Session03%20john%20bw3up

Session03%20john%20bw3up - 1 1 Chapter 3 Managing...

Info iconThis preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: 1 1 Chapter 3 Managing Information Systems Security 2 Session 12 - Managing Information Systems Security – Objectives (1): ♦ What are the types of “disasters” that can befall organizations with respect to their information systems? ♦ What are the different types of information systems controls? ♦ What is the difference between physical and logical access controls? ♦ Is there a framework for disaster recovery planning? ♦ What are the risks in business operations due to the use of advanced systems and how can the risks be addressed? 3 Security Breaches are Failures in Operations Controls ♦ Equifax Canada reported a second occurrence of a breach in its firewalls ♦ In 2004 administrator access was obtained, in July 2005 firewall was breached ♦ Source: S. Avery. 2005. ‘Criminals breach Equifax Canada security for second time,’ Canadian Press NewsWire, June 16, 2005 Please purchase PDFcamp Printer on http://www.verypdf.com/ to remove this watermark. 2 4 Identity theft – beware of phishing (and of spam) ♦ Using confidential information such as passwords, drivers licenses or medical records to assume someone else’s identity ♦ The thief applies for credit cards, mortgages or passports ♦ Controls include: physical security, access security, and encryption 5 What could go wrong? ♦ Hardware failure – loss of income, unable to ship goods or sell services ♦ Denial of service – due to ‘hacker attack,’ same impact as above ♦ Program failure/error – data loss, data error, operational problems or business failure ♦ Unavailability of people 6 What could go wrong? (continued) ♦ Deliberate or accidental physical damage to equipment ♦ Employee errors or sabotage ♦ Virus or other security penetration – All have similar impacts as described on previous overhead Please purchase PDFcamp Printer on http://www.verypdf.com/ to remove this watermark. 3 7 Physical Theft of Hard Drives & Power Failures are Common ♦ January 16, 2003 a hard drive went missing from Information Systems Management Canada ♦ February 5, 2003 a server and eight laptops stolen from Ministry of Human Resources ♦ July 2005 lightning broke a hydro pole, blackout in downtown Toronto ♦ Ongoing – PDAs and laptops stolen 8 Unusual problems that have wide impact … ♦ SARS outbreak in Canada in 2003 ♦ Major power failure in Canada and U.S. for several hours to two weeks (August 2003) ♦ Tsunami 2004 and New Orleans flood 2005 ♦ Severe storms in BC 2006 causing power outages ♦ Increasing availability of illegal web sites 9 Session 12 - Managing Information Systems Security – Objectives (1): ♦ What are the types of “disasters” that can befall organizations with respect to their information systems?...
View Full Document

This note was uploaded on 10/04/2011 for the course ADMS 2511 taught by Professor Jiu during the Fall '09 term at York University.

Page1 / 22

Session03%20john%20bw3up - 1 1 Chapter 3 Managing...

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online