SlideShare a Scribd company logo

Mis security system threads

Download as PPTX, PDF
L
Leena Reddy

This document discusses information security. It defines information security as protecting information systems, hardware, and data. The primary goals of information security are confidentiality, integrity, and availability, known as the CIA triad. Various threats to information security are discussed such as viruses, insider abuse, laptop theft, denial of service attacks, unauthorized access, system penetration, wireless network abuse, telecom fraud, proprietary information theft, financial fraud, misuse of public web applications, and website defacement. The document stresses that companies should implement both preventative and detective controls to mitigate security risks and disruptions.

EducationTechnology
1 of 13
Downloaded 14 times
1
2
3
4
5
6
7
8
9
10
11
12
13
INFORMATION SECURITY BY V.M.LEENA REDDY
DEFINITION: The protection of information and its elements including systems, hardware that use, store and transmit the information
PRIMARY GOALS CIA triangle known as security triad tells the primary goals of IS Confidentiality Making sure that those who should not see information Integrity Making sure that the information has not been changed from its original Availability Making sure that the information is available for use when you need it
SYSTEM SECURITY THREATS AND CONTROLS Viruses A computer virus is a software code that can multiply and propagate itself. A virus can spread into another computer via e-mail, downloading files from the Internet, or opening a contaminated file. It is almost impossible to completely protect a network computer from virus attacks; the CSI/FBI survey indicated that virus attacks were the most widespread attack for six straight years since 2000. Viruses are just one of several programmed threats or malicious codes (malware) in today’s interconnected system environment. Programmed threats are computer programs that can create a nuisance, alter or damage data, steal information, or cripple system functions. Programmed threats include, computer viruses, Trojan horses, logic bombs, worms, spam, spyware, and adware.
Insider Abuse of Internet Access Unfortunately, IT tools can be abused. For example, e-mail and Internet connections are available in almost all offices to improve productivity, but employees may use them for personal reasons, such as online shopping, playing games, and sending instant messages to friends during work hours. Laptop or Mobile Theft Because they are relatively expensive, laptops and PDAs have become the targets of thieves. Besides being expensive, they often contain proprietary corporate data, access codes to company networks, and sensitive information.
Denial of Service A denial of service (Do's) attack is specifically designed to interrupt normal system functions and affect legitimate users’ access to the system. Do's attacks can result in significant server downtime and financial loss for many companies, but the controls to mitigate the risk are very technical. Unauthorized Access to Information To control unauthorized access to information, access controls, including passwords and a controlled environment, are necessary. Computers installed in a public area, such as a conference room or reception area, can create serious threats and should be avoided if possible. Employees should be allowed to access only the data necessary for them to perform their jobs.
System Penetration Hackers penetrate systems illegally to steal information, modify data, or harm the system. The following factors are related to system penetration: System holes: the design deficiency of operating systems or application systems that allow hijacking, security bypass, data manipulation, privilege escalation, and system access. Port scanning: a hacking technique used to check TCP/IP ports to reveal the services that are available and to identify the weaknesses of a computer or network system in order to exploit them. Network sniffing: a hardware and software program to collect network (traffic) data in order to decipher passwords with password-cracking software, which may result in unauthorized access to a network system. IP spoofing: a technique used to gain unauthorized access to computers, whereby hackers send messages to a computer with a deceived IP address as if it were coming from a trusted host. Back door/trap door: a hole in the security of a computer system deliberately left in place by designers or maintainers. Tunneling: a method for circumventing a firewall by hiding a message that would be rejected by the firewall inside another, acceptable
Abuse of Wireless Networks Wireless networks offer the advantage of convenience and flexibility, but system security can be a big issue. Attackers do not need to have physical access to the network. Attackers can take their time cracking the passwords and reading the network data without leaving a trace. Telecom Fraud In the past, telecom fraud involved fraudulent use of telecommunication (telephone) facilities. Intruders often hacked into a company’s private branch exchange (PBX) and administration or maintenance port for personal gains, including free long-distance calls, stealing (changing) information in voicemail boxes, diverting calls illegally, wiretapping, and eavesdropping.
Theft of Proprietary Information Information is a commodity in the e-commerce era, and there are always buyers for sensitive information, including customer data, credit card information, and trade secrets. Data theft by an insider is common when access controls are not implemented. Outside hackers can also use “Trojan” viruses to steal information from unprotected systems. Beyond installing firewall and anti-virus software to secure systems, a company should encrypt all of its important data. Financial Fraud The nature of financial fraud has changed over the years with information technology. System-based financial fraud includes scam e-mails, identity theft, and fraudulent transactions. With spam, con artists can send scam e-mails to thousands of people in hours.
Misuse of Public Web Applications The nature of e-commerce—convenience and flexibility—makes Web applications vulnerable and easily abused. Hackers can circumvent traditional network firewalls and intrusion-prevention systems and attack web applications directly. They can inject commands into databases via the web application user interfaces and surreptitiously steal data, such as customer and credit card information. Website Defacement Website defacement is the sabotage of webpages by hackers inserting or altering information. The altered webpages may mislead unknowing users and represent negative publicity that could affect a company’s image and credibility.
Company Awareness Business operations can be disrupted by many factors, including system security breaches. System downtime, system penetrations, theft of computing resources, and lost productivity have quickly become critical system security issues. The financial loss of these security breaches can be significant. In addition, system security breaches often taint a company’s image and may compromise a company’s compliance with applicable laws and regulations. The key to protecting a company’s accounting information system against security breaches is to be well prepared for all possible major threats. A combination of preventive and detective controls can mitigate security threats.
Mis security system threads
BIBLIOGRAPHY: http://www.nysscpa.org/cpajournal/2006/706/essentials/p 58.htm By P. Paul Lin, PhD, is an associate professor of accounting at the Raj Soin College of Business of Wright State University, Dayton, Ohio.

