information system security
DESCRIPTION
Information System Security. History of IS. Role of IS. Support Competitive Advantage. Support Business Decision Making. Support of Business Processes and Operations. Importance of IS. Basics of IS. IS Framework. Components of IS. Attribute of Information Quality. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/1.jpg)
Information System Security
![Page 2: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/2.jpg)
History of IS
![Page 3: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/3.jpg)
Role of IS
Support CompetitiveAdvantage
Support Business
Decision Making
Support of Business Processes and Operations
![Page 4: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/4.jpg)
Importance of IS
![Page 5: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/5.jpg)
![Page 6: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/6.jpg)
Basics of IS
![Page 7: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/7.jpg)
IS Framework
![Page 8: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/8.jpg)
![Page 9: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/9.jpg)
![Page 10: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/10.jpg)
Components of IS
![Page 11: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/11.jpg)
![Page 12: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/12.jpg)
![Page 13: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/13.jpg)
Attribute of Information Quality
![Page 14: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/14.jpg)
![Page 15: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/15.jpg)
Business Area wise Information
![Page 16: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/16.jpg)
Changing Nature of IS
![Page 17: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/17.jpg)
From mainframe to client server to web based IS.
Alvin Toffler’s “Third wave” – Agricultural, Industrial and Information waves.
4th wave can be assumed as mobile technology
![Page 18: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/18.jpg)
Powerful worldwide changes that have altered business environment are- Globalization Rise of information economy Transformation of business enterprise Emergence of digital firms
![Page 19: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/19.jpg)
Modern business systems are decentralized, autonomous and heterogeneous.
Today IS are distributed and component based.
![Page 20: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/20.jpg)
Mainframe based IS
![Page 21: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/21.jpg)
Client Server Based IS
![Page 22: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/22.jpg)
Architecture of Web Based I.S.
![Page 23: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/23.jpg)
Need of Distributed Information System
![Page 24: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/24.jpg)
A computer service that runs at a single central location is more likely to become unavailable than a service distributed to many sites.
There are two ways in which a service can be made to run at many sites: replication of the service, and distribution of the service.
Distributed services i.e. services that have distinct components, at many different sites, that collaborate to ensure the quality of service
![Page 25: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/25.jpg)
3 mantras of success in digital economy Liberalization Privatization Globalization
Businesses now have no geographical boundaries.
With the rise of M-Commerce we are in the era of anywhere, anytime computing.
Protecting the data and information is crucial as business make knowledge based decision.
![Page 26: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/26.jpg)
Prior to e-business days not only suppliers and consumers remain separated, but the knowledge producers and workers and business personnel also remained unconnected.
Connectivity is a great boon of Internet. Connectivity built a bridge between the
thinkers, business people, governments, common people, academicians and so on.
We need to consider the modern day IS in this global context.
![Page 27: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/27.jpg)
Scope of IS 1950s : Technical changes 1960-70 : Managerial Controls 1980-90 : Institutional Core activities Today : Digital Information webs
extending beyond enterprises
![Page 28: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/28.jpg)
Wider scope of I.S.
![Page 29: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/29.jpg)
Today’s firms are digital in terms of their rapid operations.
IS links the buyers and sellers to exchange information, products, services and payments via e-business and e-commerce.
Thus today the era is extended enterprise
To serve the needs of such organization, I.S. is no more confined to a single location.
![Page 30: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/30.jpg)
Role of Internet and Web Services
The Internet
![Page 31: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/31.jpg)
Web is designed to exchange unstructured information.
While people can read web pages and understand their meaning, computers can not.
If corporations want to do business over the web, humans have to involve unless there is a way for computers to communicate on their own.
This is where web services comes in.
![Page 32: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/32.jpg)
Web services are self contained modular applications that can be described, published, located and invoked over a network, generally over www. – IBM
Web services perform functions ranging from simple request to complex business process.
Once a web service is developed, other applications and web services can discover and invoke the deployed service through universal description, discovery and integration.
Web services make it easier to build service based architecture without the applications being locked-in to a particular software vendor’s products.
![Page 33: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/33.jpg)
Web services have been prone to give a strong return on investment (ROI) and make computer based I.S. more adaptable.
They also help bring productivity, flexibility and low maintenance cost in the development of IS by integrating components from various third party vendors.
![Page 34: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/34.jpg)
Information System Threats and Attacks
![Page 35: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/35.jpg)
Threat is a possible event that can harm an information system.
Vulnerability is the degree of exposure in view of threat.
Countermeasure is a set of actions implemented to prevent threats.
![Page 36: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/36.jpg)
Information level / based Threat Threats that involve the purposeful
dissemination of information in such a way that organizations, their operations and their reputations may be affected.
Dissemination may be active via sending e-mails or passive via setting up a web site.
![Page 37: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/37.jpg)
Network based Threats To become effective and potential
attackers require network access to corporate computer systems or to networks used by corporate computer systems.
Examples are – hacking of computer systems and launching DoS attacks as well as spreading malicious code such as viruses.
Other issues related with network based threats are – confidentiality, authentication, integrity and non repudiation.
![Page 38: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/38.jpg)
Sources of Threats Human Error Computer abuse or crime Natural and political disasters Failure of hardware / software
![Page 39: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/39.jpg)
Computer crime and abuse Computer crime is defined as any illegal act in
which computer is used as a primary tool. Computer abuse is unethical use of computers. Security threats related to computer crime /
abuse are – Impersonation
Identification and authentication control defeated Trojan horse method
Hiding of an authorized program a set of instructions that will cause unauthorized actions.
