tailieunhanh - Lecture Business management information system - Lecture 20: Information security

This chapter presents the following content: Information security, the threats, security’s five pillars, management countermeasures, technical countermeasures, credit card fraud, an internet services company, planning for business continuity, planning for business continuity, household international. | Information Security Lecture 20 Today Lecture Information Security The Threats Security’s Five Pillars Management Countermeasures Technical Countermeasures CREDIT CARD FRAUD Case Example: Threats AN INTERNET SERVICES COMPANY Case Example: Security Today Lecture . PLYMOUTH ROCK ASSURANCE CORPORATION Case Example: Use of a VPN (Security) Planning for Business Continuity Using Internal Resources Planning for Business Continuity Using External Resources HOUSEHOLD INTERNATIONAL Case Example: Planning for Business Continuity Used to be an arcane technical topic Today even CEOs need to ‘know about it’ due to the importance of electronic information in running their businesses Need to understand Internet-based threats and countermeasures and continuously fund security work to protect their businesses Information Security 4 Information Security Since 1996 the Computer Security Institute have conducted an annual survey of US security managers Spring 2004 survey report – 2 key findings: The . | Information Security Lecture 20 Today Lecture Information Security The Threats Security’s Five Pillars Management Countermeasures Technical Countermeasures CREDIT CARD FRAUD Case Example: Threats AN INTERNET SERVICES COMPANY Case Example: Security Today Lecture . PLYMOUTH ROCK ASSURANCE CORPORATION Case Example: Use of a VPN (Security) Planning for Business Continuity Using Internal Resources Planning for Business Continuity Using External Resources HOUSEHOLD INTERNATIONAL Case Example: Planning for Business Continuity Used to be an arcane technical topic Today even CEOs need to ‘know about it’ due to the importance of electronic information in running their businesses Need to understand Internet-based threats and countermeasures and continuously fund security work to protect their businesses Information Security 4 Information Security Since 1996 the Computer Security Institute have conducted an annual survey of US security managers Spring 2004 survey report – 2 key findings: The unauthorized use of computers is declining The most expensive cybercrime was denial of service The Threats Note: heaps of similar Surveys . KPMG 6 7 Information Security The Threats Threats are numerous Websites are particularly vulnerable Political activism is one motivation for Website defacement Theft of proprietary information is a major concern Financial fraud is still a significant threat Especially credit card information No data of any value should be stored on web servers 8 CREDIT CARD FRAUD Case Example: Threats In one case, MSNBC reported that a bug in one shopping cart software product used by 4,000 e-commerce sites exposed customer records at those sites One small e-commerce site did not receive the warning Within days, cyber criminals charged thousands of dollars on the credit cards of users of this small site 9 CREDIT CARD FRAUD Case Example: Threats In another case, two foreigners stole 56,000 credit card numbers, bank account information, and other personal financial .