Group number: F

Topic: Securing
Information Systems.

Course instructor : Professor Dr. M. Ahsan Habib

Course code: 508
Course name : Management Information Systems.

1
Serial number Student Name Student Id

1. Md. Maznur Rahman 17 - 160

2. Ahasun Ullah 17 - 161

3. Md. Sultan mahmud 17 - 163

4. Tanvir Hasan Plabon 17 - 164

5. Arif Ahmed 17 - 165

6. Sopna Akter 17 - 166
7. Sadia Yeasmin 17 - 167

8. Khairul Basar 17 - 168

9. Shahrin Afroz 17 - 169

10. Mst. Ayesha Akter

2
17 - 170
Why are Information Systems vulnerable to destruction, error, and abuse?

 Vulnerability may refer to any type of weakness in a computer system itself, in a set
of procedures, or in anything that leaves information security exposed to a threat.

 Information system is one type of digital data. Digital data are vulnerable to
destruction, misuse, error, fraud, and hardware or software failures. When large
amounts of data are stored in electronic form, they are vulnerable to many more
kinds of threats than when they existed in manual form. The Internet is designed to
be an open system and makes internal corporate systems more vulnerable to
actions from outsiders. Hackers can unleash denial-of-service (Do’s) attacks or
penetrate corporate networks, causing serious system disruptions. Computer
viruses and worms can disable systems and Websites. Software presents problems
because software bugs may be impossible to eliminate and because software
vulnerabilities can be exploited by hackers and malicious software.

3
 Why systems are vulnerable?

 Systems are vulnerable because they are interconnected and can be accessed from any point
in the connection. When large amounts of data are stored in electronic form, they are
vulnerable to many kinds of threats. The reasons for being the system vulnerable are-
 The potential for unauthorized access or damage is not limited to a single location but can
occur at many access points in the network.
 Users at the client layer can cause harm by introducing errors or by accessing systems
without authorization.
 Systems malfunction if computer hardware breakdown,is not configured properly, or is
damaged by improper use of criminal acts.
 Errors in programming, improper installation, or unauthorized changes cause computer
software to fail.
 Power failures, floods, fires, or other natural disasters can also disrupt computer systems.
 Domestic or offshore partnering with another company contributes to system vulnerability if
valuable information resides on networks and computers outside the organisations control.
 Portability makes cell phones, smartphones and tablet computers easy to lose or steal. As
these devices contain sensitive data intruders may also be able to access internal corporate
systems through these devices.
4
 What is the business value of security and control?


 Security: the policy procedure and technical measures used to prevent unauthorized access, alteration, theft or
damage to information systems
Controls: all method, policies and procedures that ensure the safety of the organization’s assets
- the accuracy and reliability of its record.
- operation adherence to management standards.

Explain how security and control provide value for business.

Company systems often house confidential information about individuals’ taxes, financial assets, medical records
and job performance reviews. They may contain information on corporate operations, trade secrets, new products
development plans and marketing strategies. Inadequate security and control may also create serious legal liability.
Business must protect not only their own information assets but also those of customer, employees and business
partners. Recent US government regulations mandate the protection of data from abuse, exposure and
unauthorized access include:
The health insurance portability and accountability act (HIPAA) of 1996, which requires members of the healthcare
industry to retain patient information for six years and ensure the confidentiality of those records.
The Gramm-Leach-Bliley Act, which requires financial institutions to ensure the security and confidentiality of
customer data.
The Sarbanes-Oxley Act, which impose responsibility on companies and their management to use internal controls
to safeguard the accuracy and integrity of financial information.
Firms face new legal obligation for electronic records management and document retention as well as for privacy
protection.
5
 
 Legal and Regulatory requirements for Electronic Records
Management.

 Wikileaks by julian Assange: leak the evidence of war crime all around the world by the USA
soldiers.
 Panama Papers: leak allegation of money laundering and tax evasion of politicians and billionaires
in 2016.
 Pandora papers: show how global elites continue to exploit tax loopholes and evade tax in 2021.

6
To protect data from abuse, exposure and unauthourized access Government
regulations are forcing companies to take security amd control more seriously.
Somes regulations are following:

Health Insurance portability and Accountability Act: (HIPAA)

To retain patients information for 6 years and ensure confidentiality.

Garmm-Leach-Bliely Act:
To ensure security and confidentiality of customers data.
Sarbans Oxley Act: (SOA)
To protect the investors and ensure accuracy and integrity of financial
informations.

7
 What are the components of an organizational framework
for security and control?
General controls:
govern the design, security, and use of computer programs and the security
of data files in general throughout the organization's information tech
infrastructure. apply to all computerized apps and consist of a combo of
hardware, software, and manual procedures that create an overall control
environment.
 Application controls:
specific controls unique to each computerized application, such as payroll or
order processing. Include both automated and manual procedures that
ensure that only authorized data are completely and accurately processed by
that app.
App controls can be classified as
1. input controls
2. processing controls
3. output controls 8
 What are the most important tools and technologies for
safeguarding information resources?

  

 Authentication
the ability to know that a person is who he or she claims to be. Established through passwords

 Passwords
known only to authorized users. uses specific word to long on to a computer system and for accessing specific systems
and files.

 Token
a physical device, similar to an identification card, that is designed to prove the identity of a single user. Small gadgets
that typically fit on key rings and display passcodes that change frequently.

 Smart Card
a device about the size of a credit card that contains a chip formatted with access permission and other data.

 Biometric authentication
uses systems that read and interpret individual human traits, such as fingerprints, irises, and voices to grant or deny
access. Based on the measurement of a physical or behavioral trait that makes each individual unique. Compares a
person's unique characteristics against a stored profile of these characteristics to determine any differences between
these characteristics and the stored profile. 9
 What are the most important tools and technologies for
safeguarding information resources?

 Two factor authentication

increases security by validating users through a multistep process. A user must provide two means of
identification, one of which is typically a physical token, such as a smartcard or chip enabled back card and
the other is typically data, such as a password or personal identification number (PIN). Biometric data can
also be used as one of the authenticating mechanisms.

 Firewalls
prevent unauthorized users from accessing private networks.
A combination of hardware and software that controls the flow of incoming and outgoing network traffic.
Intrusion detection systems.
feature full-time monitoring tools placed at the most vulnerable points or hot spots of corporate networks
to detect and deter intruders continually. Generates an alarm if it finds a suspicious or anomalous event.

 Antivirus software
prevents, detects, and removes malware, including computer viruses, computer worms, Trojan horses,
spyware, and adware. Most are effective only against malware already known when the software was
written. Must be continually updated. Not always effective because some malware can evade antivirus
detection. Need to use additional malware detection tools for better protection.
10
Yesterday is a history,
Tomorrow is a mystery
But,
Today is a gift,
That’s why it is called present.

Thank you
Everyone.

11