Date post: | 09-Apr-2018 |
Category: |
Documents |
Upload: | faizan-malik |
View: | 222 times |
Download: | 0 times |
of 36
8/8/2019 IT in Business - Lect_13
1/37
IT in Business
Issues in Information
TechnologyLecture 13
8/8/2019 IT in Business - Lect_13
2/37
2
SecurityWhat is Security?
Breach:A breakdown in security.
Security: Safeguarding and protecting an
enterprises information technology assets.
Site Security
Resource Security
Network Security
Service Security
8/8/2019 IT in Business - Lect_13
3/37
3
SecurityDefinition
Security Program: The policies and protective
measures that will be used, the responsibilities ofindividuals involved in maintaining security, as well
as the responsibilities of those who abide by
established security policies.
Harden: Designing a security program to a potential
IT target, making the level of effort greater than the
value of breaking into a system, network, or facility.
8/8/2019 IT in Business - Lect_13
4/37
4
SecurityTypes of Security Breach
Intrusion: Forced and unauthorized entry into
a system.
Interception:Aimed at preventing the capture
of data and information transmitted over an
enterprise network or other communications
link.
8/8/2019 IT in Business - Lect_13
5/37
5
SecurityResults of Security Breach
Destruction of Resources
Corruption ofData and Applications
Denial ofServices
Theft ofServices
Theft of Resources
8/8/2019 IT in Business - Lect_13
6/37
6
SecurityResults of Security Breach (Continued)
Denial-of-Services Attack: Depriving, usually
intentionally and temporarily, an enterprise orits users of the services they would normally
expect to have, usually involving a network
service (such as e-mail) or access to a
location on the network (such as a Web site).
8/8/2019 IT in Business - Lect_13
7/37
7
SecuritySources of Security Breach
Employees
Identify Theft: Loss of personal identity through asecurity breach.
Hacker:A person who gains access to a
system illegally.
8/8/2019 IT in Business - Lect_13
8/37
8
SecuritySources of Security Breach (Continued)
Terrorist: Someone who conducts a
premeditated, politically motivated attackagainst information, computer systems,computer programs, and data, which resultsin violence against non-combatant targets bysub-national groups or clandestine agent. Cyber-terrorism: Terrorist attack on computer
facilities in companies that rely on IT to producetheir services.
8/8/2019 IT in Business - Lect_13
9/37
9
SecuritySources of Security Breach (Continued)
Computer Viruses
Virus:A hidden program that alters without
the users knowledge, the way a computer
operates or that modifies the data and
programs stored on the computer.
8/8/2019 IT in Business - Lect_13
10/37
10
SecuritySources of Security Breach (Continued)
8/8/2019 IT in Business - Lect_13
11/37
11
SecuritySecurity Measures
General Security Policies and Procedures Change access passwords frequently
Restrict system use Limit access to data
Set up physical access controls
Partition responsibilities
Encrypt data
E
stablish procedural controls Institute educational programs
Audit system activities
Log all transactions and user activities
8/8/2019 IT in Business - Lect_13
12/37
12
SecuritySecurity Measures (Continued)
8/8/2019 IT in Business - Lect_13
13/37
13
SecuritySecurity Measures (Continued)
Virus Protection Software
Digital Signatures
DigitalSignature Encryption: Relies on a
mathematical coding scheme designed to foil a
viruss attempt to attack programs and data.
Encryption
8/8/2019 IT in Business - Lect_13
14/37
14
SecuritySecurity Measures (Continued)
8/8/2019 IT in Business - Lect_13
15/37
15
SecurityMethods of Encryption
Public Key Infrastructure (PKI):A public key is made
available in a directory that all parties can search.Thus a sender wishing to transmit a secured
message searches a digital certificate directory to
find the recipientspublic key, using it to encrypt the
message.
Secure Electronic Transaction (SET):An adaptation ofpublic key encryption and the digital certificate (which the
industry calls an electronic wallet) for securing financial
transactions over the Internet.
8/8/2019 IT in Business - Lect_13
16/37
16
SecurityMethods of Encryption (Continued)
Pretty Good Privacy (PGP):A program used toencrypt and decrypt e-mail and to encrypt digitalsignatures, so the recipient knows the transmissionwas not changed along the way.
Virtual Private Network (VPN):A way to use a public
telecommunication infrastructure, such as theInternet, to provide secure communication betweenindividuals or client computers at remote locationsand an enterprise network.
