SlideShare uma empresa Scribd logo

Chapter 13

B
bodo-con
Saúde e medicinaNegócios
1 de 24
Chapter 13 Electronic Security
Objectives • Explore electronic security issues. • Describe processes for securing information in a computer network. • Identify various methods of user authentication and relate authentication to security of a network. • Explain methods to anticipate and prevent typical threats to network security.
Securing Network Information • The linking of computers together and to the outside creates the possibility of a breach of network security, and exposes the information to unauthorized use. • The three main areas of secure network information are confidentiality, availability, and integrity.
Confidentiality • Safeguarding all personal information by ensuring that access is limited to only those who are authorized. • “Shoulder surfing” or watching over someone’s back as they are working, is still a major way that confidentiality is compromised.
Acceptable Use • Organizations protect the availability of their networks with an acceptable use policy. • Defines the types of activities that are acceptable and not acceptable on the corporate computer network • Defines the consequences for violations.
Information Integrity • Quality and accuracy of networked information • Organizations need clear policies to clarify: – how data is actually inputted, – who has the authorization to change such data and – to track how and when data are changed and by whom.
Authentication of Users • Authentication of employees is also used by organizations in their security policies. • Organizations authenticate by: – something the user knows (password), – something the user has (ID badge), or – something the user is (biometrics)
More About Authentication • Policies typically include the enforcement of changing passwords every thirty or sixty days. • Biometric devices include recognizing thumb prints, retina patterns or facial patterns. • Organizations may use a combination of these types of authentication.
Threats to Security • A 2003 nationwide survey by the Computing Technology Industry Association (CompTIA) found that human error was the most likely cause of problems with security breaches. • The first line of defense is strictly physical. • The power of a locked door, an operating system that locks down after five minutes of inactivity, and regular security training programs are extremely effective.
Threats to Security • One way to address this physical security risk is to limit the authorization to ‘write’ files to a device. • Organizations are also ‘turning’ off the CD/DVD burners and USB ports on company desktops.
Threats to Security • The most common threats a corporate network faces from the outside world are hackers, malicious code (spyware, viruses, worms, Trojan horses) and the malicious insider. • Spyware is normally controlled by limiting functions of the browser used to surf the Internet.
Cookies • A “cookie” is a very small file written to the hard drive of a user surfing the Internet. • On the negative side, cookies can also follow the user’s travels on the Internet. • Spying cookies related to marketing typically do not track keystrokes to steal user ids and passwords.
Threats to Security • Spyware that does steal user ids and passwords contains malicious code that is normally hidden in a seemingly innocent file download. • Another huge threat to corporate security is social engineering, or the manipulation of a relationship based on one’s position in an organization.
Malicious Insider • The number one security threat to a corporate network is the malicious insider. • There is also software available to track and thus monitor employee activity. • Depending on the number of employees, organizations may also employ a full time electronic auditor who does nothing but monitor activity logs.
Security Tools • There are a wide range of tools available to an organization to protect the organizational network and information. • These tools can be either a software solution such as antivirus software or a hardware tool such as a proxy server.
Security Tools • E-mail scanning software and antivirus software should never be turned off and updates should be run weekly, and ideally, daily. • Software is also available to scan instant messages and to automatically delete spam e-mail.
Firewalls • A firewall can be either hardware or software or a combination of both. • A firewall can be set up to examines traffic to and from the network • Firewalls are basically electronic security guards at the gate of the corporate network.
Proxy Servers • Hardware security tool to help protect the organization against security breaches by: – preventing users from directly accessing the Internet from corporate computers. – Issuing masks to protect the identity of a corporation’s employees accessing the World Wide Web. – tracking which employees are using which masks and directing the traffic appropriately.
Intrusion detection systems • Hardware and software to monitor who is using the organizational network and what files that user has accessed. • Corporations must diligently monitor for unauthorized access of their networks. • Remember: Any use of a secured network leaves a digital footprint that can be easily tracked by electronic auditing software.
Offsite Use of Portable Devices • Off site uses of portable devices such as laptops, PDA’s, home computing systems, smart phones, and portable data storage devices can help to streamline the delivery of health care. • Some agencies have developed a virtual private network (VPN) that the user must log in to in order to reach the network. • The VPN ensures that all data transmitted via this gateway is encrypted.
Offsite Use of Portable Devices • Only essential data for the job should be contained on the mobile device, and other non- clinical information such as a social security numbers should never be carried outside the secure network. • The agency is ultimately responsible for the integrity of the data contained on these devices as required by HITECH and HIPAA regulations.
Offsite Use of Portable Devices • If a device is lost or stolen, the agency must have clear procedures in place to help insure that sensitive data does not get released or used inappropriately. • The Department of Health and Human Services (2006) identifies potential risks and proposes risk management strategies for accessing, storing, and transmitting EPHI. Visit this website for detailed tabular information (p 4-6) on potential risks and risk management strategies: http://www.cms.hhs.gov/SecurityStandard/Download s/SecurityGuidanceforRemoteUseFinal122806.pdf
Thought Provoking Questions 1. Jean, a diabetes nurse educator recently read an article in an online journal that she accessed through her health agency’s database subscription. The article provided a comprehensive checklist for managing diabetes in older adults that she prints and distributes to her patients in a diabetes education class. Does this constitute fair use or is this a copyright violation?
Thought Provoking Questions 2. Sue is a COPD clinic nurse enrolled in a Master’s education program. She is interested in writing a paper on the factors that are associated with poor compliance with medical regimens and associated re-hospitalization of COPD patients. She downloads patient information from the clinic database to a thumb drive that she later accesses on her home computer. Sue understands rules about privacy of information and believes that since she is a nurse and needs this information for a graduate school assignment that she is entitled to the information. Is Sue correct in her thinking?

