Class Ppt of Mis
-
Upload
utkarshtrivedi283074 -
Category
Documents
-
view
235 -
download
0
Transcript of Class Ppt of Mis
-
8/12/2019 Class Ppt of Mis
1/30
Management Information Systems
PreparedBy :
Komal Moradiya
Priya ParekhNiket
Tara
Submitted To :
Utkarsh Trivedi
Ch-8 Securing Information System
-
8/12/2019 Class Ppt of Mis
2/30
F low of Presentation
- Definition of MIS- System Vulnerability and Abuse
( A)Why system are vulnerable
8.1 Contemporary security challenges andvulnerability
- Internet vulnerabilities
- Wireless security challenges
8.2 WI-FI security challenges
- Malware
- Hackers and computer crime
-
8/12/2019 Class Ppt of Mis
3/30
- Spoofing- Sniffer- Denial of service attacks
- Distributed denial of service attacks
(B) Computer crime & Cyber terrorism
- Identity theft
- Phishing
- Evil twins- Pharming
- Cyber terrorism & Cyber warfare
-
8/12/2019 Class Ppt of Mis
4/30
- Internal threats- Software Vulnerability
- Questions
- Reference
-
8/12/2019 Class Ppt of Mis
5/30
Definition of M IS
An organizedapproach to the studyof the informationneeds of an organization's management at every level in
making operational, tactical, and strategic decisions. Its
objective is to design and implement procedures,
processes, and routines that provide suitably detailed
reportsin an accurate, consistent, and timely manner.
http://www.businessdictionary.com/definition/organized.htmlhttp://www.businessdictionary.com/definition/study.htmlhttp://www.businessdictionary.com/definition/information.htmlhttp://www.businessdictionary.com/definition/need.htmlhttp://www.businessdictionary.com/definition/organization.htmlhttp://www.businessdictionary.com/definition/management.htmlhttp://www.businessdictionary.com/definition/maker.htmlhttp://www.businessdictionary.com/definition/operations.htmlhttp://www.businessdictionary.com/definition/tactical.htmlhttp://www.businessdictionary.com/definition/strategic-decision.htmlhttp://www.businessdictionary.com/definition/objective.htmlhttp://www.businessdictionary.com/definition/design.htmlhttp://www.businessdictionary.com/definition/procedure.htmlhttp://www.businessdictionary.com/definition/process.htmlhttp://www.businessdictionary.com/definition/routine.htmlhttp://www.businessdictionary.com/definition/provide.htmlhttp://www.businessdictionary.com/definition/detailed.htmlhttp://www.businessdictionary.com/definition/report.htmlhttp://www.businessdictionary.com/definition/accurate.htmlhttp://www.businessdictionary.com/definition/consistent.htmlhttp://www.businessdictionary.com/definition/consistent.htmlhttp://www.businessdictionary.com/definition/accurate.htmlhttp://www.businessdictionary.com/definition/report.htmlhttp://www.businessdictionary.com/definition/detailed.htmlhttp://www.businessdictionary.com/definition/provide.htmlhttp://www.businessdictionary.com/definition/routine.htmlhttp://www.businessdictionary.com/definition/process.htmlhttp://www.businessdictionary.com/definition/procedure.htmlhttp://www.businessdictionary.com/definition/design.htmlhttp://www.businessdictionary.com/definition/objective.htmlhttp://www.businessdictionary.com/definition/strategic-decision.htmlhttp://www.businessdictionary.com/definition/strategic-decision.htmlhttp://www.businessdictionary.com/definition/strategic-decision.htmlhttp://www.businessdictionary.com/definition/tactical.htmlhttp://www.businessdictionary.com/definition/operations.htmlhttp://www.businessdictionary.com/definition/maker.htmlhttp://www.businessdictionary.com/definition/management.htmlhttp://www.businessdictionary.com/definition/organization.htmlhttp://www.businessdictionary.com/definition/need.htmlhttp://www.businessdictionary.com/definition/information.htmlhttp://www.businessdictionary.com/definition/study.htmlhttp://www.businessdictionary.com/definition/organized.html -
8/12/2019 Class Ppt of Mis
6/30
In a Management Information System, modern,computerized systems continuously gather relevant data,
both from inside and outside an organization.
