5 Networks and Collaboration As Business Solutions

Report
Turban and Volonino
Chapter 5
Securing the Enterprise and Business Continuity
Information Technology for Management
Improving Performance in the Digital Economy
7th edition
John Wiley & Sons, Inc.
Slides contributed by Dr. Sandra Reid
Chair, Graduate School of Business & Professor, Technology
Dallas Baptist University
Copyright 2010 John Wiley & Sons, Inc.
5-1
Chapter Outline
•
•
•
•
•
5.1 Data and Enterprise Security Incidents
5.2 IS Vulnerabilities and Threats
5.3 Fraud and Computer-Mediated Crimes
5.4 IT Security Management Practices
5.5 Network Security
Copyright 2010 John Wiley & Sons, Inc.
5-2
Chapter Outline (cont’d)
• 5.6 Internal Control and Compliance
Management
• 5.7 Business Continuity and Disaster Recovery
Planning
• 5.8 Auditing and Risk Management
• 5.9 Managerial Issues
Copyright 2010 John Wiley & Sons, Inc.
5-3
Learning Objectives
1. Recognize the business and financial value of
information security.
2. Recognize IS vulnerabilities, threats, attack
methods, and cybercrime symptoms.
3. Describe the factors that contribute to risk exposure
and methods to mitigate them.
4. Explain key methods of defending information
systems, networks, and wireless devices.
5. Describe internal control and fraud and related
legislation.
Copyright 2010 John Wiley & Sons, Inc.
5-4
Learning Objectives cont’d
6. Understand business continuity and disaster
recovery planning methods.
7. Discuss the role of IT in defending critical
infrastructures.
Copyright 2010 John Wiley & Sons, Inc.
5-5
Figure IT7eU
Copyright 2010 John Wiley & Sons, Inc.
5-6
ChoicePoint
• Problem – Personal & financial data of
145,000 individuals compromised
* Perpetrator sentenced & fined
* $55M loss to company in fines,
compensation to victims, lawsuits, & legal fees
* Public loss of goodwill causes serious
revenue losses
Copyright 2010 John Wiley & Sons, Inc.
5-7
Figure 5.1
Impact of data breach on ChoicePoint’s stock price.
Copyright 2010 John Wiley & Sons, Inc.
5-8
ChoicePoint (cont’d)
• Solution – Implement new procedures to
ensure that consumers are protected from
illegitimate access to personal data.
* Establish & maintain comprehensive
information security program.
* Obtain audits by independent third-party
security professionals.
Copyright 2010 John Wiley & Sons, Inc.
5-9
ChoicePoint (cont’d)
• Results – Business practices reformed.
* Security policies gained national attention.
* Improved corporate governance.
* Increased laws & government involvement.
* Need for more improvement.
Copyright 2010 John Wiley & Sons, Inc.
5-10
ChoicePoint Suffers….
Dramatically with Data Breach
ChoicePoint data leak losses exceed $55M
ChoicePoint's data breach losses reach $26.4M
Relatively big breaches and one huge but not
confirmed
Copyright 2010 John Wiley & Sons, Inc.
5-11
5.1 Data and Enterprise Security Incidents
Copyright 2010 John Wiley & Sons, Inc.
5-12
Table 5.1
Copyright 2010 John Wiley & Sons, Inc.
5-13
Internal Threats
Veterans Affairs Data Theft
$100 Million Data Breach at US Department of
Veterans Affairs
TJX says 45.7 million customer records were compromised
Bank Group Sues TJX over Data Breach.(Massachusetts Bankers
Association, TJX Companies Inc.)
Data Breach Reported at Walter Reed Medical Center
Staten Island University Hospital Patients Personal Records Stolen In December
University Of California At San Francisco Patients Records Exposed
Copyright 2010 John Wiley & Sons, Inc.
5-14
Internal IT Threats – cont’d
The Top 5 Internal Security Threats
The 25 Most Common Mistakes in Email Security
Deconstructing a 20 Billion Message Spam Attack
Positive Security: Worth The Work?
Insider Threats: Beware the Enemy
from Within
Change Management: A Required
Element of Business Transformation
Copyright 2010 John Wiley & Sons, Inc.
5-15
IT Governance
Information Governance: The Cost, The Risk, The Value
Information Governance: Strategy, Best Practices,
Results
IT Governance Trends
Copyright 2010 John Wiley & Sons, Inc.
5-16
Government Regulation
The Sarbanes-Oxley Act
Gramm-Leach-Bliley Act
Federal Information Security Management Act
USA Patriot Act
Canada’s Personal Information Protection and Electronic
Documents Act
Copyright 2010 John Wiley & Sons, Inc.
5-17
Industry Standards
Summary of “Information Security: A CompTIA
Analysis of IT Security and the Workforce
Copyright 2010 John Wiley & Sons, Inc.
5-18
Breakdowns Beyond Company Control
E-Payment Provider Hit With Denial-Of-Service
BOMA honors Verizon for actions taken on Sept. 11
7 World Trade Center
Copyright 2010 John Wiley & Sons, Inc.
5-19
Figure 5.2
Lower Manhattan, the most communications-intensive real estate in the world.
(Photo courtesy of Verizon Communications. Used with permission.)
Copyright 2010 John Wiley & Sons, Inc.
