Lesson III PART 2. Foundation of Information System

Download as pdf or txt
Download as pdf or txt
You are on page 1of 39

APPLIED

BUSINESS TOOLS
AND
TECHNOLOGY
Prepared by: Sheila Mae N. Lizardo
APPLIED
BUSINESS TOOLS
AND
TECHNOLOGY
Prepared by: Sheila Mae N. Lizardo
SECURITY

Does not guarantee the safety of an


organization, information, or computer
systems

❑ Involves in examining threats and


vulnerabilities of an organization and
managing them appropriately
Take appropriate preventative steps to
guard information and capabilities
against these threats
HISTORY
◼ Computer security began immediately after
the first mainframes were developed
❑ Groups developing code-breaking computations
during World War II created the first modern
computers

Multiple levels of security were implemented
◼ Physical controls to limit access to sensitive
military locations to authorized personnel
◼ Defending against physical theft, espionage,
and sabotage
1960S TO 1980S
◼ Scope of computer security grew from
physical security to include:
• Safety of data
• Limiting unauthorized access to data
involvement of personnel from multiple levels
of an organization
◼ At this stage, the concept of computer security
evolved into the more sophisticated system we call
information security
2000 TO PRESENT
◼ The Internet brings millions of computer
networks into communication with each other
—many of them unsecured
◼ Ability to secure a computer’s data influenced
by the security of every computer to which it
is connected
◼ Growing threat of cyber attacks has
increased the need for improved security
WHY SYSTEMS ARE
VULNERABLE ?
1. SECURITY INVOLVES
HUMANS
Human beings are responsible for designing,
configuring, and using systems with security
features. They make mistakes in judgment
and in implementation. They take shortcuts.
They do not anticipate all possible failures.
They can be conned by those wishing to
intrude.
2. SECURITY IS HARD AND
EXPENSIVE
It is not easy to design systems that resist
penetration ,particularly in today's world
where they are connected to open networks.
It requires considerable skill and investment of
resources, often involving dozens of engineers
and scientists and years of work.
Consequently, many systems have
vulnerabilities which allow an intruder to
bypass the security controls. In many cases,
the security controls themselves introduce
weaknesses.
3. SECURITY IS A BOTTOMLESS
PIT

It is often said that the only way to make a


system secure is to pull the plug. It is not
practical, and usually impossible, to achieve
100% security. Not only is it too expensive, it is
unachievable because not all weaknesses and
attacks can be anticipated. Vulnerabilities can
be found in even carefully designed products.
New methods of attack are continually being
discovered. Thus, one settles for something less
than perfect, say a 90% solution aimed at
preventing the simplest and most common
attacks. However, this brings me to the next
observation.
4. SECURITY IS COMPLEX
AND FUZZY
We speak about information security as though it
were well-defined and quantifiable. In fact, it is
neither of these. Security policies are often
complex,imprecise, sometimes conflicting, and
subject to human judgment.
5. DEVELOPERS AND USERS
HAVE LIMITED RESOURCES.
System developers have limited resources to
spend on product development, and those
resources have competing demands, including
functionality, performance, and customer
support. Decisions are based on factors such as
marketability and profitability. Similarly,
organizations have limited resources. Funds for
security management, products, and training
are balanced with other needs of the
organization. In many organizations, the senior
management do not view security as very
important.
6. NEW TECHNOLOGY IS
CONSTANTLY EMERGING
New technologies, for example, to support
World Wide Web applications, bring forth
new forms of vulnerabilities. In the rush to
bring products to market and increase
connectivity, the security implications are
not always thoroughly researched and
understood. Weaknesses are not discovered
until after the products have been on the
market Security engineering lags behind the
product development curve.
INTERNET VULNERABILITIES
• Network open to anyone
• Use of fixed Internet addresses with
permanent connections to Internet eases
identification by hackers
• E-mail attachments
• E-mail used for transmitting trade secrets
• IM messages lack security, can be easily
intercepted
MALICIOUS SOFTWARE

• Malware- malicious software, is any


program or file that is harmful to a
computer user
Viruses
• Rogue software program that attaches
itself to other software programs or data
files in order to be executed
Worms
• Independent computer programs that
copy themselves from one computer
to other computers over a network.
Trojan horses
• Software program that appears to be
benign but then does something other
than expected.
Spyware
• Small programs install themselves
surreptitiously on computers to monitor
user Web surfing activity and serve up
advertising
>Key loggers
• Record every keystroke on computer
to steal serial numbers, passwords,
launch Internet attacks
HACKERS AND COMPUTER
CRIME
• Hackers
• An individual who intended to gain
unauthorized access to a computer system.
• Crackers
• Hacker with criminal intent.
• Activities include
• System intrusion
• System damage
• Cybervandalism: Intentional disruption,
defacement, destruction of Web site or
corporate IS.
Spoofing
• Misrepresenting oneself by using fake e-
mail addresses or masquerading as
someone else
• Redirecting Web link to address different
from intended one, with site masquerading
as intended destination
Sniffer
• Eavesdropping program that monitors
information traveling over network
• Enables hackers to steal proprietary
information such as e- mail, company files,
etc.
COMPUTER CRIMES
• Defined as “any violations of criminal law that
involve a knowledge of computer technology
for their perpetration, investigation, or
prosecution”
• Computer may be target of crime, e.g.:
• Breaching confidentiality of protected
computerized data
• Accessing a computer system without
authority
• Computer may be target of crime, e.g.:
• Theft of trade secrets
• Using e-mail for threats or harassment
1. Identity theft
• Theft of personal Information (social security
id, driver’s license or credit card numbers)
to impersonate someone else
2. Phishing
• Setting up fake Web sites or sending e-mail
messages that look like legitimate
businesses to ask users for confidential
personal data.
3. Evil twins
• Wireless networks that pretend to offer
trustworthy Wi-Fi connections to the
Internet
4. Pharming
• Redirects users to a bogus Web page, even
when individual types correct Web page
address into his or her browser
5. Click fraud
• Occurs when individual or computer
program fraudulently clicks on online ad
without any intention of learning more
about the advertiser or making a purchase
INTERNAL THREATS
• Security threats often originate inside an
organization
• Inside knowledge
• Sloppy security procedures
• User lack of knowledge
• Social engineering:
• Tricking employees into revealing their
passwords by pretending to be legitimate
members of the company in need of
information
SOFTWARE VULNERABILITY

• Commercial software contains flaws that create


security vulnerabilities
• Hidden bugs (program code defects)
• Zero defects cannot be achieved
because complete testing is not possible
with large programs
• Flaws can open networks to intruders
• Failed computer systems can lead to significant
or total loss of business function
• Firms now more vulnerable than ever
• A security breach may cut into firm’s market
value almost immediately
• Inadequate security and controls also bring forth
issues of liability
WHAT IS SECURITY
Layers of security:
❑Physical security - To protect the physical
items, objects, or areas of an organization
from unauthorized access and misuse.

❑Personal security - To protect the individual or


group of individuals who are authorized to
access the organization and its operations.

❑Operations security - To protect the details of a


particular operation or series of activities.

You might also like