{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

LN7_InformationSecurity_V3 - MGCR 331 Information...

Info icon This preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
MGCR 331 – Information Systems (“IT Impacts on Organizations”) Lecture Note 7 – Information Security 1 LEARNING OBJECTIVES 1. Identify the many threats to information security 2. Understand the various defense mechanisms used to protect information systems 3. Explain IT auditing and planning for disaster recovery Preview This information systems world we live in is filled with many types of people and organizations. Unfortunately, not all of them are honest. Controls help honest people stay honest and detect potential problems. What types of information systems problems should we protect ourselves and our organizations against? What are the different types of controls and how can information systems auditors help in the control evaluation process? This study note will look at the threats and at compensating controls that can be implemented in our systems. 1. Threats to Information Security Learning Objective: Identify the many threats to information security 1 This study note was mainly excerpted from Introduction to Information Systems: Supporting and Transforming Business by Rainer, Turban, Splettstoesser-Hogeterp and Sanchez-Rodriguez 1 Figure 2: Security threats Figure 1: Security threats
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Attacks on corporate information systems by hackers, viruses, worms and the occasional disgruntled employees are increasing dramatically – and costing companies a fortune. Last year, US businesses reported 53,000 system break-ins – 150 percent increase over 2000 (Exhibit 1). Indeed, the true number of security breaches is likely to have been much higher because concerns about negative publicity mean that almost two-thirds of all incidents actually go unreported. Although information security has traditionally been the responsibility of IT departments, some companies have made it a business issue as well as a technological one. This year we studied security best practices at Fortune 500 companies, particularly 30 that had recently appointed a senior business executive to oversee information security. (According to an April 2001 estimate by Gartner, half of the Global 2000 are likely to create similar positions by 2004. A handful of these Fortune 2000 are likely to create similar positions by 2004.) A handful of these Fortune 500 companies are now adding strategic, operational, and organizational safeguards to the technological measures they currently employ to protect corporate information. But most companies continue to view information security as a technological problem calling for technological solutions – even though technology managers concede that today’s networks cannot be made impenetrable and that new security technologies have a short life span as hackers quickly devise ways around them. Delegating security to technologists also ignores fundamental questions that only business managers can answer. Not all of a company’s varied information assets have equal value, for instance; some require more attention than others. One on-line retailer, Egghead.com, lost 25 percent of its stock market value in December 2000, when hackers
Image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern