3. Objectives
Information Security
The Threats
Scope of Security Management
Tools for Computer Security
4. Information Security
Information security is more than just protecting
hardware and software from being crashed…
It’s about protecting the information resources that
keep the company operating
Goals are to ensure:
Data integrity, availability and confidentiality
Business continuity
6. Common Attacks - Corporate
Virus/Worm: A computer program that appears to
perform a legitimate task, but is a hidden malware
E.g., wipe out a hard drive; send out an unauthorized email,
etc.
Sniffing: Interception and reading of electronic messages
as they travel over the Internet
E.g., copy passwords, or credit card information
Denial of Service: Attacks from coordinated computers
that floods a site with so many requests until the site
crashes
Thousands of page requests/minute on an ecommerce site
(virus as well)
7. Common Attacks - Personal
Spoofing: Masquerade as a legitimate web site and
redirect traffic to a fraudulent site
Con artists: calling to offer credit card account to obtain
info about email, SSN, etc.
Phishing or Fishing: Fraudulent email attempt to obtain
sensitive information
E.g., email notifying a bank account owner that s/he account
had a security breach, and request the owner to log in a
fraudulent website to “reset the password”
8. Threats from inside….
Employee illegally accesses email accounts
Angry / misguided technical personnel:
Deletes sensitive data
Rewrites a program so that data is corrupted/company can’t operate
Leaves a ‘cyber bomb’ that detonates in the event he/she is fired
Employee steals sensitive data (customer) and sells it to a
competitor
10. Security’s Five Pillars
Authentication: Verifying the authenticity of users – ensuring
people are who they say they are.
ID/Password, biometric, questions
Identification: Identifying users to grant them appropriate
access
Allowing system to know who someone is to give appropriate
access rights
Privacy: Protecting information from being seen
E.g., against spyware installed without consent in a computer to
collect information
11. Security’s Five Pillars(Contd..)
Integrity: Keeping information in its original form
Ensuring data is not altered in any way
Non-repudiation: Preventing parties from denying
actions they have taken
Ensuring that the parties in a transaction are who they say
they are and cannot deny that transaction took place
12. Technical Countermeasures
Firewalls:
hardware/software to control access between networks
/ blocking unwanted access
> Windows Vista
Encryption/decryption:
Using an algorithm (cipher) to make a plain text
unreadable to anyone that does not have a key
SSL
13. Technical Countermeasures
Virtual Private Networks (VPNs)
Allow strong protection for data communications
Cheaper than private networks, but do not provide
100% end-to-end security
14. Encryption / SSL
An SSL Certificate
enables encryption of
sensitive information
during online
transactions.
Each SSL Certificate
contains unique,
authenticated
information about the
certificate owner.
Each SSL Certificate consists of a public key and a
A Certificate Authority
private key. Public key: scramble; Private Key:
verifies the identity of
unscramble
the certificate owner
Secure Sockets Layer handshake authenticates when it is issued.
the server (Web site) and the client (Web
browser).
Unique session key established and secure
transmission can begin.
15. Ethics Defined
Ethics refers to the principles of right and wrong that
individuals, acting as free moral agents, use to make choices
to guide their behaviors.
Information systems raise new ethical questions for
both individuals and societies because they create
opportunities for intense social change, and thus threaten
existing distributions of power, money, rights, and
obligations.
16. Ethical issues in information systems have been given new
urgency by the rise of the Internet and electronic
commerce.
Internet and digital firm technologies make it easier than
ever to assemble, integrate, and distribute information,
unleashing new concerns about the appropriate use of
customer information, the protection of personal privacy,
and the protection of intellectual property.
Insiders with special knowledge can “fool” information
systems by submitting phony records, and diverting cash, on
a scale unimaginable in the pre-computer era.
17. The major ethical, social, and political issues raised by information systems
include the following moral dimensions:
Information rights and obligations. What information rights do individuals
and organizations possess with respect to themselves? What can they protect?
What obligations do individuals and organizations have concerning this
information?
Property rights and obligations. How will traditional intellectual property
rights be protected in a digital society in which tracing and accounting for
ownership are difficult and ignoring such property rights is so easy?
Accountability and control. Who can and will be held accountable and liable
for the harm done to individual and collective information and property rights?
System quality. What standards of data and system quality should we demand
to protect individual rights and the safety of society?
Quality of life. What values should be preserved in an information- and
knowledge-based society? Which institutions should we protect from violation?
Which cultural values and practices are supported by the new information
technology?
18. Ethics in Information Technology
The increased use of information technology has raised
many ethical issues for today’s IT professional. Various
ethical issues are:
Plagiarism
Piracy
Hacking
Computer crime
Viruses
• Intellectual property
Work pressures imposed on computer professionals
19. Social Impacts
This infrastructure might affect real-time transactions
and make intermediaries such as sales clerks, stock
brokers and travel agents, whose function is to
provide an essential information link between buyers
and sellers, redundant.
Computers and communication technologies allow
individuals to communicate with one another in ways
complementary to traditional face-to-face, telephonic,
and written modes.
20. Social Impacts
It would be easier for individuals to work on flexible
schedules, to work part time, to share jobs, or to hold
two or more jobs simultaneously.
Beyond the net employment gains or losses brought
about by these factors, it is apparent that workers with
different skill levels will be affected differently.
21. Social Impacts
Advances in information technology will affect the craft of
teaching by complementing rather than eliminating
traditional classroom instruction.
Many issues also surround free speech and regulation of
content on the Internet, and there continue to be calls
for mechanisms to control objectionable content.
22. ACHIEVING ETHICS IN
INFORMATION TECHNOLOGY
Companies can get assistance in the form of ethics codes
and ethics educational programs to provide the
foundation for their culture
The ethics codes can be used as is or tailored to the firm
Educational programs can assist in developing a
corporate credo and in putting ethics programs in place
23. “The ongoing computing and communications revolution has numerous
economic and social impacts on modern society and requires serious
social science investigation in order to manage its risks and dangers.
Such work would be valuable for both social policy and technology
design”