1 / 31

Chapter 17 Risks, Security and Disaster Recovery

Chapter 17 Risks, Security and Disaster Recovery. Learning Objectives. Describe the primary goals of information security Enumerate the main types of risks to information systems List the various types of attacks on networked systems. Learning Objectives (Cont.).

colene
Download Presentation

Chapter 17 Risks, Security and Disaster Recovery

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 17Risks, Security and Disaster Recovery Management Information Systems, 4th Edition

  2. Learning Objectives • Describe the primary goals of information security • Enumerate the main types of risks to information systems • List the various types of attacks on networked systems Management Information Systems, 4th Edition

  3. Learning Objectives (Cont.) • Describe the types of controls required to ensure the integrity of data entry and processing and uninterrupted e-commerce • Describe the various kinds of security measures that can be taken to protect data and ISs • Outline the principles of how organizations develop recovery plans • Explain the economic aspects of information security Management Information Systems, 4th Edition

  4. Goals of Information Security • Reduce the risk of systems and organizations ceasing operations • Maintain information confidentiality • Ensure the integrity and reliability of data resources • Ensure the uninterrupted availability of data resources and online operations • Ensure compliance with national security laws and privacy policies and laws Management Information Systems, 4th Edition

  5. Risks to Information Systems • Risks to Hardware • Natural disasters • Blackouts and brownouts • Vandalism Management Information Systems, 4th Edition

  6. Risks to Information Systems (Cont.) • Risks to Applications and Data • Theft of information • Social engineering and identity theft • Data alteration, data destruction, and Web defacement • Computer viruses, worms, and logic bombs • Nonmalicious mishaps Management Information Systems, 4th Edition

  7. Risks to Online Operations • Denial of service • Hijacking • Spoofing Management Information Systems, 4th Edition

  8. Risks to Online Operations Management Information Systems, 4th Edition

  9. Controls Management Information Systems, 4th Edition

  10. Controls (Cont.) • Program Robustness and Data Entry Controls • Provide a clear and sound interface with the user • Menus and limits • Backup • Periodic duplication of all data • Access Controls • Ensure that only authorized people can gain access to systems and files • Access codes and passwords Management Information Systems, 4th Edition

  11. Controls (Cont.) Management Information Systems, 4th Edition

  12. Controls (Cont.) • Atomic Transactions • Ensures that transaction data are recorded properly in all the pertinent files to ensure integrity • Audit Trails • Built into an IS so that transactions can be traced to people, times, and authorization information Management Information Systems, 4th Edition

  13. Controls (Cont.) Management Information Systems, 4th Edition

  14. Security Measures • Firewalls • Defense against unauthorized access to systems over the Internet • Controls communication between a trusted network and the “untrusted” Internet • Proxy Server: represents another server for all information requests and acts as a buffer Management Information Systems, 4th Edition

  15. Security Measures (Cont.) Management Information Systems, 4th Edition

  16. Authentication and Encryption • Keeps communications secret • Authentication: the process of ensuring the identity of the person sending the message • Encryption: coding a message into a form unreadable to an interceptor Management Information Systems, 4th Edition

  17. Authentication and Encryption (Cont.) Management Information Systems, 4th Edition

  18. Authentication and Encryption (Cont.) • Encryption Strength • Distribution Restrictions • Public-key Encryptions • Symmetric and asymmetric encryption • Secure Sockets Layer and Secure Hypertext Transport Protocol • Pretty Good Privacy Management Information Systems, 4th Edition

  19. Authentication and Encryption (Cont.) Management Information Systems, 4th Edition

  20. Authentication and Encryption (Cont.) Management Information Systems, 4th Edition

  21. Digital Signatures and Digital Certificates • Electronic Signatures • Digital Signatures • Digital Certificates Management Information Systems, 4th Edition

  22. Digital Signatures and Digital Certificates (Cont.) Management Information Systems, 4th Edition

  23. Digital Signatures and Digital Certificates (Cont.) Management Information Systems, 4th Edition

  24. The business recovery plan • Obtain management’s commitment to the plan • Establish a planning committee • Perform risk assessment and impact analysis • Prioritize recovery needs: critical, vital, sensitive, noncritical Management Information Systems, 4th Edition

  25. The business recovery plan (Cont.) • Select a recovery plan • Select vendors • Develop and implement the plan • Test the plan • Continually test and evaluate Management Information Systems, 4th Edition

  26. Recovery plan providers • Companies that specialize in either disaster recovery planning or provision of alternate sites • Small companies can opt for Web-based services Management Information Systems, 4th Edition

  27. The IS Security Budget Management Information Systems, 4th Edition

  28. The IS Security Budget (Cont.) • How much security is enough security? • Calculating downtime Management Information Systems, 4th Edition

  29. The IS Security Budget (Cont.) Management Information Systems, 4th Edition

  30. Ethical and Societal IssuesTerrorism, Carnivores, and Echelons • Carnivorous methods • FBI developed Carnivore • Device is attached to the ISP servers to monitor email • Top Echelon • Surveillance system Management Information Systems, 4th Edition

  31. Summary • Information Security has certain major goals • There are different types of risks to information systems • There are various types of attacks on networked systems • There are different types of controls that ensure integrity of data and e-commerce • There are various measures that can protect data and ISs Management Information Systems, 4th Edition

More Related