More Related Content

DOC
Computer Secutity.
angelaag98
 
PPT
Phishing, Pharming, and the latest potholes on the Information Highway
Kevin Lim
 
PPT
Securing information systems
Prof. Othman Alsalloum
 
PPT
Computer Security
Vaibhavi Patel
 
PPTX
Business Value of Security and Control
Syama Raveendran
 
PPT
Computer Security
Klynveld Peat Marwick Goerdeler Global Services
 
PPT
Threats of E-Commerce in Database
Mentalist Akram
 
PPTX
Security Threats to Electronic Commerce
Darlene Enderez
 
Computer Secutity.
angelaag98
 
Phishing, Pharming, and the latest potholes on the Information Highway
Kevin Lim
 
Securing information systems
Prof. Othman Alsalloum
 
Computer Security
Vaibhavi Patel
 
Business Value of Security and Control
Syama Raveendran
 
Computer Security
Klynveld Peat Marwick Goerdeler Global Services
 
Threats of E-Commerce in Database
Mentalist Akram
 
Security Threats to Electronic Commerce
Darlene Enderez
 

What's hot (20)

PPTX
Managing and securing the enterprise
Abha Damani
 
PDF
8 - Securing Info Systems
Hemant Nagwekar
 
PPT
Beekman5 std ppt_12
Department of Education - Philippines
 
PPTX
Session#7; securing information systems
Omid Aminzadeh Gohari
 
PPT
Security & control in management information system
Online
 
PDF
e commerce security and fraud protection
tumetr1
 
ODP
Computer related risks presentation
leodegras
 
ODP
Computer related risks presentation
leodegras
 
PPTX
Security and ethical challenges
Vishakha Joshi
 
PPT
security and ethical challenges
Vineet Dubey
 
PPT
Security and ethical challenges in mis
I P Abir
 
PDF
E commerce Security
Wisnu Dewobroto
 
PPTX
Securing information system
Tanjim Rasul
 
PPTX
Information security threats
complianceonline123
 
PPTX
Cyber security
Akdu095
 
PDF
Electronic Security
We Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
PPT
Chap13 Security and Ethical Challenges
Aqib Syed
 