Recomendados

The adversary playbook - the tools, techniques and procedures used by threat ...
The adversary playbook - the tools, techniques and procedures used by threat ...The adversary playbook - the tools, techniques and procedures used by threat ...
The adversary playbook - the tools, techniques and procedures used by threat ...Jisc
 
Hunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentHunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentTeymur Kheirkhabarov
 
Basics of criminology
Basics of criminologyBasics of criminology
Basics of criminologyDEEPRAVIN
 
THREAT GROUP CARDS: A THREAT ACTOR ENCYCLOPEDIA
THREAT GROUP CARDS: A THREAT ACTOR ENCYCLOPEDIATHREAT GROUP CARDS: A THREAT ACTOR ENCYCLOPEDIA
THREAT GROUP CARDS: A THREAT ACTOR ENCYCLOPEDIAETDAofficialRegist
 
Crime and social control ppt
Crime and social control pptCrime and social control ppt
Crime and social control pptRidaNaz8
 
PowerShell Inside Out: Applied .NET Hacking for Enhanced Visibility by Satosh...
PowerShell Inside Out: Applied .NET Hacking for Enhanced Visibility by Satosh...PowerShell Inside Out: Applied .NET Hacking for Enhanced Visibility by Satosh...
PowerShell Inside Out: Applied .NET Hacking for Enhanced Visibility by Satosh...CODE BLUE
 
Domain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingDomain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingMaganathin Veeraragaloo
 
Windows Forensic 101
Windows Forensic 101Windows Forensic 101
Windows Forensic 101Digit Oktavianto
 

Recomendados

The adversary playbook - the tools, techniques and procedures used by threat ...
The adversary playbook - the tools, techniques and procedures used by threat ...The adversary playbook - the tools, techniques and procedures used by threat ...
The adversary playbook - the tools, techniques and procedures used by threat ...Jisc
 
Hunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentHunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentTeymur Kheirkhabarov
 
Basics of criminology
Basics of criminologyBasics of criminology
Basics of criminologyDEEPRAVIN
 
THREAT GROUP CARDS: A THREAT ACTOR ENCYCLOPEDIA
THREAT GROUP CARDS: A THREAT ACTOR ENCYCLOPEDIATHREAT GROUP CARDS: A THREAT ACTOR ENCYCLOPEDIA
THREAT GROUP CARDS: A THREAT ACTOR ENCYCLOPEDIAETDAofficialRegist
 
Crime and social control ppt
Crime and social control pptCrime and social control ppt
Crime and social control pptRidaNaz8
 
PowerShell Inside Out: Applied .NET Hacking for Enhanced Visibility by Satosh...
PowerShell Inside Out: Applied .NET Hacking for Enhanced Visibility by Satosh...PowerShell Inside Out: Applied .NET Hacking for Enhanced Visibility by Satosh...
PowerShell Inside Out: Applied .NET Hacking for Enhanced Visibility by Satosh...CODE BLUE
 
Domain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingDomain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingMaganathin Veeraragaloo
 
Windows Forensic 101
Windows Forensic 101Windows Forensic 101
Windows Forensic 101Digit Oktavianto
 
Windowsforensics
WindowsforensicsWindowsforensics
WindowsforensicsSantosh Khadsare
 
Harassment
HarassmentHarassment
HarassmentVellore Institute of Technology (VIT)
 
Data recovery
Data recoveryData recovery
Data recoveryMir Majid
 
A Presentation on Crime and its classification
A Presentation on Crime and its classification A Presentation on Crime and its classification
A Presentation on Crime and its classification Sultan Mahmood
 
Hard Disk Data Acquisition
Hard Disk Data AcquisitionHard Disk Data Acquisition
Hard Disk Data AcquisitionTaha İslam YILMAZ
 
Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Hossam .M Hamed
 
Mac Forensics
Mac ForensicsMac Forensics
Mac ForensicsCTIN
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
Preventing School Violence
Preventing School ViolencePreventing School Violence
Preventing School ViolenceLittle Angels High School -Gwalior
 
