Managing Security

Slide 15.
Chapter 15
Managing information security
Bocij, Chaffey, Greasley, Hickie, Business Information Systems, 3rd Edition Pearson Education Limited 2006
Slide 15.2
Learning objectives
After this lecture you should be able to:
understand and assess potential threats to a computer-based information system; propose an overall strategy for ensuring the security of a computer-based information system; identify specific techniques that might be used to protect
Slide 15.3
Management issues
From a managerial perspective, this lecture addresses the following areas: An understanding of approaches towards information systems security will help managers develop and implement an overall strategy for security. An understanding of the threats to information systems will help in predicting and anticipating acts such as denial of service attacks. Knowledge of specific techniques for protecting information systems will help in the development of effective countermeasures. As organisations turn to the Internet for business purposes, it becomes important to understand some of the new threats that must be faced.
Slide 15.4
Common threats to information

Accidents Natural disasters Sabotage (industrial and individual) Vandalism Theft Unauthorised use (hacking) Computer viruses
Slide 15.5
Figure 15.1 Breakdown of breaches of security reported by UK companies in 2004

Source: Information Security Breaches Survey 2004, DTI (www.dti.gov.uk)
Slide 15.6
Accidents
Inaccurate data entry. As an example, consider a typical relational database management system, where update queries are used to change records, tables and reports. If the contents of the query are incorrect, errors might be produced within all of the data manipulated by the query. Although extreme, significant problems might be caused by adding or removing even a single character to a query. Attempts to carry out tasks beyond the ability of the employee. In smaller computer-based information systems, a common cause of accidental damage involves users attempting to install new hardware items or software applications. In the case of software applications, existing data may be lost when the program is installed or the program may fail to operate as expected. Failure to comply with procedures for the use of organisational information systems. Where organisational procedures are unclear or fail to anticipate potential problems, users may often ignore established methods, act on their own initiative or perform tasks incorrectly. Failure to carry out backup procedures or verify data backups. In addition to carrying out regular backups of important business data, it is also necessary to verify that any backup copies made are accurate and free from errors. Update query: Used to change records, tables and reports held in a database management system.
Slide 15.7
Natural disasters
All information systems are susceptible to damage caused by natural phenomena, such as storms, lightning strikes, floods and earthquakes. In Japan and the United States, for example, great care is taken to protect critical information systems from the effects of earthquakes. Although such hazards are of less concern in much of Europe, properly designed systems will make allowances for unexpected natural disasters.
Slide 15.8
Sabotage
Deliberate deletion of data or applications
Logic bomb: Sometimes also known as a time bomb, a logic bomb is a destructive computer program that activates at a certain time or in reaction to a specific event. Back door: A section of program code that allows a user to circumvent security procedures in order to gain full access to an information system. Data theft: This can involve stealing sensitive information or making unauthorised changes to computer records.
Accidental deletion
Slide 15.9
Unauthorised use
Hacker: Hackers are often described as individuals who seek to break into systems as a test of their abilities. Few hackers attempt to cause damage to systems they access and few are interested in gaining any sort of financial profit. Cracker: A person who gains access to an information system for malicious reasons is often termed a cracker rather than a hacker. This is because some people draw a distinction between ethical hackers and malicious hackers.
Slide 15.10
Security strategies
Containment
Control access to system
Deterrence
Penalties for staff or hackers
Obfuscation
Hiding or distributing information assets
Recovery
Recovers data after breach
Slide 15.11
Control techniques
Biometric controls make use of the unique characteristics of individuals in order to restrict access to sensitive information or equipment. Scanners that check fingerprints, voice prints or even retinal patterns are examples of biometric controls. Common types of communications controls include passwords and user validation routines.
Slide 15.12
Control approaches
Formal security policies Passwords File encryption Organisational procedures governing the use of computer-based information systems User validation techniques Backup procedures.
Slide 15.13
Passwords
User validation: Checks made to ensure that the user is permitted access to a system. Also known as access control systems, they often involve user names and passwords, but can also include biometric techniques. Access to the system can be divided into levels by issuing different passwords to employees on the basis of their positions and the work they carry out. The actions of an employee can be regulated and supervised by monitoring the use of their password. If a password is discovered or stolen by an external party, it should be possible to limit any damage arising as a result. The use of passwords can encourage employees to take some of the responsibility for the overall security of the system.
Slide 15.14
Social engineering
Social engineering: This involves tricking people into providing information that can be used to gain access to a computer system. As an example, someone might pose as a technician during a telephone call and ask for information, such as passwords or user names.
Slide 15.15
Recovery
Business continuity planning: The process of developing procedures aimed at restoring the normal operation of an information system in the event of an emergency or disaster. Backup site: This houses a copy of the organisations main data processing facilities, including hardware, software and up-to-date data files. In the event of an emergency, processing can be switched to the backup site almost immediately so that the organisations work can continue. RAID: This stands for redundant array of inexpensive disks. Essentially, identical copies of important data files are kept upon a number of different storage devices. If one or more of the storage devices fails, additional devices are activated automatically, allowing uninterrupted access to the data and reducing the possibility of losing transactions or updates.
Slide 15.16
Backup methods
Table 15.2 The grandfather, father, son backup method
Day 1 Disk 1 Grandfather Disk 2 Father Disk 3 Son Day 2 Disk 2 Grandfather Disk 3 Father Disk 1 Son Day 3 Disk 3 Grandfather Disk 1 Father Disk 2 Son
Slide 15.17
Incremental backup: Includes only those files that have changed in some way since the last backup was made. Full backup: A method of producing copies of important data files by including all data files considered to be important.
Slide 15.18
Malware
Computer viruses Trojans and key loggers Spyware
Slide 15.19
Computer virus
Computer virus: This is a computer program that is capable of self-replication, allowing it to spread from one infected machine to another. The origin of the term computer virus is credited to Fred Cohen, author of the 1984 book Computer Viruses: Theories and Experiments. However, natural computer viruses were reported as early as 1974 and papers describing mathematical models of the theory of epidemics were published in the early 1950s.
Slide 15.20
Impact of computer viruses

