SlideShare uma empresa Scribd logo

Information Security

S
steffiann88
1 de 16
INFORMATION SECURITY IN MANAGEMENT INFORMATION SYSTEMS Andy Hernandez Steffi Ann Fernandes
INTRODUCTION WHAT IS INFORMATION SECURITY?  Information security is a process for protecting classified information from unauthorized users from hacking, or threats.  Most information is stored in computer databases, with limited or high security networks and technology.  Much of the information stored is either top secret, secret or confidential.  Contains either, business plans, trade secrets, employee personal information, bank accounts, or federal based information.  These types of systems use high end technology, software, wireless devices and security products.  Networks are secured and always monitored, wireless devices are encrypted and micro chipped.
FACTORS THAT INFLUENCE IT SECURITY There are various factors that influence Information Security, and they are based on the Information Security Systems.  Service Agreement  Service provider qualifications  Operational requirements and capabilities  Experience staff members  Trustworthiness of the service providers  Adequate protection for the organizations systems, applications and information.
RISK MANAGEMENT IN INFORMATION TECHNOLOGY Information security was developed because of hackers and many organizations focus mainly on the risk management factors.  IP or Intellectual Property when outsourcing  Data Leakage  Compliance  Visibility for Security  Security at the Speed of Business  Protecting customers from themselves
CASE STUDY ON FBI SECURITY AND NETWORKS FEDERAL BUREAU OF INVESTIGATION One of the biggest federal agencies in the world. As we all know that they contain classified information and are always at risk and source of threats hence their security systems must be brilliant. A case study conducted by the GAO stated that some of the FBIs security networks were not protected . The GAO found out classified information being sent over was not secured and was viewable by unauthorized users. The system only monitored it external networks , had outdated risk assessments, defective security plan, and employees lacked security training. Their wireless support and technology was not well secured.
RESULTS OF GAO CASE STUDY ON FBI Their current information security system only protected from outside threats , outdated risk assessment, defective security plan , employees not specialized in security systems nor trained or certified.  They did not configure their devices which includes wireless devices and services from unauthorized users.  Their network did not authenticate users that used the system  No implementation of authorized access.  Lacked encryption techniques to protect sensitive data.  No logs, audit records to monitor security events  No physical security for the network  Patching of key servers and workstations
WIRELESS INFORMATION SECURITY FOR FEDERAL AGENCIES Federal agencies that use wireless technology which include increased flexibility, easier installation and easier scalability Federal agencies wireless infrastructure enables devices to connect to the agency network from any public internet access. It is all managed by a wireless router. Three most commonly used wireless technology is  WLAN or Wireless local area network  Wireless Personal Area Network  Wireless Cellular Networks But sometimes these networks are not secured connections and could lead information being leaked out .
WIRELESS SECURITY THREATS  Blue tooth devices and other personal wireless devices like smart phones are the most common network threats.  They are unsecured and they use the internet publically to transmit data which is viewable to other networks  According to a document published by GAO-11-43, found a few threats related to wireless networks  During an investigation in 2008 at 27 airports it was found that wire less networks has personal information which could be leaked out.  Smart phones were tagged, monitored and exploited at the 2008 Beijing Olympics due to software threat to email servers.  A retail store in 2007 that was hacked tested wireless networks to get credit card information of about 45 million customers and more.
SOLUTION Implementing a security system that has a centralized structure for management. Their internal networks should be monitored and encrypted. Wireless devices should include security tools, authenticate , VPN and firewalls. Access points should be made secure to avoid unintended users. Password protect devices, and computer database access. Wireless devices like smartphones, Bluetooth and laptops should be monitored, recorded, and micro chipped Management should have access to all the systems and employee networks Management should be able to collect data, report issues and threats.
MANAGEMENTS ROLE Managers play a vital role in information security. If information needs to be protected, managers and executives should be able to monitor employee activities and networks. They should have access to all the security networks and systems which will help them detect if there is a threat. They should be trained and certified in information security With the help of a centralized structure like monitoring configuration settings it assist managers to view the entire wireless network Managers have control over preventing use of external media and the use of unauthorized or unlicensed software for viewing of explicit material. Managers should be well trained and certified.
LEGAL ISSUES  Legality of MIS security in a workplace is to maintain individual rights and privacy.  Information is not only stored in the data base but is also administered by a group or individual.  Managers need to be insensitive not only to the staff but to legal needs of their clients.  According to Bakos “Work on bounded rationality, human decision making, the value of information, the extraction of monopoly rents, the functioning of markets under imperfect information, barriers to entry, and Williamson's work on transaction costs and organizational boundaries, provide relevant reference theories.”  Management and cost advantages are equally linked
LEGAL LAWS IN CASE OF A SECURITY BREACH Computer Fraud and Abuse (18 US Code 1030) which form the basis of federal intervention in computer crimes and which have a minimum of $5000 of the damage caused. Credit Card Fraud (18 US Code 1029), which states that it is a crime to possess fifteen or more counterfeit credit cards, most computer systems are accused of stealing credit card numbers and this law can be used against the person. Copyright Violations (18 US Code 2319), if one is distributing or manufacturing copyrighted material the fine is $1000 to about $2500 Interception (US Code 2511) no one can tap a phone without a warrant Access to Electronic Information (18 US Code 2701) it prevents authorized users from accessing systems that store electronic information but has exceptions to the owners of the service.
SPYWARE Spyware was initially a way for employers to view employees activities. Now it has become an ethical and legal tool used by criminals. Spyware is more of a threat to most security companies and programmers. It now the realm of constitutional law and first amendment rights to privacy and to liberties with their own information . Congress has gotten involved in the legislation of the software. According to Sipior, Ward, and Roselli “The ethical and legal concerns associated with spyware calls for a response. Before these fonts will ultimately be determined by the user, organization, and government actions through assessment of the case and effectiveness of various approaches to battling spyware.” The ethics of spyware use in the workplace to supervise the activities of employees is still being debated.
ETHICAL PERCEPTIONS The ethical perception of an unbiased professional has to change Former MIS technicians have bought down companies, stolen information, and have cost billions in lost revenue. MIS technicians control the actual technology that the company relies on. A positive relationship should exist between the technicians and the employer or client to allow for more ethical behavior to exist. The best way is to make sure that the right technicians are hired employers need to examine ethical behavior and individual skills.
CONCLUSION Risk assessment, systems update and technology update is very important for a secure information security system Managers should have a more centralized and overall view of networks and also access to classified information. Managers should be able to view employee activities and monitor this security and wireless networks. All personal devices or wireless equipment used to transmit information, should be secured, encrypted, physically protected, traced, recorded and monitored. Ethical and Legal issues should be followed and dealt with in a proper way. Staff and managers should be experienced, well trained and certified in information security systems
Information Security