PPTX
Security issues in e business
Rahul Kumar
 
PPTX
INFORMATION SECURITY SYSTEM
ANAND MURALI
 
PPT
E business security
Sameer Sharma
 
Managing and securing the enterprise
Abha Damani
 
8 - Securing Info Systems
Hemant Nagwekar
 
Beekman5 std ppt_12
Department of Education - Philippines
 
Session#7; securing information systems
Omid Aminzadeh Gohari
 
Security & control in management information system
Online
 
e commerce security and fraud protection
tumetr1
 
Computer related risks presentation
leodegras
 
Computer related risks presentation
leodegras
 
Security and ethical challenges
Vishakha Joshi
 
security and ethical challenges
Vineet Dubey
 
Security and ethical challenges in mis
I P Abir
 
E commerce Security
Wisnu Dewobroto
 
Securing information system
Tanjim Rasul
 
Information security threats
complianceonline123
 
Cyber security
Akdu095
 
Electronic Security
We Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
Chap13 Security and Ethical Challenges
Aqib Syed
 
Security issues in e business
Rahul Kumar
 
INFORMATION SECURITY SYSTEM
ANAND MURALI
 
E business security
Sameer Sharma
 
Ad

Viewers also liked (6)

PPT
Business Process
Saurabh Goel
 
PPT
ELECTRONIC DATA INTERCHANGE
alraee
 
PPTX
Customer relationship management
charanreddy589
 
PDF
Basics of Supply Chain Managment
Youssef Serroukh
 
PPT
Customer Relationship Management (CRM)
Jaiser Abbas
 
PPT
Supply Chain Management
Nurhazman Abdul Aziz
 
Business Process
Saurabh Goel
 
ELECTRONIC DATA INTERCHANGE
alraee
 
Customer relationship management
charanreddy589
 
Basics of Supply Chain Managment
Youssef Serroukh
 
Customer Relationship Management (CRM)
Jaiser Abbas
 
Supply Chain Management
Nurhazman Abdul Aziz
 
Ad

Similar to Mis security system threads (20)

PPTX
Management Information Systems ( Security and Control.pptx
NamugenyiBetty
 
PPT
Information security and other issues
Haseeb Ahmed Awan
 
PPTX
Information security ist lecture
Zara Nawaz
 
PPTX
information security (network security methods)
Zara Nawaz
 
DOCX
Ethical and security issues on MIS inte 322 assignment.docx
GogoOmolloFrancis
 
PPTX
InformationSecurity
learnt
 
PPTX
Information Security
Alok Katiyar
 
PPTX
unit -ii security1.pptx for Information system management
emjalaraju1
 
PPTX
Basics of System Security and Tools
Karan Bhandari
 
PDF
Sec0001 .pdf
mah902110
 
PPTX
Information Security Fundamentals - New Horizons Bulgaria
New Horizons Bulgaria
 
PPT
MIS part 4_CH 11.ppt
EndAlk15
 
PDF
Implications of Misuse and Cyber Security.pdf
srtwgwfwwgw
 
PDF
Accounting Information Systems 11th Edition Bodnar Solutions Manual
molicochoual
 
PDF
Accounting Information Systems 11th Edition Bodnar Solutions Manual
gayosacissey70
 
PDF
Accounting Information Systems 11th Edition Bodnar Solutions Manual
geradojengel
 