Logic bombs Unauthorized instructions which stay inactive until a
specific event occurs or until a specific time comes at which time they bring into effect an unauthorized act.
![Page 40: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/40.jpg)
Computer viruses Execute itself by inserting its malicious
code in the execution path of another application And
Self replicate by replacing existing files with copies of files containing the viral code.
Worms are independent programs that make and transmit copies of themselves through telecommunication networks.
![Page 41: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/41.jpg)
Dos Rendering the system unusable by legitimate users.
Dial diddling (cheating) Changing data before or during input often to change the
content of database Salami techniques
Diverting small amount (not noticed) of money from large numbers of accounts maintained by the system.
Spoofing Configuring a computer system to masquerade (pretend to be)
as another system over the network in order to gain unauthorized access.
Super zapping Using a system’s programs that can bypass regular system
control to perform unauthorized act.
![Page 42: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/42.jpg)
Scavenging Unauthorized access to information by
searching through the residue after a job has been run on a computer.
Data leakage Wiretapping Theft of mobile devices
![Page 43: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/43.jpg)
Damage Assessment
![Page 44: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/44.jpg)
Security Issues in Mobile Computing
![Page 45: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/45.jpg)
The three distinguishing features of emerging mobile computing environments are- mobility of users mobility of network elements (i.e.
portable computing devices) wireless networking
![Page 46: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/46.jpg)
Mobility of Users Global Authentication
A mechanism for flexible global authentication is essential to support user mobility.
Authentication often forms the basis of other security services such as authorization.
Privacy The need to ensure privacy of users becomes more
pronounced. In static environments, the location of a user or network
element is unlikely to be secret information. Users and network elements are stationary. However, in a mobile computing environment, it may
be necessary to protect information about the locations and activities of users.
![Page 47: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/47.jpg)
Contd…….. Eavesdropping
Eavesdropping is the act of secretly listening to the private conversation of others without their consent.
Assumptions about physical security of the network no longer hold true when inter-domain interactions enter the picture.
Even if the foreign domain claims its network to be physically secure, a visiting user may not be willing to accept this assurance.
Thus, some sort of cryptographic protection becomes unavoidable.
An issue that is common to the mobility of users and network elements is the availability of resources.
![Page 48: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/48.jpg)
Mobility of Network Elements Mobile users may carry portable computing
devices. Portability introduces the following issues- Risks to data
Due to the higher risks of physical damage, loss, or theft, mobility of devices implies that there is a higher risk of loss for the data stored on them.
Asymmetry in resources Portable devices have comparatively fewer resources
available to them. Technological advancements will improve the quantity
and quality of the available resources.
![Page 49: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/49.jpg)
Wireless Networking Wireless networking is necessary to
support continuous user and device mobility.
This introduces additional issues of concern-
![Page 50: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/50.jpg)
Eavesdropping The convenience of wireless networks has a
cost: it is more convenient for an eavesdropper to listen in on the traffic.
It is often asserted that the primary security concern with wireless networks is that communication is susceptible to eavesdropping and tampering.
While it is true that in wireless networks, links have no physical security at all, the situation is not much better with wired but open networks. Thus cryptographic protection is necessary in both wireless and fixed networks
![Page 51: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/51.jpg)
Hando Another issue that arises when dealing
with multiple domains is that of hando . In a wireless network with mobile users,
a user might wander into neighbouring cells while a session is active.
Security systems must provide convenient and fast means for the session to be transferred (“handed to") from a cell in one domain to a cell in a different domain.
![Page 52: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/52.jpg)
Bandwidth/Error rate Wireless networks typically have lower
bandwidth and suffer from higher error rates compared to wire line networks.
Consequently, traffic over wireless networks is expensive.
Security protocols meant to be used over wireless networks should therefore pay special attention to minimizing the number of messages, message sizes and frequencies of exchange
![Page 53: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/53.jpg)
Frequent Disconnections In contrast to wire line networks,
disconnections will be frequent in wireless networks.
Many researchers are working on finding ways to design robust protocols and applications that can withstand such disconnections.
There are security implications as well.
![Page 54: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/54.jpg)
Credit Card Frauds in mobile and wireless computing era
Credit Card Transaction Environment
![Page 55: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/55.jpg)
An Australian Company “Alarcity” introduce a system known as CLEW (closed loop environment for wireless).
![Page 56: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/56.jpg)
![Page 57: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/57.jpg)
Steps of CLEW A merchant send transaction to bank. The bank transmits to card holder
authorization request. Cardholder approves / rejects
(password protected) The bank/merchant is notified. The credit card transaction is
completed.
![Page 58: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/58.jpg)
Limitation of Wireless Wireless processing equipment is
expensive. Wireless processing comes with extra fee. Wireless credit card machines are subject
to cellular coverage blackouts. Wireless credit card processing uses a business
cellular network called Motient or Mobitex network.
Not sufficient security or encryption to process wireless transactions.
![Page 59: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/59.jpg)
Cryptographic security
![Page 60: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/60.jpg)
LDAP Security for Hand held devices
![Page 61: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/61.jpg)
LDAP Directory Structure
![Page 62: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/62.jpg)
RAS Security for Mobile Devices
![Page 63: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/63.jpg)
Media Player Control Security
![Page 64: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/64.jpg)
Organizational Measures of Mobile devices
Encrypting Database Include mobile devices in security
strategy Enterprise can do the followings-
![Page 65: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/65.jpg)
Use of RFID in M-Commerce
![Page 66: Information System Security](https://reader035.vdocument.in/reader035/viewer/2022062521/5681685d550346895dde99cb/html5/thumbnails/66.jpg)