Recomendados

Chapter 8 securing information systems MIS
Chapter 8 securing information systems MISChapter 8 securing information systems MIS
Chapter 8 securing information systems MISAmirul Shafiq Ahmad Zuperi
 
Session#7; securing information systems
Session#7; securing information systemsSession#7; securing information systems
Session#7; securing information systemsOmid Aminzadeh Gohari
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information securityethanBrownusa
 
Maloney slides
Maloney slidesMaloney slides
Maloney slidesOnkar Sule
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadaysPECB
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptxGovt. P.G. College Sendhwa, Barwani (M.P.)
 
20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security AwarenessDinesh O Bareja
 
Legal, ethical & professional issues
Legal, ethical & professional issuesLegal, ethical & professional issues
Legal, ethical & professional issuesDhani Ahmad
 

Mais conteúdo relacionado

Mais procurados

Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...The University of Texas (UTRGV)
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentationJamesDempsey1
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityDhani Ahmad
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligenceijtsrd
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010joevest
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
Report on Network Security And Privacy
Report on Network Security And PrivacyReport on Network Security And Privacy
Report on Network Security And PrivacyManan Gadhiya
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.Chinatu Uzuegbu
 
information security technology
information security technologyinformation security technology
information security technologygarimasagar
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to securityMukesh Chinta
 
Enterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorEnterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorCONFENIS 2012
 
Information security[277]
Information security[277]Information security[277]
Information security[277]Timothy Warren
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Securitychauhankapil
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in ITAnushka Perera
 
Maloney Slides
Maloney SlidesMaloney Slides
Maloney Slidesecommerce
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Gohsuke Takama
 

