Professional Documents
Culture Documents
Module 4 Week 10
INFOSYS 110 Digital Systems
Module 4:
Be Prepared for a Rapidly Changing Future
Week10 Week11 Week12
Security and Ethics in a Cloud Computing and the Rise of the Robots –
Digital World Internet of Things Artificial Intelligence
Learning outcomes:
• By the end of this session you should be able to:
• Apply an ethical problem solving framework
• Categorise and identify different types of security threats
• Define risk and different ways in which an organisation might deal
with a specific risk
• Be able to implement good authentication practices
Agenda:
Security Threats
Security Controls
Ethics and Corporate Social Responsibility
Security Threats
Security Controls
Ethics
What are ethics?
• Standards of right and wrong.
• Study and development of ethical standards.
http://www.scu.edu/ethics/practicing/decision/whatisethics.html
https://www.youtube.com/watch?v=R7yfV6RzE30
Evaluate
alternatives
Make a
choice
Reflect on
your decision
Corporate Social Responsibility:
Be ethical
Ethical Responsibilities Do what is just, right and fair.
Avoid harm.
Economic Responsibilities
Be profitable
The foundation upon which all others rest.
The Pyramid of Corporate Social Responsibility: Toward the Moral Management of Organizational Stakeholders. Carroll, Archie B. Business Horizons; Jul/Aug91, Vol. 34 Issue 4, p39-48
Exercise: Spark and CSR
1. At what level of the CSR
pyramid does Spark operate?
http://www.sparknz.co.nz/sustainability/
Ethics and Corporate Social Responsibility
Security Threats
Security Controls
What are some threats to a business?
http://www.youtube.com/watch?v=Y6tbUNjL0No
Information Security
The protection of information systems from
accidental or intentional misuse by persons
inside or outside an organisation.
(virus
Human-made disasters
es, w
Malw s, etc.)
Den
Fire
Un user
ial o
orm
are
Power outages
au
(ha
Other accidents
tho s
f ser
cke
rise
vice
rs)
d
OUTSIDE
THREATS
INSIDE THREATS
http://vimeo.com/25118844
Threats: Social Engineering
Using one’s social skills to trick people into revealing access
credentials or other information valuable to the attacker
Threats: Phishing
Phishing : a technique to gain personal information for
the purpose of identity theft, usually by means of
fraudulent email
IS system attack process
Conduct
Attempt Social Scan & Map Execute
Recon- Cover Tracks
Engineering Target Attack
naissance
Ethics and Corporate Social Responsibility
Security Threats
Security Controls
Develop an Information Security Plan
• Develop policies
• Communicate the policies
• Identify critical information
assets and risks
• Test and re-evaluate risks
• Obtain stakeholder support
What is Risk?
An incident or occurrence emanating from internal or external
sources that affects implementation of strategy or achievement of
objectives.
(http://www.coso.org/documents/coso_erm_executivesummary.pdf)
Risk Management Responses
• Mitigate:
– Implement effective internal controls
Mitigate Accept • Accept:
– Do nothing, accept likelihood of risk
• Transfer:
– Buy insurance, outsource
Transfer Avoid • Avoid:
– Do not engage in activity that produces
risk
Risk Management Responses
• Mitigate:
• Accept:
• Transfer:
• Avoid:
Types of controls
Physical Communications Access
Walls, doors,
locks Firewalls Authentication
Alarms,
motion Anti-virus Authorisation
detectors
Security
guards VPN Encryption
C.I.A. of Information Security
Confidentiality
Availability Integrity
Authentication
Something
the User
knows
Something
Something
that is
the User
part of the
has
User
http://www.datagenetics.com/blog/september32012/
Module 4:
Be Prepared for a Rapidly Changing Future
Week10 Week11 Week12
Security and Ethics in a Cloud Computing and the Rise of the Robots –
Digital World Internet of Things Artificial Intelligence