer Andrews - September 2015
Business Continuity A Primer Andrews - September 2015Business Continuity A Primer Andrews - September 2015
Business Continuity A Primer Andrews - September 2015Ron Andrews
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020Jiunn-Jer Sun
 
Erp case study in cadbury
Erp case study in cadburyErp case study in cadbury
Erp case study in cadburyMohsina Kauser
 
IT Scorecard: An Approach to IT Performance Measurement
IT Scorecard: An Approach to IT Performance MeasurementIT Scorecard: An Approach to IT Performance Measurement
IT Scorecard: An Approach to IT Performance MeasurementGlen Alleman
 
Business Case For IT Asset Management
Business Case For IT Asset ManagementBusiness Case For IT Asset Management
Business Case For IT Asset ManagementSamanage
 
IT Infrastructure Management Powerpoint Presentation Slides
IT Infrastructure Management Powerpoint Presentation SlidesIT Infrastructure Management Powerpoint Presentation Slides
IT Infrastructure Management Powerpoint Presentation SlidesSlideTeam
 
ISO/IEC 27001:2022 Transition Arragements
ISO/IEC 27001:2022 Transition ArragementsISO/IEC 27001:2022 Transition Arragements
ISO/IEC 27001:2022 Transition ArragementsISONIKELtd
 
rainwater harvesting, Nepal
rainwater harvesting, Nepalrainwater harvesting, Nepal
rainwater harvesting, NepalSaazan Shrestha
 
Rain water harvesting
Rain water harvestingRain water harvesting
Rain water harvestingmitesh patel
 

Weitere ähnliche Inhalte

Was ist angesagt?

Vulnerability Management Whitepaper PowerPoint Presentation Slides
Vulnerability Management Whitepaper PowerPoint Presentation SlidesVulnerability Management Whitepaper PowerPoint Presentation Slides
Vulnerability Management Whitepaper PowerPoint Presentation SlidesSlideTeam
 
お客様からのセキュリティチェックを乗り越えるための SaaS のアプローチ.pptx
お客様からのセキュリティチェックを乗り越えるための SaaS のアプローチ.pptxお客様からのセキュリティチェックを乗り越えるための SaaS のアプローチ.pptx
お客様からのセキュリティチェックを乗り越えるための SaaS のアプローチ.pptxmkoda
 
SolarWinds Technology Briefing- San Diego CA
SolarWinds Technology Briefing- San Diego CASolarWinds Technology Briefing- San Diego CA
SolarWinds Technology Briefing- San Diego CASolarWinds
 
Real-time tracking for logistics
Real-time tracking for logisticsReal-time tracking for logistics
Real-time tracking for logisticsRakuten Group, Inc.
 
Misauditchecklist 121023080803-phpapp01
Misauditchecklist 121023080803-phpapp01Misauditchecklist 121023080803-phpapp01
Misauditchecklist 121023080803-phpapp01Ravikrishnan Nc
 
Iso27001 Audit Services
Iso27001 Audit ServicesIso27001 Audit Services
Iso27001 Audit Servicesmcloete
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
Security Presentation
Security PresentationSecurity Presentation
Security PresentationGerhard Peens
 
5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response PlanResilient Systems
 
Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...The University of Texas (UTRGV)
 
Business Continuity A Primer Andrews - September 2015
Business Continuity A Primer Andrews - September 2015Business Continuity A Primer Andrews - September 2015
Business Continuity A Primer Andrews - September 2015Ron Andrews
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020Jiunn-Jer Sun
 
Erp case study in cadbury
Erp case study in cadburyErp case study in cadbury
Erp case study in cadburyMohsina Kauser
 
IT Scorecard: An Approach to IT Performance Measurement
IT Scorecard: An Approach to IT Performance MeasurementIT Scorecard: An Approach to IT Performance Measurement
IT Scorecard: An Approach to IT Performance MeasurementGlen Alleman
 
Business Case For IT Asset Management
Business Case For IT Asset ManagementBusiness Case For IT Asset Management
Business Case For IT Asset ManagementSamanage
 