US damage from computer viruses in 2003:
The Klez worm resulted in losses of $9 billion. The Love Bug worm resulted in losses of $9 billion. The Code Red virus resulted in losses of $2.5 billion. The Slammer virus resulted in losses of $1 billion.
Slide 15.21
Virus security measures

unauthorised access to machines and software should be restricted as far as possible; machines and software should be checked regularly with a virus detection program; all new disks and any software originating from an outside source should be checked with a virus detection program before use; floppy disks should be kept write-protected whenever possible since it is physically impossible for a virus to copy itself to a write-protected disk; regular backups of data and program files must be made in order to minimise the damage caused if a virus infects the system.
Slide 15.22
Virus terminology
Virus scanner: Intended to detect and safely remove virus programs from a computer system. Signature: Unique features of a virus such as the unique series of values in its program file or message displayed on screen or hidden text. Polymorphic virus: Capable of altering its form, so that the standard signature of the virus is not present. This means that a virus scanner may not always identify the virus correctly. Stealth virus: Specifically designed to avoid detection. Such programs are normally written with the intention of defeating common or well-known virus-scanning programs. Heuristics: Involves monitoring a system to detect common behaviours associated with computer viruses, such as attempts to access certain areas of the hard disk drive.
Slide 15.23
Trojans and worms

Worm: A small program that moves through a computer system randomly changing or overwriting pieces of data as it moves. Trojan: A Trojan presents itself as a legitimate program in order to gain access to a computer system. Trojans are often used as delivery systems for computer viruses.
Slide 15.24
Spyware and adware

Spyware: Describes a category of software intended to collect and transmit confidential information without the knowledge or consent of a computer user. Adware: Describes a type of software that contains spyware intended to monitor a users online activities, usually so that advertising can be targeted more accurately.
Slide 15.25
Internet-related threats 1
Denial of service (DoS): This is a form of attack on company information systems that involves flooding the company's Internet servers with huge amounts of traffic. Such attacks effectively halt all of the company's Internet activities until the problem is dealt with. Brand abuse: This describes a wide range of activities, ranging from the sale of counterfeit goods (e.g. software applications) to exploiting a wellknown brand name for commercial gain. Cybersquatting: The act of registering an Internet domain with the intention of selling it for profit to an interested party. As an example, the name of a celebrity might be registered and then offered for sale at an extremely high price. Cyberstalking: This refers to the use of the Internet as a means of harassing another individual. A related activity is known as corporate stalking, where an organisation uses its resources to harass individuals or business competitors. Cyberterrorism: This describes attacks made on information systems that are motivated by political or religious beliefs.
Slide 15.26
Internet-related threats 2
Online stock fraud: Most online stock fraud involves posting false information to the Internet in order to increase or decrease the values of stocks. Phishing: A relatively new development, phishing involves attempting to gather confidential information through fake e-mail messages and web sites.

Managing Security

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Managing Security

Hochgeladen von

Copyright:

Verfügbare Formate

Slide 15.

Common threats to information

Figure 15.1 Breakdown of breaches of security reported by UK companies in 2004

Impact of computer viruses

Virus security measures

Trojans and worms

Spyware and adware

Das könnte Ihnen auch gefallen