1 / 30

Securing Information Systems

Chapter 8. Securing Information Systems. VIDEO CASES Case 1: Stuxnet and Cyber Warfare Case 2: Cyber Espionage: The Chinese Threat Case 3: UBS Access Key: IBM Zone Trusted Information Channel Instructional Video 1: Sony PlayStation Hacked; Data Stolen from 77 million users

katrinam
Download Presentation

Securing Information Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 8 Securing Information Systems VIDEO CASES Case 1: Stuxnet and Cyber Warfare Case 2: Cyber Espionage: The Chinese Threat Case 3: UBS Access Key: IBM Zone Trusted Information Channel Instructional Video 1: Sony PlayStation Hacked; Data Stolen from 77 million users Instructional Video 2: Zappos Working To Correct Online Security Breach Instructional Video 3: Meet the Hackers: Anonymous Statement on Hacking SONY

  2. System Vulnerability and Abuse • Why systems are vulnerable • Accessibility of networks • Hardware problems (breakdowns, configuration errors, damage from improper use or crime) • Software problems (programming errors, installation errors, unauthorized changes) • Disasters • Use of networks/computers outside of firm’s control • Loss and theft of portable devices

  3. System Vulnerability and Abuse • Wireless security challenges • Radio frequency bands easy to scan • SSIDs (service set identifiers) • Identify access points • Broadcast multiple times • Can be identified by sniffer programs • War driving • Eavesdroppers drive by buildings and try to detect SSID and gain access to network and resources • Once access point is breached, intruder can use OS to access networked drives and files

  4. System Vulnerability and Abuse • Malware (cont.) • Smartphones as vulnerable as computers • Study finds 13,000 types of smartphone malware • Trojan horses • Software that appears benign but does something other than expected • SQL injection attacks • Hackers submit data to Web forms that exploits site’s unprotected software and sends rogue SQL query to database • Ransomware

  5. System Vulnerability and Abuse • Malware (cont.) • Spyware • Small programs install themselves surreptitiously on computers to monitor user Web surfing activity and serve up advertising • Key loggers • Record every keystroke on computer to steal serial numbers, passwords, launch Internet attacks • Other types: • Reset browser home page • Redirect search requests • Slow computer performance by taking up memory

  6. System Vulnerability and Abuse • Internal threats: Employees • Security threats often originate inside an organization • Inside knowledge • Sloppy security procedures • User lack of knowledge • Social engineering: • Tricking employees into revealing their passwords by pretending to be legitimate members of the company in need of information

  7. Business Value of Security and Control • Legal and regulatory requirements for electronic records management and privacy protection • HIPAA: Medical security and privacy rules and procedures • Gramm-Leach-Bliley Act: Requires financial institutions to ensure the security and confidentiality of customer data • Sarbanes-Oxley Act: Imposes responsibility on companies and their management to safeguard the accuracy and integrity of financial information that is used internally and released externally

  8. Organizational Frameworks for Security and Control • Types of general controls • Software controls • Hardware controls • Computer operations controls • Data security controls • Implementation controls • Administrative controls

  9. Organizational Frameworks for Security and Control • Risk assessment: Determines level of risk to firm if specific activity or process is not properly controlled • Types of threat • Probability of occurrence during year • Potential losses, value of threat • Expected annual loss

  10. Organizational Frameworks for Security and Control • Disaster recovery planning: Devises plans for restoration of disrupted services • Business continuity planning: Focuses on restoring business operations after disaster • Both types of plans needed to identify firm’s most critical systems • Business impact analysis to determine impact of an outage • Management must determine which systems restored first

  11. Supply Chain Management Systems • Supply chain management software • Supply chain planning systems • Model existing supply chain • Enable demand planning • Optimize sourcing, manufacturing plans • Establish inventory levels • Identify transportation modes • Supply chain execution systems • Manage flow of products through distribution centers and warehouses

  12. Customer Relationship Management Systems • Customer relationship management (CRM) • Knowing the customer • In large businesses, too many customers and too many ways customers interact with firm • CRM systems: • Capture and integrate customer data from all over the organization • Consolidate and analyze customer data • Distribute customer information to various systems and customer touch points across enterprise • Provide single enterprise view of customers

  13. Customer Relationship Management Systems • Business value of CRM systems • Increased customer satisfaction • Reduced direct-marketing costs • More effective marketing • Lower costs for customer acquisition/retention • Increased sales revenue • Churn rate: • Number of customers who stop using or purchasing products or services from a company • Indicator of growth or decline of firm’s customer base

  14. Enterprise Applications: Challenges and Opportunities • Enterprise application challenges • Highly expensive to purchase and implement enterprise applications • Average cost of ERP project in 2014—$2.8 million • Technology changes • Business process changes • Organizational learning, changes • Switching costs, dependence on software vendors • Integrating cloud applications • Data standardization, management, cleansing

  15. Enterprise Applications: Challenges and Opportunities • Next-generation enterprise applications (cont.) • Social CRM • Incorporating social networking technologies • Company social networks • Monitor social media activity; social media analytics • Manage social and Web-based campaigns • Business intelligence • Inclusion of BI with enterprise applications • Flexible reporting, ad hoc analysis, “what-if” scenarios, digital dashboards, data visualization

  16. Unique Features of E-commerce, Digital Markets, and Digital Goods • Eight unique features of Internet and Web as commercial medium • Ubiquity • Global reach • Universal standards • Richness • Interactivity • Information density • Personalization/customization • Social technology

  17. Unique Features of E-commerce, Digital Markets, and Digital Goods • Ubiquity • Internet/Web technology available everywhere: work, home, and so on, anytime • Effect: • Marketplace removed from temporal, geographic locations to become “marketspace” • Enhanced customer convenience and reduced shopping costs • Reduces transaction costs • Costs of participating in market

  18. Unique Features of E-commerce, Digital Markets, and Digital Goods • Interactivity • The technology works through interaction with the user. • Effect: • Consumers engaged in dialog that dynamically adjusts experience to the individual. • Consumer becomes co-participant in process of delivering goods to market.

  19. Unique Features of E-commerce, Digital Markets, and Digital Goods • Digital goods • Goods that can be delivered over a digital network • For example: music tracks, video, software, newspapers, books • Cost of producing first unit is almost entire cost of product • Costs of delivery over the Internet very low • Marketing costs remain the same; pricing highly variable • Industries with digital goods are undergoing revolutionary changes (publishers, record labels, etc.)

  20. E-commerce Business and Revenue Models • E-commerce business models • Portal • E-tailer • Content provider • Transaction broker • Market creator • Service provider • Community provider

  21. E-commerce Business and Revenue Models • E-commerce revenue models • Advertising • Sales • Subscription • Free/Freemium • Transaction fee • Affiliate

  22. How Has E-commerce Transformed Marketing? • Social shopping sites • Wisdom of crowds • Crowdsourcing • Large numbers of people can make better decisions about topics and products than a single person. • Prediction markets • Peer-to-peer betting markets on specific outcomes (elections, sales figures, designs for new products)

  23. Knowledge Work Systems • Examples of knowledge work systems • CAD (computer-aided design): • Creation of engineering or architectural designs • 3D printing • Virtual reality systems: • Simulate real-life environments • 3D medical modeling for surgeons • Augmented reality (AR) systems • VRML • Investment workstations: • Streamline investment process and consolidate internal, external data for brokers, traders, portfolio managers

  24. Intelligent Techniques • Intelligent techniques: Used to capture individual and collective knowledge and to extend knowledge base • To capture tacit knowledge: Expert systems, case-based reasoning, fuzzy logic • Knowledge discovery: Neural networks and data mining • Generating solutions to complex problems: Genetic algorithms • Automating tasks: Intelligent agents • Artificial intelligence (AI) technology: • Computer-based systems that emulate human behavior

  25. Intelligent Techniques • Expert systems: • Capture tacit knowledge in very specific and limited domain of human expertise • Capture knowledge of skilled employees as set of rules in software system that can be used by others in organization • Typically perform limited tasks that may take a few minutes or hours, for example: • Diagnosing malfunctioning machine • Determining whether to grant credit for loan • Used for discrete, highly structured decision making

  26. Intelligent Techniques • Neural networks • Find patterns and relationships in massive amounts of data too complicated for humans to analyze • “Learn” patterns by searching for relationships, building models, and correcting over and over again • Humans “train” network by feeding it data inputs for which outputs are known, to help neural network learn solution by example • Used in medicine, science, and business for problems in pattern classification, prediction, financial analysis, and control and optimization

  27. Intelligent Techniques • Intelligent agents • Work without direct human intervention to carry out specific, repetitive, and predictable tasks for user, process, or application • Deleting junk e-mail • Finding cheapest airfare • Use limited built-in or learned knowledge base • Some are capable of self-adjustment, for example: Siri • Agent-based modeling applications: • Systems of autonomous agents • Model behavior of consumers, stock markets, and supply chains; used to predict spread of epidemics

  28. Intelligent Techniques • Machine learning • How computer programs improve performance without explicit programming • Recognizing patterns • Experience • Prior learnings (database) • Contemporary examples • Google searches • Recommender systems on Amazon, Netflix

  29. Intelligent Techniques • How expert systems work • Knowledge base: Set of hundreds or thousands of rules • Inference engine: Strategy used to search knowledge base • Forward chaining: Inference engine begins with information entered by user and searches knowledge base to arrive at conclusion • Backward chaining: Begins with hypothesis and asks user questions until hypothesis is confirmed or disproved

  30. Intelligent Techniques • Hybrid AI systems • Genetic algorithms, fuzzy logic, neural networks, and expert systems integrated into single application to take advantage of best features of each • For example: Matsushita “neurofuzzy” washing machine that combines fuzzy logic with neural networks

More Related