Cybercrime investigation
Cybercrime investigationCybercrime investigation
Cybercrime investigationProf. (Dr.) Tabrez Ahmad
 
Virtual Machine Forensics
Virtual Machine ForensicsVirtual Machine Forensics
Virtual Machine Forensicsprimeteacher32
 
Hunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentHunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentTeymur Kheirkhabarov
 
Theft
TheftTheft
TheftLegalEyres
 
Horror film trailer survey report
Horror film trailer survey reportHorror film trailer survey report
Horror film trailer survey reportBethMelia
 
Penology
PenologyPenology
Penologyezzeldin bassyouni
 
Module 02 ftk imager
Module 02 ftk imagerModule 02 ftk imager
Module 02 ftk imagerParminderKaurBScHons
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 Matrix8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 MatrixJorge Orchilles
 
The Hunter Games: How to Find the Adversary with Event Query Language
The Hunter Games: How to Find the Adversary with Event Query LanguageThe Hunter Games: How to Find the Adversary with Event Query Language
The Hunter Games: How to Find the Adversary with Event Query LanguageRoss Wolf
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Chapter 14
Chapter 14Chapter 14
Chapter 14bodo-con
 
Chapter 10
Chapter 10Chapter 10
Chapter 10bodo-con
 

Mais conteúdo relacionado

Mais procurados

A Presentation on Crime and its classification
A Presentation on Crime and its classification A Presentation on Crime and its classification
A Presentation on Crime and its classification Sultan Mahmood
 
Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Hossam .M Hamed
 
Mac Forensics
Mac ForensicsMac Forensics
Mac ForensicsCTIN
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
Virtual Machine Forensics
Virtual Machine ForensicsVirtual Machine Forensics
Virtual Machine Forensicsprimeteacher32
 
Hunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentHunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentTeymur Kheirkhabarov
 
Horror film trailer survey report
Horror film trailer survey reportHorror film trailer survey report
Horror film trailer survey reportBethMelia
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 Matrix8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 MatrixJorge Orchilles
 
The Hunter Games: How to Find the Adversary with Event Query Language
The Hunter Games: How to Find the Adversary with Event Query LanguageThe Hunter Games: How to Find the Adversary with Event Query Language
The Hunter Games: How to Find the Adversary with Event Query LanguageRoss Wolf
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 

Mais procurados (20)

Windowsforensics
WindowsforensicsWindowsforensics
Windowsforensics
 
Harassment
HarassmentHarassment
Harassment
 
Data recovery
Data recoveryData recovery
Data recovery
 
A Presentation on Crime and its classification
A Presentation on Crime and its classification A Presentation on Crime and its classification
A Presentation on Crime and its classification
 
Hard Disk Data Acquisition
Hard Disk Data AcquisitionHard Disk Data Acquisition
Hard Disk Data Acquisition
 
Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop
 
Mac Forensics
Mac ForensicsMac Forensics
Mac Forensics
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Preventing School Violence
Preventing School ViolencePreventing School Violence
Preventing School Violence
 
Cybercrime investigation
Cybercrime investigationCybercrime investigation
Cybercrime investigation
 
Virtual Machine Forensics
Virtual Machine ForensicsVirtual Machine Forensics
Virtual Machine Forensics
 
Hunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentHunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows Environment
 
Theft
TheftTheft
Theft
 
Horror film trailer survey report
Horror film trailer survey reportHorror film trailer survey report
Horror film trailer survey report
 
Penology
PenologyPenology
Penology
 
Module 02 ftk imager
Module 02 ftk imagerModule 02 ftk imager
Module 02 ftk imager
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 Matrix8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 Matrix
 
The Hunter Games: How to Find the Adversary with Event Query Language
The Hunter Games: How to Find the Adversary with Event Query LanguageThe Hunter Games: How to Find the Adversary with Event Query Language
The Hunter Games: How to Find the Adversary with Event Query Language
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 

Destaque

Chapter 14
Chapter 14Chapter 14
Chapter 14bodo-con
 
Chapter 10
Chapter 10Chapter 10
Chapter 10bodo-con
 
Chapter 12
Chapter 12Chapter 12
Chapter 12bodo-con
 
Chapter 11
Chapter 11Chapter 11
Chapter 11bodo-con
 
nursing informatics chapter 14,15,16,17
nursing informatics chapter 14,15,16,17nursing informatics chapter 14,15,16,17
nursing informatics chapter 14,15,16,17gail18
 
Chapter 25
Chapter 25Chapter 25
Chapter 25bodo-con
 
Alarm Fatigue Best Practices
Alarm Fatigue Best PracticesAlarm Fatigue Best Practices
Alarm Fatigue Best PracticesDavid Lange
 
