SlideShare a Scribd company logo

Lecture 7---Security (1).pdf

Z
ZeeshanMajeed15

This document summarizes key points from a lecture on information security. It describes the relationships between hackers and viruses, and how information security policies relate to security plans. It also provides examples of three primary security areas: authentication and authorization using passwords, smart cards, or biometrics; prevention and resistance using content filtering, encryption, and firewalls; and detection and response using intrusion detection systems, antivirus software, and unified threat management systems. Vulnerabilities discussed include network accessibility, hardware and software problems, and wireless challenges. Security threats include hackers, malware, spoofing, sniffing, and identity theft. The document emphasizes that people are the biggest security issue and that policies, plans, and technology work together as lines of defense.

1 of 36
Download to read offline
Management Information Systems Gabriella Kereszturi Lecture 7: Information Security
MAIN POINTS Describing the relationships and differences between hackers and viruses Describing the relationship between information security policies and an information security plan Providing an example of each of the three primary security areas: (1) authentication and authorization, (2) prevention and resistance, and (3) detection and response
• Why systems are vulnerable – Accessibility of networks – Hardware problems (breakdowns, configuration errors, damage from improper use or crime) – Software problems (programming errors, installation errors, unauthorized changes) – Disasters – Use of networks/computers outside of firm’s control – Loss and theft of portable devices Systems Vulnerability and Abuse Source: Laudon & Laudon (2016)
The architecture of a Web-based application typically includes a Web client, a server, and corporate information systems linked to databases. Each of these components presents security challenges and vulnerabilities. Floods, fires, power failures, and other electrical problems can cause disruptions at any point in the network. Source: Laudon & Laudon (2016) Security Challenges & Vulnerabilities
• Internet vulnerabilities – Network open to anyone – Size of Internet means abuses can have wide impact – Use of fixed Internet addresses …… creates fixed targets for hackers – E-mail, IM, …. • Interception • Attachments with malicious software • Transmitting trade secrets - Wireless security challenges - Etc… System Vulnerability and Abuse Source: Laudon & Laudon (2016)
Many Wi-Fi networks can be penetrated easily by intruders using sniffer programs to obtain an address to access the resources of a network without authorization. WI-FI Security Challenges Source: Laudon & Laudon (2016)
Protecting Intellectual Assets • Organizational information is intellectual capital - it must be protected • Information security – The protection of information from accidental or intentional misuse by persons inside or outside an organization • Downtime – Refers to a period of time when a system is unavailable
Security Threats Caused by Hackers and Malware • Hacker – Experts in technology who use their knowledge to break into computers and computer networks, either for profit / benefit or just motivated by the challenge – Black-hat hacker – White-hat hacker – Hactivist – Cracker – Cyberterrorist
Hackers • White-hat hackers—work at the request of the system owners to find system vulnerabilities and plug the holes • Black-hat hackers —break into other people’s computer systems and may just look around or may steal and destroy information • Hactivists—have philosophical and political reasons for breaking into systems and will often deface the website as a protest
Hackers • Cracker—a hacker with criminal intent • Cyberterrorists—seek to cause harm to people or to destroy critical systems or information and use the Internet as a weapon of mass destruction
– Viruses • Malicious software program that attaches itself to other software programs or data files in order to be executed – Worms • Independent programs that copy themselves from one computer to other computers over a network. – Worms and viruses spread by • Downloads (drive-by downloads) • E-mail, IM attachments • Downloads on Web sites and social networks Malware (Malicious Software) Source: Laudon & Laudon (2016)
• Denial-of-service attacks (DoS) – Flooding server with thousands of false requests to crash the network • Distributed denial-of-service attacks (DDoS) – Use of numerous computers to launch a DoS Malware (Malicious Software) Source: Laudon & Laudon (2016)
– Trojan horses • Software that appears harmless but does something other than expected – Spyware • Small programs install themselves in secret/by improper means on computers to monitor user Web surfing activities….. Malware (Malicious Software) Source: Laudon & Laudon (2016)
How Malicious Software Spread?
Security threats …. • Malicious code includes a variety of threats (eg viruses, worms, and Trojan horses) • Spoofing is the forging of the return address on an email so that the email message appears to come from someone other than the actual sender. This is not a virus but rather a way by which virus authors hide their identities as they send out viruses.
Security threats …. • A sniffer is a program or device that can monitor data traveling over a network. Sniffers can show all the data being transmitted over a network, including passwords and sensitive information. Sniffers tend to be a favorite weapon in the hacker’s arsenal.
• Pharming – Redirects users to a bogus Web page, even when individual types correct Web page address into his or her browser • Identity theft – Theft of personal Information (social security ID, driver’s license, or credit card numbers) to impersonate someone else • Phishing – Sending an e-mail messages that look like from a legitimate businesses to ask users for confidential personal data and this may include a link to a fake Web sites Security threats …. Source: Laudon & Laudon (2016)
The First Line of Defense - People • Organizations must enable employees, customers, and partners to access information electronically • The biggest issue surrounding information security is not a technical issue, but a people issue
The First Line of Defense - People • The first line of defense an organization should follow to help combat insider issues is to develop information security policies and an information security plan – Information security policies – identify the rules required to maintain information security – Information security plan – details how an organization will implement the information security policies
The Second Line of Defense - Technology • There are three primary information technology security areas
Authentication and Authorization • Authentication – A method for confirming users’identities • Authorization – The process of giving someone permission to do or have something • The most secure type of authentication involves 1. Something the user knows 2. Something the user has 3. Something that is part of the user
Something the User Knows Such As a User ID and Password • This is the most common way to identify individual users and typically contains a user ID and a password • This is also the most ineffective form of authentication • Over 50 % of help-desk calls are password related
• Smart cards and tokens are more effective than a user ID and a password – Tokens – Small electronic devices that change user passwords automatically – Smart card – A device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing Something the User has Such As Smart cards and tokens
Something That Is Part Of The User Such As a Fingerprint or Iris • This is by far the best and most effective way to manage authentication – Biometrics – The identification of a user based on a physical characteristic, such as a fingerprint, iris, voice, or handwriting • Unfortunately, this method can be costly and intrusive
Prevention and Resistance • Downtime can cost an organization anywhere from $100 to $1 million per hour • Technologies available to help prevent and build resistance to attacks include 1. Content filtering 2. Encryption 3. Firewalls
Prevention and Resistance • Content filtering - Prevents emails containing sensitive information from transmitting and stops spam and viruses from spreading
Prevention and Resistance • If there is an information security breach and the information was encrypted, the person stealing the information would be unable to read it – Encryption – Public key encryption (PKE)
Prevention and Resistance Encryption – scrambles information into an alternative form that requires a key or password to decrypt the information Public key encryption (PKE) – an encryption system that uses two keys: a public key for everyone and a private key for the recipient
A public key encryption system can be viewed as a series of public and private keys that lock data when they are transmitted and unlock the data when they are received. The sender locates the recipient’s public key in a directory and uses it to encrypt a message. The message is sent in encrypted form over the Internet or a private network. When the encrypted message arrives, the recipient uses his or her private key to decrypt the data and read the message. Public Key Encryption Source: Laudon & Laudon (2016)
Watch this video • https://www.youtube.com/watch?v=E5FEqGYLL0o • https://www.youtube.com/watch?v=EJd8zqN3zTw
Firewall: – Combination of hardware and software that prevents unauthorized users from accessing private networks Prevention and Resistance Source: Laudon & Laudon (2016)
The firewall is placed between the firm’s private network and the public Internet or another distrusted network to protect against unauthorized traffic. Source: Laudon & Laudon (2016) A Corporate Firewall
Detection and Response • If prevention and resistance strategies fail and there is a security breach, an organization can use detection and response technologies to mitigate the damage
• Intrusion detection systems: – Monitors hot spots on corporate networks to detect and deter intruders – Examines events as they are happening to discover attacks in progress • Antivirus and antispyware software: – Checks computers for presence of malware and can often eliminate it as well – Requires continual updating • Unified threat management (UTM) systems Detection and Response Source: Laudon & Laudon (2016)
Task • Read chapter 8 (textbook) and related material and videos.
References • Baltzan, P. ( 2016) Business Driven Information Systems. Global Edition, 5th ed McGraw-Hill/NY. • Laudon K.C. and Laudon J.P. (2016) Management Information Systems, Managing the Digital Firm, 14th ed. Prentice Hall. • Laudon K.C. and Laudon J.P. (2020) Management Information Systems, Managing the Digital Firm, 16th ed. Prentice Hall.
Ad