Mais procurados (20)

Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentation
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
 
Report on Network Security And Privacy
Report on Network Security And PrivacyReport on Network Security And Privacy
Report on Network Security And Privacy
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.
 
information security technology
information security technologyinformation security technology
information security technology
 
needforsecurity
needforsecurityneedforsecurity
needforsecurity
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
 
Enterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorEnterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking Sector
 
Information security[277]
Information security[277]Information security[277]
Information security[277]
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Security
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in IT
 
Maloney Slides
Maloney SlidesMaloney Slides
Maloney Slides
 
Information Security for Small Business
Information Security for Small BusinessInformation Security for Small Business
Information Security for Small Business
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
 
Security Awareness
Security AwarenessSecurity Awareness
Security Awareness
 

Destaque

About Spirit Realty
About Spirit RealtyAbout Spirit Realty
About Spirit RealtyJim Munson
 
Bollywood theme park at dubai tourism infopedia
Bollywood theme park at dubai tourism infopediaBollywood theme park at dubai tourism infopedia
Bollywood theme park at dubai tourism infopediatourisminfopedia
 
151126_Tourism as a catalyst for the economic activity_1st Med Hotel Forum @ ...
151126_Tourism as a catalyst for the economic activity_1st Med Hotel Forum @ ...151126_Tourism as a catalyst for the economic activity_1st Med Hotel Forum @ ...
151126_Tourism as a catalyst for the economic activity_1st Med Hotel Forum @ ...tourism generis
 
FullSizeRender (1)
FullSizeRender (1)FullSizeRender (1)
FullSizeRender (1)Anthony Ryan
 
ceair presentation 2
ceair presentation 2ceair presentation 2
ceair presentation 2David Pridham
 
Fabricación auxiliar de electrónica y equipos eléctricos
Fabricación auxiliar de electrónica y equipos eléctricosFabricación auxiliar de electrónica y equipos eléctricos
Fabricación auxiliar de electrónica y equipos eléctricosAbengoa
 
Распространённые ошибки оценки производительности .NET-приложений
Распространённые ошибки оценки производительности .NET-приложенийРаспространённые ошибки оценки производительности .NET-приложений
Распространённые ошибки оценки производительности .NET-приложенийAndrey Akinshin
 
Customer Support: B2B vs B2C
Customer Support: B2B vs B2CCustomer Support: B2B vs B2C
Customer Support: B2B vs B2CTeamSupport LLC
 
160422_Take a walk in the marketing side_Eastern European tourism markets_TEZ...
160422_Take a walk in the marketing side_Eastern European tourism markets_TEZ...160422_Take a walk in the marketing side_Eastern European tourism markets_TEZ...
160422_Take a walk in the marketing side_Eastern European tourism markets_TEZ...tourism generis
 
Best Restaurants in Ahmedabad – Get Fees
Best Restaurants in Ahmedabad – Get Fees Best Restaurants in Ahmedabad – Get Fees
Best Restaurants in Ahmedabad – Get Fees rinkirao90
 
Induction Program Case Amway
Induction Program Case AmwayInduction Program Case Amway
Induction Program Case Amwayrajesh panda
 
Presentación corporativa de Abengoa Inabensa 2016
Presentación corporativa de Abengoa Inabensa 2016Presentación corporativa de Abengoa Inabensa 2016
Presentación corporativa de Abengoa Inabensa 2016Abengoa
 
DIÁRIO OFICIAL DO MUNICÍPIO (completo do dia 09-02-2017)
DIÁRIO OFICIAL DO MUNICÍPIO (completo do dia 09-02-2017)DIÁRIO OFICIAL DO MUNICÍPIO (completo do dia 09-02-2017)
DIÁRIO OFICIAL DO MUNICÍPIO (completo do dia 09-02-2017)Guy Valerio Barros dos Santos
 

Destaque (16)

About Spirit Realty
About Spirit RealtyAbout Spirit Realty
About Spirit Realty
 
OTM_january_2016 Beth
OTM_january_2016 BethOTM_january_2016 Beth
OTM_january_2016 Beth
 
Bollywood theme park at dubai tourism infopedia
Bollywood theme park at dubai tourism infopediaBollywood theme park at dubai tourism infopedia
Bollywood theme park at dubai tourism infopedia
 
151126_Tourism as a catalyst for the economic activity_1st Med Hotel Forum @ ...
151126_Tourism as a catalyst for the economic activity_1st Med Hotel Forum @ ...151126_Tourism as a catalyst for the economic activity_1st Med Hotel Forum @ ...
151126_Tourism as a catalyst for the economic activity_1st Med Hotel Forum @ ...
 
