1 / 66

Information System Security

Information System Security. History of IS. Role of IS. Support Competitive Advantage. Support Business Decision Making. Support of Business Processes and Operations. Importance of IS. Basics of IS. IS Framework. Components of IS. Attribute of Information Quality.

aoife
Download Presentation

Information System Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Information System Security

  2. History of IS

  3. Role of IS Support Competitive Advantage Support Business Decision Making Support of Business Processes and Operations

  4. Importance of IS

  5. Basics of IS

  6. IS Framework

  7. Components of IS

  8. Attribute of Information Quality

  9. Business Area wise Information

  10. Changing Nature of IS

  11. From mainframe to client server to web based IS. • Alvin Toffler’s “Third wave” – Agricultural, Industrial and Information waves. • 4th wave can be assumed as mobile technology

  12. Powerful worldwide changes that have altered business environment are- • Globalization • Rise of information economy • Transformation of business enterprise • Emergence of digital firms

  13. Modern business systems are decentralized, autonomous and heterogeneous. • Today IS are distributed and component based.

  14. Mainframe based IS

  15. Client Server Based IS

  16. Architecture of Web Based I.S.

  17. Need of Distributed Information System

  18. A computer service that runs at a single central location is more likely to become unavailable than a service distributed to many sites. • There are two ways in which a service can be made to run at many sites: replication of the service, and distribution of the service. • Distributed services i.e. services that have distinct components, at many different sites, that collaborate to ensure the quality of service

  19. 3 mantras of success in digital economy Liberalization Privatization Globalization Businesses now have no geographical boundaries. With the rise of M-Commerce we are in the era of anywhere, anytime computing. Protecting the data and information is crucial as business make knowledge based decision.

  20. Prior to e-business days not only suppliers and consumers remain separated, but the knowledge producers and workers and business personnel also remained unconnected. Connectivity is a great boon of Internet. Connectivity built a bridge between the thinkers, business people, governments, common people, academicians and so on. We need to consider the modern day IS in this global context.

  21. Scope of IS 1950s : Technical changes 1960-70 : Managerial Controls 1980-90 : Institutional Core activities Today : Digital Information webs extending beyond enterprises

  22. Wider scope of I.S.

  23. Today’s firms are digital in terms of their rapid operations. • IS links the buyers and sellers to exchange information, products, services and payments via e-business and e-commerce. • Thus today the era is extended enterprise • To serve the needs of such organization, I.S. is no more confined to a single location.

  24. Role of Internet and Web Services The Internet

  25. Web is designed to exchange unstructured information. • While people can read web pages and understand their meaning, computers can not. • If corporations want to do business over the web, humans have to involve unless there is a way for computers to communicate on their own. • This is where web services comes in.

  26. Web services are self contained modular applications that can be described, published, located and invoked over a network, generally over www. – IBM • Web services perform functions ranging from simple request to complex business process. • Once a web service is developed, other applications and web services can discover and invoke the deployed service through universal description, discovery and integration. • Web services make it easier to build service based architecture without the applications being locked-in to a particular software vendor’s products.

  27. Web services have been prone to give a strong return on investment (ROI) and make computer based I.S. more adaptable. • They also help bring productivity, flexibility and low maintenance cost in the development of IS by integrating components from various third party vendors.

  28. Information System Threats and Attacks

  29. Threat is a possible event that can harm an information system. • Vulnerability is the degree of exposure in view of threat. • Countermeasure is a set of actions implemented to prevent threats.

  30. Information level / based Threat • Threats that involve the purposeful dissemination of information in such a way that organizations, their operations and their reputations may be affected. • Dissemination may be active via sending e-mails or passive via setting up a web site.

  31. Network based Threats • To become effective and potential attackers require network access to corporate computer systems or to networks used by corporate computer systems. • Examples are – hacking of computer systems and launching DoS attacks as well as spreading malicious code such as viruses. • Other issues related with network based threats are – confidentiality, authentication, integrity and non repudiation.

  32. Sources of Threats • Human Error • Computer abuse or crime • Natural and political disasters • Failure of hardware / software

  33. Computer crime and abuse • Computer crime is defined as any illegal act in which computer is used as a primary tool. • Computer abuse is unethical use of computers. • Security threats related to computer crime / abuse are – • Impersonation • Identification and authentication control defeated • Trojan horse method • Hiding of an authorized program a set of instructions that will cause unauthorized actions. • Logic bombs • Unauthorized instructions which stay inactive until a specific event occurs or until a specific time comes at which time they bring into effect an unauthorized act.

  34. Computer viruses • Execute itself by inserting its malicious code in the execution path of another application And • Self replicate by replacing existing files with copies of files containing the viral code. • Worms are independent programs that make and transmit copies of themselves through telecommunication networks.

  35. Dos • Rendering the system unusable by legitimate users. • Dial diddling (cheating) • Changing data before or during input often to change the content of database • Salami techniques • Diverting small amount (not noticed) of money from large numbers of accounts maintained by the system. • Spoofing • Configuring a computer system to masquerade (pretend to be) as another system over the network in order to gain unauthorized access. • Super zapping • Using a system’s programs that can bypass regular system control to perform unauthorized act.

  36. Scavenging • Unauthorized access to information by searching through the residue after a job has been run on a computer. • Data leakage • Wiretapping • Theft of mobile devices

  37. Damage Assessment

  38. Security Issues in Mobile Computing

  39. The three distinguishing features of emerging mobilecomputing environments are- • mobility of users • mobility of network elements (i.e. portable computing devices) • wireless networking

  40. Mobility of Users • Global Authentication • A mechanism for flexible global authentication is essential to support user mobility. • Authentication often forms the basis of other security services such as authorization. • Privacy • The need to ensure privacy of users becomes more pronounced. • In static environments, the location of a user or network element is unlikely to be secret information. • Users and network elements are stationary. • However, in a mobilecomputing environment, it may be necessary to protect information about the locations and activities of users.

  41. Contd…….. • Eavesdropping • Eavesdropping is the act of secretly listening to the private conversation of others without their consent. • Assumptions about physical security of the network no longer hold true when inter-domain interactions enter the picture. • Even if the foreign domain claims its network to be physically secure, a visiting user may not be willing to accept this assurance. • Thus, some sort of cryptographic protection becomes unavoidable. • An issue that is common to the mobility of users and network elements is the availability of resources.

  42. Mobility of Network Elements • Mobile users may carry portable computing devices. • Portability introduces the following issues- • Risks to data • Due to the higher risks of physical damage, loss, or theft, mobility of devices implies that there is a higher risk of loss for the data stored on them. • Asymmetry in resources • Portable devices have comparatively fewer resources available to them. • Technological advancements will improve the quantity and quality of the available resources.

  43. Wireless Networking • Wireless networking is necessary to support continuous user and device mobility. • This introduces additional issues of concern-

  44. Eavesdropping • The convenience of wireless networks has a cost: it is more convenient for an eavesdropper to listen in on the traffic. • It is often asserted that the primary security concern with wireless networks is that communication is susceptible to eavesdropping and tampering. • While it is true that in wireless networks, links have no physical security at all, the situation is not much better with wired but open networks. Thus cryptographic protection is necessary in both wireless and fixed networks

More Related