Recommended

Lecture 01 Information Security BS computer Science
Lecture 01 Information Security BS computer ScienceLecture 01 Information Security BS computer Science
Lecture 01 Information Security BS computer Science
maqib8373
 
Lecture 3 security threats in data analysis.pptx
Lecture 3 security threats in data analysis.pptxLecture 3 security threats in data analysis.pptx
Lecture 3 security threats in data analysis.pptx
chesenybrian2022
 
DOC-20250311-WA00nnjnnnnnnnnnnnnnnnnnn..pptx
DOC-20250311-WA00nnjnnnnnnnnnnnnnnnnnn..pptxDOC-20250311-WA00nnjnnnnnnnnnnnnnnnnnn..pptx
DOC-20250311-WA00nnjnnnnnnnnnnnnnnnnnn..pptx
AlishbaAbbasi5
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganised
Bule Hora University
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security Measures
Carl B. Forkner, Ph.D.
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
Data protection and security
Data protection and securityData protection and security
Data protection and security
nazar60
 
chapter13 - Computing Security Ethics.pdf
chapter13 - Computing Security Ethics.pdfchapter13 - Computing Security Ethics.pdf
chapter13 - Computing Security Ethics.pdf
satonaka3
 
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Cengage Learning
 
Lecture 6 Cybersecurity-Basics and .pptx
Lecture 6 Cybersecurity-Basics and .pptxLecture 6 Cybersecurity-Basics and .pptx
Lecture 6 Cybersecurity-Basics and .pptx
akatsesena2003
 
Cyber security detailed ppt and understand
Cyber security detailed ppt and understandCyber security detailed ppt and understand
Cyber security detailed ppt and understand
docpain605501
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
BilalMehmood44
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITY
afaque jaya
 
Information Security Audit and Analysis Module
Information Security Audit and Analysis ModuleInformation Security Audit and Analysis Module
Information Security Audit and Analysis Module
AvinashAvuthu2
 
unit 5 FCS efujhgdkkifevnurdviutfjiutdffgii
unit 5 FCS efujhgdkkifevnurdviutfjiutdffgiiunit 5 FCS efujhgdkkifevnurdviutfjiutdffgii
unit 5 FCS efujhgdkkifevnurdviutfjiutdffgii
nickyy222333
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
JenetSilence
 
Information security
Information security Information security
Information security
Jin Castor
 
Network security
Network securityNetwork security
Network security
hajra azam
 
Unit 1 Network Fundamentals and Security .pptx
Unit 1 Network Fundamentals and Security .pptxUnit 1 Network Fundamentals and Security .pptx
Unit 1 Network Fundamentals and Security .pptx
Guna Dhondwad
 
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptx
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptxMateri Keamanan Siber Prinsip Keamanan Jaringan.pptx
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptx
Bernad Bear
 
Lecture 5.1.pptx
Lecture 5.1.pptxLecture 5.1.pptx
Lecture 5.1.pptx
Dibyesh1
 
Management Information Systems ( Security and Control.pptx
Management Information Systems ( Security and Control.pptxManagement Information Systems ( Security and Control.pptx
Management Information Systems ( Security and Control.pptx
NamugenyiBetty
 
Cyber Sequrity.pptx is life of cyber security
Cyber Sequrity.pptx is life of cyber securityCyber Sequrity.pptx is life of cyber security
Cyber Sequrity.pptx is life of cyber security
perweeng31
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
JoselitoJMebolos
 
Unit v
Unit vUnit v
Unit v
bharatnaruka90
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptx
Roshni814224
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptx
MsVaishaliKumar
 
Your Skill Boost Masterclass Online Safety and Cybersecurity Tips
Your Skill Boost Masterclass Online Safety and Cybersecurity TipsYour Skill Boost Masterclass Online Safety and Cybersecurity Tips
Your Skill Boost Masterclass Online Safety and Cybersecurity Tips
Excellence Foundation for South Sudan
 
Kiran Flemish - A Dynamic Musician
Kiran Flemish - A Dynamic MusicianKiran Flemish - A Dynamic Musician
Kiran Flemish - A Dynamic Musician
Kiran Flemish
 
From Dreams to Threads: The Story Behind The Chhapai
From Dreams to Threads: The Story Behind The ChhapaiFrom Dreams to Threads: The Story Behind The Chhapai
From Dreams to Threads: The Story Behind The Chhapai
The Chhapai
 
Ad

More Related Content

Similar to Lecture 7---Security (1).pdf (20)

Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Cengage Learning
 
Lecture 6 Cybersecurity-Basics and .pptx
Lecture 6 Cybersecurity-Basics and .pptxLecture 6 Cybersecurity-Basics and .pptx
Lecture 6 Cybersecurity-Basics and .pptx
akatsesena2003
 
Cyber security detailed ppt and understand
Cyber security detailed ppt and understandCyber security detailed ppt and understand
Cyber security detailed ppt and understand
docpain605501
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
BilalMehmood44
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITY
afaque jaya
 
Information Security Audit and Analysis Module
Information Security Audit and Analysis ModuleInformation Security Audit and Analysis Module
Information Security Audit and Analysis Module
AvinashAvuthu2
 
unit 5 FCS efujhgdkkifevnurdviutfjiutdffgii
unit 5 FCS efujhgdkkifevnurdviutfjiutdffgiiunit 5 FCS efujhgdkkifevnurdviutfjiutdffgii
unit 5 FCS efujhgdkkifevnurdviutfjiutdffgii
nickyy222333
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
JenetSilence
 
Information security
Information security Information security
Information security
Jin Castor
 
Network security
Network securityNetwork security
Network security
hajra azam
 
Unit 1 Network Fundamentals and Security .pptx
Unit 1 Network Fundamentals and Security .pptxUnit 1 Network Fundamentals and Security .pptx
Unit 1 Network Fundamentals and Security .pptx
Guna Dhondwad
 
