Professional Documents
Culture Documents
Aisch 05
Aisch 05
Security
Chapter 5
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5–1
Learning Objective 1
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5–2
Overview
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5–4
The Information Security
System Life Cycle
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5–5
The Information Security
System in the Organization
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5–6
Analyzing Vulnerabilities
and Threats
Quantitative approach
to risk assessment
Qualitative approach
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5–7
Analyzing Vulnerabilities
and Threats
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5–8
Analyzing Vulnerabilities
and Threats
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5–9
Analyzing Vulnerabilities
and Threats
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 10
Analyzing Vulnerabilities
and Threats
business interruption
loss of software
loss of data
loss of hardware
loss of facilities
loss of service and personnel
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 11
Learning Objective 2
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 12
Vulnerabilities and Threats
What is a vulnerability?
A vulnerability is a
weakness in a system.
What is a threat?
A threat is a potential
exploitation of a vulnerability.
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 13
Vulnerabilities and Threats
Active threats
Passive threats
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 14
Individuals Posing a Threat
to the Information System
Users Intruders
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 15
Individuals Posing a Threat
to the Information System
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 16
Individuals Posing a Threat
to the Information System
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 17
Individuals Posing a Threat
to the Information System
A hacker is an intruder who attacks
a system for fun and challenge.
What are other types of intruders?
unnoticed intruders
wiretappers
piggybackers
impersonating intruders
eavesdroppers
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 18
Active Threats to
Information Systems
Program alteration
Misappropriation
or theft of
Direct file alteration
information
resources
Data theft
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 19
Active Threats to
Information Systems
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 20
Active Threats to
Information Systems
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 21
Active Threats to
Information Systems
Logic bomb
Trojan horse
Virus program
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 22
Active Threats to
Information Systems
What is a worm?
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 23
Active Threats to
Information Systems
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 24
Learning Objective 3
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 25
The Information System
Security System
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 26
The Control Environment
Management philosophy
and operating style
Organization structure
Board of directors
and its committees
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 27
The Control Environment
External influences
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 28
Controls for Active Threats
Site-access controls
System-access controls
File-access controls
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 29
Controls for Active Threats
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 30
Controls for Active Threats
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 31
Controls for Active Threats
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 33
Controls for Passive Threats
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 34
Controls for Passive Threats
Full backups
Incremental backups
Differential backups
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 35
Internet Security
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 36
Learning Objective 4
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 37
Disaster Risk Management
Prevention Contingency
planning planning
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 38
Disaster Risk Management
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 39
Disaster Risk Management
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 40
Disaster Risk Management
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 41
Disaster Risk Management
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 42
End of Chapter 5
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 5 – 43