INFORMATION SYSTEMS Information Systems Security

Document Sample
INFORMATION SYSTEMS Information Systems Security Powered By Docstoc
					Information Systems
Security and Control
Lecture :

   Systems Weaknesses and Abuse
   Creating a Control Environment
   Internet Security Challenges
   Security and E-Commerce
   Copyright Protection
 Why are Systems Weak?

Hardware Failure              Fire

Software Failure              Electrical problems

Employees Actions             User Errors

Terminal Access Penetration   Program Changes

Theft of data, services or    Telecommunications problems
Hackers and Computer Viruses

 A hacker is a person who gains unauthorized access to a
   computer network for profit, criminal mischief or personal
   pleasure. There are many ways that hackers can harm
   businesses. They can plant logic bombs, Trojan horses, etc.

 In denial of service attacks, hackers flood a network server
   with requests for information or data in order to crash the
Hackers and Computer Viruses
 Alarm has risen since hackers propagating computer viruses,
   which spread from system to system, clogging memory or
   destroying programs or data.

 Anti virus software is a special software designed to check
   computer systems and disks for the presence of various computer

 Examples of virus are:
       Chernobyl: Erases the computers’ hard drive and ROM BIOS.
       Explore.exe: Worm type virus that arrives attached to an
        email. When launched emails itself to other PCs to destroy
        certain Ms Office and programmers files.
Concerns for System Users & Builders

      Disasters
        Computer hardware, programs, data files and other
        equipment can be destroyed by fires, power failures or
        other disasters. It may take years and millions of dollars
        to reconstruct destroyed data files and computer
        programs, and the organization may no longer be able
        to operate.
        A disaster recovery plan can be used to overcome these
        problems. This plan includes establishing a chain of
        command for running the business in the event of a
        computer outage as well as identification of critical
        computer processing tasks and backup database, storage
        and processing capabilities.
Concerns for System Users & Builders

 Security
  This refers to policies, procedures and technical measures
  used to prevent unauthorized access, alternation, theft or
  physical damage to information systems. Security can be
  promoted with an array of tools and techniques to safeguard
  hardware, software, networks and data.

 Errors
  Computers can also serve as instruments of error, severely
  disrupting or destroying an organization’ s record keeping
  and operation. Errors can occur at many points in the
  processing cycle: through data entry, program error,
  computer operations, and hardware
Creating a Control Environment
  General & application Controls
  Controls consists of all methods, policies and procedures that
    ensure the safety of the organization’s assets, the accuracy and
    reliability of its accounting records, and operational
    adherence to management standards. Controls are either
    general or application.

        General Controls
         Control the design, security and use of computer
         programs and the security of data files in the organization

        Application Controls
         Specific controls unique        to   each    computerized
         application, e.g. Payroll
General controls
 These include:
      Implementation Controls
       The audit of the system development process at various
       points to make sure that it is properly controlled and
      Software Controls
       Controls to ensure the security and reliability of
       software. Monitors the use of system software and
       prevents unauthorized access
      Hardware Controls
       Controls to ensure the physical security and correct
       performance of computer hardware.
General controls
     Computer operations Control
      Procedure to ensure that programmed procedures are
      consistently and correctly applied to data storage and
     Data Security Controls
      Controls to ensure that data files on either disk or tape
      are not subject to unauthorized access, change or
     Administrative Controls
      Formalized standards, rules, procedures and disciplines
      to ensure that the organization’s controls are properly
      executed and enforced.
Application Controls
 These include:
       Input Controls
        Check data for accuracy and completeness when they are
        entered in the system. E.g. control totals, edit checks.
       Processing Controls
        Routines for establishing that data are complete and
        accurate during updating.
       Output Controls
        Ensures that the results of computer processing are
        accurate, complete and properly distributed; e.g.
        determine that all of the computer jobs execute properly
        for processing.
Internet Security Challenges
 Large public networks are vulnerable, because they are virtually
   open to anyone and they are so huge that, when abuses occur, they
   have a widespread impact. When Internet becomes part of the
   network, the organization’s information systems becomes
   vulnerable to actions from outsiders. So security measures are

        Firewalls
         Controls access to the organization’s internal networks by
         acting like a gatekeeper that examines each user’s credentials
         before allowing access to the network.

        Intrusion Detection System
         Tools to monitor the most vulnerable points in a network to
         detect and deter unauthorized intruders. E.g. scanning
         software looks for known problems such as bad passwords,
         and sends warning to system administration.
Security and E-Commerce
Security is essential since commerce-related activity of buyers
and sellers have to be kept private when they are transmitted
electronically. The data being transmitted must also be protected:
    Encryption

      Coding and scrambling of messages to prevent their being
      read or accessed without authorization.
    Authentication

      The ability of each party in a transaction to ascertain the
      identity of the other party.
    Message Integrity

      The ability to ascertain that a transmitted message has not
      been copied or altered.
Security and E-Commerce
     Digital Signatures
      A digital code that can be attached to an electronically
      transmitted message to uniquely identify its contents and
      the sender.
     Digital Certificates
      An attachment to an electronic message to verify the
      identity of the sender and to provide the receiver with the
      means to encode a reply.
     Secure Electronic Transactions
      A standard for securing credit card transactions over the
      Internet and other networks.
Copyright Protection
      Copyright is a form of protection provided by the laws to
       the authors of “original works of authorship,” including
       literary, dramatic, musical, artistic, and certain other
       intellectual works. The Copyright Act generally gives the
       owner of copyright the exclusive right to do and to
       authorize others to do the following:
      To reproduce the work in copies or phonorecords;
      To prepare derivative works based upon the work;
Copyright Protection
    To distribute copies or phonorecords of the work to the public
     by sale or other transfer of ownership, or by rental, lease, or
    To perform the work publicly, in the case of literary, musical,
     dramatic, and choreographic works, pantomimes, and motion
     pictures and other audiovisual works;
    To display the copyrighted work publicly, in the case of
     literary, musical, dramatic, and choreographic works,
     pantomimes, and pictorial, graphic, or sculptural works,
     including the individual images of a motion picture or other
     audiovisual work; and
    In the case of sound recordings, to perform the work publicly
     by means of a digital audio transmission.
Copyright Protection
 Reproducing copyrighted works on the Internet is easy through
   technology, and makes it easier to develop a Web site. Protection
   can be achieved by using:

       Digital Watermarks
        Embed digital watermarks in your image. These watermarks
        allow you to embed information which communicates your
        copyrights and authorship. The watermarks are imperceptible,
        apparent to the computer, but not to the viewer of an image,
        providing a persistent identity which travels with the image
        wherever it goes.

       Keep work linked to secure, accessible copyright information
        without preventing access to the work itself.

Shared By: