《南京中医药大学管理信息系统ppt-(11)课件》由会员分享,可在线阅读,更多相关《南京中医药大学管理信息系统ppt-(11)课件(37页珍藏版)》请在金锄头文库上搜索。
1、10,Chapter,Security and Control,OBJECTIVES,Explain why information systems need special protection from destruction, error, and abuse Assess the business value of security and control Evaluate elements of an organizational and managerial framework for security and control,Management Information Syst
2、ems Chapter 10 Security and Control,Evaluate the most important tools and technologies for safeguarding information resources Identify the challenges posed by information systems security and control and management solutions,OBJECTIVES (Continued),Management Information Systems Chapter 10 Security a
3、nd Control,Challenge: provide network and infrastructure security to a financial services firm in a Web-enabled high-threat environment Solutions: outsource to a well-known security firm the task of providing 24 x 7 network and infrastructure monitoring and reporting Real-time security monitoring 24
4、 x 7, best practices, online security portal, data mining of network transactions Illustrates the role of system and network security in providing customers with service and managing corporate risk in online environments,Management Information Systems Chapter 10 Security and Control,Wesfarmers Limit
5、ed Case,SYSTEM VULNERABILITY AND ABUSE,Why Systems Are Vulnerable,Management Information Systems Chapter 10 Security and Control,Contemporary Security Challenges and Vulnerabilities,Figure 10-1,Use of fixed Internet addresses through use of cable modems or DSL Lack of encryption with most Voice over
6、 IP (VoIP) Widespread use of e-mail and instant messaging (IM),Management Information Systems Chapter 10 Security and Control,SYSTEM VULNERABILITY AND ABUSE,Internet Vulnerabilities:,Why Systems Are Vulnerable (Continued),Radio frequency bands are easy to scan The service set identifiers (SSID) iden
7、tifying the access points broadcast multiple times,Management Information Systems Chapter 10 Security and Control,SYSTEM VULNERABILITY AND ABUSE,Wireless Security Challenges:,SYSTEM VULNERABILITY AND ABUSE,Wi-Fi Security Challenges,Management Information Systems Chapter 10 Security and Control,Figur
8、e 10-2,Computer viruses, worms, trojan horses Spyware Spoofing and Sniffers Denial of Service (DoS) Attacks Identity theft Cyberterrorism and Cyberwarfare Vulnerabilities from internal threats (employees); software flaws,Management Information Systems Chapter 10 Security and Control,SYSTEM VULNERABI
9、LITY AND ABUSE,Malicious Software: Viruses, Worms, Trojan Horses, and Spyware,Hackers and Cybervandalism,SYSTEM VULNERABILITY AND ABUSE,Worldwide Damage from Digital Attacks,Management Information Systems Chapter 10 Security and Control,Figure 10-3,Inadequate security and control may create serious
10、legal liability. Businesses must protect not only their own information assets but also those of customers, employees, and business partners. Failure to do so can lead to costly litigation for data exposure or theft. A sound security and control framework that protects business information assets ca
11、n thus produce a high return on investment.,Management Information Systems Chapter 10 Security and Control,BUSINESS VALUE OF SECURITY AND CONTROL,Security Incidents Continue to Rise,Management Information Systems Chapter 10 Security and Control,BUSINESS VALUE OF SECURITY AND CONTROL,Figure 10-4,Sour
12、ce: CERT Coordination Center, www.cert.org, accessed July 6, 2004.,Management Information Systems Chapter 10 Security and Control,BUSINESS VALUE OF SECURITY AND CONTROL,Legal and Regulatory Requirements for Electronic Records Management,Electronic Records Management (ERM): Policies, procedures and t
13、ools for managing the retention, destruction, and storage of electronic records,Management Information Systems Chapter 10 Security and Control,BUSINESS VALUE OF SECURITY AND CONTROL,Data Security and Control Laws:,The Health Insurance Portability and Accountability Act (HIPAA) Gramm-Leach-Bliley Act
14、 Sarbanes-Oxley Act of 2002,Electronic Evidence: Computer data stored on disks and drives, e-mail, instant messages, and e-commerce transactions Computer Forensics: Scientific collection, examination, authentication, preservation, and analysis of computer data for use as evidence in a court of law,M
15、anagement Information Systems Chapter 10 Security and Control,BUSINESS VALUE OF SECURITY AND CONTROL,Electronic Evidence and Computer Forensics,General controls: Software and hardware Computer operations Data security Systems implementation process,Management Information Systems Chapter 10 Security
16、and Control,ESTABLISHING A MANAGEMENT FRAMEWORK FOR SECURITY AND CONTROL,Types of Information Systems Controls,Input Processing Output,Management Information Systems Chapter 10 Security and Control,ESTABLISHING A MANAGEMENT FRAMEWORK FOR SECURITY AND CONTROL,Application controls:,Determines the level of risk to the firm if a specific activity or process is not properly controlled,Management Information Systems Chapter 10 Security and Control,ESTABLISHING A MANAGEMENT FRAMEWORK FOR SECURITY AND C
