information control and Security system

Chapter-9 : Information Systems Security and Control
MIS
MANAGING INFORMATION SYSTEMS IN BUSINESS,
GOVERNMENT AND SOCIETY
Rahul De
Copyright © 2018 by Wiley India Pvt. Ltd., 4436/7, Ansari Road, Daryaganj, New Delhi-110002

MIS : Managing Information Systems in Business, Government and Society by Rahul De
LEARNING OBJECTIVES
• Get an overview of threats to the Organization
• Learn about technologies for handling Security
• Get an overview of wireless technology
• Understand managing security
2

MIND MAP OF CHAPTER TOPICS
3

THREATS TO THE ORGANIZATION
• Malware – various kinds of malicious software.
• Viruses – infiltrate and spread in organisational networks, infecting PCs and
destroying files and data.
• Worms – Much like a virus, but does not harm data, other than infiltrate and choke
the network.
• Trojans – Infiltrates computers and secretly allows external software and people to
invade the computer and use its resources.
• Denial-of-service Attack
4

THREATS TO THE ORGANIZATION
• Cracking and Espionage – The act of breaking into networks and computers illegally,
usually with intent to create mischief. It is also used for industrial and political
espionage – to steal information.
• Ethical Hacking – same as Cracking but the motivation is benign - not to harm but
expose weaknesses.
• Phishing and Identity Theft – use of fake websites to lure unsuspecting users to
reveal their private information.
5

MALWARE
• Damage caused by viruses, worms and Malware in the USA and worldwide (in USD).
6

DENIAL-OF-SERVICE ATTACK
• The requesting server sends a request for service, the responding server sends a
response; but the requesting server does not respond, thus, allowing the connection
to time out.
7

DISTRIBUTED DENIAL-OF-SERVICE ATTACK
• Many requesting servers send service requests to the responding server, which
responds, but requesting servers allow the connection request to time out.
8

TECHNOLOGIES FOR HANDLING SECURITY
• Encryption
• Public-key Cryptography
• Firewall
• Virtual Private Network
• Wireless Technology
• Wi-Fi Routers
• Bluetooth
• BlackBerry
• RFID
• Wireless Sensor Networks
9

ENCRYPTION
• Transformation of a message from plain text to a coded form (cipher text) that is not
easily readable.
• Symmetric Key – A key used to decrypt an encrypted message that is sent to the
receiver.
10

PUBLIC KEY CRYPTOGRAPHY
• Solves the problem of Symmetric Key cryptography in having to send across a secret
key.
• A pair of keys called the public key and the private key are used. The public key is
used to encrypt a message and is openly available. The private key is a secret key
used to decrypt the message encrypted with the public key
• RSA encryption is used to generate the key pairs from large prime numbers
• Digital certificates are used to authenticate the owners of public keys. Authentication
of senders is through the use of Digital Certificates
11

PUBLIC KEY CRYPTOGRAPHY
• Sending a message with Public key encryption
• The problem of impersonation with public-key encryption
12

AUTHENTICATION WITH PUBLIC-KEY CRYPTOGRAPHY
13

FIREWALL
• Firewalls are filtering and protection devices -usually a combination of hardware and
software
• Packet-level filtering
• Application-level filtering
• Firewalls slow down traffic at the perimeter – to overcome this firewalls are built into
hardware.
• Deep Packet Inspection
14

VIRTUAL PRIVATE NETWORK (VPN)
• A technology that enables clients or employees of an organisation, who are outside
the network, to connect securely to the organisation on the public Internet.
• It creates a 'tunnel' relying on authentication and encryption.
15

WIRELESS TECHNOLOGY
• Wi-Fi Routers
• Bluetooth – connects personal devices like mobile phones with other devices.
• BlackBerry – smart phone with 'push-email' service
• RFID (Radio Frequency Identification) – radio transmission through tiny transmitters
and receivers embedded in identifiable objects (tagging); maybe passive or active
(energy consuming)
• Wireless Sensor Networks – networks of sensors; used for monitoring and targeted
treatments in agriculture
16

WIRELESS MESH NETWORK
• Wireless hotpots or Access points act as routers to provide wireless Internet
connectivity.
• Unsecure Wi-Fi are source of security problems
17

MANAGING SECURITY
• Securing the Network
• Perimeter Security
• Two Factor Authentication
• Securing the Client
• Desktop Firewalls
• Password Policy
• Creating a Secure Environment
• Security Audit and Risk Assessment
• Disaster Recovery Planning
18

MANAGING SECURITY
The four features that need to be managed to enable a secure IS infrastructure in an
organisation -
• Confidentiality
• Authentication
• Message Integrity
• Access and Availability
19

SECURING THE NETWORK
• Perimeter Security – Demilitarised Zone
• Two-factor Authentication – Authentication by two independent methods
Typical layout for a demilitarised zone (DMZ)
20

SECURING THE CLIENT
• Desktop Firewalls
• Password Policy
• Creating a Secure Environment
• Security Audit and Risk Assessment
• Disaster Recovery Planning
21

information control and Security system

More Related Content

What's hot (20)

Similar to information control and Security system (20)

More from bhavesh lande (16)

Recently uploaded (20)

information control and Security system