Securing Information Systems

MIS – Lecture-18
N P Singh
 The Crisis Management
Approach to Ransomware
• A culture of crisis management is one in which organizations are
prepared for the possibility of a ransomware attack and have a plan
in place to respond quickly and effectively.
• Proactive risk assessment and mitigation: Organizations should
regularly assess their risk of ransomware attacks and implement
proactive measures to mitigate those risks. This includes measures
such as patch management, vulnerability scanning and intrusion
detection systems.
• Continuous employee training and awareness: Employees
should be educated about the risks associated with ransomware
attacks, common attack vectors and best practices for cybersecurity
hygiene. Organizations should conduct regular training sessions,
workshops and awareness campaigns to keep employees up to date
with the evolving threat landscape.
• Incident response planning and testing: Organizations
should develop a comprehensive incident response plan that outlines
clear roles, responsibilities and protocols for responding to
ransomware attacks. The plan should be regularly tested to ensure
 Continue…
• Robust backup and disaster recovery strategies:
Organizations should establish and maintain regular
backups of critical data and systems. The backups
should be regularly tested to ensure their integrity and
accessibility. Organizations should also implement a
well-defined disaster recovery plan that outlines the
process for restoring systems and data in the event of
a ransomware attack.
• Collaborative approach and cross-functional
teams: Organizations should foster a culture of
collaboration and cross-functional teamwork.
Representatives from IT, security, legal,
communications and other relevant departments
should be involved in the incident response planning
Continued…
• Post-incident analysis and lessons learned: After a
ransomware attack, organizations should conduct a
thorough post-incident analysis to understand the root
causes, evaluate the effectiveness of response measures
and identify areas for improvement. Lessons learned
should be documented and implemented to strengthen
the organization's security posture and prevent future
attacks.
• Regular security audits and assessments:
Organizations should conduct regular security audits and
assessments to evaluate the effectiveness of existing
security controls and identify areas for improvement.
External auditors or consultants may be engaged to
provide an unbiased assessment of the organization's
security practices and suggest remediation measures.
 Virus Protection
Softwares
 McAfee Total Protection :
 $99.99 for 10-Devices on 2-Year Plan (List Price
$259.98)
 Norton AntiVirus Plus
 $19.99 for 1-Device on 1-Year Plan (List Price
$59.99)
 Bitdefender Total Security
 $35.99 for 5-Devices on 1-Year Plan (List Price
$94.99)
 Webroot SecureAnywhere
 $23.99 for 1 Device on 1 Year Plan (List Price
$39.99)
 VIPRE Ultimate Security
 $59.99 for 5-Devices on 1-Year Plan (List Price
 Vulnerabilities of
communication lines
 Tapping
 Phone tapping means secretly listening or / recording a
communication in telephone in order to get information about
other’s activities.
 It is also known as ‘wire-tapping’ in some countries.
 Both, the Central and the State Governments have a right to
tap phones under Section 5(2) of Indian Telegraphic Act,
1885. There are times when an investigating authority/agency
needs to record the phone conversations of the person who is
under suspicion.
 Such authorities are supposed to seek permission from the
Home Ministry before going ahead with such an act. In the
application specific reasons have to be mentioned.
 In addition, the need for phone tapping must be proved. Then
the ministry considers the request and grants permission upon
evaluating the merits of the request.
 Spoofing & Sniffing
 Spoofing
 Hackers redirect customer to a fake website that
looks almost exactly the same as true website and
collect the data of customers & use it for further
transactions
 “Sniffing” refers to the monitoring of internet
traffic in real time.
 Sniffers are type of eavesdropping (secretly listening
the conversation) programs or hardware devices that
can spy on you and all of your internet / network
activity.
 Sometimes legitimate, sometimes criminal, sniffers
can leave you feeling exposed.
Attacks on Network
 Vehicular Ad hoc Networks (VANETs), are
frequently targeted by a significant
volume of attacks.
 VANETs are networks of vehicles equipped
with wireless communication devices,
allowing them to communicate with each
other and with roadside infrastructure.
 These networks are vulnerable to various
types of attacks due to their dynamic and
decentralized nature.
 Identity Theft as an
example
 Phishing is an examples of Malware for Identity theft.
 Phishing attacks via social media are on the rise
and India witnessed over 1.5 crore such cyber threats in the
second quarter (Q2) this year, an average of more than 17.5
lakh attacks per day which were blocked by Norton Labs (July
27, 2022).
 Reserve Bank of India (RBI) Phishing Scam (2012): In a
first of its kind phishing attempt, scammers had targeted the
Reserve Bank of India. The phishing email, which had
purported to come from RBI, promised the targeted public,
prize money of Rs.10 lakhs within 48 hours if they clicked on
a link that took them to a website that looked exactly like the
RBI’s official website powered with the same logo and web
address. After that, the user was prompted to give personal
information such as his password, I-pin, and savings account
number
 Popular Attacks
 Confidentiality
 Traffic analysis
 Information gathering attack
 Eavesdropping
 Integrity
 Message suppression
 Message alteration
 Fabrication
 Masquerade (The attacker typically gains access
to the system or network by impersonating an
authenticated user or by exploiting vulnerabilities
to bypass authentication mechanisms.)
 Click Fraud

