bus 361 e business n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
BUS 361: E-Business PowerPoint Presentation
Download Presentation
BUS 361: E-Business

Loading in 2 Seconds...

play fullscreen
1 / 18

BUS 361: E-Business - PowerPoint PPT Presentation


  • 107 Views
  • Uploaded on

BUS 361: E-Business. Chapter 5 Security & Controls. Learning Objectives. Identify the security risks Describe how e-bus is made secure Identify major components of security systems Identify and evaluate major security strategies Identify major issues in implementing good security

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'BUS 361: E-Business' - kiaria


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
bus 361 e business

BUS 361: E-Business

Chapter 5

Security

&

Controls

learning objectives
Learning Objectives
  • Identify the security risks
  • Describe how e-bus is made secure
  • Identify major components of security systems
  • Identify and evaluate major security strategies
  • Identify major issues in implementing good security
  • Describe the significant types of security tools available
introduction
Introduction

Every I.S. subject to risks:

  • Error
  • Fraud
  • Malicious acts
  • Disasters (natural ones)
some risks
Some risks …
  • New Service – unknown processes, procedures
  • New Business Models – new unique risks
      • Revenue leakage, no real contact to improve poor image
  • New Processes – Extranet linkages with strict product specs. If we can’t meet specs …
  • New Technology
  • New Fulfillment Processes
  • Outsourcing IT activities
malicious acts
Malicious Acts
  • Infections – viruses, Trojan horses, worms
  • Unauthorized S/W – spyware, adware, keyloggers
  • Unauthorized uses of computers
  • Theft, sabotage, or destruction of hardware
  • Denial of service attacks
  • Passwords (capitals, numbers)
  • Website/server attacks
  • Electronic theft or sabotage of electronic data
  • Financial fraud
what to do
What to do?
  • Do not overlook the threats
    • What is a threat?
  • One potential source of problems unhappy Ee
  • Firewalls
  • Anti-virus software
  • Spyware blockers
controls
Controls
  • Preventive, detective and corrective measures
  • 2 categories of controls
    • General
    • Applications
  • Guided by company strategy, policies and proceedures
general controls
General Controls

Common across all applications

  • Security management
  • Physical & logical access controls …
  • System Acquisition & Development controls
  • System maintenance & change controls
  • Operations control
  • Business continuity controls …
physical logical access
Physical & Logical Access
  • Physical
    • Access to servers, tape storage etc.
    • Security features like cameras, alarms, etc.
  • Logical
    • ID’s, Passwords, Biometrics
    • CAPTCHA
    • Firewalls (double walls?)
    • Intrusion detection systems (false positives)
business continuity plan
Business Continuity Plan

How do we handle a system problem?

Includes a disaster recovery plan addressing ..

  • Listing of potential disasters
  • Roles & responsibilities
  • Scripts, contact lists
  • Critical processing priorities
  • Backup plans, location and access
  • Power requirements, backups
  • Rebuilding procedures, timelines
application controls
Application Controls

Needed for the 4 basic areas:

  • Input
    • Check digits (SIN, Stud#)
  • Processing
    • Logs, control totals, hash, time stamping
  • Output
    • Distribution, access, printer use
  • Storage
    • Logical access to databases etc. Access requests
communications control
Communications Control
  • Authenticity of sender & receiver
  • Message integrity
  • Encryption – 128 bit commonly used
      • Public and private keys
      • https
  • Message digests (message check total)
  • Digital Signatures – encrypted message digest
public key infrastructure
Public Key Infrastructure
  • Public keys need stored and be accessible to everyone
  • Must be managed … hence PKI
  • Stores & delivers PK’s as needed
  • Provides privacy, security, authentication & support
  • Manages the generation & distribution of P/P key pairs and publishes the public ones
terminology
Terminology
  • Sniffing
  • Drive-by hacking
security policies
Security Policies
  • Establish accepted transactions
  • Clearly defined
  • Standards that must be met (or surpassed)
  • Require updating regularly
common security goals
Common security goals
  • Complying with service agreements
  • Complying with laws
  • Protecting data confidentiality
  • Protecting data from unauthorized modification
  • Logging transactions and data exchanges
  • Need documented and implemented
major components
Major Components …
  • Security administration
    • In-house or outsourced, budgets
  • S.O.P’s
  • Information Management
    • Ownership, custodians, security levels
  • Privilege Management
    • Access, r/w, Principle of Least Privilege
slide18
And …
  • Physical Security
  • Logical access control
  • End-User Computing Policy
  • Software acquisition
  • Impact of Data Mobility
  • Personnel Mgmt
  • Security Montoring