Security and ethical challenges
388 views
80 slides
Apr 11, 2020
Slide 1 of 80
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
About This Presentation
Security and ethical challenges
Slide Content
Security and Ethical
Challenges
Challenges
Learning Objectives
1.Identify several ethical issues in how the use of
information technologies in business affects
employment, individuality, working conditions,
privacy crime, health, and solutions to societal
problems.
2.Identify several types of security management
strategies and defences, and explain how they can
be used to ensure the security of business
applications of information technology.
3.Propose several ways that business managers and
professionals can help to lessen the harmful effects
and increase the beneficial effects of the use of
information technology.
1.Identify several ethical issues in how the use of
information technologies in business affects
employment, individuality, working conditions,
privacy crime, health, and solutions to societal
problems.
2.Identify several types of security management
strategies and defences, and explain how they can
be used to ensure the security of business
applications of information technology.
3.Propose several ways that business managers and
professionals can help to lessen the harmful effects
and increase the beneficial effects of the use of
information technology.
Security and Ethics
•Major Security Challenges
•Serious Ethical Questions
•Threats to Business and Individuals
•Real World Case 1- F-Secure, Microsoft,
GM, and Verizon: The Business Challenge
of Computer Viruses
Click to go to
Case 1
K. Adisesha 3
•Major Security Challenges
•Serious Ethical Questions
•Threats to Business and Individuals
•Real World Case 1- F-Secure, Microsoft,
GM, and Verizon: The Business Challenge
of Computer Viruses
Click to go to
Case 1
K. Adisesha 3
Security and Ethics
Business/IT Security, Ethics, and Society
Employment
Health
Individuality
Privacy
Working
Conditions
Crime
Business/IT
Security
Ethics and
Society
K. Adisesha 4
Business/IT Security, Ethics, and Society
Employment
Health
Individuality
Privacy
Working
Conditions
Crime
Business/IT
Security
Ethics and
Society
K. Adisesha 4
Security and Ethics
•Business Ethics
•Stockholder Theory
•Social Contract Theory
•Stakeholder Theory
Ethical Responsibility
K. Adisesha 5
•Business Ethics
•Stockholder Theory
•Social Contract Theory
•Stakeholder Theory
Ethical Responsibility
K. Adisesha 5
Security and Ethics
Ethical Responsibility
K. Adisesha 6
Ethical Responsibility
K. Adisesha 6
Security and Ethics
Technology Ethics
K. Adisesha 7
Technology Ethics
K. Adisesha 7
Security and Ethics
Ethical Guidelines
K. Adisesha 8
Ethical Guidelines
K. Adisesha 8
Security and Ethics
Enron Corporation: Failure
in Business Ethics
•Drove Stock Prices Higher Never
Mentioning Any Weaknesses
•Promised Much – Delivered Little
•Finally Admitted Overstated Earnings
by $586 Million in 1997
•1998 Third Quarter Loss $638 Million –
Filed Bankruptcy
•Greed and Mismanagement Destroyed a
Potentially Successful Business Plan
K. Adisesha 9
Enron Corporation: Failure
in Business Ethics
•Drove Stock Prices Higher Never
Mentioning Any Weaknesses
•Promised Much – Delivered Little
•Finally Admitted Overstated Earnings
by $586 Million in 1997
•1998 Third Quarter Loss $638 Million –
Filed Bankruptcy
•Greed and Mismanagement Destroyed a
Potentially Successful Business Plan
K. Adisesha 9
Security Management
•Security is 6 to 8% of IT Budget in
Developing Countries
•63% Have or Plan to Have Position of Chief
Privacy or Information Officer in the Next
Two Years
•40% Have a Chief Privacy Officer and
Another 6% Intend One in the Next Two
Years
•39% Acknowledge that their Systems Have
Been Compromised in the Past Year
•24% Have Cyber Risk Insurance and 5%
Intend to Acquire Such Coverage
K. Adisesha 10
•Security is 6 to 8% of IT Budget in
Developing Countries
•63% Have or Plan to Have Position of Chief
Privacy or Information Officer in the Next
Two Years
•40% Have a Chief Privacy Officer and
Another 6% Intend One in the Next Two
Years
•39% Acknowledge that their Systems Have
Been Compromised in the Past Year
•24% Have Cyber Risk Insurance and 5%
Intend to Acquire Such Coverage
K. Adisesha 10
Antivirus
96%
Virtual Private Networks
86%
Intrusion-Detection Systems
85%
Content Filtering/Monitoring
77%
Public-Key Infrastructure
45%
Smart Cards
43%
Biometrics
19%
Security Technology Used
Security Management
K. Adisesha 11
96%
Virtual Private Networks
86%
Intrusion-Detection Systems
85%
Content Filtering/Monitoring
77%
Public-Key Infrastructure
45%
Smart Cards
43%
Biometrics
19%
Security Technology Used
Security Management
K. Adisesha 11
PayPal, Inc. Cybercrime on the
Internet
•Online Payment Processing Company
•Observed Questionable Accounts Being
Opened
•Froze Accounts Used to Buy Expensive Goods
For Purchasers in Russia
•Used Sniffer Software and Located Users
Capturing PayPal Ids and Passwords
•More than $100,000 in Fraudulent Charges
•Crooks Arrested by FBI
Security Management
K. Adisesha 12
Internet
•Online Payment Processing Company
•Observed Questionable Accounts Being
Opened
•Froze Accounts Used to Buy Expensive Goods
For Purchasers in Russia
•Used Sniffer Software and Located Users
Capturing PayPal Ids and Passwords
•More than $100,000 in Fraudulent Charges
•Crooks Arrested by FBI
Security Management
K. Adisesha 12
Computer Crime
•Hacking
•Cyber Theft
•Unauthorized Use of Work
•Piracy of Intellectual
Property
•Computer Viruses and
Worms
Security Management
K. Adisesha 13
•Hacking
•Cyber Theft
•Unauthorized Use of Work
•Piracy of Intellectual
Property
•Computer Viruses and
Worms
Security Management
K. Adisesha 13
Examples of Common Hacking
Security Management
K. Adisesha 14
Security Management
K. Adisesha 14
Recourse Technologies:
Insider Computer Crime
•Link Between Company Financial
Difficulty and Insider Computer
Crimes
•Use of “Honey Pots” Filled with
Phony Data to Attract Hackers
•Software Catches Criminal Activity
in Seconds
•Crime Exposed and Stopped
Security Management
K. Adisesha 15
Insider Computer Crime
•Link Between Company Financial
Difficulty and Insider Computer
Crimes
•Use of “Honey Pots” Filled with
Phony Data to Attract Hackers
•Software Catches Criminal Activity
in Seconds
•Crime Exposed and Stopped
Security Management
K. Adisesha 15
Internet Abuses in the Workplace
Security Management
K. Adisesha 16
Security Management
K. Adisesha 16
Network Monitoring Software
Security Management
K. Adisesha 17
Security Management
K. Adisesha 17
AGM Container Controls:
Stealing Time and Resources
•The Net Contains Many Productivity
Distractions
•Remedies Include Monitoring
Internet Use and Blocking Sites
Unrelated to Work
•Importance of Telling Employees
About Monitoring
•Use of Software Monitoring Provided
Rebuttal Answers To Web Use
Discussions
Security Management
K. Adisesha 18
Stealing Time and Resources
•The Net Contains Many Productivity
Distractions
•Remedies Include Monitoring
Internet Use and Blocking Sites
Unrelated to Work
•Importance of Telling Employees
About Monitoring
•Use of Software Monitoring Provided
Rebuttal Answers To Web Use
Discussions
Security Management
K. Adisesha 18
Copying Music CDs: Intellectual
Property Controversy
•RIAA Crack Down on Music Piracy
•Web Sites Fighting Back
•140 Million Writable Drives In Use
•Billions of Blank CDs Sold While
Music CD Sales Are Going Down
•Pirates Reluctant to Go Away
Security Management
K. Adisesha 19
Property Controversy
•RIAA Crack Down on Music Piracy
•Web Sites Fighting Back
•140 Million Writable Drives In Use
•Billions of Blank CDs Sold While
Music CD Sales Are Going Down
•Pirates Reluctant to Go Away
Security Management
K. Adisesha 19
Facts About Recent Computer
Viruses and Worms
Security Management
K. Adisesha 20
Viruses and Worms
Security Management
K. Adisesha 20
University of Chicago: The Nimda
Worm
•Nimda Worm Launch Sept. 18, 2001
Mass Mailing of Malicious Code
Attacking MS-Windows
•Took Advantage of Back Doors
Previously Left Behind
•In Four Hours the University of
Chicago’s Web Servers were Scanned by
7,000 Unique IP Addresses Looking for
Weaknesses
•Many Servers Had to Be Disconnected
Security Management
K. Adisesha 21
Worm
•Nimda Worm Launch Sept. 18, 2001
Mass Mailing of Malicious Code
Attacking MS-Windows
•Took Advantage of Back Doors
Previously Left Behind
•In Four Hours the University of
Chicago’s Web Servers were Scanned by
7,000 Unique IP Addresses Looking for
Weaknesses
•Many Servers Had to Be Disconnected
Security Management
K. Adisesha 21
Right to Privacy
Privacy on the Internet
Acxiom, Inc. Challenges to
Consumer Privacy
•Acxiom – 30 Years Amassing
Massive Database
•Sells Data to Subscribers
•Use by Telemarketers and
Credit Firms
Privacy Issues
K. Adisesha 22
Privacy on the Internet
Acxiom, Inc. Challenges to
Consumer Privacy
•Acxiom – 30 Years Amassing
Massive Database
•Sells Data to Subscribers
•Use by Telemarketers and
Credit Firms
Privacy Issues
K. Adisesha 22
Right to Privacy
•Computer Profiling
•Computer Matching
•Privacy Laws
•Computer Libel and
Censorship
•Spamming
•Flaming
Privacy Issues
K. Adisesha 23
•Computer Profiling
•Computer Matching
•Privacy Laws
•Computer Libel and
Censorship
•Spamming
•Flaming
Privacy Issues
K. Adisesha 23
Other Challenges
•Employment Challenges
•Working Conditions
•Individuality Issues
•Health Issues
Privacy Issues
K. Adisesha 24
•Employment Challenges
•Working Conditions
•Individuality Issues
•Health Issues
Privacy Issues
K. Adisesha 24
Ergonomics
Privacy Issues
K. Adisesha 25
Privacy Issues
K. Adisesha 25
Ergonomics
•Job Stress
•Cumulative Trauma
Disorders (CTDs)
•Carpal Tunnel Syndrome
•Human Factors
Engineering
•Societal Solutions
Privacy Issues
K. Adisesha 26
•Job Stress
•Cumulative Trauma
Disorders (CTDs)
•Carpal Tunnel Syndrome
•Human Factors
Engineering
•Societal Solutions
Privacy Issues
K. Adisesha 26
Security Management of
Information Technology
•Business Value of Security
Management
•Protection for all Vital Business
Elements
Real World Case 2-
Geisinger Health Systems and Du
Pont: Security Management of Data
Resources and Process Control
Networks
Click to go to
Case 2
K. Adisesha 27
Information Technology
•Business Value of Security
Management
•Protection for all Vital Business
Elements
Real World Case 2-
Geisinger Health Systems and Du
Pont: Security Management of Data
Resources and Process Control
Networks
Click to go to
Case 2
K. Adisesha 27
Security Management of
Information Technology
Tools of Security Management
Information Technology
Tools of Security Management
Security Management of
Information Technology
•Need for Security Management Caused by
Increased Use of Links Between Business
Units
•Greater Openness Means Greater
Vulnerabilities
•Better Use of Identifying, Authenticating
Users and Controlling Access to Data
•Theft Should Be Made as Difficult as Possible
Providence Health and Cervalis:
Security Management Issues
K. Adisesha 29
Information Technology
•Need for Security Management Caused by
Increased Use of Links Between Business
Units
•Greater Openness Means Greater
Vulnerabilities
•Better Use of Identifying, Authenticating
Users and Controlling Access to Data
•Theft Should Be Made as Difficult as Possible
Providence Health and Cervalis:
Security Management Issues
K. Adisesha 29
Security Management of
Information Technology
•Encryption
–Public Key
–Private Key
Graphically…
Internetworked Security Defenses
K. Adisesha 30
Information Technology
•Encryption
–Public Key
–Private Key
Graphically…
Internetworked Security Defenses
K. Adisesha 30
Encryption
Security Management of
Information Technology
K. Adisesha 31
Security Management of
Information Technology
K. Adisesha 31
Firewalls
Security Management of
Information Technology
Firewall
Intranet
Server
Firewall
Router Router
Intranet
Server
Host
System
Internet
1
2
3
4
4 5
1
External Firewall
Blocks Outsiders
2
Internal Firewall
Blocks Restricted
Materials
3
Use of Passwords
and Browser Security
4
Performs
Authentication and
Encryption
5
Careful Network
Interface Design
K. Adisesha 32
Security Management of
Information Technology
Firewall
Intranet
Server
Firewall
Router Router
Intranet
Server
Host
System
Internet
1
2
3
4
4 5
1
External Firewall
Blocks Outsiders
2
Internal Firewall
Blocks Restricted
Materials
3
Use of Passwords
and Browser Security
4
Performs
Authentication and
Encryption
5
Careful Network
Interface Design
K. Adisesha 32
Security Management of
Information Technology
•Worldwide Search for Active IP
Addresses
•Sophisticated Probes Scan Any Home
or Work Location
•Personal Firewalls Help Block
Intruders
•Firewalls Generally Good at
Protecting Computers from Most
Hacking Efforts
Barry Nance: Testing PC
Firewall Security
K. Adisesha 33
Information Technology
•Worldwide Search for Active IP
Addresses
•Sophisticated Probes Scan Any Home
or Work Location
•Personal Firewalls Help Block
Intruders
•Firewalls Generally Good at
Protecting Computers from Most
Hacking Efforts
Barry Nance: Testing PC
Firewall Security
K. Adisesha 33
Security Management of
Information Technology
•MTV.com Website Targeted for Distributed
Denial of Service (DDOS) Attacks During Fall
Peak Periods
•Some People Try to Crash MTV Sites
•Parent Viacom Installed Software to Filter out
DDOS Attacks
•Website Downtime Reduced
MTV Networks: Denial of
Service Defenses
K. Adisesha 34
Information Technology
•MTV.com Website Targeted for Distributed
Denial of Service (DDOS) Attacks During Fall
Peak Periods
•Some People Try to Crash MTV Sites
•Parent Viacom Installed Software to Filter out
DDOS Attacks
•Website Downtime Reduced
MTV Networks: Denial of
Service Defenses
K. Adisesha 34
Defending Against Denial of
Service Attacks
Security Management of
Information Technology
K. Adisesha 35
Service Attacks
Security Management of
Information Technology
K. Adisesha 35
Security Management of
Information Technology
•e-Sniff Monitoring Device Searches
e-Mail by Key Word or Records of
Web Sites Visited
•82% of Businesses Monitor Web Use
•Close to 100% of Workers Register
Some Improper Use
Sonalysts, Inc.: Corporate e-Mail
Monitoring
K. Adisesha 36
Information Technology
•e-Sniff Monitoring Device Searches
e-Mail by Key Word or Records of
Web Sites Visited
•82% of Businesses Monitor Web Use
•Close to 100% of Workers Register
Some Improper Use
Sonalysts, Inc.: Corporate e-Mail
Monitoring
K. Adisesha 36
Security Management of
Information Technology
•Much Software Was Unable to Stop
Nimda Worm
•Software Alone is Often Not Enough
to Clean System
•Until Better Software is Developed,
A Complete System Disconnect and
Purge May Be the Only Solution
TrueSecure and 724 Inc.:
Limitations of Antivirus Software
K. Adisesha 37
Information Technology
•Much Software Was Unable to Stop
Nimda Worm
•Software Alone is Often Not Enough
to Clean System
•Until Better Software is Developed,
A Complete System Disconnect and
Purge May Be the Only Solution
TrueSecure and 724 Inc.:
Limitations of Antivirus Software
K. Adisesha 37
Example Security Suite Interface
Security Management of
Information Technology
K. Adisesha 38
Security Management of
Information Technology
K. Adisesha 38
Other Security Measures
Security Management of
Information Technology
•Security Codes
•Multilevel Password System
–Smart Cards
•Backup Files
–Child, Parent, Grandparent Files
•System Security Monitors
•Biometric Security
K. Adisesha 39
Security Management of
Information Technology
•Security Codes
•Multilevel Password System
–Smart Cards
•Backup Files
–Child, Parent, Grandparent Files
•System Security Monitors
•Biometric Security
K. Adisesha 39
Example Security Monitor
Security Management of
Information Technology
K. Adisesha 40
Security Management of
Information Technology
K. Adisesha 40
Evaluation of Biometric
Security
Security Management of
Information Technology
K. Adisesha 41
Security
Security Management of
Information Technology
K. Adisesha 41
Computer Failure Controls
Security Management of
Information Technology
•Fault Tolerant Systems
–Fail-Over
–Fail-Safe
–Fail-Soft
•Disaster Recovery
K. Adisesha 42
Security Management of
Information Technology
•Fault Tolerant Systems
–Fail-Over
–Fail-Safe
–Fail-Soft
•Disaster Recovery
K. Adisesha 42
Methods of Fault Tolerance
Security Management of
Information Technology
K. Adisesha 43
Security Management of
Information Technology
K. Adisesha 43
Visa International: Fault
Tolerant Systems
Security Management of
Information Technology
•Only 100% Uptime is Acceptable
•Only 98 Minutes of Downtime in 12
Years
•1 Billion Transactions Worth $2
Trillion in Transactions a Year
•4 Global Processing Centers
•Multiple Layers of Redundancy and
Backup
•Software Testing and Art Form
K. Adisesha 44
Tolerant Systems
Security Management of
Information Technology
•Only 100% Uptime is Acceptable
•Only 98 Minutes of Downtime in 12
Years
•1 Billion Transactions Worth $2
Trillion in Transactions a Year
•4 Global Processing Centers
•Multiple Layers of Redundancy and
Backup
•Software Testing and Art Form
K. Adisesha 44
Systems Controls and
Audits
•Information System Controls
•Garbage-In, Garbage-Out
(GIGO)
•Auditing IT Security
•Audit Trails
•Control Logs
K. Adisesha 45
Audits
•Information System Controls
•Garbage-In, Garbage-Out
(GIGO)
•Auditing IT Security
•Audit Trails
•Control Logs
K. Adisesha 45
Systems Controls and
Audits
Security Codes
Encryption
Data Entry Screens
Error Signals
Control Totals
Security Codes
Encryption
Control Totals
Control Listings
End User Feedback
Security Codes
Encryption
Backup Files
Library Procedures
Database Administration
Input
Controls
Output
Controls
Storage
Controls
Processing
Controls
Software Controls
Hardware Controls
Firewalls
Checkpoints
K. Adisesha 46
Audits
Security Codes
Encryption
Data Entry Screens
Error Signals
Control Totals
Security Codes
Encryption
Control Totals
Control Listings
End User Feedback
Security Codes
Encryption
Backup Files
Library Procedures
Database Administration
Input
Controls
Output
Controls
Storage
Controls
Processing
Controls
Software Controls
Hardware Controls
Firewalls
Checkpoints
K. Adisesha 46
Summary
•Ethical and Societal
Dimensions
•Ethical Responsibility in
Business
•Security Management
K. Adisesha 47
•Ethical and Societal
Dimensions
•Ethical Responsibility in
Business
•Security Management
K. Adisesha 47
KEY TERMS
Antivirus software
Audit trail
Auditing business systems
Backup files
Biometric security
Business ethics
Computer crime
Computer matching
Computer monitoring
Computer virus
Denial of service
Disaster recovery
Encryption
Ergonomics
Ethical and Societal Impacts of
business/IT
a.Employment
b.Health
c.Individuality
d.Societal Solutions
e.Working Conditions
Ethical foundations
Fault tolerant
Firewall
Flaming
Hacking
Information system controls
Intellectual property piracy
Passwords
Privacy issues
Responsible professional
Security management
Software piracy
Spamming
System security monitor
Unauthorized use
K. Adisesha 48
Antivirus software
Audit trail
Auditing business systems
Backup files
Biometric security
Business ethics
Computer crime
Computer matching
Computer monitoring
Computer virus
Denial of service
Disaster recovery
Encryption
Ergonomics
Ethical and Societal Impacts of
business/IT
a.Employment
b.Health
c.Individuality
d.Societal Solutions
e.Working Conditions
Ethical foundations
Fault tolerant
Firewall
Flaming
Hacking
Information system controls
Intellectual property piracy
Passwords
Privacy issues
Responsible professional
Security management
Software piracy
Spamming
System security monitor
Unauthorized use
K. Adisesha 48
Real World Case 1
The Business
Challenge of Computer Viruses
Click to go to
Case 1
Real World Case 2
Security Management of Data
Resources and Process Control
Networks
Click to go to
Case 2
Optional Case Studies
Real World Case 3
Security Management of Windows
Software
Real World Case 4
Managing Network Security Systems
Click to go to
Case 3
Click to go to
Case 4
K. Adisesha 49
The Business
Challenge of Computer Viruses
Click to go to
Case 1
Real World Case 2
Security Management of Data
Resources and Process Control
Networks
Click to go to
Case 2
Optional Case Studies
Real World Case 3
Security Management of Windows
Software
Real World Case 4
Managing Network Security Systems
Click to go to
Case 3
Click to go to
Case 4
K. Adisesha 49
Enterprise and Global
Management of Information
Technology
K. Adisesha 50
Management of Information
Technology
K. Adisesha 50
1- What security measures should
companies, business professionals,
and consumers take to protect their
systems from being damaged by
computer worms and viruses?
The Business
Challenge of Computer Viruses
K. Adisesha 51
companies, business professionals,
and consumers take to protect their
systems from being damaged by
computer worms and viruses?
The Business
Challenge of Computer Viruses
K. Adisesha 51
The Business
Challenge of Computer Viruses
•Businesses Should
–“Get Serious” About Cyber Security
–Stop Relying on Microsoft 's Backbone
•Businesses Need Better Procedures
for Security Updating
•Businesses Should Update Security
Defenses
Discussion Points Would Include:
K. Adisesha 52
Challenge of Computer Viruses
•Businesses Should
–“Get Serious” About Cyber Security
–Stop Relying on Microsoft 's Backbone
•Businesses Need Better Procedures
for Security Updating
•Businesses Should Update Security
Defenses
Discussion Points Would Include:
K. Adisesha 52
2- What is the business and ethical
responsibility of Microsoft in
helping to prevent the spread of
computer viruses? Have they met
this responsibility? Why or why
not?
The Business
Challenge of Computer Viruses
K. Adisesha 53
responsibility of Microsoft in
helping to prevent the spread of
computer viruses? Have they met
this responsibility? Why or why
not?
The Business
Challenge of Computer Viruses
K. Adisesha 53
The Business
Challenge of Computer Viruses
Microsoft (95% Market Share)
Must Ensure Software is Hostile to Hackers
Must Write Better Software
Microsoft and Others Must make Security
Higher Priority
The Responsibility of Security is the User
Not Bender
Discussion Points Would Include:
K. Adisesha 54
Challenge of Computer Viruses
Microsoft (95% Market Share)
Must Ensure Software is Hostile to Hackers
Must Write Better Software
Microsoft and Others Must make Security
Higher Priority
The Responsibility of Security is the User
Not Bender
Discussion Points Would Include:
K. Adisesha 54
3- What are several possible reasons
why some companies (like GM)
were seriously affected by computer
viruses, while others (like Verizon)
were not?
The Business
Challenge of Computer Viruses
Return to
Cases Page
K. Adisesha 55
why some companies (like GM)
were seriously affected by computer
viruses, while others (like Verizon)
were not?
The Business
Challenge of Computer Viruses
Return to
Cases Page
K. Adisesha 55
The Business
Challenge of Computer Viruses
•Undue Dependence on Microsoft for
Quality Software
•GM Ignored Security until It was Too Late
•Companies Paid More Attention to
Bottom Line than Security
Reasons Would Include:
Return to
Cases Page
K. Adisesha 56
Challenge of Computer Viruses
•Undue Dependence on Microsoft for
Quality Software
•GM Ignored Security until It was Too Late
•Companies Paid More Attention to
Bottom Line than Security
Reasons Would Include:
Return to
Cases Page
K. Adisesha 56
The Business
Challenge of Computer Viruses
•Undue Dependence on Microsoft for
Quality Software
•GM Ignored Security until It was Too Late
•Companies Paid More Attention to Bottom
Line than Security
•Inadequate Planning for Improving
Security
Reasons Would Include:
Return to
Cases Page
K. Adisesha 57
Challenge of Computer Viruses
•Undue Dependence on Microsoft for
Quality Software
•GM Ignored Security until It was Too Late
•Companies Paid More Attention to Bottom
Line than Security
•Inadequate Planning for Improving
Security
Reasons Would Include:
Return to
Cases Page
K. Adisesha 57
Security Management of Data Resources
and Process Control Networks
1- What are several possible reasons
why some companies (like GM)
were seriously affected by computer
viruses, while others (like Verizon)
were not?
Return to
Cases Page
K. Adisesha 58
and Process Control Networks
1- What are several possible reasons
why some companies (like GM)
were seriously affected by computer
viruses, while others (like Verizon)
were not?
Return to
Cases Page
K. Adisesha 58
Security Management of Data Resources
and Process Control Networks
•Key Components of a Security
System:
–Understanding Workflow
–Assessing Risk
–Educating Users
•MvChart needed Installed on
Hardware Separate from EMK
system
Discussion Points Would Include:
K. Adisesha 59
and Process Control Networks
•Key Components of a Security
System:
–Understanding Workflow
–Assessing Risk
–Educating Users
•MvChart needed Installed on
Hardware Separate from EMK
system
Discussion Points Would Include:
K. Adisesha 59
Security Management of Data Resources
and Process Control Networks
•Biometric and Proximity Devices
Streamline Secure Network Access
•Requiring Caregivers Access to Patient
Information via the Internet Using:
–Electronic Token Identification
–A Virtual Private Network
•Other Encryption Methods
Discussion Points Would Include:
K. Adisesha 60
and Process Control Networks
•Biometric and Proximity Devices
Streamline Secure Network Access
•Requiring Caregivers Access to Patient
Information via the Internet Using:
–Electronic Token Identification
–A Virtual Private Network
•Other Encryption Methods
Discussion Points Would Include:
K. Adisesha 60
Security Management of Data Resources
and Process Control Networks
2- What security measures is Du
Pont taking to protect their process
control networks? Are these
measures adequate? Explain your
evaluation.
K. Adisesha 61
and Process Control Networks
2- What security measures is Du
Pont taking to protect their process
control networks? Are these
measures adequate? Explain your
evaluation.