This data is then processed, integrated, and stored in a
centralized database. where it is constantly updated andmade available to all who have the authorityto accessit,
in a form that suits their purpose.
http://www.businessdictionary.com/definition/system.htmlhttp://www.businessdictionary.com/definition/relevant.htmlhttp://www.businessdictionary.com/definition/data.htmlhttp://www.businessdictionary.com/definition/centralization.htmlhttp://www.businessdictionary.com/definition/database.htmlhttp://www.businessdictionary.com/definition/authority.htmlhttp://www.businessdictionary.com/definition/access.htmlhttp://www.businessdictionary.com/definition/form.htmlhttp://www.businessdictionary.com/definition/form.htmlhttp://www.businessdictionary.com/definition/access.htmlhttp://www.businessdictionary.com/definition/authority.htmlhttp://www.businessdictionary.com/definition/database.htmlhttp://www.businessdictionary.com/definition/centralization.htmlhttp://www.businessdictionary.com/definition/data.htmlhttp://www.businessdictionary.com/definition/relevant.htmlhttp://www.businessdictionary.com/definition/system.html -
8/12/2019 Class Ppt of Mis
7/30
System Vulnerabi l i tyand Abuse
-
8/12/2019 Class Ppt of Mis
8/30
(A) Why system are Vulnerable
Accessibility of networks
Hardware problems (breakdowns, configuration errors,
damage from improper use or crime)
Software problems (programming errors, installationerrors, unauthorized changes)
Disasters
Use of networks/computers outside of firmscontrol
Loss and theft of portable devices
-
8/12/2019 Class Ppt of Mis
9/30
8.1 Contemporary secur ity challenges and
vulnerabilities
The architecture of a Web-based application typically includes a Web client, a server, and
corporate information systems linked to databases. Each of these components presents
security challenges and vulnerabilities. Floods, fires, power failures, and other electrical
problems can cause disruptions at any point in the network.
-
8/12/2019 Class Ppt of Mis
10/30
Internet vulnerabilities
Network open to anyone
Size of Internet means abuses can have wide impact
Use of fixed Internet addresses with cable or DSL
modems creates fixed targets hackers
Unencrypted VOIP
E-mail, P2P, IM
Interception
Attachments with malicious software
Transmitting trade secrets
-
8/12/2019 Class Ppt of Mis
11/30
Wireless security challenges
Radio frequency bands easy to scan
SSIDs (service set identifiers)
Identify access points
Broadcast multiple times
War driving
Eavesdroppers drive by buildings and try to detect
SSID and gain access to network and resources
WEP (Wired Equivalent Privacy)
Security standard for 802.11; use is optional
Uses shared password for both users and access point
Users often fail to implement WEP or stronger systems
-
8/12/2019 Class Ppt of Mis
12/30
8.2 WI -F I Secur i ty challenges
Many Wi-Fi networks can be
penetrated easily by intruders
using sniffer programs to
obtain an address to access the
resources of a network without
authorization.
-
8/12/2019 Class Ppt of Mis
13/30
Malware (malicious software)
Viruses
Rogue software program that attaches itself to other
software programs or data files in order to be executed
Worms Independent computer programs that copy themselves
from one computer to other computers over a network.
Trojan horses
Software program that appears to be benign but then
does something other than expected.
-
8/12/2019 Class Ppt of Mis
14/30
Malware (cont.)
SQL injection attacks
Hackers submit data to Web forms that exploits sites
unprotected software and sends rogue SQL query to
database Spyware
Small programs install themselves surreptitiously on
computers to monitor user Web surfing activity and
serve up advertising Key loggers
Record every keystroke on computer to steal serial
numbers, passwords, launch Internet attacks
-
8/12/2019 Class Ppt of Mis
15/30
Hackers and computer crime
Hackers vs. crackersHackerone who gains unauthorized computer access, but
without doing damage
Crackerone who breaks into computer systems for the
purpose of doing damage
Activities include
System intrusion
System damage
Cyber vandalism
Intentional disruption, defacement, destruction of Web
site or corporate information system
-
8/12/2019 Class Ppt of Mis
16/30
Spoofing Misrepresenting oneself by using fake e-mail
addresses or masquerading as someone else
Redirecting Web link to address different from
intended one, with site masquerading as intended
destination
Sniffer
Eavesdropping program that monitors informationtraveling over network
Enables hackers to steal proprietary information
such as e-mail, company files, etc.
