IT in Business - Lect_13

8/8/2019 IT in Business - Lect_13

1/37

IT in Business

Issues in Information

TechnologyLecture 13


2/37

2

SecurityWhat is Security?

Breach:A breakdown in security.

Security: Safeguarding and protecting an

enterprises information technology assets.

Site Security

Resource Security

Network Security

Service Security


3/37

3

SecurityDefinition

Security Program: The policies and protective

measures that will be used, the responsibilities ofindividuals involved in maintaining security, as well

as the responsibilities of those who abide by

established security policies.

Harden: Designing a security program to a potential

IT target, making the level of effort greater than the

value of breaking into a system, network, or facility.


4/37

4

SecurityTypes of Security Breach

Intrusion: Forced and unauthorized entry into

a system.

Interception:Aimed at preventing the capture

of data and information transmitted over an

enterprise network or other communications

link.


5/37

5

SecurityResults of Security Breach

Destruction of Resources

Corruption ofData and Applications

Denial ofServices

Theft ofServices

Theft of Resources


6/37

6

SecurityResults of Security Breach (Continued)

Denial-of-Services Attack: Depriving, usually

intentionally and temporarily, an enterprise orits users of the services they would normally

expect to have, usually involving a network

service (such as e-mail) or access to a

location on the network (such as a Web site).


7/37

7

SecuritySources of Security Breach

Employees

Identify Theft: Loss of personal identity through asecurity breach.

Hacker:A person who gains access to a

system illegally.


8/37

8

SecuritySources of Security Breach (Continued)

Terrorist: Someone who conducts a

premeditated, politically motivated attackagainst information, computer systems,computer programs, and data, which resultsin violence against non-combatant targets bysub-national groups or clandestine agent. Cyber-terrorism: Terrorist attack on computer

facilities in companies that rely on IT to producetheir services.


9/37

9


Computer Viruses

Virus:A hidden program that alters without

the users knowledge, the way a computer

operates or that modifies the data and

programs stored on the computer.


10/37

10



11/37

11

SecuritySecurity Measures

General Security Policies and Procedures Change access passwords frequently

Restrict system use Limit access to data

Set up physical access controls

Partition responsibilities

Encrypt data

E

stablish procedural controls Institute educational programs

Audit system activities

Log all transactions and user activities


12/37

12

SecuritySecurity Measures (Continued)


13/37

13


Virus Protection Software

Digital Signatures

DigitalSignature Encryption: Relies on a

mathematical coding scheme designed to foil a

viruss attempt to attack programs and data.

Encryption


14/37

14



15/37

15

SecurityMethods of Encryption

Public Key Infrastructure (PKI):A public key is made

available in a directory that all parties can search.Thus a sender wishing to transmit a secured

message searches a digital certificate directory to

find the recipientspublic key, using it to encrypt the

message.

Secure Electronic Transaction (SET):An adaptation ofpublic key encryption and the digital certificate (which the

industry calls an electronic wallet) for securing financial

transactions over the Internet.


16/37

16

SecurityMethods of Encryption (Continued)

Pretty Good Privacy (PGP):A program used toencrypt and decrypt e-mail and to encrypt digitalsignatures, so the recipient knows the transmissionwas not changed along the way.

Virtual Private Network (VPN):A way to use a public

telecommunication infrastructure, such as theInternet, to provide secure communication betweenindividuals or client computers at remote locationsand an enterprise network.


17/37

17

SecurityMethods of Encryption (Continued)

Virtual Private Network

Tunneling Protocols: By encrypting data at thesending end and decrypting it at the receiving

end, the protocols send the data (and if an

enterprise chooses, the originating and receiving

network addresses as well) through a tunnelthat

cannot be enteredby data that is not properly

encrypted.


18/37

18


Firewall:A special-purpose software program

located at a network gateway server.

ProxyServer:Act as an intermediary

between a PC and the Internet, separating

an enterprise network from an outside

network.


19/37

19



20/37

20



21/37

21



22/37

22



23/37

23

ReliabilityDefinition

Reliability: The assurance that computers

and communications systems will do whatthey should when they should.


24/37

24

ReliabilityEnsuring ITService Reliability

Fault-tolerantComputer:A computer designed with

duplicate components to ensure reliability.

Uninterruptible PowerSupply (UPS) System:A

system that ensures the continued flow of electricity

when the primary source of power fails.

DisasterRecovery Plan:A procedure for restoring

data lost when a system stops functioning.


25/37

25


Off-site Backup Facility:A backup computer

center located away from a companys mainfacility. HotSite:A fully equipped backup computer

center to which a company can take its backupcopies of data and software and resume

processing. ColdSite:A backup facility outfitted with electrical

power and environmental controls so that it isready for a company to install a computer system.


26/37

26



27/37

27

PrivacyWhat is Privacy?

Privacy: In IT, the term used to refer to how

personal information is collected, used, andprotected.


28/37

28

PrivacySpam and Privacy

Spam: Unsolicited e-mail.

Opt-in E-mail/Permission-based E-mail: If

customers check a box agreeing to receive

postings about the companys products, they

have actually given approval for the mailing.


29/37

29

EthicsDefinition

Ethics: The standards of conduct and moral

behavior that people are expected to follow.


30/37

30

EthicsEthics and ITUsage in Business

E-mail Privacy

Software Licenses Software Copyrights

Hardware Access

Intellectual Property Ownership File Access

Data Ownership


31/37

31

EthicsAn Ethics Challenge

Developing a Code ofEthics

Informed Consent The HigherEthic

Most Restrictive Action

Kantian Universality Rule

Descartes Change in Rule The Owners Conservative Rule

The Users Conservative Rule


32/37

32

EthicsAn Ethics Challenge

SocialResponsibility: The concept that

businesses need to balance theircommitments to investors, employees,

customers, other businesses, and the

communities in which they operate.


33/37

33

Digital PiracyDefinition

Digital Piracy: The making of illegal copies of

copyrighted information.


34/37

34

Digital PiracyProtectingAgainst Software Piracy

Software Piracy: The making of illegal copies ofsoftware.

Software Copyright Protection Copyright: Legal protection of original works against

unauthorized use, including duplication.

Copy Protection:A software protection scheme thatdefeats attempts to copy a program or makes thecopies software unreliable.


35/37

35

Digital PiracyProtectingAgainst Software Piracy

Software Site Licensing

Site License:An agreement under which asoftware purchaser pays a fee to the

manufacturer to make a specified number of

copies of a particular program.


36/37

36

Digital PiracyPublicDomain Software

PublicDomain Software:Any non-

copyrighted software that can be used by thegeneral public.

Shareware: Software that is given away and

freely distributed.T

he developer retainsownership, asks users to register with theowner, and requests a nominal fee for usingthe program.


37/37

The End

Thank You

Date post:	09-Apr-2018
Category:	Documents
Upload:	faizan-malik
View:	222 times
Download:	0 times

IT in Business - Lect_13

Documents