K. Adisesha 61
Security Management of Data Resources
and Process Control Networks
•Du Pont Co.-The Critical
Manufacturing Processes, will
Isolate Process Systems from
Business systems by:
–Not Connecting our Networks,
–Or it will Add Firewalls to Control
Access
Discussion Points Would Include:
K. Adisesha 62
and Process Control Networks
•Du Pont Co.-The Critical
Manufacturing Processes, will
Isolate Process Systems from
Business systems by:
–Not Connecting our Networks,
–Or it will Add Firewalls to Control
Access
Discussion Points Would Include:
K. Adisesha 62
Security Management of Data Resources
and Process Control Networks
•A Team-IT Staffers, Process-Control Engineers,
and Manufacturing Employees was Established
to:
–Discern Control Devices Critical to Manufacturing,
Safety and Continuity of Production
–Identify Assets of – Hardware, Data, and Software
Applications
–Testing Fixes and Workarounds for Specific
Machines
–Recognizing Precise Vulnerabilities Differ by
Environment
–Determining how to Separate Networks
Discussion Points Would Include:
K. Adisesha 63
and Process Control Networks
•A Team-IT Staffers, Process-Control Engineers,
and Manufacturing Employees was Established
to:
–Discern Control Devices Critical to Manufacturing,
Safety and Continuity of Production
–Identify Assets of – Hardware, Data, and Software
Applications
–Testing Fixes and Workarounds for Specific
Machines
–Recognizing Precise Vulnerabilities Differ by
Environment
–Determining how to Separate Networks
Discussion Points Would Include:
K. Adisesha 63
Security Management of Data Resources
and Process Control Networks
3- What are several other steps
Geisinger and Du Pont could take
to increase the security of their
data and network resources?
Explain the value of your
proposals.
Return to
Cases Page
K. Adisesha 64
and Process Control Networks
3- What are several other steps
Geisinger and Du Pont could take
to increase the security of their
data and network resources?
Explain the value of your
proposals.
Return to
Cases Page
K. Adisesha 64
Security Management of Data Resources
and Process Control Networks
Include the Concepts Presented
in the Chapter Material and
Additional Considerations That
You Have Located on the
Internet
Discussion Points Would Include:
Return to
Cases Page
K. Adisesha 65
and Process Control Networks
Include the Concepts Presented
in the Chapter Material and
Additional Considerations That
You Have Located on the
Internet
Discussion Points Would Include:
Return to
Cases Page
K. Adisesha 65
1- What security problems are
typically remedied by Microsoft’s
security patches for Windows? Why
do such problems arise in the first
place?
Return to
Cases Page
Security Management of Windows
Software
K. Adisesha 66
typically remedied by Microsoft’s
security patches for Windows? Why
do such problems arise in the first
place?
Return to
Cases Page
Security Management of Windows
Software
K. Adisesha 66
Security Management of Windows
Software
•Vulnerability to Computer Viruses
(Worms)
•Microsoft’s Push to Deliver New
Versions
–That have not been tested and/or
•Designed Properly to Reduce
Vulnerability
Discussion Points Would Include:
K. Adisesha 67
Software
•Vulnerability to Computer Viruses
(Worms)
•Microsoft’s Push to Deliver New
Versions
–That have not been tested and/or
•Designed Properly to Reduce
Vulnerability
Discussion Points Would Include:
K. Adisesha 67
2- What challenges does the process
of applying Windows patches pose
for many businesses? What are
some limitations of the patching
process?
Security Management of Windows
Software
K. Adisesha 68
of applying Windows patches pose
for many businesses? What are
some limitations of the patching
process?
Security Management of Windows
Software
K. Adisesha 68
Security Management of Windows
Software
•Patching Required Companies to
Drop Everything with Finite
Resources
•Larger Companies Need Time to
Properly Test
•Companies Faced with Limited
Scope for Downtime
Discussion Points Would Include:
K. Adisesha 69
Software
•Patching Required Companies to
Drop Everything with Finite
Resources
•Larger Companies Need Time to
Properly Test
•Companies Faced with Limited
Scope for Downtime
Discussion Points Would Include:
K. Adisesha 69
3- Does the business value of
applying Windows patches outweigh
its costs, limitations, and the
demands it places on the IT
function? Why or why not?
Security Management of Windows
Software
Return to
Cases Page
K. Adisesha 70
applying Windows patches outweigh
its costs, limitations, and the
demands it places on the IT
function? Why or why not?
Security Management of Windows
Software
Return to
Cases Page
K. Adisesha 70
Security Management of Windows
Software
•Exploit-Proof Code Patching is Best Strategy
•Microsoft’s Windows Update Patch Management
Program
–Has a Critical Shortcoming
–Could Fool Users-They have Been Properly Patched
–Users are Really Vulnerable-Patch not Fixed
•Users have Reported Patches don't Always Deploy
Properly
Discussion Points Would Include:
Return to
Cases Page
K. Adisesha 71
Software
•Exploit-Proof Code Patching is Best Strategy
•Microsoft’s Windows Update Patch Management
Program
–Has a Critical Shortcoming
–Could Fool Users-They have Been Properly Patched
–Users are Really Vulnerable-Patch not Fixed
•Users have Reported Patches don't Always Deploy
Properly
Discussion Points Would Include:
Return to
Cases Page
K. Adisesha 71
Security Management of Windows
Software
•Exploit-Proof Code Patching is Best Strategy
•Microsoft’s Windows Update Patch Management
Program
–Has a Critical Shortcoming
–Could Fool Users-They have Been Properly Patched
–Users are Really Vulnerable-Patch not Fixed
•Users have Reported Patches don't Always Deploy
Properly
•Microsoft Patches have Serious Security
Vulnerability
Discussion Points Would Include:
Return to
Cases Page
K. Adisesha 72
Software
•Exploit-Proof Code Patching is Best Strategy
•Microsoft’s Windows Update Patch Management
Program
–Has a Critical Shortcoming
–Could Fool Users-They have Been Properly Patched
–Users are Really Vulnerable-Patch not Fixed
•Users have Reported Patches don't Always Deploy
Properly
•Microsoft Patches have Serious Security
Vulnerability
Discussion Points Would Include:
Return to
Cases Page
K. Adisesha 72
1- What is the function of each of the
network security tools identified in
this case? Visit the websites of
security firms Check Point and
NetForensics to help you answer.