PPTX
Computer security
sruthiKrishnaG
 
DOCX
Cyber Security.docx
TanushreeChakraborty27
 
PPT
Ch01 Introduction to Security
Information Technology
 
PPTX
Chapter-2 (1).pptx
PaulaRodalynMateo1
 
Management Information Systems ( Security and Control.pptx
NamugenyiBetty
 
Information security and other issues
Haseeb Ahmed Awan
 
Information security ist lecture
Zara Nawaz
 
information security (network security methods)
Zara Nawaz
 
Ethical and security issues on MIS inte 322 assignment.docx
GogoOmolloFrancis
 
InformationSecurity
learnt
 
Information Security
Alok Katiyar
 
unit -ii security1.pptx for Information system management
emjalaraju1
 
Basics of System Security and Tools
Karan Bhandari
 
Sec0001 .pdf
mah902110
 
Information Security Fundamentals - New Horizons Bulgaria
New Horizons Bulgaria
 
MIS part 4_CH 11.ppt
EndAlk15
 
Implications of Misuse and Cyber Security.pdf
srtwgwfwwgw
 
Accounting Information Systems 11th Edition Bodnar Solutions Manual
molicochoual
 
Accounting Information Systems 11th Edition Bodnar Solutions Manual
gayosacissey70
 
Accounting Information Systems 11th Edition Bodnar Solutions Manual
geradojengel
 
Computer security
sruthiKrishnaG
 
Cyber Security.docx
TanushreeChakraborty27
 
Ch01 Introduction to Security
Information Technology
 
Chapter-2 (1).pptx
PaulaRodalynMateo1
 

Recently uploaded (20)

PDF
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
PDF
Sports Quiz easy sports quiz sports quiz
nikunj2757
 
PDF
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
PPTX
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
PDF
Pre independence Education in Inndia.pdf
goofy5603
 
PPTX
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
PDF
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
PDF
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
PDF
Physiotherapy_for_Respiratory_and_Cardiac_Problems WEBBER.pdf
DrMONISHAphysio
 
PPTX
Lesson notes of climatology university.
sgladness67
 
PDF
Basic Mud Logging Guide for educational purpose
wdandworks
 
PPTX
master seminar digital applications in india
ananyaray35
 
PPTX
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
PPTX
Institutional Correction lecture only . . .
limvtheghins
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PPTX
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
PPTX
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
PPTX
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
PPTX
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
Sports Quiz easy sports quiz sports quiz
nikunj2757
 
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
Pre independence Education in Inndia.pdf
goofy5603
 
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
Classroom Observation Tools for Teachers
Nicaramirez
 
Physiotherapy_for_Respiratory_and_Cardiac_Problems WEBBER.pdf
DrMONISHAphysio
 
Lesson notes of climatology university.
sgladness67
 
Basic Mud Logging Guide for educational purpose
wdandworks
 
master seminar digital applications in india
ananyaray35
 
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
Institutional Correction lecture only . . .
limvtheghins
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 