-
8/12/2019 Class Ppt of Mis
17/30
Denial-of-service attacks (DoS) Flooding server with thousands of false requests to
crash the network.
Distributed denial-of-service attacks (DDoS)
Use of numerous computers to launch a DoS
Botnets
Networks of zombie PCs infiltrated by bot malware
Worldwide, 6 - 24 million computers serve as zombie PCsin thousands of botnets
-
8/12/2019 Class Ppt of Mis
18/30
(B) Defini tion of Computer Crime
Any crime in which computer related technology is
encountered.
The commission of illegal acts through the use of a
computer or against a computer system.
-
8/12/2019 Class Ppt of Mis
19/30
Computer crime
Defined as any violations of criminal law that
involve a knowledge of computer technology for
their perpetration, investigation, or prosecution
Computer may be target of crime, e.g.: Breaching confidentiality of protected computerized data
Accessing a computer system without authority
Computer may be instrument of crime, e.g.: Theft of trade secrets
Using e-mail for threats or harassment
-
8/12/2019 Class Ppt of Mis
20/30
Identity theft Theft of personal Information (social security id,
drivers license or credit card numbers) to
impersonate someone else
Phishing
Setting up fake Web sites or sending e-mail
messages that look like legitimate businesses to
ask users for confidential personal data. Evil twins
Wireless networks that pretend to offer trustworthy
Wi-Fi connections to the Internet
-
8/12/2019 Class Ppt of Mis
21/30
Pharming
Redirects users to a bogus Web page, even when individual
types correct Web page address into his or her browser
Click fraud
Occurs when individual or computer program fraudulentlyclicks on online ad without any intention of learning more
about the advertiser or making a purchase
Cyber terrorism and Cyber warfare cyber terrorism or cyber warfare and cripple networks
controlling essential services such as electrical grids and
air traffic control systems.
-
8/12/2019 Class Ppt of Mis
22/30
Internal threats: employees Security threats often originate inside an
organization
Inside knowledge
Sloppy security procedures
User lack of knowledge
Social engineering:
Tricking employees into revealing their passwords bypretending to be legitimate members of the company in
need of information
-
8/12/2019 Class Ppt of Mis
23/30
Software vulnerability Commercial software contains flaws that create
security vulnerabilities
Hidden bugs (program code defects)
Zero defects cannot be achieved because complete testing is notpossible with large programs
Flaws can open networks to intruders
Patches
Vendors release small pieces of software to repair flaws
However exploits often created faster than patches be
released and implemented
-
8/12/2019 Class Ppt of Mis
24/30
-
8/12/2019 Class Ppt of Mis
25/30
Famous hackers in history
Ian Murphy Kevin Mitnick Johan Helsinguis Mark Abene
Linus Torvalds Robert Morris Jonathan James
NASA
Stephen Watt
NY based coder
-
8/12/2019 Class Ppt of Mis
26/30
Conclusion
Obviously computer crime is on the rise, but so is theawareness and ability to fight it. Law enforcement
realizes that it is happening more often than it is
reported and are doing there best to improve existing
laws and create new laws as appropriate. The problemis not with the awareness or the laws, but with actually
reporting that a crime has occurred. Hopefully people
will begin to realize that unless they report these crimes
and get convictions, those committing computer crimeswill continue to do so.
-
8/12/2019 Class Ppt of Mis
27/30
-
8/12/2019 Class Ppt of Mis
28/30
When antivirus software cripples your computers
What management, organization, and technology factors were
responsible for McAfees software problem?
What was the business impact of this software problem, both for
McAfee and for its customers?
If you were a McAfee enterprise customer, would you consider
McAfees response to the problem be acceptable? Why or why
not?
What should McAfee do in the future to avoid similar problems?
Discuss the following questions:
-
8/12/2019 Class Ppt of Mis
29/30
References
http://www.businessdictionary.com/definition/management-information-system-M IS.html#ixzz2u3f7a6FG
Management I nformation System
Kenneth C. Laudon
Jane P. Laudon
Pearson Prentice Hall
Sixed Impression - 2011
http://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.htmlhttp://www.businessdictionary.com/definition/management-information-system-MIS.html -
8/12/2019 Class Ppt of Mis
30/30