Chapter 30
Chapter 30Chapter 30
Chapter 30bodo-con
 
Chapter 20
Chapter 20Chapter 20
Chapter 20bodo-con
 
Chapter 16
Chapter 16Chapter 16
Chapter 16bodo-con
 
"Nursing Informatics PowerPoint Presentation"
"Nursing Informatics PowerPoint Presentation""Nursing Informatics PowerPoint Presentation"
"Nursing Informatics PowerPoint Presentation"chandy-20
 
Lecture5 Expert Systems And Artificial Intelligence
Lecture5 Expert Systems And Artificial IntelligenceLecture5 Expert Systems And Artificial Intelligence
Lecture5 Expert Systems And Artificial IntelligenceKodok Ngorex
 

Destaque (18)

Chapter 14
Chapter 14Chapter 14
Chapter 14
 
Chapter 10
Chapter 10Chapter 10
Chapter 10
 
Chapter 12
Chapter 12Chapter 12
Chapter 12
 
Chapter 11
Chapter 11Chapter 11
Chapter 11
 
nursing informatics chapter 14,15,16,17
nursing informatics chapter 14,15,16,17nursing informatics chapter 14,15,16,17
nursing informatics chapter 14,15,16,17
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
 
Chapter 25
Chapter 25Chapter 25
Chapter 25
 
Chapter 2
Chapter 2Chapter 2
Chapter 2
 
Alarm Fatigue Best Practices
Alarm Fatigue Best PracticesAlarm Fatigue Best Practices
Alarm Fatigue Best Practices
 
Chapter 3
Chapter 3Chapter 3
Chapter 3
 
Chapter 30
Chapter 30Chapter 30
Chapter 30
 
Chapter 20
Chapter 20Chapter 20
Chapter 20
 
SUSHCS
SUSHCSSUSHCS
SUSHCS
 
Chapter 1
Chapter 1Chapter 1
Chapter 1
 
Chapter 16
Chapter 16Chapter 16
Chapter 16
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
"Nursing Informatics PowerPoint Presentation"
"Nursing Informatics PowerPoint Presentation""Nursing Informatics PowerPoint Presentation"
"Nursing Informatics PowerPoint Presentation"
 
Lecture5 Expert Systems And Artificial Intelligence
Lecture5 Expert Systems And Artificial IntelligenceLecture5 Expert Systems And Artificial Intelligence
Lecture5 Expert Systems And Artificial Intelligence
 

Semelhante a Chapter 13

Ch15 power point
Ch15 power pointCh15 power point
Ch15 power pointbodo-con
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1misecho
 
Security (IM).ppt
Security (IM).pptSecurity (IM).ppt
Security (IM).pptGooglePay16
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)Zara Nawaz
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 
FBI Memo on How to Protect Yourself from Ransomware
FBI Memo on How to Protect Yourself from RansomwareFBI Memo on How to Protect Yourself from Ransomware
FBI Memo on How to Protect Yourself from RansomwareDavid Sweigert
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Presentation2 (2)
Presentation2 (2)Presentation2 (2)
Presentation2 (2)ITNet
 
ransome_case solved.pptx
ransome_case solved.pptxransome_case solved.pptx
ransome_case solved.pptxradhika457461
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Kirti Ahirrao
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedBule Hora University
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesisidro luna beltran
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestJay McLaughlin
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxTikdiPatel
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information systemOnline
 

Semelhante a Chapter 13 (20)

Ch15 power point
Ch15 power pointCh15 power point
Ch15 power point
 
Mis
MisMis
Mis
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1
 
Mis
MisMis
Mis
 
Security (IM).ppt
Security (IM).pptSecurity (IM).ppt
Security (IM).ppt
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
 
FBI Memo on How to Protect Yourself from Ransomware
FBI Memo on How to Protect Yourself from RansomwareFBI Memo on How to Protect Yourself from Ransomware
FBI Memo on How to Protect Yourself from Ransomware
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Presentation2 (2)
Presentation2 (2)Presentation2 (2)
Presentation2 (2)
 
ransome_case solved.pptx
ransome_case solved.pptxransome_case solved.pptx
ransome_case solved.pptx
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganised
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- ingles
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, West
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptx
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
 

