LN7_InformationSecurity_V3

LN7_InformationSecurity_V3 - MGCR 331 Information Systems...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
MGCR 331 – Information Systems (“IT Impacts on Organizations”) Lecture Note 7 – Information Security 1 LEARNING OBJECTIVES 1. Identify the many threats to information security 2. Understand the various defense mechanisms used to protect information systems 3. Explain IT auditing and planning for disaster recovery Preview This information systems world we live in is filled with many types of people and organizations. Unfortunately, not all of them are honest. Controls help honest people stay honest and detect potential problems. What types of information systems problems should we protect ourselves and our organizations against? What are the different types of controls and how can information systems auditors help in the control evaluation process? This study note will look at the threats and at compensating controls that can be implemented in our systems. 1. Threats to Information Security Learning Objective: Identify the many threats to information security 1 This study note was mainly excerpted from Introduction to Information Systems: Supporting and Transforming Business by Rainer, Turban, Splettstoesser-Hogeterp and Sanchez-Rodriguez 1 Figure 2: Security threats Figure 1: Security threats
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Attacks on corporate information systems by hackers, viruses, worms and the occasional disgruntled employees are increasing dramatically – and costing companies a fortune. Last year, US businesses reported 53,000 system break-ins – 150 percent increase over 2000 (Exhibit 1). Indeed, the true number of security breaches is likely to have been much higher because concerns about negative publicity mean that almost two-thirds of all incidents actually go unreported. Although information security has traditionally been the responsibility of IT departments, some companies have made it a business issue as well as a technological one. This year we studied security best practices at Fortune 500 companies, particularly 30 that had recently appointed a senior business executive to oversee information security. (According to an April 2001 estimate by Gartner, half of the Global 2000 are likely to create similar positions by 2004. A handful of these Fortune 2000 are likely to create similar positions by 2004.) A handful of these Fortune 500 companies are now adding strategic, operational, and organizational safeguards to the technological measures they currently employ to protect corporate information. But most companies continue to view information security as a technological problem calling for technological solutions – even though technology managers concede that today’s networks cannot be made impenetrable and that new security technologies have a short life span as hackers quickly devise ways around them. Delegating security to technologists also ignores fundamental questions that only
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 30

LN7_InformationSecurity_V3 - MGCR 331 Information Systems...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online