Top Banner

Click here to load reader

Chapter 6 Powerpoint Slides

Nov 22, 2014

ReportDownload

Documents

sandra4211

 

  • 1. 6- 6 Chapter Securing Information Systems 66 percent of all Webroot-scanned personal computers are infected with at least 25 spyware programs. Webroot (2005)
  • 2. Learning Objectives 6-
  • 3. Learning Objectives 6-
  • 4. Information Systems Security
    • All systems connected to a network are at risk
      • Internal threats
      • External threats
    • Information systems security
      • Precautions to keep IS safe from unauthorized access and use
    • Increased need for good computer security with increased use of the Internet
    6-
  • 5. Primary Threats to Information Systems Security
    • Accidents and natural disasters
      • Power outages, cats walking across keyboards
    • Employees and consultants
    • Links to outside business contacts
      • Travel between business affiliates
    • Outsiders
    • Viruses
    6-
  • 6. Unauthorized Access
    • Unauthorized people
      • Look through electronic data
      • Peek at monitors
      • Intercept electronic communication
    • Theft of computers or storage media
    • Determined hackers gain administrator status
    6-
  • 7. Gaining Access to a Password
    • Brute force
      • Try combinations until a match is found
    • Protection:
      • Wait time requirements after unsuccessful login attempt
      • CAPTCHA
    6-
  • 8. Information Modification
    • User accesses electronic information
    • User changes information
      • Employee gives himself a raise
    6-
  • 9. Denial of Service Attack
    • Attackers prevent legitimate users from accessing services
    • Zombie computers
      • Created by viruses or worms
      • Attack Web sites
    6-
  • 10. Computer Viruses
    • Corrupt and destroy data
    • Destructive code can
      • Erase a hard drive
      • Seize control of a computer
    • Worms
      • Variation of a virus
      • Replicate endlessly across the Internet
      • Servers crash
    • MyDoom attack on Microsofts Web site
    6-
  • 11. Spyware
    • Within freeware or shareware
    • Within a Web site
    • Gathers information about a user
      • Credit card information
      • Behavior tracking for marketing purposes
    • Eats up computers memory and network bandwidth
    • Adware special kind of spyware
      • Collects information for banner ad customization
    6-
  • 12. Spam
    • Electronic junk mail
    • Advertisements of products and services
    • Eats up storage space
    • Compromises network bandwidth
    • Spim
      • Spam over IM
    6-
  • 13. Protection Against Spam
    • Barracuda Spam Firewall 600
      • Filters spam and other email threats
      • Decreases amount of spam processed by the central e-mail server
      • Handles 3,000 10,000 active email users
      • Spam messages blocked or quarantines
    6-
  • 14. Phishing
    • Attempts to trick users into giving away credit card numbers
    • Phony messages
    • Duplicates of legitimate Web sites
    • E.g., eBay, PayPal have been used
    6-
  • 15. Cookies
    • Messages passed to a Web browser from a Web server
    • Used for Web site customization
    • Cookies may contain sensitive information
    • Cookie management and cookie killer software
    • Internet Explorer Web browser settings
    6-
  • 16. Other Threats to IS Security
    • Employees writing passwords on paper
    • No installation of antivirus software
    • Use of default network passwords
    • Letting outsiders view monitors
    Information Systems Today: Managing in the Digital World 6- 6-
  • 17. Other Threats to IS Security (II)
    • Organizations fail to limit access to some files
    • Organizations fail to install firewalls
    • Not doing proper background checks
    • Lack of employee monitoring
    • Fired employees who are resentful
    6-
  • 18. Learning Objectives 6-
  • 19. Safeguarding Information Systems Resources
    • Information systems audits
      • Risk analysis
        • Process of assessing the value of protected assets
          • Cost of loss vs. cost of protection
        • Risk reduction
          • Measures taken to protect the system
        • Risk acceptance
          • Measures taken to absorb the damages
        • Risk transfer
          • Transferring the absorption of risk to a third party
    6-
  • 20. Technological Safeguards
    • Physical access restrictions
      • Authentication
        • Use of passwords
        • Photo ID cards, smart cards
        • Keys to unlock a computer
        • Combination
    6-
    • Authentication limited to
      • Something you have
      • Something you know
      • Something you are
  • 21. Biometrics
    • Form of authentication
      • Fingerprints
      • Retinal patterns
      • Body weight
      • Etc.
    • Fast authentication
    • High security
    6-