Mais de bodo-con

5530: Chapter 24
5530: Chapter 245530: Chapter 24
5530: Chapter 24bodo-con
 
5530: Chapter 23
5530: Chapter 235530: Chapter 23
5530: Chapter 23bodo-con
 
5530: Chapter 22
5530: Chapter 225530: Chapter 22
5530: Chapter 22bodo-con
 
5530: Chapter 21
5530: Chapter 215530: Chapter 21
5530: Chapter 21bodo-con
 
5530: Chapter 20
5530: Chapter 205530: Chapter 20
5530: Chapter 20bodo-con
 
5530: Chapter 18
5530: Chapter 185530: Chapter 18
5530: Chapter 18bodo-con
 
5530: Chapter 17
5530: Chapter 175530: Chapter 17
5530: Chapter 17bodo-con
 
5530: Chapter 16
5530: Chapter 165530: Chapter 16
5530: Chapter 16bodo-con
 
5530: Chapter 15
5530: Chapter 155530: Chapter 15
5530: Chapter 15bodo-con
 
5530: Chapter 14
5530: Chapter 145530: Chapter 14
5530: Chapter 14bodo-con
 
5530: Chapter 13
5530: Chapter 135530: Chapter 13
5530: Chapter 13bodo-con
 
5530: Chapter 12
5530: Chapter 125530: Chapter 12
5530: Chapter 12bodo-con
 
5530: Chapter 11
5530: Chapter 115530: Chapter 11
5530: Chapter 11bodo-con
 
5530: Chapter 10
5530: Chapter 105530: Chapter 10
5530: Chapter 10bodo-con
 
5530: Chapter 9
5530: Chapter 95530: Chapter 9
5530: Chapter 9bodo-con
 
5530: Chapter 8
5530: Chapter 85530: Chapter 8
5530: Chapter 8bodo-con
 
5530: Chapter 7
5530: Chapter 75530: Chapter 7
5530: Chapter 7bodo-con
 
5530: Chapter 6
5530: Chapter 65530: Chapter 6
5530: Chapter 6bodo-con
 

Mais de bodo-con (20)

PPA
PPAPPA
PPA
 
OHPE
OHPEOHPE
OHPE
 
5530: Chapter 24
5530: Chapter 245530: Chapter 24
5530: Chapter 24
 
5530: Chapter 23
5530: Chapter 235530: Chapter 23
5530: Chapter 23
 
5530: Chapter 22
5530: Chapter 225530: Chapter 22
5530: Chapter 22
 
5530: Chapter 21
5530: Chapter 215530: Chapter 21
5530: Chapter 21
 
5530: Chapter 20
5530: Chapter 205530: Chapter 20
5530: Chapter 20
 
5530: Chapter 18
5530: Chapter 185530: Chapter 18
5530: Chapter 18
 
5530: Chapter 17
5530: Chapter 175530: Chapter 17
5530: Chapter 17
 
5530: Chapter 16
5530: Chapter 165530: Chapter 16
5530: Chapter 16
 
5530: Chapter 15
5530: Chapter 155530: Chapter 15
5530: Chapter 15
 
5530: Chapter 14
5530: Chapter 145530: Chapter 14
5530: Chapter 14
 
5530: Chapter 13
5530: Chapter 135530: Chapter 13
5530: Chapter 13
 
5530: Chapter 12
5530: Chapter 125530: Chapter 12
5530: Chapter 12
 
5530: Chapter 11
5530: Chapter 115530: Chapter 11
5530: Chapter 11
 
5530: Chapter 10
5530: Chapter 105530: Chapter 10
5530: Chapter 10
 
5530: Chapter 9
5530: Chapter 95530: Chapter 9
5530: Chapter 9
 
5530: Chapter 8
5530: Chapter 85530: Chapter 8
5530: Chapter 8
 
5530: Chapter 7
5530: Chapter 75530: Chapter 7
5530: Chapter 7
 
5530: Chapter 6
5530: Chapter 65530: Chapter 6
5530: Chapter 6
 

Último

April 2024 ONCOLOGY CARTOON by DR KANHU CHARAN PATRO
April 2024 ONCOLOGY CARTOON by DR KANHU CHARAN PATROApril 2024 ONCOLOGY CARTOON by DR KANHU CHARAN PATRO
April 2024 ONCOLOGY CARTOON by DR KANHU CHARAN PATROKanhu Charan
 
Hematology and Immunology - Leukocytes Functions
Hematology and Immunology - Leukocytes FunctionsHematology and Immunology - Leukocytes Functions
Hematology and Immunology - Leukocytes FunctionsMedicoseAcademics
 
call girls in paharganj DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in paharganj DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in paharganj DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in paharganj DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️saminamagar
 
world health day presentation ppt download
world health day presentation ppt downloadworld health day presentation ppt download
world health day presentation ppt downloadAnkitKumar311566
 
Lippincott Microcards_ Microbiology Flash Cards-LWW (2015).pdf
Lippincott Microcards_ Microbiology Flash Cards-LWW (2015).pdfLippincott Microcards_ Microbiology Flash Cards-LWW (2015).pdf
Lippincott Microcards_ Microbiology Flash Cards-LWW (2015).pdfSreeja Cherukuru
 
METHODS OF ACQUIRING KNOWLEDGE IN NURSING.pptx by navdeep kaur
METHODS OF ACQUIRING KNOWLEDGE IN NURSING.pptx by navdeep kaurMETHODS OF ACQUIRING KNOWLEDGE IN NURSING.pptx by navdeep kaur
METHODS OF ACQUIRING KNOWLEDGE IN NURSING.pptx by navdeep kaurNavdeep Kaur
 
