1 / 11

Management Information Systems

Management Information Systems. The Islamia University of Bahawalpur Delivered by: Tasawar Javed Lecture 17. Information Security. Today’s talk E-Commerce Considerations The Disposable Credit Card Visa’s required Security Practices Risk Management Information Security Policy Controls.

urania
Download Presentation

Management Information Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Management Information Systems The Islamia University of Bahawalpur Delivered by: Tasawar Javed Lecture 17

  2. Information Security • Today’s talk • E-Commerce Considerations • The Disposable Credit Card • Visa’s required Security Practices • Risk Management • Information Security Policy • Controls

  3. Information Security • E-Commerce Consideration • New Security Concern • Not only protection of data • Not only protection of information • Not only protection of software But protection from Credit Card Fraud

  4. Information Security • The Disposable Credit Card • American Express announced a “disposable” credit card • The fear came due to internet use • When user enter credit card number for purchasing; it creates the randomly generated number from the credit card company’s website; this number is given to the e-commerce retailer, who submits it to the credit card company for repayment. • Later on it was closed down; and disposable card was issued. On which you can make much more purchases. • Citibank offers Virtual Account Numbers, and MBNA has a program called ShopSafe.

  5. Information Security • Visa’s Required Security Practices • Visa announced 10 security related practices • Install and maintain a firewall • Keep security patches up to date • Encrypt stored data • Encrypt transmitted data • Use and update antivirus software • Restrict data access to those with a need to know • Assign unique IDs to persons with data access privileges • Track data access with the unique ID • Not use vendor supplied password defaults • Regularly test the security system

  6. Information Security • Risk Management • Identify business assets to be protected from risks • Recognize the risks • Determine the level of impact on the firm should the risks materialize • Analyze the firm’s vulnerabilities Impact could be severe Impact Impact could be Significant Impact Impact could be Minor Impact

  7. Information Security • Risk Management should prepare the report • A description of the risk • Source of the risk • Severity of the risk • Controls that are being applied to the risk • The owner of the risk • Recommended action to address the risk • Recommended time frame for addressing the risk • What was done to mitigate the risk

  8. Degree of impact and Vulnerability Determine controls

  9. Information Security • Information Security Policy • Phase 1- Project Initiation • Phase 2- Policy development • Phase 3- Consultation and approval • Phase 4- Awareness and education • Phase 5- Policy dissemination

  10. Information Security Project team Phase 1 Security project steering com Establish Phase 2 Consultation Interested & affected parties Phase 3 Consultation management Phase 4 Organizational units Training awareness & policy education Phase 5 Organizational units Security Policies

  11. Thank you!!! • Q&A

More Related