Securing

Information System
Team Paradox
14th batch, Department of Marketing
Jagannath University
 Group Members
ID Name
Number
B190204034 Navila Akter
B190204038 Mst Raisa Islam
B190204042 Mahamudur Rahman Najid
B190204048 Sabrena Akter Jharna
B190204058 Nipa Moni
B190204059 Arafin Islm (GL)
B190204068 Md Rafiqul Islam
B190204076 Mazharul Islam Tanvir
B190204091 Rahi Akther Bushra
 Table of contents
01 Why are information
systems vulnerable? 02 Business value of
security and control

Establishing framwork Tools and technologies

03 for security & control in
ogranization
04 for safeguarding
information resources

05 Hands on MIS projects

 01
Why are information systems
vulnerable to destruction, error,
and abuse?
 Why Systems Are Vulnerable ?

✓Accessibilty of network
✓Hardware problems
✓Software problems
✓Use of networks/devices outside of firms control
✓Loss or theft of portable device
 Malicious Software

❖ Viruses,
❖ Worms,
❖ Trojan Horses, and
❖ Spyware
Hackers and Computer Crime
&
Internal Threats: Employees
 02
What is the business value of
security and control?
BUSINESS VALUE OF SECURITY AND CONTROL

Inadequate security and control may create serious legal

liability.

A sound security and control framework that protects

business information assets can produce a high return on
investment.
Legal and Regulatory Requirements for Electronic Records
Management
The health insurance Portability and accountability act ( HIPAA):
Medical security and privacy rules and procedures

Gramm-Leach-Bliley Act: Requires financial institutions to ensure

the security and confidentiality of customer data

Sarbanes-Oxley Act: Imposes responsibility on companies and their

management to safeguard the accuracy and integrity of financial
information that is used internally and released externally.
Electronic evidence: In a legal action, a firm is obligated to respond to a
discovery request for access to information that may be used as evidence, and
the company is required by law to produce those data

Computer forensics : It deals with the following problems:

• Recovering data from computers while preserving evidential integrity
• Securely storing and handling recovered electronic data
• Finding significant information in a large volume of electronic data
• Presenting the information to a court of law
 03
what are the components of an
organizational framework for
security and
control?
1. Information Systems Controls
2. Risk Assessment
3. Security Policy
4. Disaster Recovery Planning and
Business Continuity Planning
5. The Role of Auditing
 04
What are the most important tools
and technologies for safeguarding
information resources?
➢ Encryption.
➢ Firewalls.
➢ Intrusion Detection and Prevention Systems (IDS/IPS).
➢ Antivirus Software.
➢ Access Control Systems.
➢ Data Loss Prevention (DLP) Solutions.
➢ Security Information and Event. Management (SIEM)
Systems.
➢ Patch Management Systems.
Thank You