 All those ads you see on websites cost the sponsor money.
 Every time someone clicks on an ad, the sponsor is charged
a pay-per-click fee.
 The fee is based on the popularity of the search words that
generated the ad. What if your company is paying for an ad
with little or no resultant traffic to your website?
 That’s what happens in the case of click fraud.
 A person or a software program continually hits on the ad,
driving up the advertising fees, without any intention of
actually visiting the site.
 “Click fraud is the act of illegally clicking on pay-per-click
(PPC) ads to increase site revenue or to exhaust advertisers’
budgets. Click fraud is different from invalid clicks (those
that are repeated or made by the ad's publisher) in that it is
intentional, malicious and has no potential for the ad to
 Global Threats: Cyberterrorism
and Cyberwarfare
 “cybercrime” as “a crime committed on a
computer network
 Cyberterrorism essentially consists of using
computer technology to engage in terrorism.
 Basically, crime is “personal” while terrorism
is “political.”
 (i) weapon of mass destruction;
 (ii) weapon of mass distraction; and
 (iii) weapon of mass disruption.
 “Cyberwarfare” constitutes the conduct of
military operations by virtual means.
Attacks

 Authentication and Identification

Attacks
 GPS spoofing
 Position faking
 Availability Attacks
 DOS attack
 Distributed Denial of Service Attack
 Jamming attack (Disrupting wireless
communication by emitting radio frequency
signals that interfere with the normal operation
of wireless devices)
Internal Threats:
Employees
Security threats often originate inside
an organization
Inside knowledge
Sloppy security procedures
 User lack of knowledge
Social engineering
Both end users and information
systems specialists are sources of risk
Software Vulnerability
Commercial software contains flaws that
create security vulnerabilities
 Bugs (program code defects)
 Zero defects cannot be achieved
 Flaws can open networks to intruders
Zero-day vulnerabilities
Patches and patch management: repair
software flaws
Vulnerabilities in microprocessor design:
Spectre, Meltdown
What is the Business
Value of Security and
Control?
Failed computer systems can lead to
significant or total loss of business function
Firms now are more vulnerable than ever
 Confidential personal and financial data
 Trade secrets, new products, strategies
A security breach may cut into a firm’s
market value almost immediately
Inadequate security and controls also bring
forth issues of liability
Legal and Regulatory
Requirements for Electronic
Records
 Management
H I P A A (Health Insurance Portability and Accountability Act)
 Medical security and privacy rules and procedures
 Gramm-Leach-Bliley Act
 Requires financial institutions to ensure the security
and confidentiality of customer data
 Sarbanes-Oxley Act
 Imposes responsibility on companies and their
management to safeguard the accuracy and
integrity of financial information that is used
internally and released externally
 Indian Regulatory Framework
 Information Technology (IT) Act, 2000, Indian
Evidence Act, 1872, The Companies Act, 2013,
Income Tax Act, 1961, The Indian Contract
Act, 1872, Personal Data Protection Bill, 2019 (PDP
Legal and Regulatory Requirements
for Electronic Records Management

