Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02

SECURITY AND SECURITY AND ETHICAL CHALLENGES ETHICAL CHALLENGES

OF INFORMATION OF INFORMATION TECHNOLOGYTECHNOLOGY

Presented by:-Presented by:-Anjali sharmaAnjali sharma

Khushboo ghanshaniKhushboo ghanshani

IT SECURITY & ETHICS

The use of IT in business has had major impacts on society & thus raises ethical issues ion the area of crime , privacy, individuality, employment, health & working conditions.

Hence IT has both negative & positive impacts.

So the responsibility of a business professional is to manage the high quality products & maintaining it.

Ethical Ethical Responsibility

SecurityEthics andSociety

Employment Privacy

Health Crime

WorkingConditions

Individuality

Need for Security 1. Reduce the risk of systems and

organizations ceasing operations.2. Maintaining information confidentiality.3. Ensure the integrity and reliability of

data resources.4. Ensure the uninterrupted availability of

data resources and online operations. 5. Ensure compliance with policies & laws

regarding security & privacy.

Security Security ManagementManagement

Goal of Security Goal of Security ManagementManagement

– Minimize errors, fraud, and losses in the e-business systems that interconnect businesses with their customers, suppliers, and other stakeholders

Security Measures

Encryption

Denial of ServiceDefenses

Fire Walls

MonitorE-mail

VirusDefenses

Security Measures (cont..)

SecurityCodes

SecurityMonitors

BackupFiles

BiometricSecurity Controls

Encryption

– Passwords, messages, files, and other data is transmitted in scrambled form and unscrambled for authorized users

– Involves using special mathematical algorithms to transform digital data in scrambled code

– Most widely used method uses a pair of public and private keys unique to each individual

Types of Encryption

Secret Key Algorithm , (symmetric encryption):

Symmetric or private key, encryption is based on a secret key that is shared by both communicating parties. The sending party uses the secret key as part of the mathematical operation to encipher plain text to cipher text. The receiving party uses the same secret key to decipher the cipher text to plain text.

Types of encrption (contd..)

Public Key Algorithm (Asymmetric Encryption):

It uses two different keys for each user; one is private key known only to this one user, the other is corresponding public key, which is accessible to anyone. The private & public keys are mathematically related by the encryption algorithm. One key is used for encryption and the other for decryption, depending on the nature of the communication service.

FirewallsServes as a

“gatekeeper” system that protects a company’s intranets and other computer networks from intrusion Provides a filter and

safe transfer point Screens all network

traffic for proper passwords or other security codes

Advantages of Firewalls

Provides security to both inbound & outbound traffic.

Response time is very high in case of high end firewalls.

Software firewalls are usually cheaper and preferred for individual computers where as hardware firewalls are for organizations and are costly.

Disadvantages of Firewalls

• Firewalls cannot protect the system from insider attacks.

• Installation & maintenance costs often become an overhead.

• Users surfing capabilities are reduced.

• If the firewall is configured with stringent rules, it constantly annoys user with False positives.

Denial of Service Defenses

These assaults depend on three layers of networked computer systems

Victim’s website Victim’s ISP Sites of “zombie” or slave

computers Defensive measures and

security precautions must be taken at all three levels

Security Measures (cont..)• E-mail Monitoring

“Spot checks just aren’t good enough anymore. The tide is turning toward systematic monitoring of corporate e-mail traffic using content-monitoring software that scans for troublesome words that might compromise corporate security.”

• Virus DefensesProtection may accomplished through

Centralized distribution and updating of antivirus software

Outsourcing the virus protection responsibility to ISPs or to telecommunications or security management companies

Security Measures (cont..)

Security codesMultilevel password system:-

Log onto the computer system, Gain access into the system, Access individual files

Backup FilesDuplicate files of data or programsFile retention measuresSometimes several generations of files

are kept for control purposes

CYBER TERRORISM• Cyber terrorism is the

convergence of terrorism and cyberspace. It is generally understood to mean unlawful attacks and threats of attack against computers, networks, and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives.

Cyber Terrorism

Basic facts about cyber terrorism

• Cyber attacks immediately follow physical attacks

• Cyber attacks are increasing in volume, sophistication, and coordination

• Cyber attackers are attracted to high-value targets

• Many, if not most, targets would probably be commercial computer and communications systems

What can we do..???

Go on the defensive now– Educate senior management on risks of cyber

warfare – Make infosec a top priority– Beef up your security technology– Insist on flawless execution: compliance to

security standards in all areasWork with other companies, government

agencies– NIPC– IT ISAC– SAINT