Informed Consent Empowering Healthcare Decision-Making.pptx
Informed Consent Empowering Healthcare Decision-Making.pptxInformed Consent Empowering Healthcare Decision-Making.pptx
Informed Consent Empowering Healthcare Decision-Making.pptxSasikiranMarri
 
Glomerular Filtration rate and its determinants.pptx
Glomerular Filtration rate and its determinants.pptxGlomerular Filtration rate and its determinants.pptx
Glomerular Filtration rate and its determinants.pptxDr.Nusrat Tariq
 
97111 47426 Call Girls In Delhi MUNIRKAA
97111 47426 Call Girls In Delhi MUNIRKAA97111 47426 Call Girls In Delhi MUNIRKAA
97111 47426 Call Girls In Delhi MUNIRKAAjennyeacort
 
PULMONARY EDEMA AND ITS MANAGEMENT.pdf
PULMONARY EDEMA AND ITS MANAGEMENT.pdfPULMONARY EDEMA AND ITS MANAGEMENT.pdf
PULMONARY EDEMA AND ITS MANAGEMENT.pdfDolisha Warbi
 
POST NATAL EXERCISES AND ITS IMPACT.pptx
POST NATAL EXERCISES AND ITS IMPACT.pptxPOST NATAL EXERCISES AND ITS IMPACT.pptx
POST NATAL EXERCISES AND ITS IMPACT.pptxvirengeeta
 
See the 2,456 pharmacies on the National E-Pharmacy Platform
See the 2,456 pharmacies on the National E-Pharmacy PlatformSee the 2,456 pharmacies on the National E-Pharmacy Platform
See the 2,456 pharmacies on the National E-Pharmacy PlatformKweku Zurek
 
Statistical modeling in pharmaceutical research and development.
Statistical modeling in pharmaceutical research and development.Statistical modeling in pharmaceutical research and development.
Statistical modeling in pharmaceutical research and development.ANJALI
 
Radiation Dosimetry Parameters and Isodose Curves.pptx
Radiation Dosimetry Parameters and Isodose Curves.pptxRadiation Dosimetry Parameters and Isodose Curves.pptx
Radiation Dosimetry Parameters and Isodose Curves.pptxDr. Dheeraj Kumar
 
The next social challenge to public health: the information environment.pptx
The next social challenge to public health: the information environment.pptxThe next social challenge to public health: the information environment.pptx
The next social challenge to public health: the information environment.pptxTina Purnat
 
Basic principles involved in the traditional systems of medicine PDF.pdf
Basic principles involved in the traditional systems of medicine PDF.pdfBasic principles involved in the traditional systems of medicine PDF.pdf
Basic principles involved in the traditional systems of medicine PDF.pdfDivya Kanojiya
 
Presentation on Parasympathetic Nervous System
Presentation on Parasympathetic Nervous SystemPresentation on Parasympathetic Nervous System
Presentation on Parasympathetic Nervous SystemPrerana Jadhav
 
History and Development of Pharmacovigilence.pdf
History and Development of Pharmacovigilence.pdfHistory and Development of Pharmacovigilence.pdf
History and Development of Pharmacovigilence.pdfSasikiranMarri
 
Big Data Analysis Suggests COVID Vaccination Increases Excess Mortality Of ...
Big Data Analysis Suggests COVID Vaccination Increases Excess Mortality Of ...Big Data Analysis Suggests COVID Vaccination Increases Excess Mortality Of ...
Big Data Analysis Suggests COVID Vaccination Increases Excess Mortality Of ...sdateam0
 

Último (20)

April 2024 ONCOLOGY CARTOON by DR KANHU CHARAN PATRO
April 2024 ONCOLOGY CARTOON by DR KANHU CHARAN PATROApril 2024 ONCOLOGY CARTOON by DR KANHU CHARAN PATRO
April 2024 ONCOLOGY CARTOON by DR KANHU CHARAN PATRO
 
Hematology and Immunology - Leukocytes Functions
Hematology and Immunology - Leukocytes FunctionsHematology and Immunology - Leukocytes Functions
Hematology and Immunology - Leukocytes Functions
 
call girls in paharganj DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in paharganj DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in paharganj DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in paharganj DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
 
world health day presentation ppt download
world health day presentation ppt downloadworld health day presentation ppt download
world health day presentation ppt download
 
Lippincott Microcards_ Microbiology Flash Cards-LWW (2015).pdf
Lippincott Microcards_ Microbiology Flash Cards-LWW (2015).pdfLippincott Microcards_ Microbiology Flash Cards-LWW (2015).pdf
Lippincott Microcards_ Microbiology Flash Cards-LWW (2015).pdf
 