 NationalCrime Record Bureau's (NCRB)

data stated that 44,546 cases of cyber
crimes were registered in 2019 as
compared to 28,248 in 2018. The highest
number of cybercrime cases were
registered in Karnataka (12,020) closely
followed by Uttar Pradesh
(11,416),Maharashtra (4,967), Telangana
(2,691) and Assam (2,231). Among the
Union Territories, Delhi accounted for 78%
of cybercrime
Electronic Evidence and
Computer Forensics
 Electronic evidence
 Evidence for white collar crimes often in digital form
 Proper control of data can save time and money
when responding to legal discovery request
 Computer forensics
 Scientific collection, examination, authentication,
preservation, and analysis of data from computer
storage media for use as evidence in court of law
 Recovery of ambient data
Information Systems
Controls
 May be automated or manual
 General controls
 Govern design, security, and use of computer
programs and security of data files in general
throughout organization
 Software controls, hardware controls, computer
operations controls, data security controls,
system development controls, administrative
controls,
 Application controls
 Controls unique to each computerized
application
 Input controls, processing controls, output
General Control
Risk Assessment

Determines level of risk to firm if

specific activity or process is not
properly controlled
 Types of threat
 Probability of occurrence during
year
 Potential losses, value of threat
 Expected annual loss
Online Order Processing
Risk Assessment

Exposure Probability Loss Range Expected Annual

of (Average) ($) Loss ($)
Occurrence
Power failure 30% $5,000 − $30,750
$200,000
($102,500)
Embezzlemen 5% $1,000 − $1,275
t $50,000
($25,500)
User error 98% $200 − $40,000 $19,698
($20,100)
Security Policy
 Ranks information risks, identifies security goals
and mechanisms for achieving these goals
 Drives other policies
 Acceptable use policy (A U P)
 Defines acceptable uses of firm’s information
resources and computing equipment
 Identity management
 Identifying valid users
 Controlling access
Access Rules for a Personnel
System
Disaster Recovery
Planning and Business
Continuity
Disaster recovery Planning
planning
 Devises plans for restoration of
disrupted services
Business continuity planning
 Focuses on restoring business operations
after disaster
Both types of plans needed to identify
firm’s most critical systems
 Business impact analysis to determine
impact of an outage
 Management must determine which
The Role of Auditing
 Information systems audit
 Examines firm’s overall security environment
as well as controls governing individual
information systems
 Security audits
 Review technologies, procedures,
documentation, training, and personnel
 May even simulate disaster to test responses
 List and rank control weaknesses and the
probability of occurrence
 Assess financial and organizational impact of each
threat
Sample Auditor’s List of
Control Weaknesses
Tools and Technologies for
Safeguarding Information Systems
(1 of 3)
 Identity management software
 Automates keeping track of all users and
privileges
 Authenticates users, protecting identities,
controlling access
 Authentication
 Password systems
 Tokens
 Smart cards
 Biometric authentication
 Two-factor authentication
Tools and Technologies for
Safeguarding Information
Systems (2 of 3)
Firewall
 Combination of hardware and software
that prevents unauthorized users from
accessing private networks
 Packet filtering
 Stateful inspection (Connections)
 Network address translation (N A T) 9NAT
allows multiple devices within a private network to share
a single public IP address for communication with
devices outside the private network, such as the Internet
 Application proxy filtering
 Firewall
 A firewall is a network security device that monitors
incoming and outgoing network traffic and permits or
blocks data packets based on a set of security rules.
 Its purpose is to establish a barrier between your
internal network and incoming traffic from external
sources (such as the internet) in order to block malicious
traffic like viruses and hackers.
 Firewalls can either be software or hardware, though it’s
best to have both.
 A software firewall is a program installed on each
computer and regulates traffic through port numbers
and applications, while a physical firewall is a piece of
equipment installed between your network and gateway.
A Corporate Firewall
Types of firewalls