8/8/2019 IT in Business - Lect_13
17/37
17
SecurityMethods of Encryption (Continued)
Virtual Private Network
Tunneling Protocols: By encrypting data at thesending end and decrypting it at the receiving
end, the protocols send the data (and if an
enterprise chooses, the originating and receiving
network addresses as well) through a tunnelthat
cannot be enteredby data that is not properly
encrypted.
8/8/2019 IT in Business - Lect_13
18/37
18
SecuritySecurity Measures
Firewall:A special-purpose software program
located at a network gateway server.
ProxyServer:Act as an intermediary
between a PC and the Internet, separating
an enterprise network from an outside
network.
8/8/2019 IT in Business - Lect_13
19/37
19
SecuritySecurity Measures
8/8/2019 IT in Business - Lect_13
20/37
20
SecuritySecurity Measures
8/8/2019 IT in Business - Lect_13
21/37
21
SecuritySecurity Measures
8/8/2019 IT in Business - Lect_13
22/37
22
SecuritySecurity Measures
8/8/2019 IT in Business - Lect_13
23/37
23
ReliabilityDefinition
Reliability: The assurance that computers
and communications systems will do whatthey should when they should.
8/8/2019 IT in Business - Lect_13
24/37
24
ReliabilityEnsuring ITService Reliability
Fault-tolerantComputer:A computer designed with
duplicate components to ensure reliability.
Uninterruptible PowerSupply (UPS) System:A
system that ensures the continued flow of electricity
when the primary source of power fails.
DisasterRecovery Plan:A procedure for restoring
data lost when a system stops functioning.
8/8/2019 IT in Business - Lect_13
25/37
25
ReliabilityEnsuring ITService Reliability
Off-site Backup Facility:A backup computer
center located away from a companys mainfacility. HotSite:A fully equipped backup computer
center to which a company can take its backupcopies of data and software and resume
processing. ColdSite:A backup facility outfitted with electrical
power and environmental controls so that it isready for a company to install a computer system.
8/8/2019 IT in Business - Lect_13
26/37
26
ReliabilityEnsuring ITService Reliability
8/8/2019 IT in Business - Lect_13
27/37
27
PrivacyWhat is Privacy?
Privacy: In IT, the term used to refer to how
personal information is collected, used, andprotected.
8/8/2019 IT in Business - Lect_13
28/37
28
PrivacySpam and Privacy
Spam: Unsolicited e-mail.
Opt-in E-mail/Permission-based E-mail: If
customers check a box agreeing to receive
postings about the companys products, they
have actually given approval for the mailing.
8/8/2019 IT in Business - Lect_13
29/37
29
EthicsDefinition
Ethics: The standards of conduct and moral
behavior that people are expected to follow.
8/8/2019 IT in Business - Lect_13
30/37
30
EthicsEthics and ITUsage in Business
E-mail Privacy
Software Licenses Software Copyrights
Hardware Access
Intellectual Property Ownership File Access
Data Ownership
8/8/2019 IT in Business - Lect_13
31/37
31
EthicsAn Ethics Challenge
Developing a Code ofEthics
Informed Consent The HigherEthic
Most Restrictive Action
Kantian Universality Rule
Descartes Change in Rule The Owners Conservative Rule
The Users Conservative Rule
8/8/2019 IT in Business - Lect_13
32/37
32
EthicsAn Ethics Challenge
SocialResponsibility: The concept that
businesses need to balance theircommitments to investors, employees,
customers, other businesses, and the
communities in which they operate.
8/8/2019 IT in Business - Lect_13
33/37
33
Digital PiracyDefinition
Digital Piracy: The making of illegal copies of
copyrighted information.
8/8/2019 IT in Business - Lect_13
34/37
34
Digital PiracyProtectingAgainst Software Piracy
Software Piracy: The making of illegal copies ofsoftware.
Software Copyright Protection Copyright: Legal protection of original works against
unauthorized use, including duplication.
Copy Protection:A software protection scheme thatdefeats attempts to copy a program or makes thecopies software unreliable.
8/8/2019 IT in Business - Lect_13
35/37
35
Digital PiracyProtectingAgainst Software Piracy
Software Site Licensing
Site License:An agreement under which asoftware purchaser pays a fee to the
manufacturer to make a specified number of
copies of a particular program.
8/8/2019 IT in Business - Lect_13
36/37
36
Digital PiracyPublicDomain Software
PublicDomain Software:Any non-
copyrighted software that can be used by thegeneral public.
Shareware: Software that is given away and
freely distributed.T
he developer retainsownership, asks users to register with theowner, and requests a nominal fee for usingthe program.
8/8/2019 IT in Business - Lect_13
37/37
The End
Thank You