5-20
Figure 5.3
Verizon’s Central Office (CO)
at 140 West St., harpooned
by steel girders. (Photo
courtesy of Verizon
Communications. Used with
permission.)
Copyright 2010 John Wiley & Sons, Inc.
5-21
Cybercrime
Cyber Crime Growing Global Threat
The New Face of Cybercrime
Cyber Crime Toolkits
FBI on fighting cyber crime
Fight against cyber crime intensifies
- 27 Apr 08
Copyright 2010 John Wiley & Sons, Inc.
5-22
Figure 5.4
Enterprise wide information security and internal control model.
Copyright 2010 John Wiley & Sons, Inc.
5-23
Table 5.2
Copyright 2010 John Wiley & Sons, Inc.
5-24
5.2 IS Vulnerabilities and Threats
Copyright 2010 John Wiley & Sons, Inc.
5-25
Unintentional or not – IT Security Threats?
Hunting The Hackers
Stolen data on 'crime server'
Top 5 Social Engineering Techniques
Hacker Speak
Hackers - A Brief Look Into Their World
Copyright 2010 John Wiley & Sons, Inc.
5-26
Methods of Attack
A Brief History of Malware and Cybercrime
How You Can Fight Cybercrime
How Organized Crime Uses Technology to Make Money
Top 10 Security Stories Of 2008
Computer virus
Copyright 2010 John Wiley & Sons, Inc.
5-27
Figure 5.5 - How a computer virus can spread.
THE HISTORY OF COMPUTER VIRUSES – for chronology….
Copyright 2010 John Wiley & Sons, Inc.
5-28
5.3 Fraud and Computer-Mediated Crimes
Copyright 2010 John Wiley & Sons, Inc.
5-29
Table 5.3
Copyright 2010 John Wiley & Sons, Inc.
5-30
Fraud
ANALYZING Organizational Fraud
Adelphia founder John Rigas found guilty
Ex-Tyco executives get up to 25 years in prison
Copyright 2010 John Wiley & Sons, Inc.
5-31
Table 5.4
Copyright 2010 John Wiley & Sons, Inc.
5-32
Fraud Trends
Top Ten Cyber Security Menaces for 2008
Copyright 2010 John Wiley & Sons, Inc.
5-33
5.4 IT Security Management Practices
Copyright 2010 John Wiley & Sons, Inc.
5-34
Figure 5.6
Major defense controls.
Copyright 2010 John Wiley & Sons, Inc.
5-35
Table 5.5
Copyright 2010 John Wiley & Sons, Inc.
5-36
Figure 5.7
Intelligent agents.
(Source: Courtesy of
Sandia National
Laboratories.)
Copyright 2010 John Wiley & Sons, Inc.
5-37
5.5 Network Security
Copyright 2010 John Wiley & Sons, Inc.
5-38
Figure 5.8
Three layers of network security measures.
Copyright 2010 John Wiley & Sons, Inc.
5-39
Network Authentication & Authorization
How Firewalls Work
How Phishing Works
Protection from Phishers
Copyright 2010 John Wiley & Sons, Inc.
5-40
Figure 5.9
Where the defense
mechanisms are located.
Copyright 2010 John Wiley & Sons, Inc.
5-41
War Driving
War Driving (hacking WiFi)
Wardriving Documentary
Wireless Hack Data Breach www.IDTheftSecurity.com
Copyright 2010 John Wiley & Sons, Inc.
5-42
5.6 Internal Control & Compliance Management
Copyright 2010 John Wiley & Sons, Inc.
5-43
Figure 5.10
Increasing role of
IT in internal
control.
Copyright 2010 John Wiley & Sons, Inc.
5-44
Table 5.6
Copyright 2010 John Wiley & Sons, Inc.
5-45
WorldWide Anti-Fraud Regulations
Basel II Accord
Financial Services Authority
U.S. Securities and Exchange Commission
Copyright 2010 John Wiley & Sons, Inc.
5-46
5.7 Business Continuity & Disaster
Recovery Planning
Copyright 2010 John Wiley & Sons, Inc.
5-47
Figure 5.11
Business continuity services managed by IBM. (Courtesy of IBM)
Copyright 2010 John Wiley & Sons, Inc.
5-48
5.9 Managerial Issues
Copyright 2010 John Wiley & Sons, Inc.
5-49
Managerial Issues
•
•
•
•
•
•
•
•
•
Value to business of IT security & internal control?
Legal obligations?
Important to management beginning at top?
Acceptable use policies & security awareness training?
Digital assets relied upon for competitive advantage?
What does risk management involve?
Impacts of IT security breaches?
Federal & state regulations.
Internal control.
Copyright 2010 John Wiley & Sons, Inc.
5-50
Copyright 2010 John Wiley & Sons, Inc.
All rights reserved. Reproduction or translation of
this work beyond that permitted in section 117 of
the 1976 United States Copyright Act without
express permission of the copyright owner is
unlawful. Request for further information should
be addressed to the Permission Department,
John Wiley & Sons, Inc. The purchaser may make
back-up copies for his/her own use only and not
for distribution or resale. The Publisher assumes
no responsibility for errors, omissions, or
damages caused by the use of these programs or
from the use of the Information herein.
Copyright 2010 John Wiley & Sons, Inc.
5-51

similar documents