 Packet-filtering firewalls
 The most common type of firewall,
examine packets and prohibit them from
passing through if they don’t match an
established security rule set.
 This type of firewall checks the packet’s
source and destination IP addresses.
 If packets match those of an “allowed”
rule on the firewall, then it is trusted to
enter the network.
Next-generation firewalls
(NGFW)
 Combine traditional firewall technology with
additional functionality, such as encrypted
traffic inspection, intrusion prevention
systems, anti-virus, and more.
 Most notably, it includes deep packet
inspection (DPI).
 While basic firewalls only look at packet
headers, deep packet inspection examines
the data within the packet itself, enabling
users to more effectively identify, categorize,
or stop packets with malicious data
Proxy firewalls
 It filter network traffic at the application level.
 Unlike basic firewalls, the proxy acts an
intermediary between two end systems.
 The client must send a request to the firewall.
 Firewall evaluate request against a set of
security rules and then permitted or blocked it.
 Most notably, proxy firewalls monitor traffic for
layer 7 protocols such as HTTP and FTP, and
use both stateful and deep packet inspection to
detect malicious traffic.
 How Proxy Firewall
works?
 The user requests access to the internet
through a protocol such as File Transfer
Protocol (FTP) or Hypertext Transfer Protocol
(HTTP).
 The user’s computer attempts to create a
session between them and the server, sending
a synchronize (SYN) message packet from
their IP address to the server’s IP address.
 The proxy firewall intercepts the request, and
if its policy allows, replies with a synchronize-
acknowledge (SYN-ACK) message packet from
the requested server’s IP
 How Proxy Firewall
works?
 When the SYN-ACK packet is received by the user’s
computer, it sends a final ACK packet to the server’s IP
address. This ensures a connection to the proxy but not
a valid Transmission Control Protocol (TCP) connection.
 The proxy completes the connection to the external
server by sending a SYN packet from its IP address.
When it receives the server’s SYN-ACK packet, it
responds with an ACK packet. This ensures a valid TCP
connection between the proxy and the user’s computer
and between the proxy and the external server.
 Requests made through the client-to-proxy connection
then the proxy-to-server connection will be analyzed to
ensure they are correct and comply with the corporate
policy until either side terminates the connection.
Diagram of Proxy
Firewall
 Intrusion Detection
Systems
 Full time intrusion detection softwares are placed at
vulnerable points in the corporate network to monitor
abnormal events.
 Examples
 Solar Winds Security Event Manager
 Analyzes logs from Windows, Unix, Linux, and Mac OS
systems.
 It manages data collected by Snort, including real-time data.
Snort is an open-source, free and lightweight
network intrusion detection system (NIDS) software
for Linux and Windows to detect emerging threats
 Security Event Management (SEM) is an intrusion
prevention system, shipping with over 700 rules to shut
down malicious activity. An essential tool for improving
security, responding to events and achieving compliance.
Anti Malware Software

 Ata minimum, installing a

simple antivirus utility should keep
most threats at bay
Securing Wireless
Networks
Encryption & Public Key
Infrastructure
Securing Transactions with
Block Chains
Ensuring System Availability
Secure Outsourcing: Managed
security service providers
(MSSPs)
Making Mobile platform
secure
 Organizations must come up security
policies
 Example
 Password policy
 Mac Binding
 Use of free downloads etc.
 Usage of free softwares
 Interaction with social media
websites
Securing Cloud
Platforms
 Service Level Agreements (SLAs)
 Cloud security Alliance (CSA) has
created industry wide standards for
cloud security, specifying best
standards practices for security
 Class Assignment
 Zapak operates online games sites used by 16 million
people in over 100 countries. Players are allowed to
enter a game for free, but must buy digital assets
from Zapak, such as swords to fight dragons, if they
want to be deeply involved. The games can
accommodate millions of players at once and are
played simultaneously by people all over the world.
 Question 1: What kinds of security threats should it
anticipate? (For Roll No – 253-273)
 Question 2: What will be the impact of security lapses
on the business? (For Roll No – 274- 294)
 Question No 3: What steps can it take to prevent
damage to its web sites and continuing operations?
( For remaining Roll Numbers)
Computer Crimes