Professional Documents
Culture Documents
Course Code: 19MBA511B Course Title: Management Information Systems Session 7 - 8 - 9
Course Code: 19MBA511B Course Title: Management Information Systems Session 7 - 8 - 9
Course Code: 19MBA511B Course Title: Management Information Systems Session 7 - 8 - 9
Email: shilparg.ms.mc@msruas.ac.in
1
Faculty of Management and Commerce © Ramaiah University of Applied Sciences
Session Objectives
2
Faculty of Management and Commerce © Ramaiah University of Applied Sciences
Session Contents
• Goals of information security
3
Faculty of Management and Commerce © Ramaiah University of Applied Sciences
Session Contents
4
Faculty of Management and Commerce © Ramaiah University of Applied Sciences
Challenges of Technology and Management
5
Faculty of Management and Commerce © Ramaiah University of Applied Sciences
Contemporary Security Challenges and
Vulnerabilities
6
Faculty
Faculty
of Management
of Management
andand
Commerce
Commerce @Ramaiah University
©M. S. Ramaiah of Applied
University Sciences
of Applied Sciences
Internet Vulnerabilities
7
Faculty
Faculty
of Management
of Management
andand
Commerce
Commerce @Ramaiah University
©M. S. Ramaiah of Applied
University Sciences
of Applied Sciences
Wireless Security Challenges
8
Faculty
Faculty
of Management
of Management
andand
Commerce
Commerce @Ramaiah University
©M. S. Ramaiah of Applied
University Sciences
of Applied Sciences
Malicious Software: Viruses, Worms, and Spyware
Hackers and Cybervandalism
• Spyware
Risks to Hardware
• Human errors
• Damage by employees
• Hackers
13
Faculty of Management and Commerce © Ramaiah University of Applied Sciences
Components of Information Security
• Confidentiality
• Integrity
• Availability
14
Faculty of Management and Commerce © Ramaiah University of Applied Sciences
Security Issues
• Destruction
• Deletion
• Bugs Infection
• Theft
• Corruption
Limitation
Protection
15
Faculty of Management and Commerce © Ramaiah University of Applied Sciences
Business value of Security and Control
• Computer operations
• Data security
17
Faculty
Faculty
of Management
of Management
andand
Commerce
Commerce @Ramaiah University
©M. S. Ramaiah of Applied
University Sciences
of Applied Sciences
Establishing a Management Framework for
Security and Control
Application controls:
• Input
• Processing
• Output
18
Faculty
Faculty
of Management
of Management
andand
Commerce
Commerce @Ramaiah University
©M. S. Ramaiah of Applied
University Sciences
of Applied Sciences
Establishing a Management Framework for
Security and Control
Security Profiles for a Personnel System
19
Faculty
Faculty
of Management
of Management
andand
Commerce
Commerce @Ramaiah University
©M. S. Ramaiah of Applied
University Sciences
of Applied Sciences
Establishing a Management Framework for
Security and Control
20
Faculty
Faculty
of Management
of Management
andand
Commerce
Commerce @Ramaiah University
©M. S. Ramaiah of Applied
University Sciences
of Applied Sciences
Security Measures
Firewalls
• Defense against unauthorized access to systems over the
Internet
22
Faculty of Management and Commerce © Ramaiah University of Applied Sciences
A Corporate Firewall
23
Faculty
Faculty
of Management
of Management
andand
Commerce
Commerce @Ramaiah University
©M. S. Ramaiah of Applied
University Sciences
of Applied Sciences
Authentication and Encryption
24
Faculty of Management and Commerce © Ramaiah University of Applied Sciences
Authentication and Encryption
25
Faculty of Management and Commerce © Ramaiah University of Applied Sciences
Public Key Encryption
26
Faculty
Faculty
of Management
of Management
andand
Commerce
Commerce @Ramaiah University
©M. S. Ramaiah of Applied
University Sciences
of Applied Sciences
Digital Signatures and Digital Certificates
27
Faculty of Management and Commerce © Ramaiah University of Applied Sciences
Digital Signatures and Digital Certificates
28
Faculty of Management and Commerce © Ramaiah University of Applied Sciences
Digital Signatures and Digital Certificates
29
Faculty of Management and Commerce © Ramaiah University of Applied Sciences
Role of Manager in Information Security
• To have effective information security in place managers need to align
information security with management objectives
30
Faculty of Management and Commerce © Ramaiah University of Applied Sciences
Role of Manager in Information Security
• Logical
• Physical
• Access control
• Cryptography
• Defense in depth 32
Faculty of Management and Commerce © Ramaiah University of Applied Sciences
Controls
• Effective controls provide information system security like accuracy,
integrity and safety on information system activities and resources
34
Faculty of Management and Commerce © Ramaiah University of Applied Sciences
Facility Controls
The controls are:-
• Network security
• Firewalls
• Biometric controls
35
Faculty of Management and Commerce © Ramaiah University of Applied Sciences
Procedural Controls
Authorization requirements
36
Faculty of Management and Commerce © Ramaiah University of Applied Sciences
Controls
37
Faculty of Management and Commerce © Ramaiah University of Applied Sciences
Information System controls
• Information system controls are methods and devices that attempt to
ensure the accuracy, validity and propriety of information system
activities
38
Faculty of Management and Commerce © Ramaiah University of Applied Sciences
Information System controls
The controls are:-
• Input controls
• Processing controls
• Hardware controls
• Software controls
• Output controls
• Storage controls
39
Faculty of Management and Commerce © Ramaiah University of Applied Sciences
Controls
• Atomic Transactions
• Audit Trails
41
Faculty of Management and Commerce © Ramaiah University of Applied Sciences
Controls
42
Faculty of Management and Commerce © Ramaiah University of Applied Sciences
Internal Control Objectives
• Management Responsibility
The establishment and maintenance of a system of internal
control is the responsibility of management
• Reasonable Assurance
The cost of achieving the objectives of internal control should
not outweigh its benefits
• Management override
44
Faculty of Management and Commerce © Ramaiah University of Applied Sciences
Two Types of IT controls
45
Faculty of Management and Commerce © Ramaiah University of Applied Sciences
Summary
• Information Security (IS) is designed to protect the confidentiality,
integrity and availability of computer system data from those with
malicious intentions
46
Faculty of Management and Commerce © Ramaiah University of Applied Sciences
Summary
• The successful Information Security Manager should:
Perform security risk analysis and risk management
Perform security tests
Manage internal audits on information security processes, controls and
systems