IT Infrastructure Management Powerpoint Presentation Slides
IT Infrastructure Management Powerpoint Presentation SlidesIT Infrastructure Management Powerpoint Presentation Slides
IT Infrastructure Management Powerpoint Presentation SlidesSlideTeam
 
ISO/IEC 27001:2022 Transition Arragements
ISO/IEC 27001:2022 Transition ArragementsISO/IEC 27001:2022 Transition Arragements
ISO/IEC 27001:2022 Transition ArragementsISONIKELtd
 

Was ist angesagt? (20)

NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
 
Vulnerability Management Whitepaper PowerPoint Presentation Slides
Vulnerability Management Whitepaper PowerPoint Presentation SlidesVulnerability Management Whitepaper PowerPoint Presentation Slides
Vulnerability Management Whitepaper PowerPoint Presentation Slides
 
お客様からのセキュリティチェックを乗り越えるための SaaS のアプローチ.pptx
お客様からのセキュリティチェックを乗り越えるための SaaS のアプローチ.pptxお客様からのセキュリティチェックを乗り越えるための SaaS のアプローチ.pptx
お客様からのセキュリティチェックを乗り越えるための SaaS のアプローチ.pptx
 
SolarWinds Technology Briefing- San Diego CA
SolarWinds Technology Briefing- San Diego CASolarWinds Technology Briefing- San Diego CA
SolarWinds Technology Briefing- San Diego CA
 
Taj Group Of Hotels
Taj Group Of Hotels Taj Group Of Hotels
Taj Group Of Hotels
 
Real-time tracking for logistics
Real-time tracking for logisticsReal-time tracking for logistics
Real-time tracking for logistics
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
 
Misauditchecklist 121023080803-phpapp01
Misauditchecklist 121023080803-phpapp01Misauditchecklist 121023080803-phpapp01
Misauditchecklist 121023080803-phpapp01
 
Iso27001 Audit Services
Iso27001 Audit ServicesIso27001 Audit Services
Iso27001 Audit Services
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
 
Security Presentation
Security PresentationSecurity Presentation
Security Presentation
 
5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan
 
Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...
 
Business Continuity A Primer Andrews - September 2015
Business Continuity A Primer Andrews - September 2015Business Continuity A Primer Andrews - September 2015
Business Continuity A Primer Andrews - September 2015
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
 
Erp case study in cadbury
Erp case study in cadburyErp case study in cadbury
Erp case study in cadbury
 
IT Scorecard: An Approach to IT Performance Measurement
IT Scorecard: An Approach to IT Performance MeasurementIT Scorecard: An Approach to IT Performance Measurement
IT Scorecard: An Approach to IT Performance Measurement
 
Business Case For IT Asset Management
Business Case For IT Asset ManagementBusiness Case For IT Asset Management
Business Case For IT Asset Management
 
IT Infrastructure Management Powerpoint Presentation Slides
IT Infrastructure Management Powerpoint Presentation SlidesIT Infrastructure Management Powerpoint Presentation Slides
IT Infrastructure Management Powerpoint Presentation Slides
 
ISO/IEC 27001:2022 Transition Arragements
ISO/IEC 27001:2022 Transition ArragementsISO/IEC 27001:2022 Transition Arragements
ISO/IEC 27001:2022 Transition Arragements
 

Andere mochten auch

rainwater harvesting, Nepal
rainwater harvesting, Nepalrainwater harvesting, Nepal
rainwater harvesting, NepalSaazan Shrestha
 
Rain water harvesting
Rain water harvestingRain water harvesting
Rain water harvestingmitesh patel
 
Management control system in service and multinational organization
Management control system in service and multinational organizationManagement control system in service and multinational organization
Management control system in service and multinational organizationjakiun johora mustafa
 
Rain Water Harvesting- its simple!!!
Rain Water Harvesting- its simple!!!Rain Water Harvesting- its simple!!!
Rain Water Harvesting- its simple!!!Francin Pinto
 
Rain water harvesting powerpoint
Rain water harvesting powerpointRain water harvesting powerpoint
Rain water harvesting powerpointraje20kaur
 
Business process reengineering
Business process reengineeringBusiness process reengineering
Business process reengineeringNeelkamal Sharma
 