METHODS OF ACQUIRING KNOWLEDGE IN NURSING.pptx by navdeep kaur
METHODS OF ACQUIRING KNOWLEDGE IN NURSING.pptx by navdeep kaurMETHODS OF ACQUIRING KNOWLEDGE IN NURSING.pptx by navdeep kaur
METHODS OF ACQUIRING KNOWLEDGE IN NURSING.pptx by navdeep kaur
 
Informed Consent Empowering Healthcare Decision-Making.pptx
Informed Consent Empowering Healthcare Decision-Making.pptxInformed Consent Empowering Healthcare Decision-Making.pptx
Informed Consent Empowering Healthcare Decision-Making.pptx
 
Glomerular Filtration rate and its determinants.pptx
Glomerular Filtration rate and its determinants.pptxGlomerular Filtration rate and its determinants.pptx
Glomerular Filtration rate and its determinants.pptx
 
97111 47426 Call Girls In Delhi MUNIRKAA
97111 47426 Call Girls In Delhi MUNIRKAA97111 47426 Call Girls In Delhi MUNIRKAA
97111 47426 Call Girls In Delhi MUNIRKAA
 
PULMONARY EDEMA AND ITS MANAGEMENT.pdf
PULMONARY EDEMA AND ITS MANAGEMENT.pdfPULMONARY EDEMA AND ITS MANAGEMENT.pdf
PULMONARY EDEMA AND ITS MANAGEMENT.pdf
 
POST NATAL EXERCISES AND ITS IMPACT.pptx
POST NATAL EXERCISES AND ITS IMPACT.pptxPOST NATAL EXERCISES AND ITS IMPACT.pptx
POST NATAL EXERCISES AND ITS IMPACT.pptx
 
See the 2,456 pharmacies on the National E-Pharmacy Platform
See the 2,456 pharmacies on the National E-Pharmacy PlatformSee the 2,456 pharmacies on the National E-Pharmacy Platform
See the 2,456 pharmacies on the National E-Pharmacy Platform
 
Statistical modeling in pharmaceutical research and development.
Statistical modeling in pharmaceutical research and development.Statistical modeling in pharmaceutical research and development.
Statistical modeling in pharmaceutical research and development.
 
Radiation Dosimetry Parameters and Isodose Curves.pptx
Radiation Dosimetry Parameters and Isodose Curves.pptxRadiation Dosimetry Parameters and Isodose Curves.pptx
Radiation Dosimetry Parameters and Isodose Curves.pptx
 
The next social challenge to public health: the information environment.pptx
The next social challenge to public health: the information environment.pptxThe next social challenge to public health: the information environment.pptx
The next social challenge to public health: the information environment.pptx
 
Basic principles involved in the traditional systems of medicine PDF.pdf
Basic principles involved in the traditional systems of medicine PDF.pdfBasic principles involved in the traditional systems of medicine PDF.pdf
Basic principles involved in the traditional systems of medicine PDF.pdf
 
Presentation on Parasympathetic Nervous System
Presentation on Parasympathetic Nervous SystemPresentation on Parasympathetic Nervous System
Presentation on Parasympathetic Nervous System
 
History and Development of Pharmacovigilence.pdf
History and Development of Pharmacovigilence.pdfHistory and Development of Pharmacovigilence.pdf
History and Development of Pharmacovigilence.pdf
 
Epilepsy
EpilepsyEpilepsy
Epilepsy
 
Big Data Analysis Suggests COVID Vaccination Increases Excess Mortality Of ...
Big Data Analysis Suggests COVID Vaccination Increases Excess Mortality Of ...Big Data Analysis Suggests COVID Vaccination Increases Excess Mortality Of ...
Big Data Analysis Suggests COVID Vaccination Increases Excess Mortality Of ...
 