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptx
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptxMateri Keamanan Siber Prinsip Keamanan Jaringan.pptx
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptx
Bernad Bear
 
Lecture 5.1.pptx
Lecture 5.1.pptxLecture 5.1.pptx
Lecture 5.1.pptx
Dibyesh1
 
Management Information Systems ( Security and Control.pptx
Management Information Systems ( Security and Control.pptxManagement Information Systems ( Security and Control.pptx
Management Information Systems ( Security and Control.pptx
NamugenyiBetty
 
Cyber Sequrity.pptx is life of cyber security
Cyber Sequrity.pptx is life of cyber securityCyber Sequrity.pptx is life of cyber security
Cyber Sequrity.pptx is life of cyber security
perweeng31
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
JoselitoJMebolos
 
Unit v
Unit vUnit v
Unit v
bharatnaruka90
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptx
Roshni814224
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptx
MsVaishaliKumar
 
Your Skill Boost Masterclass Online Safety and Cybersecurity Tips
Your Skill Boost Masterclass Online Safety and Cybersecurity TipsYour Skill Boost Masterclass Online Safety and Cybersecurity Tips
Your Skill Boost Masterclass Online Safety and Cybersecurity Tips
Excellence Foundation for South Sudan
 
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Cengage Learning
 
Lecture 6 Cybersecurity-Basics and .pptx
Lecture 6 Cybersecurity-Basics and .pptxLecture 6 Cybersecurity-Basics and .pptx
Lecture 6 Cybersecurity-Basics and .pptx
akatsesena2003
 
Cyber security detailed ppt and understand
Cyber security detailed ppt and understandCyber security detailed ppt and understand
Cyber security detailed ppt and understand
docpain605501
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
BilalMehmood44
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITY
afaque jaya
 
Information Security Audit and Analysis Module
Information Security Audit and Analysis ModuleInformation Security Audit and Analysis Module
Information Security Audit and Analysis Module
AvinashAvuthu2
 
unit 5 FCS efujhgdkkifevnurdviutfjiutdffgii
unit 5 FCS efujhgdkkifevnurdviutfjiutdffgiiunit 5 FCS efujhgdkkifevnurdviutfjiutdffgii
unit 5 FCS efujhgdkkifevnurdviutfjiutdffgii
nickyy222333
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
JenetSilence
 
Information security
Information security Information security
Information security
Jin Castor
 
Network security
Network securityNetwork security
Network security
hajra azam
 
Unit 1 Network Fundamentals and Security .pptx
Unit 1 Network Fundamentals and Security .pptxUnit 1 Network Fundamentals and Security .pptx
Unit 1 Network Fundamentals and Security .pptx
Guna Dhondwad
 
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptx
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptxMateri Keamanan Siber Prinsip Keamanan Jaringan.pptx
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptx
Bernad Bear
 
Lecture 5.1.pptx
Lecture 5.1.pptxLecture 5.1.pptx
Lecture 5.1.pptx
Dibyesh1
 
Management Information Systems ( Security and Control.pptx
Management Information Systems ( Security and Control.pptxManagement Information Systems ( Security and Control.pptx
Management Information Systems ( Security and Control.pptx
NamugenyiBetty
 
Cyber Sequrity.pptx is life of cyber security
Cyber Sequrity.pptx is life of cyber securityCyber Sequrity.pptx is life of cyber security
Cyber Sequrity.pptx is life of cyber security
perweeng31
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
JoselitoJMebolos
 
Unit v
Unit vUnit v
Unit v
bharatnaruka90
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptx
Roshni814224
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptx
MsVaishaliKumar
 
Your Skill Boost Masterclass Online Safety and Cybersecurity Tips
Your Skill Boost Masterclass Online Safety and Cybersecurity TipsYour Skill Boost Masterclass Online Safety and Cybersecurity Tips
Your Skill Boost Masterclass Online Safety and Cybersecurity Tips
Excellence Foundation for South Sudan
 

Recently uploaded (20)

Kiran Flemish - A Dynamic Musician
Kiran Flemish - A Dynamic MusicianKiran Flemish - A Dynamic Musician
Kiran Flemish - A Dynamic Musician
Kiran Flemish
 
From Dreams to Threads: The Story Behind The Chhapai
From Dreams to Threads: The Story Behind The ChhapaiFrom Dreams to Threads: The Story Behind The Chhapai
From Dreams to Threads: The Story Behind The Chhapai
The Chhapai
 
Mexico Office Furniture Market Share, Size, Growth & Trends (2025-2034)
Mexico Office Furniture Market Share, Size, Growth & Trends (2025-2034)Mexico Office Furniture Market Share, Size, Growth & Trends (2025-2034)
Mexico Office Furniture Market Share, Size, Growth & Trends (2025-2034)
janewatson684
 
www.visualmedia.com digital markiting (1).pptx
www.visualmedia.com digital markiting (1).pptxwww.visualmedia.com digital markiting (1).pptx
www.visualmedia.com digital markiting (1).pptx
Davinder Singh
 
intra-mart Accel series 2025 Spring updates-en.ppt
intra-mart Accel series 2025 Spring updates-en.pptintra-mart Accel series 2025 Spring updates-en.ppt
intra-mart Accel series 2025 Spring updates-en.ppt
NTTDATA INTRAMART
 
