13 - Securing IT Systems 2011

13 - Securing IT Systems 2011 - Securing IT Systems Bin Gu,...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Securing IT Systems Bin Gu, Ph.D. Assistant Professor of IM Bin.Gu@mccombs.utexas.edu Ph: 512-471-1582; Fax: 512-471-0587 Why are information systems vulnerable to destruction, error, and abuse? What is the business value of security and control? What are the components of an organizational framework for security and control? What are the most important tools and technologies for safeguarding information resources? LEARNING OBJECTIVES Facebook worlds largest social network Problem Identity theft and malicious software Examples: 2009 18-month hacker scam for passwords, resulted in Trojan horse download that stole financial data Dec 2008 Koobface worm May 2010 Spam campaigned aimed at stealing logins Illustrates: Types of security attacks facing consumers Demonstrates: Ubiquity of hacking, malicious software Youre on Facebook? Watch Out! Security: Policies, procedures and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems Controls: Methods, policies, and organizational procedures that ensure safety of organizations assets; accuracy and reliability of its accounting records; and operational adherence to management standards System Vulnerability and Abuse Why systems are vulnerable Accessibility of networks Hardware problems (breakdowns, configuration errors, damage from improper use or crime) Software problems (programming errors, installation errors, unauthorized changes) Disasters Use of networks/computers outside of firms control Loss and theft of portable devices System Vulnerability and Abuse The architecture of a Web-based application typically includes a Web client, a server, and corporate information systems linked to databases. Each of these components presents security challenges and vulnerabilities. Floods, fires, power failures, and other electrical problems can cause disruptions at any point in the network. Contemporary Security Challenges and Vulnerabilities Internet vulnerabilities Network open to anyone Size of Internet means abuses can have wide impact Use of fixed Internet addresses with cable or DSL modems creates fixed targets hackers Unencrypted VOIP E-mail, P2P, IM Interception Attachments with malicious software Transmitting trade secrets System Vulnerability and Abuse Wireless security challenges Radio frequency bands easy to scan SSIDs (service set identifiers) Identify access points Broadcast multiple times War driving Eavesdroppers drive by buildings and try to intercept network traffic When hacker gains access to SSID, has access to networks resources WEP (Wired Equivalent Privacy) Security standard for 802.11 Basic specification uses shared password for both users and access point Users often fail to use security features System Vulnerability and Abuse Many Wi-Fi networks can...
View Full Document

Page1 / 39

13 - Securing IT Systems 2011 - Securing IT Systems Bin Gu,...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online