Resume_Pedro_Palomino
Resume_Pedro_PalominoResume_Pedro_Palomino
Resume_Pedro_Palomino
 
FullSizeRender (1)
FullSizeRender (1)FullSizeRender (1)
FullSizeRender (1)
 
OTM_April_2016 Beths Stuff2
OTM_April_2016 Beths Stuff2OTM_April_2016 Beths Stuff2
OTM_April_2016 Beths Stuff2
 
ceair presentation 2
ceair presentation 2ceair presentation 2
ceair presentation 2
 
Fabricación auxiliar de electrónica y equipos eléctricos
Fabricación auxiliar de electrónica y equipos eléctricosFabricación auxiliar de electrónica y equipos eléctricos
Fabricación auxiliar de electrónica y equipos eléctricos
 
Распространённые ошибки оценки производительности .NET-приложений
Распространённые ошибки оценки производительности .NET-приложенийРаспространённые ошибки оценки производительности .NET-приложений
Распространённые ошибки оценки производительности .NET-приложений
 
Customer Support: B2B vs B2C
Customer Support: B2B vs B2CCustomer Support: B2B vs B2C
Customer Support: B2B vs B2C
 
160422_Take a walk in the marketing side_Eastern European tourism markets_TEZ...
160422_Take a walk in the marketing side_Eastern European tourism markets_TEZ...160422_Take a walk in the marketing side_Eastern European tourism markets_TEZ...
160422_Take a walk in the marketing side_Eastern European tourism markets_TEZ...
 
Best Restaurants in Ahmedabad – Get Fees
Best Restaurants in Ahmedabad – Get Fees Best Restaurants in Ahmedabad – Get Fees
Best Restaurants in Ahmedabad – Get Fees
 
Induction Program Case Amway
Induction Program Case AmwayInduction Program Case Amway
Induction Program Case Amway
 
Presentación corporativa de Abengoa Inabensa 2016
Presentación corporativa de Abengoa Inabensa 2016Presentación corporativa de Abengoa Inabensa 2016
Presentación corporativa de Abengoa Inabensa 2016
 
DIÁRIO OFICIAL DO MUNICÍPIO (completo do dia 09-02-2017)
DIÁRIO OFICIAL DO MUNICÍPIO (completo do dia 09-02-2017)DIÁRIO OFICIAL DO MUNICÍPIO (completo do dia 09-02-2017)
DIÁRIO OFICIAL DO MUNICÍPIO (completo do dia 09-02-2017)
 

Semelhante a Information Security

Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data ProtectionUthsoNandy
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligencewbesse
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxcuddietheresa
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxsalmonpybus
 
Information security
Information securityInformation security
Information securityOnkar Sule
 
The Role of Technology in Modern Security Services Trends and Innovations.pdf
The Role of Technology in Modern Security Services Trends and Innovations.pdfThe Role of Technology in Modern Security Services Trends and Innovations.pdf
The Role of Technology in Modern Security Services Trends and Innovations.pdfMax Secure Ltd
 
An Empirical Study on Information Security
An Empirical Study on Information SecurityAn Empirical Study on Information Security
An Empirical Study on Information Securityijtsrd
 
AST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOAST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOJim Romeo
 
AST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOAST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOJim Romeo
 
Paper Florencio Cano - Patient data security in a wireless and mobile world
Paper Florencio Cano - Patient data security in a wireless and mobile worldPaper Florencio Cano - Patient data security in a wireless and mobile world
Paper Florencio Cano - Patient data security in a wireless and mobile worldWTHS
 
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureGuide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureCalgary Scientific Inc.
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
Improve network safety through better visibility – Netmagic
Improve network safety through better visibility – NetmagicImprove network safety through better visibility – Netmagic
Improve network safety through better visibility – NetmagicNetmagic Solutions Pvt. Ltd.
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekkoDMI
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber securityCarol Meng-Shih Wang
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security pptSAIKAT BISWAS
 