Comments on Cloud Stream Part II Mobile Hub V1 Hub Agency.pdf
Comments on Cloud Stream Part II Mobile Hub V1 Hub Agency.pdfComments on Cloud Stream Part II Mobile Hub V1 Hub Agency.pdf
Comments on Cloud Stream Part II Mobile Hub V1 Hub Agency.pdf
Brij Consulting, LLC
 
TNR Gold Investor Summary - Building The Green Energy Metals Royalty and Gold...
TNR Gold Investor Summary - Building The Green Energy Metals Royalty and Gold...TNR Gold Investor Summary - Building The Green Energy Metals Royalty and Gold...
TNR Gold Investor Summary - Building The Green Energy Metals Royalty and Gold...
Kirill Klip
 
The Peter Cowley Entrepreneurship Event Master 30th.pdf
The Peter Cowley Entrepreneurship Event Master 30th.pdfThe Peter Cowley Entrepreneurship Event Master 30th.pdf
The Peter Cowley Entrepreneurship Event Master 30th.pdf
Richard Lucas
 
Network Detection and Response (NDR): The Future of Intelligent Cybersecurity
Network Detection and Response (NDR): The Future of Intelligent CybersecurityNetwork Detection and Response (NDR): The Future of Intelligent Cybersecurity
Network Detection and Response (NDR): The Future of Intelligent Cybersecurity
GauriKale30
 
The Rise of Payroll Outsourcing in the UK: Key Statistics for 2025
The Rise of Payroll Outsourcing in the UK: Key Statistics for 2025The Rise of Payroll Outsourcing in the UK: Key Statistics for 2025
The Rise of Payroll Outsourcing in the UK: Key Statistics for 2025
QX Accounting Services Ltd
 
Alec Lawler - A Passion For Building Brand Awareness
Alec Lawler - A Passion For Building Brand AwarenessAlec Lawler - A Passion For Building Brand Awareness
Alec Lawler - A Passion For Building Brand Awareness
Alec Lawler
 
BeMetals_Presentation_May_2025 .pdf
BeMetals_Presentation_May_2025 .pdfBeMetals_Presentation_May_2025 .pdf
BeMetals_Presentation_May_2025 .pdf
DerekIwanaka2
 
INTRODUCTION OF MANAGEMENT.pdf CA SUVIDHA CHAPLOT
INTRODUCTION OF MANAGEMENT.pdf CA SUVIDHA CHAPLOTINTRODUCTION OF MANAGEMENT.pdf CA SUVIDHA CHAPLOT
INTRODUCTION OF MANAGEMENT.pdf CA SUVIDHA CHAPLOT
CA Suvidha Chaplot
 
The Fascinating World of Hats: A Brief History of Hats
The Fascinating World of Hats: A Brief History of HatsThe Fascinating World of Hats: A Brief History of Hats
The Fascinating World of Hats: A Brief History of Hats
nimrabilal030
 
NewBase 28 April 2025 Energy News issue - 1783 by Khaled Al Awadi_compressed...
NewBase 28 April 2025 Energy News issue - 1783 by Khaled Al Awadi_compressed...NewBase 28 April 2025 Energy News issue - 1783 by Khaled Al Awadi_compressed...
NewBase 28 April 2025 Energy News issue - 1783 by Khaled Al Awadi_compressed...
Khaled Al Awadi
 
Smart Home Market Size, Growth and Report (2025-2034)
Smart Home Market Size, Growth and Report (2025-2034)Smart Home Market Size, Growth and Report (2025-2034)
Smart Home Market Size, Growth and Report (2025-2034)
GeorgeButtler
 
Strategic Enterprise Management - Unit I.pptx
Strategic Enterprise Management - Unit I.pptxStrategic Enterprise Management - Unit I.pptx
Strategic Enterprise Management - Unit I.pptx
PrekshyaRana
 
CGG Deck English - Apr 2025-edit (1).pptx
CGG Deck English - Apr 2025-edit (1).pptxCGG Deck English - Apr 2025-edit (1).pptx
CGG Deck English - Apr 2025-edit (1).pptx
China_Gold_International_Resources
 
Petslify Turns Pet Photos into Hug-Worthy Memories
Petslify Turns Pet Photos into Hug-Worthy MemoriesPetslify Turns Pet Photos into Hug-Worthy Memories
Petslify Turns Pet Photos into Hug-Worthy Memories
Petslify
 