Return to
Cases Page
Managing Network Security
Systems
K. Adisesha 73
network security tools identified in
this case? Visit the websites of
security firms Check Point and
NetForensics to help you answer.
Return to
Cases Page
Managing Network Security
Systems
K. Adisesha 73
Managing Network Security
Systems
•Network Intrusion-Detection Systems
•Firewalls
•Anti-Virus Tools
•Automating the Process
–Gathering
–Consolidating
–Correlating
–Prioritizing Data from Security Event
•Collecting Data from Individual Security Systems
•“Normalizing” Data to Quickly Identify Potential
Attacks
Discussion Points Would Include:
K. Adisesha 74
Systems
•Network Intrusion-Detection Systems
•Firewalls
•Anti-Virus Tools
•Automating the Process
–Gathering
–Consolidating
–Correlating
–Prioritizing Data from Security Event
•Collecting Data from Individual Security Systems
•“Normalizing” Data to Quickly Identify Potential
Attacks
Discussion Points Would Include:
K. Adisesha 74
2- What is the value of security
information management software
to a company? Use the companies in
this case as examples.
Managing Network Security Systems
K. Adisesha 75
information management software
to a company? Use the companies in
this case as examples.
Managing Network Security Systems
K. Adisesha 75
Managing Network Security Systems
•Provides a Single Place To Get Information
•Automated Gathering, Consolidating, and
Correlating Data
–Into a Usable Format to Analyze
–Used to Establish Priorities
•Permits Businesses to React Faster to Activity
•Reduces the Number of False Alerts
•Allows Companies to Drill Down into Attach
Details
Discussion Points Would Include:
K. Adisesha 76
•Provides a Single Place To Get Information
•Automated Gathering, Consolidating, and
Correlating Data
–Into a Usable Format to Analyze
–Used to Establish Priorities
•Permits Businesses to React Faster to Activity
•Reduces the Number of False Alerts
•Allows Companies to Drill Down into Attach
Details
Discussion Points Would Include:
K. Adisesha 76
3- What can smaller firms who
cannot afford the cost of such
software do to properly manage
and use the information about
security from their network
security systems? Give several
examples.
Managing Network Security Systems
Return to
Cases Page
K. Adisesha 77
cannot afford the cost of such
software do to properly manage
and use the information about
security from their network
security systems? Give several
examples.
Managing Network Security Systems
Return to
Cases Page
K. Adisesha 77
Managing Network Security Systems
•Plan for Having Periodic Audits of IT
Security
•Review/Update Regularly Control
Features of IT
•Regularly Change Passwords-To Access
System
•Develop a Backup Plan and Implement
Discussion Points Would Include:
Return to
Cases Page
K. Adisesha 78
•Plan for Having Periodic Audits of IT
Security
•Review/Update Regularly Control
Features of IT
•Regularly Change Passwords-To Access
System
•Develop a Backup Plan and Implement
Discussion Points Would Include:
Return to
Cases Page
K. Adisesha 78
Managing Network Security
Systems
•Plan for Having Periodic Audits of IT
Security
•Review/Update Regularly Control Features
of IT
•Regularly Change Passwords-To Access
System
•Develop a Backup Plan and Implement
•Develop Plan for Disaster Recovery
Discussion Points Would Include:
Return to
Cases Page
K. Adisesha 79
Systems
•Plan for Having Periodic Audits of IT
Security
•Review/Update Regularly Control Features
of IT
•Regularly Change Passwords-To Access
System
•Develop a Backup Plan and Implement
•Develop Plan for Disaster Recovery
Discussion Points Would Include:
Return to
Cases Page
K. Adisesha 79
Security and Ethical Challenges
Thank you
K. Adisesha 80
Thank you
K. Adisesha 80
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 388
- Slides 80
- Favorites 1
- Age 2061 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
33 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
31 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
27 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
29 views