Semelhante a Information Security (20)

Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data Protection
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligence
 
MIS chap # 9.....
MIS chap # 9.....MIS chap # 9.....
MIS chap # 9.....
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docx
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docx
 
Information security
Information securityInformation security
Information security
 
The Role of Technology in Modern Security Services Trends and Innovations.pdf
The Role of Technology in Modern Security Services Trends and Innovations.pdfThe Role of Technology in Modern Security Services Trends and Innovations.pdf
The Role of Technology in Modern Security Services Trends and Innovations.pdf
 
An Empirical Study on Information Security
An Empirical Study on Information SecurityAn Empirical Study on Information Security
An Empirical Study on Information Security
 
AST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOAST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIO
 
AST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOAST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIO
 
Paper Florencio Cano - Patient data security in a wireless and mobile world
Paper Florencio Cano - Patient data security in a wireless and mobile worldPaper Florencio Cano - Patient data security in a wireless and mobile world
Paper Florencio Cano - Patient data security in a wireless and mobile world
 
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureGuide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secure
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
 
Improve network safety through better visibility – Netmagic
Improve network safety through better visibility – NetmagicImprove network safety through better visibility – Netmagic
Improve network safety through better visibility – Netmagic
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber security
 
MIS (1).pptx
MIS (1).pptxMIS (1).pptx
MIS (1).pptx
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security ppt
 