20250428 CDB Investor Deck_Apr25_vFF.pdf
20250428 CDB Investor Deck_Apr25_vFF.pdf20250428 CDB Investor Deck_Apr25_vFF.pdf
20250428 CDB Investor Deck_Apr25_vFF.pdf
yihong30
 
Kiran Flemish - A Dynamic Musician
Kiran Flemish - A Dynamic MusicianKiran Flemish - A Dynamic Musician
Kiran Flemish - A Dynamic Musician
Kiran Flemish
 
From Dreams to Threads: The Story Behind The Chhapai
From Dreams to Threads: The Story Behind The ChhapaiFrom Dreams to Threads: The Story Behind The Chhapai
From Dreams to Threads: The Story Behind The Chhapai
The Chhapai
 
Mexico Office Furniture Market Share, Size, Growth & Trends (2025-2034)
Mexico Office Furniture Market Share, Size, Growth & Trends (2025-2034)Mexico Office Furniture Market Share, Size, Growth & Trends (2025-2034)
Mexico Office Furniture Market Share, Size, Growth & Trends (2025-2034)
janewatson684
 
www.visualmedia.com digital markiting (1).pptx
www.visualmedia.com digital markiting (1).pptxwww.visualmedia.com digital markiting (1).pptx
www.visualmedia.com digital markiting (1).pptx
Davinder Singh
 
intra-mart Accel series 2025 Spring updates-en.ppt
intra-mart Accel series 2025 Spring updates-en.pptintra-mart Accel series 2025 Spring updates-en.ppt
intra-mart Accel series 2025 Spring updates-en.ppt
NTTDATA INTRAMART
 
Comments on Cloud Stream Part II Mobile Hub V1 Hub Agency.pdf
Comments on Cloud Stream Part II Mobile Hub V1 Hub Agency.pdfComments on Cloud Stream Part II Mobile Hub V1 Hub Agency.pdf
Comments on Cloud Stream Part II Mobile Hub V1 Hub Agency.pdf
Brij Consulting, LLC
 
TNR Gold Investor Summary - Building The Green Energy Metals Royalty and Gold...
TNR Gold Investor Summary - Building The Green Energy Metals Royalty and Gold...TNR Gold Investor Summary - Building The Green Energy Metals Royalty and Gold...
TNR Gold Investor Summary - Building The Green Energy Metals Royalty and Gold...
Kirill Klip
 
The Peter Cowley Entrepreneurship Event Master 30th.pdf
The Peter Cowley Entrepreneurship Event Master 30th.pdfThe Peter Cowley Entrepreneurship Event Master 30th.pdf
The Peter Cowley Entrepreneurship Event Master 30th.pdf
Richard Lucas
 
Network Detection and Response (NDR): The Future of Intelligent Cybersecurity
Network Detection and Response (NDR): The Future of Intelligent CybersecurityNetwork Detection and Response (NDR): The Future of Intelligent Cybersecurity
Network Detection and Response (NDR): The Future of Intelligent Cybersecurity
GauriKale30
 
The Rise of Payroll Outsourcing in the UK: Key Statistics for 2025
The Rise of Payroll Outsourcing in the UK: Key Statistics for 2025The Rise of Payroll Outsourcing in the UK: Key Statistics for 2025
The Rise of Payroll Outsourcing in the UK: Key Statistics for 2025
QX Accounting Services Ltd
 
Alec Lawler - A Passion For Building Brand Awareness
Alec Lawler - A Passion For Building Brand AwarenessAlec Lawler - A Passion For Building Brand Awareness
Alec Lawler - A Passion For Building Brand Awareness
Alec Lawler
 
BeMetals_Presentation_May_2025 .pdf
BeMetals_Presentation_May_2025 .pdfBeMetals_Presentation_May_2025 .pdf
BeMetals_Presentation_May_2025 .pdf
DerekIwanaka2
 
INTRODUCTION OF MANAGEMENT.pdf CA SUVIDHA CHAPLOT
INTRODUCTION OF MANAGEMENT.pdf CA SUVIDHA CHAPLOTINTRODUCTION OF MANAGEMENT.pdf CA SUVIDHA CHAPLOT
INTRODUCTION OF MANAGEMENT.pdf CA SUVIDHA CHAPLOT
CA Suvidha Chaplot
 
The Fascinating World of Hats: A Brief History of Hats
The Fascinating World of Hats: A Brief History of HatsThe Fascinating World of Hats: A Brief History of Hats
The Fascinating World of Hats: A Brief History of Hats
nimrabilal030
 
NewBase 28 April 2025 Energy News issue - 1783 by Khaled Al Awadi_compressed...
NewBase 28 April 2025 Energy News issue - 1783 by Khaled Al Awadi_compressed...NewBase 28 April 2025 Energy News issue - 1783 by Khaled Al Awadi_compressed...
NewBase 28 April 2025 Energy News issue - 1783 by Khaled Al Awadi_compressed...
Khaled Al Awadi
 