Chapter 13

  • 2. Objectives • Explore electronic security issues. • Describe processes for securing information in a computer network. • Identify various methods of user authentication and relate authentication to security of a network. • Explain methods to anticipate and prevent typical threats to network security.
  • 3. Securing Network Information • The linking of computers together and to the outside creates the possibility of a breach of network security, and exposes the information to unauthorized use. • The three main areas of secure network information are confidentiality, availability, and integrity.
  • 4. Confidentiality • Safeguarding all personal information by ensuring that access is limited to only those who are authorized. • “Shoulder surfing” or watching over someone’s back as they are working, is still a major way that confidentiality is compromised.
  • 5. Acceptable Use • Organizations protect the availability of their networks with an acceptable use policy. • Defines the types of activities that are acceptable and not acceptable on the corporate computer network • Defines the consequences for violations.
  • 6. Information Integrity • Quality and accuracy of networked information • Organizations need clear policies to clarify: – how data is actually inputted, – who has the authorization to change such data and – to track how and when data are changed and by whom.
  • 7. Authentication of Users • Authentication of employees is also used by organizations in their security policies. • Organizations authenticate by: – something the user knows (password), – something the user has (ID badge), or – something the user is (biometrics)
  • 8. More About Authentication • Policies typically include the enforcement of changing passwords every thirty or sixty days. • Biometric devices include recognizing thumb prints, retina patterns or facial patterns. • Organizations may use a combination of these types of authentication.
  • 9. Threats to Security • A 2003 nationwide survey by the Computing Technology Industry Association (CompTIA) found that human error was the most likely cause of problems with security breaches. • The first line of defense is strictly physical. • The power of a locked door, an operating system that locks down after five minutes of inactivity, and regular security training programs are extremely effective.
  • 10. Threats to Security • One way to address this physical security risk is to limit the authorization to ‘write’ files to a device. • Organizations are also ‘turning’ off the CD/DVD burners and USB ports on company desktops.
  • 11. Threats to Security • The most common threats a corporate network faces from the outside world are hackers, malicious code (spyware, viruses, worms, Trojan horses) and the malicious insider. • Spyware is normally controlled by limiting functions of the browser used to surf the Internet.
  • 12. Cookies • A “cookie” is a very small file written to the hard drive of a user surfing the Internet. • On the negative side, cookies can also follow the user’s travels on the Internet. • Spying cookies related to marketing typically do not track keystrokes to steal user ids and passwords.
  • 13. Threats to Security • Spyware that does steal user ids and passwords contains malicious code that is normally hidden in a seemingly innocent file download. • Another huge threat to corporate security is social engineering, or the manipulation of a relationship based on one’s position in an organization.
  • 14. Malicious Insider • The number one security threat to a corporate network is the malicious insider. • There is also software available to track and thus monitor employee activity. • Depending on the number of employees, organizations may also employ a full time electronic auditor who does nothing but monitor activity logs.
  • 15. Security Tools • There are a wide range of tools available to an organization to protect the organizational network and information. • These tools can be either a software solution such as antivirus software or a hardware tool such as a proxy server.
  • 16. Security Tools • E-mail scanning software and antivirus software should never be turned off and updates should be run weekly, and ideally, daily. • Software is also available to scan instant messages and to automatically delete spam e-mail.
  • 17. Firewalls • A firewall can be either hardware or software or a combination of both. • A firewall can be set up to examines traffic to and from the network • Firewalls are basically electronic security guards at the gate of the corporate network.
  • 18. Proxy Servers • Hardware security tool to help protect the organization against security breaches by: – preventing users from directly accessing the Internet from corporate computers. – Issuing masks to protect the identity of a corporation’s employees accessing the World Wide Web. – tracking which employees are using which masks and directing the traffic appropriately.
  • 19. Intrusion detection systems • Hardware and software to monitor who is using the organizational network and what files that user has accessed. • Corporations must diligently monitor for unauthorized access of their networks. • Remember: Any use of a secured network leaves a digital footprint that can be easily tracked by electronic auditing software.
  • 20. Offsite Use of Portable Devices • Off site uses of portable devices such as laptops, PDA’s, home computing systems, smart phones, and portable data storage devices can help to streamline the delivery of health care. • Some agencies have developed a virtual private network (VPN) that the user must log in to in order to reach the network. • The VPN ensures that all data transmitted via this gateway is encrypted.
  • 21. Offsite Use of Portable Devices • Only essential data for the job should be contained on the mobile device, and other non- clinical information such as a social security numbers should never be carried outside the secure network. • The agency is ultimately responsible for the integrity of the data contained on these devices as required by HITECH and HIPAA regulations.
  • 22. Offsite Use of Portable Devices • If a device is lost or stolen, the agency must have clear procedures in place to help insure that sensitive data does not get released or used inappropriately. • The Department of Health and Human Services (2006) identifies potential risks and proposes risk management strategies for accessing, storing, and transmitting EPHI. Visit this website for detailed tabular information (p 4-6) on potential risks and risk management strategies: http://www.cms.hhs.gov/SecurityStandard/Download s/SecurityGuidanceforRemoteUseFinal122806.pdf
  • 23. Thought Provoking Questions 1. Jean, a diabetes nurse educator recently read an article in an online journal that she accessed through her health agency’s database subscription. The article provided a comprehensive checklist for managing diabetes in older adults that she prints and distributes to her patients in a diabetes education class. Does this constitute fair use or is this a copyright violation?
  • 24. Thought Provoking Questions 2. Sue is a COPD clinic nurse enrolled in a Master’s education program. She is interested in writing a paper on the factors that are associated with poor compliance with medical regimens and associated re-hospitalization of COPD patients. She downloads patient information from the clinic database to a thumb drive that she later accesses on her home computer. Sue understands rules about privacy of information and believes that since she is a nurse and needs this information for a graduate school assignment that she is entitled to the information. Is Sue correct in her thinking?