Corporate governance ppt mba
Corporate governance ppt mbaCorporate governance ppt mba
Corporate governance ppt mbaBabasab Patil
 
Rain water harvesting (complete)
Rain water harvesting (complete)Rain water harvesting (complete)
Rain water harvesting (complete)Abhay Goyal
 

Andere mochten auch (11)

rainwater harvesting, Nepal
rainwater harvesting, Nepalrainwater harvesting, Nepal
rainwater harvesting, Nepal
 
Rain water harvesting
Rain water harvestingRain water harvesting
Rain water harvesting
 
Management control system in service and multinational organization
Management control system in service and multinational organizationManagement control system in service and multinational organization
Management control system in service and multinational organization
 
Rain Water Harvesting- its simple!!!
Rain Water Harvesting- its simple!!!Rain Water Harvesting- its simple!!!
Rain Water Harvesting- its simple!!!
 
Mis ppt
Mis pptMis ppt
Mis ppt
 
Rain water harvesting powerpoint
Rain water harvesting powerpointRain water harvesting powerpoint
Rain water harvesting powerpoint
 
Project planning and control
Project planning and controlProject planning and control
Project planning and control
 
Business process reengineering
Business process reengineeringBusiness process reengineering
Business process reengineering
 
Corporate governance ppt mba
Corporate governance ppt mbaCorporate governance ppt mba
Corporate governance ppt mba
 
Corporate governance
Corporate governanceCorporate governance
Corporate governance
 
Rain water harvesting (complete)
Rain water harvesting (complete)Rain water harvesting (complete)
Rain water harvesting (complete)
 

Ähnlich wie The myth of secure computing; management information system; MIS

Cyber Security vs.pdf
Cyber Security vs.pdfCyber Security vs.pdf
Cyber Security vs.pdfMing Man Chan
 
How to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber ResilientHow to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber ResilientAccenture Operations
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Knoldus Inc.
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
Meletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis Belsis MPhil/MRes/BSc
 
Security metrics
Security metrics Security metrics
Security metrics PRAYAGRAJ11
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight BackMTG IT Professionals
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarIntergen
 
Tictaclabs Managed Cyber Security Services
Tictaclabs Managed Cyber Security ServicesTictaclabs Managed Cyber Security Services
Tictaclabs Managed Cyber Security ServicesTicTac Data Recovery
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2TechSoup Canada
 
Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Scott Carlson
 
The 5 ws of Cyber Security
The 5 ws of Cyber SecurityThe 5 ws of Cyber Security
The 5 ws of Cyber SecurityMisha Hanin
 
GDPR | Cyber security process resilience
GDPR | Cyber security process resilienceGDPR | Cyber security process resilience
GDPR | Cyber security process resilienceRishi Kant
 

Ähnlich wie The myth of secure computing; management information system; MIS (20)

Cyber Security vs.pdf
Cyber Security vs.pdfCyber Security vs.pdf
Cyber Security vs.pdf
 
Cyber Security # Lec 3
Cyber Security # Lec 3 Cyber Security # Lec 3
Cyber Security # Lec 3
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 
How to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber ResilientHow to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber Resilient
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
 
Presentation 10.pptx
Presentation 10.pptxPresentation 10.pptx
Presentation 10.pptx
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
 
Vulenerability Management.pptx
Vulenerability Management.pptxVulenerability Management.pptx
Vulenerability Management.pptx
 
Meletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information security
 
Security metrics
Security metrics Security metrics
Security metrics
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
Grc tao.4
Grc tao.4Grc tao.4
Grc tao.4
 
Tictaclabs Managed Cyber Security Services
Tictaclabs Managed Cyber Security ServicesTictaclabs Managed Cyber Security Services
Tictaclabs Managed Cyber Security Services
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
 
Topic11
Topic11Topic11
Topic11
 
Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?
 
The 5 ws of Cyber Security
The 5 ws of Cyber SecurityThe 5 ws of Cyber Security
The 5 ws of Cyber Security
 
GDPR | Cyber security process resilience
GDPR | Cyber security process resilienceGDPR | Cyber security process resilience
GDPR | Cyber security process resilience
 

Kürzlich hochgeladen

SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentationcamerronhm
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesCeline George
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfNirmal Dwivedi
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxAmanpreet Kaur
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - Englishneillewis46
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomPooky Knightsmith
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxVishalSingh1417
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...pradhanghanshyam7136
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...ZurliaSoop
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and ModificationsMJDuyan
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibitjbellavia9
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17Celine George
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxVishalSingh1417
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxDr. Sarita Anand
 
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdfVishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdfssuserdda66b
 

Kürzlich hochgeladen (20)

SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdfVishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
 

The myth of secure computing; management information system; MIS

  • 1. The Myth of Secure Computing Robert D. Austin and Christopher A.R. Darby
  • 2. Presentation on The Myth of Secure Computing Group- 6 Daliya Bhatta Hemant Raj Shrestha Magina Shrestha Pratima Kunwar
  • 3. What affects 90% of all businesses and causes $17 billion of damage every year? • Computer Security Breach • E-mail floods • Insider Hackers • Viruses • Why is this a big problem? • Do not pay much attention to digital security
  • 4.
  • 5. Why It happens? • Digital security is extraordinarily complicated • Careless or vindictive employees • Digital security is invisible
  • 6. What should a Business Manager do? • Protective measures are expensive • Should focus on the risk management • View computer security as an operational rather than technical challenge • Reduce the business risk to an acceptable level
  • 7. Threats to digital security Three types of threats to digital security: 1. Network attacks • Without breaching the internal working of an IT system, causes heavy damage to network via internet • Denial of Service (DoS) attacks • DoS attacks are easy to mount and difficult to defend against
  • 8. Threats cont… 2. Intrusion • They penetrate organization’s internal IT system • They steal information, erase or alter data, deface websites etc. • Eavesdropping • Difficult to figure out what precisely was done
  • 9. Threats cont… 3. Malicious Code • Any code in any part of a software system or script that is intended to cause undesired effect to a system • It consists of viruses and worms, Trojan horses etc. • Faster than human hacker • Target is random
  • 11. 1. Identify digital assets and decide how much protection each deserves What your digital assets are? Assess how valuable each assets are Decide how much risk company can absorb for each asset Review people, process and technologies that support the assets
  • 12. 2. Define appropriate use of IT resources Managers should ask people questions about Authority for remote access to corporate network Safeguards to implement for remote location access Identify the normal behavior for jobs along with do’s and don'ts Companies should explain the rationale for the limitations implemented
  • 13. 3. Control access to your systems System should determine who access the specified information Use of firewalls, authentication and authorization systems, and encryption System should be configured to reflect choices of the critical assets Monitor the use of the IT systems to log network activities
  • 14. 4. Insist in secure software Demand reasonable levels of security from software vendors
  • 15. Insist… In case of in-house software, developers should follow secure coding and test practices Companies should consider the issue of earnings vs. security
  • 16. 5. Know what software is running Must document every modification of system In case of breach, it provides current records along with digital forensics Allow IT people to make changes quickly Never procrastinate in updating patches
  • 17. 6. Test and benchmark Bad guys always gets in Focus should be on: How easy is to get in? What systems or programs were exposed? Do not rely heavily on audits Hire external auditors periodically to benchmark the security standards
  • 18. 7. Rehearse your response • Difficulty in making decisions in crisis mode • Helps to have procedures in place and specify who should be involved in problem-solving activities • Enables decision makers to act more confidently and effectively during real events • Always have a backup plan
  • 19. 8. Analyze the root causes of security problems • Detailed analysis of root cause is necessary • Quality assurance tools can be used: • Fish-bone diagram, • Eight step process, • Plan-do-check-act cycles, etc. • Toyota uses “The 5 Whys” approach
  • 20. The Bottom Line • Complete computer security is a MYTH • New threats and new capabilities are always emerging • Complications in risk management • Managers attitude • Estimation of cost and probabilities • Well-defined management actions not applicable in all situations • Addressing serious risk are expensive
  • 21. Recommendation • Focus on serious risks rather than just spending • Risk-management is all about business trade-off