Smart Home Market Size, Growth and Report (2025-2034)
Smart Home Market Size, Growth and Report (2025-2034)Smart Home Market Size, Growth and Report (2025-2034)
Smart Home Market Size, Growth and Report (2025-2034)
GeorgeButtler
 
Strategic Enterprise Management - Unit I.pptx
Strategic Enterprise Management - Unit I.pptxStrategic Enterprise Management - Unit I.pptx
Strategic Enterprise Management - Unit I.pptx
PrekshyaRana
 
CGG Deck English - Apr 2025-edit (1).pptx
CGG Deck English - Apr 2025-edit (1).pptxCGG Deck English - Apr 2025-edit (1).pptx
CGG Deck English - Apr 2025-edit (1).pptx
China_Gold_International_Resources
 
Petslify Turns Pet Photos into Hug-Worthy Memories
Petslify Turns Pet Photos into Hug-Worthy MemoriesPetslify Turns Pet Photos into Hug-Worthy Memories
Petslify Turns Pet Photos into Hug-Worthy Memories
Petslify
 
20250428 CDB Investor Deck_Apr25_vFF.pdf
20250428 CDB Investor Deck_Apr25_vFF.pdf20250428 CDB Investor Deck_Apr25_vFF.pdf
20250428 CDB Investor Deck_Apr25_vFF.pdf
yihong30
 
