Security and control in Management Information System, software security, Security and control in Management Information System, malware, vulnerability, Security and control in Management Information System

1. SECURITY AND
CONTROL
BY SATYA PRAKASH JOSHI

2. SECURITY AND CONTROL
• Computer system play such a critical role in business, government
and daily life that firms need to make security and control a top
priority.
• Security refers to the policies procedures, and technical measures
used to prevent unauthorized access, alteration, theft, or physical
damage to information system.
• Control consist of all the methods, policies, accuracy and reliability
of its accounting records, and operational adherence to
management standards.

3. WHAT IS VULNERABILITY?
• a vulnerability is a weakness which allows an attacker to reduce a
system's information assurance.
• Vulnerability is the intersection of three elements: a system
susceptibility or flaw, attacker access to the flaw, and attacker
capability to exploit the flaw.
• Malware is a software which is specifically designed to disrupt or
damage a computer system.

4. WHAT SYSTEM VULNERABILITY?
• Telecommunication networks are highly vulnerable to natural failure of hardware
and software and to misuse by programmers, computer operators, maintenance
staff and end-users.
• It is possible to tap communications lines and illegally intercept data.
• High speed transformation over twisted wire communication channels causes
interfaces called crosstalk.
• Radiations can disrupt a network at various point as well.
• The potential for unauthorized access, abuse or fraud is not limited to a single
location but can occur at any access point in the network

5. WHY SYSTEMS ARE VULNERABLE?
• They can stem from technical, organization, and environmental factors
compounded by poor management decisions.
• In the multitier client server computing environment vulnerability exist at each layer
in the communications between the layers.
• Users at the client layer can cause harm by introducing errors or by accessing
systems without authorization .
• It is possible to access data flowing over network steal valuable data during
transmission or alter message without authorization.
• Radiation can disrupt a network at various points as well.
• Intruders can launch denial of service attacks or malicious software to disrupt the
operation of websites.

6. CONTI…

7. INTERNAL THREATS
We think the security threats to a business originate outside the organization but
the fact, the largest financial threats to business institutions come from insiders.
Lack of knowledge is the single greatest cause of network security breaches. Many
employees forget their passwords to access computer system or allow other co-
workers to use them.
• Hacker : A hacker is a person who gains unauthorized access to a computer
network for profits criminal, mischief or personal pleasure.
• Security: Policies, procedures and technical measures used to prevent
unauthorized access, attraction, theft or physical damage or information system.

8. CONTEMPORARY SECURITY CHALLENGES AND
VULNERABILITIES
• Architecture of a web based application typically includes a web client, a server,
and corporate information system linked to database.
• Each of these components presents security challenges and vulnerabilities.
Floods, fires, power failures, and other electrical problems can cause disruptions
at any point in the network.
• System malfunction if computer hardware breaks down, if not configured
properly or is damaged by improper use or criminal acts. i.e error in
programming, improper installation, or unauthorized changes causes computer
to fail.

9. INTERNET VULNERABILITIES
• Larger public network such as the Internet are most vulnerable than internal
networks because they are virtually open to anyone.
• When the Internet becomes part of the corporate network, the organization’s
information systems are even more vulnerable to action from outsiders.
• Most Voice Over IP (VoIP) traffic over the public Internet is not encrypted, so
anyone linked to a network can listen in a conversations.
• Hackers can intercept conversation to obtain credit card and other confidential
personal information or shut down voice service by flooding servers supporting
VoIP with bogus traffic.

10. WIRELESS SECURITY CHALLENGES
• Wireless network using radio-based technology are even more vulnerable to
penetration because radio frequency bands are easy to scan.
• WiFi – Wireless Fidelity only several hundred feed, it can be extended up to one-
fourth of a mile using external antennae's.
• Local area networks (LANs that use the 802.11b (WiFi) standard can be easily
penetrated by outsiders armed with laptops, wireless cards, external antennae
and freeware hacking software.
• Hackers use these tools to detect unprotected networks, monitor network traffic,
and in some cases, gain access to the Internet or to corporate networks.

11. SOFTWARE VULNERABILITY
• Software vulnerability cause huge lose of the company or any organization.
• Major problems with software is the presence of hidden bugs or program code
defects.
• Virtually impossible to eliminate all bugs from large programs.
• Even after rigorous testing, developers do not know for sure that a piece of
software is dependable until the product proves itself after much operational use.

12. CONT..
• To correct software flaws once they are identified, the software vendor creates
lines of code called patches to repair the flaw without disturbing proper
operation of the software.
• Best example is Firewall to protect against viruses and intruders, capabilities for
automatic security updates.
• It is up to users of the software to track these vulnerabilities, test, and apply all
patches. This process is called patch management.

13. BUSINESS VALUE OF SECURITY AND CONTROL
• Security and control have become a critical, although perhaps unappreciated,
area of information system investment.
• When computer system fail to run or work as required, first that depends heavily
on computer experience serious loss.
• Longer computer systems down serious loss.
• These days every organization depends on Internet and Networked system.

14. • 2003 corporate networks and home
computer systems were
overwhelmed by attacks from the
SoBig.F worm. SoBig.
• SoBig caused an estimated $50
million in damage in the United
States alone during that period,
temporarily disabling freight and
computer traffic
• Companies have very valuable
information assets to protect.
Systems often house confidential
information about individuals’ taxes,
financial assets, medical records, and
job performance reviews.
• Businesses must protect not only
their own information assets but also
those of customers, employees, and
business partners.