2011gdsadvertisingstudytravelclick 13265899836091-phpapp02-120114193149-phpapp02
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02
-
Upload
anjalee990 -
Category
Technology
-
view
54 -
download
0
Transcript of Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02
SECURITY AND SECURITY AND ETHICAL CHALLENGES ETHICAL CHALLENGES
OF INFORMATION OF INFORMATION TECHNOLOGYTECHNOLOGY
Presented by:-Presented by:-Anjali sharmaAnjali sharma
Khushboo ghanshaniKhushboo ghanshani
IT SECURITY & ETHICS
The use of IT in business has had major impacts on society & thus raises ethical issues ion the area of crime , privacy, individuality, employment, health & working conditions.
Hence IT has both negative & positive impacts.
So the responsibility of a business professional is to manage the high quality products & maintaining it.
Ethical Ethical Responsibility
SecurityEthics andSociety
Employment Privacy
Health Crime
WorkingConditions
Individuality
Need for Security 1. Reduce the risk of systems and
organizations ceasing operations.2. Maintaining information confidentiality.3. Ensure the integrity and reliability of
data resources.4. Ensure the uninterrupted availability of
data resources and online operations. 5. Ensure compliance with policies & laws
regarding security & privacy.
Security Security ManagementManagement
Goal of Security Goal of Security ManagementManagement
– Minimize errors, fraud, and losses in the e-business systems that interconnect businesses with their customers, suppliers, and other stakeholders
Security Measures
Encryption
Denial of ServiceDefenses
Fire Walls
MonitorE-mail
VirusDefenses
Security Measures (cont..)
SecurityCodes
SecurityMonitors
BackupFiles
BiometricSecurity Controls
Encryption
– Passwords, messages, files, and other data is transmitted in scrambled form and unscrambled for authorized users
– Involves using special mathematical algorithms to transform digital data in scrambled code
– Most widely used method uses a pair of public and private keys unique to each individual
Types of Encryption
Secret Key Algorithm , (symmetric encryption):
Symmetric or private key, encryption is based on a secret key that is shared by both communicating parties. The sending party uses the secret key as part of the mathematical operation to encipher plain text to cipher text. The receiving party uses the same secret key to decipher the cipher text to plain text.
Types of encrption (contd..)
Public Key Algorithm (Asymmetric Encryption):
It uses two different keys for each user; one is private key known only to this one user, the other is corresponding public key, which is accessible to anyone. The private & public keys are mathematically related by the encryption algorithm. One key is used for encryption and the other for decryption, depending on the nature of the communication service.
FirewallsServes as a
“gatekeeper” system that protects a company’s intranets and other computer networks from intrusion Provides a filter and
safe transfer point Screens all network
traffic for proper passwords or other security codes
Advantages of Firewalls
Provides security to both inbound & outbound traffic.
Response time is very high in case of high end firewalls.
Software firewalls are usually cheaper and preferred for individual computers where as hardware firewalls are for organizations and are costly.
Disadvantages of Firewalls
• Firewalls cannot protect the system from insider attacks.
• Installation & maintenance costs often become an overhead.
• Users surfing capabilities are reduced.
• If the firewall is configured with stringent rules, it constantly annoys user with False positives.
Denial of Service Defenses
These assaults depend on three layers of networked computer systems
Victim’s website Victim’s ISP Sites of “zombie” or slave
computers Defensive measures and
security precautions must be taken at all three levels
Security Measures (cont..)• E-mail Monitoring
“Spot checks just aren’t good enough anymore. The tide is turning toward systematic monitoring of corporate e-mail traffic using content-monitoring software that scans for troublesome words that might compromise corporate security.”
• Virus DefensesProtection may accomplished through
Centralized distribution and updating of antivirus software
Outsourcing the virus protection responsibility to ISPs or to telecommunications or security management companies
Security Measures (cont..)
Security codesMultilevel password system:-
Log onto the computer system, Gain access into the system, Access individual files
Backup FilesDuplicate files of data or programsFile retention measuresSometimes several generations of files
are kept for control purposes
CYBER TERRORISM• Cyber terrorism is the
convergence of terrorism and cyberspace. It is generally understood to mean unlawful attacks and threats of attack against computers, networks, and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives.
Cyber Terrorism
Basic facts about cyber terrorism
• Cyber attacks immediately follow physical attacks
• Cyber attacks are increasing in volume, sophistication, and coordination
• Cyber attackers are attracted to high-value targets
• Many, if not most, targets would probably be commercial computer and communications systems
What can we do..???
Go on the defensive now– Educate senior management on risks of cyber
warfare – Make infosec a top priority– Beef up your security technology– Insist on flawless execution: compliance to
security standards in all areasWork with other companies, government
agencies– NIPC– IT ISAC– SAINT