Ad

Lecture 7---Security (1).pdf

  • 1. Management Information Systems Gabriella Kereszturi Lecture 7: Information Security
  • 2. MAIN POINTS Describing the relationships and differences between hackers and viruses Describing the relationship between information security policies and an information security plan Providing an example of each of the three primary security areas: (1) authentication and authorization, (2) prevention and resistance, and (3) detection and response
  • 3. • Why systems are vulnerable – Accessibility of networks – Hardware problems (breakdowns, configuration errors, damage from improper use or crime) – Software problems (programming errors, installation errors, unauthorized changes) – Disasters – Use of networks/computers outside of firm’s control – Loss and theft of portable devices Systems Vulnerability and Abuse Source: Laudon & Laudon (2016)
  • 4. The architecture of a Web-based application typically includes a Web client, a server, and corporate information systems linked to databases. Each of these components presents security challenges and vulnerabilities. Floods, fires, power failures, and other electrical problems can cause disruptions at any point in the network. Source: Laudon & Laudon (2016) Security Challenges & Vulnerabilities
  • 5. • Internet vulnerabilities – Network open to anyone – Size of Internet means abuses can have wide impact – Use of fixed Internet addresses …… creates fixed targets for hackers – E-mail, IM, …. • Interception • Attachments with malicious software • Transmitting trade secrets - Wireless security challenges - Etc… System Vulnerability and Abuse Source: Laudon & Laudon (2016)
  • 6. Many Wi-Fi networks can be penetrated easily by intruders using sniffer programs to obtain an address to access the resources of a network without authorization. WI-FI Security Challenges Source: Laudon & Laudon (2016)
  • 7. Protecting Intellectual Assets • Organizational information is intellectual capital - it must be protected • Information security – The protection of information from accidental or intentional misuse by persons inside or outside an organization • Downtime – Refers to a period of time when a system is unavailable
  • 8. Security Threats Caused by Hackers and Malware • Hacker – Experts in technology who use their knowledge to break into computers and computer networks, either for profit / benefit or just motivated by the challenge – Black-hat hacker – White-hat hacker – Hactivist – Cracker – Cyberterrorist
  • 9. Hackers • White-hat hackers—work at the request of the system owners to find system vulnerabilities and plug the holes • Black-hat hackers —break into other people’s computer systems and may just look around or may steal and destroy information • Hactivists—have philosophical and political reasons for breaking into systems and will often deface the website as a protest
  • 10. Hackers • Cracker—a hacker with criminal intent • Cyberterrorists—seek to cause harm to people or to destroy critical systems or information and use the Internet as a weapon of mass destruction
  • 11. – Viruses • Malicious software program that attaches itself to other software programs or data files in order to be executed – Worms • Independent programs that copy themselves from one computer to other computers over a network. – Worms and viruses spread by • Downloads (drive-by downloads) • E-mail, IM attachments • Downloads on Web sites and social networks Malware (Malicious Software) Source: Laudon & Laudon (2016)
  • 12. • Denial-of-service attacks (DoS) – Flooding server with thousands of false requests to crash the network • Distributed denial-of-service attacks (DDoS) – Use of numerous computers to launch a DoS Malware (Malicious Software) Source: Laudon & Laudon (2016)
  • 13. – Trojan horses • Software that appears harmless but does something other than expected – Spyware • Small programs install themselves in secret/by improper means on computers to monitor user Web surfing activities….. Malware (Malicious Software) Source: Laudon & Laudon (2016)
  • 15. Security threats …. • Malicious code includes a variety of threats (eg viruses, worms, and Trojan horses) • Spoofing is the forging of the return address on an email so that the email message appears to come from someone other than the actual sender. This is not a virus but rather a way by which virus authors hide their identities as they send out viruses.
  • 16. Security threats …. • A sniffer is a program or device that can monitor data traveling over a network. Sniffers can show all the data being transmitted over a network, including passwords and sensitive information. Sniffers tend to be a favorite weapon in the hacker’s arsenal.
  • 17. • Pharming – Redirects users to a bogus Web page, even when individual types correct Web page address into his or her browser • Identity theft – Theft of personal Information (social security ID, driver’s license, or credit card numbers) to impersonate someone else • Phishing – Sending an e-mail messages that look like from a legitimate businesses to ask users for confidential personal data and this may include a link to a fake Web sites Security threats …. Source: Laudon & Laudon (2016)
  • 18. The First Line of Defense - People • Organizations must enable employees, customers, and partners to access information electronically • The biggest issue surrounding information security is not a technical issue, but a people issue
  • 19. The First Line of Defense - People • The first line of defense an organization should follow to help combat insider issues is to develop information security policies and an information security plan – Information security policies – identify the rules required to maintain information security – Information security plan – details how an organization will implement the information security policies
  • 20. The Second Line of Defense - Technology • There are three primary information technology security areas
  • 21. Authentication and Authorization • Authentication – A method for confirming users’identities • Authorization – The process of giving someone permission to do or have something • The most secure type of authentication involves 1. Something the user knows 2. Something the user has 3. Something that is part of the user
  • 22. Something the User Knows Such As a User ID and Password • This is the most common way to identify individual users and typically contains a user ID and a password • This is also the most ineffective form of authentication • Over 50 % of help-desk calls are password related
  • 23. • Smart cards and tokens are more effective than a user ID and a password – Tokens – Small electronic devices that change user passwords automatically – Smart card – A device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing Something the User has Such As Smart cards and tokens
  • 24. Something That Is Part Of The User Such As a Fingerprint or Iris • This is by far the best and most effective way to manage authentication – Biometrics – The identification of a user based on a physical characteristic, such as a fingerprint, iris, voice, or handwriting • Unfortunately, this method can be costly and intrusive
  • 25. Prevention and Resistance • Downtime can cost an organization anywhere from $100 to $1 million per hour • Technologies available to help prevent and build resistance to attacks include 1. Content filtering 2. Encryption 3. Firewalls
  • 26. Prevention and Resistance • Content filtering - Prevents emails containing sensitive information from transmitting and stops spam and viruses from spreading
  • 27. Prevention and Resistance • If there is an information security breach and the information was encrypted, the person stealing the information would be unable to read it – Encryption – Public key encryption (PKE)
  • 28. Prevention and Resistance Encryption – scrambles information into an alternative form that requires a key or password to decrypt the information Public key encryption (PKE) – an encryption system that uses two keys: a public key for everyone and a private key for the recipient
  • 29. A public key encryption system can be viewed as a series of public and private keys that lock data when they are transmitted and unlock the data when they are received. The sender locates the recipient’s public key in a directory and uses it to encrypt a message. The message is sent in encrypted form over the Internet or a private network. When the encrypted message arrives, the recipient uses his or her private key to decrypt the data and read the message. Public Key Encryption Source: Laudon & Laudon (2016)
  • 30. Watch this video • https://www.youtube.com/watch?v=E5FEqGYLL0o • https://www.youtube.com/watch?v=EJd8zqN3zTw
  • 31. Firewall: – Combination of hardware and software that prevents unauthorized users from accessing private networks Prevention and Resistance Source: Laudon & Laudon (2016)
  • 32. The firewall is placed between the firm’s private network and the public Internet or another distrusted network to protect against unauthorized traffic. Source: Laudon & Laudon (2016) A Corporate Firewall
  • 33. Detection and Response • If prevention and resistance strategies fail and there is a security breach, an organization can use detection and response technologies to mitigate the damage
  • 34. • Intrusion detection systems: – Monitors hot spots on corporate networks to detect and deter intruders – Examines events as they are happening to discover attacks in progress • Antivirus and antispyware software: – Checks computers for presence of malware and can often eliminate it as well – Requires continual updating • Unified threat management (UTM) systems Detection and Response Source: Laudon & Laudon (2016)
  • 35. Task • Read chapter 8 (textbook) and related material and videos.
  • 36. References • Baltzan, P. ( 2016) Business Driven Information Systems. Global Edition, 5th ed McGraw-Hill/NY. • Laudon K.C. and Laudon J.P. (2016) Management Information Systems, Managing the Digital Firm, 14th ed. Prentice Hall. • Laudon K.C. and Laudon J.P. (2020) Management Information Systems, Managing the Digital Firm, 16th ed. Prentice Hall.