Академический Документы
Профессиональный Документы
Культура Документы
4/29/2012
WHAT TO SECURE?
Control the loss of assets Ensure integrity & reliability of data Improve efficiency / effectiveness of the data
To ensure all these, the manager must make sure that all risks are identified and appropriate security controls applied
4/29/2012
DANGERS
Natural disasters Thieves Industrial spies Disgruntled employees Computer viruses Accidents Poorly trained & nave employees
4/29/2012
RISK
Could be total or partial monetary loss due to loss of information Manager needs to understand & calculate the cost of securing a system against the money lost if it is harmed Compute the loss that could occur with the probability of the occurrence Basic question is how will the organization respond to a specific loss. ( is how valuable is the asset ) Potential loss due to loss of data or an inaccurate system, which produces incorrect reports.
4/29/2012
Physical controls
COMMON CONTROLS
Locks on doors, keyboards etc. Also ways to control natural threats from heat, dust fire etc
Electronic controls
Heat, motion, humidity sensors, log-on ID, passwords, hand/ voice/ retina print controls
Software controls
Programming code to prevent errors, controls on login beyond working hours, monitor who logs on and when
Management controls
Enforced backups, necessary employee training
Some of these may be simple, implemented by the manager, but others may requires specialists
4/29/2012 6
NATURAL DISASTERS
Floods, water damage, earthquakes, tornadoes, hurricanes, wind & storm damage Disaster prevention
Backup power supplies, special building materials & locations, drainage systems or special construction
Disaster containment
Contingency plans in place, in case something happens Hot site recovery firms provide computer facility for others which can be used almost immediately
4/29/2012
EMPLOYEE ERRORS
Accidental formatting of hard disk instead of floppy Incorrect data entry, (price, or salary etc) which might be connected to many files & programs, compounding the error Logical errors, like rounding off of whole numbers, on spreadsheets resulting in major losses COMPUTER CRIMES LIKE FRAUD, FORGERY & THEFT CAN HAPPEN FROM WITHIN THE ORGANIZATION OR FROM OUTSIDE
4/29/2012 8
INDUSTRIAL ESPIONAGE
Using scanners or phone taps to get faxes of important documents Dial-in access can be misused by spies Laptops or notebooks could be physically stolen to capture the data they contain
4/29/2012
HACKING
Unauthorized entry into computer systems Infecting the system by sending virus, stealing data, damaging it or vandalizing it
4/29/2012
10
A virus is a hidden program that inserts itself into your computer system and forces the system to clone it. It can travel over the network to all other computers connected to it. Some viruses disguise themselves as utility programs May result in modifying data, erasing files, formatting disks Infection can come through email, or through any website Some viruses may lie dormant and start reproducing at a particular time Best way to counter them is to use more than one anti-virus program, and regularly upgrade them
4/29/2012 11
COMPUTER VIRUSES
4/29/2012
12
PRIVACY VIOLATIONS
Privacy is the capacity of individuals or organizations to control information about themselves. Privacy rights imply the types and amount of data that may be collected about individuals or organizations is limited; that individuals & organizations have the ability to access, examine & correct the data stored about them, and that disclosure, use or dissemination of those data is limited Privacy also includes e-mail messages EDI is also an issue, as it contains important financial information Hard copies should be shredded & disks demagnetized & shredded Automatic screen blanking to ensure that no one passing by can view a screen of a computer left running
4/29/2012 13
Dedicated power lines for major computer systems Waterproof covers Air filters /conditioners Window bars & proper locks Alarm systems, CC TVs Security guards Bond employees Screen job applicants Develop procedures for disgruntled employees Use ID, Passwords
14
COMMUNICATION SYSTEMS
Line conditioning /shielding Error detection & correction methods Redundant lines & backup transmission lines Archived files Firewalls Auditing software Insurance Log of h-ware & line failures User ID, passwords Modem dial-back
Access of logs of users & terminals including invalid access logs Lockout after hours Encryption of transmitted passwords Encrypted data transmission Restrict access to other file directories & files Terminals in secure areas Train comm. Employees Enforce info sys compatibility standards
15
4/29/2012
4/29/2012
16
Stability
Compatible with all possible platforms,
Security features
Automatic backups, encryption, decryption, password protection
Process controls
Faulty logic or other incorrect formulae Cured by exception reports, end of file checks, sequence checks
4/29/2012 17
4/29/2012
18
Thank you
4/29/2012
19
Practice Questions
Q1. List and explain the common threats to computer systems Q2. Explain how client / server information systems can help managers Q3. Give out some recommendation for managing password Q4. What is Virus and Hacking. Q5. List the common threats and controls for information technology
4/29/2012 20