Mis security system threads

  • 2. DEFINITION: The protection of information and its elements including systems, hardware that use, store and transmit the information
  • 3. PRIMARY GOALS CIA triangle known as security triad tells the primary goals of IS Confidentiality Making sure that those who should not see information Integrity Making sure that the information has not been changed from its original Availability Making sure that the information is available for use when you need it
  • 4. SYSTEM SECURITY THREATS AND CONTROLS Viruses A computer virus is a software code that can multiply and propagate itself. A virus can spread into another computer via e-mail, downloading files from the Internet, or opening a contaminated file. It is almost impossible to completely protect a network computer from virus attacks; the CSI/FBI survey indicated that virus attacks were the most widespread attack for six straight years since 2000. Viruses are just one of several programmed threats or malicious codes (malware) in today’s interconnected system environment. Programmed threats are computer programs that can create a nuisance, alter or damage data, steal information, or cripple system functions. Programmed threats include, computer viruses, Trojan horses, logic bombs, worms, spam, spyware, and adware.
  • 5. Insider Abuse of Internet Access Unfortunately, IT tools can be abused. For example, e-mail and Internet connections are available in almost all offices to improve productivity, but employees may use them for personal reasons, such as online shopping, playing games, and sending instant messages to friends during work hours. Laptop or Mobile Theft Because they are relatively expensive, laptops and PDAs have become the targets of thieves. Besides being expensive, they often contain proprietary corporate data, access codes to company networks, and sensitive information.
  • 6. Denial of Service A denial of service (Do's) attack is specifically designed to interrupt normal system functions and affect legitimate users’ access to the system. Do's attacks can result in significant server downtime and financial loss for many companies, but the controls to mitigate the risk are very technical. Unauthorized Access to Information To control unauthorized access to information, access controls, including passwords and a controlled environment, are necessary. Computers installed in a public area, such as a conference room or reception area, can create serious threats and should be avoided if possible. Employees should be allowed to access only the data necessary for them to perform their jobs.
  • 7. System Penetration Hackers penetrate systems illegally to steal information, modify data, or harm the system. The following factors are related to system penetration: System holes: the design deficiency of operating systems or application systems that allow hijacking, security bypass, data manipulation, privilege escalation, and system access. Port scanning: a hacking technique used to check TCP/IP ports to reveal the services that are available and to identify the weaknesses of a computer or network system in order to exploit them. Network sniffing: a hardware and software program to collect network (traffic) data in order to decipher passwords with password-cracking software, which may result in unauthorized access to a network system. IP spoofing: a technique used to gain unauthorized access to computers, whereby hackers send messages to a computer with a deceived IP address as if it were coming from a trusted host. Back door/trap door: a hole in the security of a computer system deliberately left in place by designers or maintainers. Tunneling: a method for circumventing a firewall by hiding a message that would be rejected by the firewall inside another, acceptable
  • 8. Abuse of Wireless Networks Wireless networks offer the advantage of convenience and flexibility, but system security can be a big issue. Attackers do not need to have physical access to the network. Attackers can take their time cracking the passwords and reading the network data without leaving a trace. Telecom Fraud In the past, telecom fraud involved fraudulent use of telecommunication (telephone) facilities. Intruders often hacked into a company’s private branch exchange (PBX) and administration or maintenance port for personal gains, including free long-distance calls, stealing (changing) information in voicemail boxes, diverting calls illegally, wiretapping, and eavesdropping.
  • 9. Theft of Proprietary Information Information is a commodity in the e-commerce era, and there are always buyers for sensitive information, including customer data, credit card information, and trade secrets. Data theft by an insider is common when access controls are not implemented. Outside hackers can also use “Trojan” viruses to steal information from unprotected systems. Beyond installing firewall and anti-virus software to secure systems, a company should encrypt all of its important data. Financial Fraud The nature of financial fraud has changed over the years with information technology. System-based financial fraud includes scam e-mails, identity theft, and fraudulent transactions. With spam, con artists can send scam e-mails to thousands of people in hours.
  • 10. Misuse of Public Web Applications The nature of e-commerce—convenience and flexibility—makes Web applications vulnerable and easily abused. Hackers can circumvent traditional network firewalls and intrusion-prevention systems and attack web applications directly. They can inject commands into databases via the web application user interfaces and surreptitiously steal data, such as customer and credit card information. Website Defacement Website defacement is the sabotage of webpages by hackers inserting or altering information. The altered webpages may mislead unknowing users and represent negative publicity that could affect a company’s image and credibility.
  • 11. Company Awareness Business operations can be disrupted by many factors, including system security breaches. System downtime, system penetrations, theft of computing resources, and lost productivity have quickly become critical system security issues. The financial loss of these security breaches can be significant. In addition, system security breaches often taint a company’s image and may compromise a company’s compliance with applicable laws and regulations. The key to protecting a company’s accounting information system against security breaches is to be well prepared for all possible major threats. A combination of preventive and detective controls can mitigate security threats.
  • 13. BIBLIOGRAPHY: http://www.nysscpa.org/cpajournal/2006/706/essentials/p 58.htm By P. Paul Lin, PhD, is an associate professor of accounting at the Raj Soin College of Business of Wright State University, Dayton, Ohio.