Information Security

  • 1. INFORMATION SECURITY IN MANAGEMENT INFORMATION SYSTEMS Andy Hernandez Steffi Ann Fernandes
  • 2. INTRODUCTION WHAT IS INFORMATION SECURITY?  Information security is a process for protecting classified information from unauthorized users from hacking, or threats.  Most information is stored in computer databases, with limited or high security networks and technology.  Much of the information stored is either top secret, secret or confidential.  Contains either, business plans, trade secrets, employee personal information, bank accounts, or federal based information.  These types of systems use high end technology, software, wireless devices and security products.  Networks are secured and always monitored, wireless devices are encrypted and micro chipped.
  • 3. FACTORS THAT INFLUENCE IT SECURITY There are various factors that influence Information Security, and they are based on the Information Security Systems.  Service Agreement  Service provider qualifications  Operational requirements and capabilities  Experience staff members  Trustworthiness of the service providers  Adequate protection for the organizations systems, applications and information.
  • 4. RISK MANAGEMENT IN INFORMATION TECHNOLOGY Information security was developed because of hackers and many organizations focus mainly on the risk management factors.  IP or Intellectual Property when outsourcing  Data Leakage  Compliance  Visibility for Security  Security at the Speed of Business  Protecting customers from themselves
  • 5. CASE STUDY ON FBI SECURITY AND NETWORKS FEDERAL BUREAU OF INVESTIGATION One of the biggest federal agencies in the world. As we all know that they contain classified information and are always at risk and source of threats hence their security systems must be brilliant. A case study conducted by the GAO stated that some of the FBIs security networks were not protected . The GAO found out classified information being sent over was not secured and was viewable by unauthorized users. The system only monitored it external networks , had outdated risk assessments, defective security plan, and employees lacked security training. Their wireless support and technology was not well secured.
  • 6. RESULTS OF GAO CASE STUDY ON FBI Their current information security system only protected from outside threats , outdated risk assessment, defective security plan , employees not specialized in security systems nor trained or certified.  They did not configure their devices which includes wireless devices and services from unauthorized users.  Their network did not authenticate users that used the system  No implementation of authorized access.  Lacked encryption techniques to protect sensitive data.  No logs, audit records to monitor security events  No physical security for the network  Patching of key servers and workstations
  • 7. WIRELESS INFORMATION SECURITY FOR FEDERAL AGENCIES Federal agencies that use wireless technology which include increased flexibility, easier installation and easier scalability Federal agencies wireless infrastructure enables devices to connect to the agency network from any public internet access. It is all managed by a wireless router. Three most commonly used wireless technology is  WLAN or Wireless local area network  Wireless Personal Area Network  Wireless Cellular Networks But sometimes these networks are not secured connections and could lead information being leaked out .
  • 8. WIRELESS SECURITY THREATS  Blue tooth devices and other personal wireless devices like smart phones are the most common network threats.  They are unsecured and they use the internet publically to transmit data which is viewable to other networks  According to a document published by GAO-11-43, found a few threats related to wireless networks  During an investigation in 2008 at 27 airports it was found that wire less networks has personal information which could be leaked out.  Smart phones were tagged, monitored and exploited at the 2008 Beijing Olympics due to software threat to email servers.  A retail store in 2007 that was hacked tested wireless networks to get credit card information of about 45 million customers and more.
  • 9. SOLUTION Implementing a security system that has a centralized structure for management. Their internal networks should be monitored and encrypted. Wireless devices should include security tools, authenticate , VPN and firewalls. Access points should be made secure to avoid unintended users. Password protect devices, and computer database access. Wireless devices like smartphones, Bluetooth and laptops should be monitored, recorded, and micro chipped Management should have access to all the systems and employee networks Management should be able to collect data, report issues and threats.
  • 10. MANAGEMENTS ROLE Managers play a vital role in information security. If information needs to be protected, managers and executives should be able to monitor employee activities and networks. They should have access to all the security networks and systems which will help them detect if there is a threat. They should be trained and certified in information security With the help of a centralized structure like monitoring configuration settings it assist managers to view the entire wireless network Managers have control over preventing use of external media and the use of unauthorized or unlicensed software for viewing of explicit material. Managers should be well trained and certified.
  • 11. LEGAL ISSUES  Legality of MIS security in a workplace is to maintain individual rights and privacy.  Information is not only stored in the data base but is also administered by a group or individual.  Managers need to be insensitive not only to the staff but to legal needs of their clients.  According to Bakos “Work on bounded rationality, human decision making, the value of information, the extraction of monopoly rents, the functioning of markets under imperfect information, barriers to entry, and Williamson's work on transaction costs and organizational boundaries, provide relevant reference theories.”  Management and cost advantages are equally linked
  • 12. LEGAL LAWS IN CASE OF A SECURITY BREACH Computer Fraud and Abuse (18 US Code 1030) which form the basis of federal intervention in computer crimes and which have a minimum of $5000 of the damage caused. Credit Card Fraud (18 US Code 1029), which states that it is a crime to possess fifteen or more counterfeit credit cards, most computer systems are accused of stealing credit card numbers and this law can be used against the person. Copyright Violations (18 US Code 2319), if one is distributing or manufacturing copyrighted material the fine is $1000 to about $2500 Interception (US Code 2511) no one can tap a phone without a warrant Access to Electronic Information (18 US Code 2701) it prevents authorized users from accessing systems that store electronic information but has exceptions to the owners of the service.
  • 13. SPYWARE Spyware was initially a way for employers to view employees activities. Now it has become an ethical and legal tool used by criminals. Spyware is more of a threat to most security companies and programmers. It now the realm of constitutional law and first amendment rights to privacy and to liberties with their own information . Congress has gotten involved in the legislation of the software. According to Sipior, Ward, and Roselli “The ethical and legal concerns associated with spyware calls for a response. Before these fonts will ultimately be determined by the user, organization, and government actions through assessment of the case and effectiveness of various approaches to battling spyware.” The ethics of spyware use in the workplace to supervise the activities of employees is still being debated.
  • 14. ETHICAL PERCEPTIONS The ethical perception of an unbiased professional has to change Former MIS technicians have bought down companies, stolen information, and have cost billions in lost revenue. MIS technicians control the actual technology that the company relies on. A positive relationship should exist between the technicians and the employer or client to allow for more ethical behavior to exist. The best way is to make sure that the right technicians are hired employers need to examine ethical behavior and individual skills.
  • 15. CONCLUSION Risk assessment, systems update and technology update is very important for a secure information security system Managers should have a more centralized and overall view of networks and also access to classified information. Managers should be able to view employee activities and monitor this security and wireless networks. All personal devices or wireless equipment used to transmit information, should be secured, encrypted, physically protected, traced, recorded and monitored. Ethical and Legal issues should be followed and dealt with in a proper way. Staff and managers should be experienced, well trained and certified in information security systems