SlideShare une entreprise Scribd logo

Security and control in mis

Télécharger en tant que PPTX, PDF
Gurjit
Gurjit

enjoy friends.....

Formation
1  sur  32
MANAGEMENT INFORMATION SYSTEMS SECURITY AND CONTROL Submitted By: Gurjit Singh Shallu Thakur MBA 3rd sem.
What is security?  The quality or state of being secure to be free from danger  Security is achieved using several strategies simultaneously or used in combination with one another  Security is recognized as essential to protect vital processes and the systems that provide those processes  Security is not something you buy, it is something you do
OBJECTIVES • Explain why information systems need special protection from destruction, error, and abuse • Assess the business value of security and control • Evaluate elements of an organizational and managerial framework for security and control
OBJECTIVES  Identify the challenges posed by information systems security and control and management solutions  Why are information systems so vulnerable to destruction, error, abuse, and system quality problems?  What types of controls are available for information systems?
Vulnerability, Threat and Attack  A vulnerability:- is a weakness in security system ◦ Can be in design, implementation, etc. ◦ Can be hardware, or software  A threat:- is a set of circumstances that has the potential to cause loss or harm ◦ Or it’s a potential violation of security ◦ Threat can be:  Accidental (natural disasters, human error, …)  Malicious (attackers, insider fraud, …)  An attack:- is the actual violation of security
Why Systems are Vulnerable?  Hardware problems- • Breakdowns, configuration errors, damage from improper use or crime  Software problems- • Programming errors, installation errors, unauthorized changes)  Disasters- • Power failures, flood, fires, etc.  Use of networks and computers outside of firm’s control - • E.g. with domestic or offshore outsourcing vendors
SYSTEM VULNERABILITY AND ABUSE Concerns for System Builders and Users  Disaster Destroys computer hardware, programs, data files, and other equipment  Security Prevents unauthorized access, alteration, theft, or physical damage
SYSTEM VULNERABILITY AND ABUSE Concerns for System Builders and Users  Errors- Cause computers to disrupt or destroy organization’s record-keeping and operations  Bugs- Program code defects or errors  Maintenance Nightmare- Maintenance costs high due to organizational change, software complexity, and faulty system analysis and design
RISKS & THREATS Theft, Virus Attacks Systems & High User Network Knowledge Sabotage, Misuse Failure of IT Systems Natural Lack Of Lapse in Physical Security Calamities & Fire Documentation
SO HOW DO WE OVERCOME THESE PROBLEMS?
BUSINESS VALUE OF SECURITY AND CONTROL • Inadequate security and control may create serious legal liability. • Businesses must protect not only their own information assets but also those of customers, employees, and business partners. Failure to do so can lead to costly litigation for data exposure or theft. • A sound security and control framework that protects business information assets can thus produce a high return on investment.
ESTABLISHING A MANAGEMENT FRAMEWORK FOR SECURITY AND CONTROL  General controls: Establish framework for controlling design, security, and use of computer programs • Software controls • Hardware controls • Computer operations controls • Data security controls • Implementation controls
ESTABLISHING A MANAGEMENT FRAMEWORK FOR SECURITY AND CONTROL Application controls: Unique to each computerized application • Input • Processing • Output
CREATING A CONTROL ENVIRONMENT Controls:- • Methods, policies, and procedures • Ensures protection of organization’s assets • Ensures accuracy and reliability of records, and operational adherence to management standards
Worldwide Damage from Digital Attacks
CREATING A CONTROL ENVIRONMENT Disaster recovery plan: Runs business in event of computer outage Load balancing: Distributes large number of requests for access among multiple servers
CREATING A CONTROL ENVIRONMENT • Mirroring: Duplicating all processes and transactions of server on backup server to prevent any interruption • Clustering: Linking two computers together so that a second computer can act as a backup to the primary computer or speed up processing
CREATING A CONTROL ENVIRONMENT Internet Security Challenges Firewalls:- • Hardware and software controlling flow of incoming and outgoing network traffic • Prevent unauthorized users from accessing private networks • Two types: proxies and stateful inspection Intrusion Detection System:- • Monitors vulnerable points in network to detect and deter unauthorized intruders
Figure 10-7 A Corporate Firewall
CREATING A CONTROL ENVIRONMENT Internet Security • Challenges Encryption: - Coding and scrambling of messages to prevent their access without authorization • Authentication: - Ability of each party in a transaction to ascertain identity of other party • Message integrity: - Ability to ascertain that transmitted message has not been copied or altered
CREATING A CONTROL ENVIRONMENT Internet Security Challenges  Digital signature: -Digital code attached to electronically transmitted message to uniquely identify contents and sender  Digital certificate: -Attachment to electronic message to verify the sender and to provide receiver with means to encode reply  Secure Electronic Transaction (SET): - Standard for securing credit card transactions over Internet and other networks
USER RESPONSIBILITIES Access Control - Physical • Follow Security Procedures • Wear Identity Cards • Ask unauthorized visitor his credentials • Attend visitors in Reception and Conference Room only • Bring visitors in operations area without prior permission • Bring hazardous and combustible material in secure area • Practice “Piggybacking” • Bring and use pen drives, zip drives, ipods, other storage devices unless and otherwise authorized to do so
USER RESPONSIBILITIES Password Guidelines  Always use at least 8 character password with combination of alphabets, numbers and special characters (*, %, @, #, $, ^)  Use passwords that can be easily remembered by you  Change password regularly as per policy  Use password that is significantly different from earlier passwords Use passwords which reveals your personal information or words found in dictionary Write down or Store passwords Share passwords over phone or Email Use passwords which do not match above complexity criteria
USER RESPONSIBILITIES Internet Usage  Use internet services for business purposes only  Do not access internet through dial-up connectivity  Do not use internet for accessing auction sites  Do not use internet for hacking other computer systems  Do not use internet to download / upload commercial software / copyrighted material Technology Department is continuously monitoring Internet Usage. Any illegal use of internet and other assets shall call for Disciplinary Action.
CREATING A CONTROL ENVIRONMENT Antivirus Software Antivirus software: - Software that checks computer systems and drives for the presence of computer viruses and can eliminate the virus from the infected area • Wi-Fi Protected Access specification
This NEC PC has a biometric fingerprint reader for fast yet secure access to files and networks. New models of PCs are starting to use biometric identification to authenticate
MANAGEMENT OPPORTUNITIES, CHALLENGES AND SOLUTIONS oManagement Opportunities: - Creation of secure, reliable Web sites and systems that can support e-commerce and e- business strategies
MANAGEMENT CHALLENGES Designing systems that are neither over-controlled nor under-controlled provide network and infrastructure security to a financial services firm in a Web-enabled high-threat environment
MANAGEMENT CHALLENGES  Implementing an effective security policy  Applying quality assurance standards in large systems projects  What are the most important software quality assurance techniques?  Why are auditing information systems and safeguarding data quality so important?
Solution Guidelines • Security and control must become a more visible and explicit priority and area of information systems investment. • Support and commitment from top management is required to show that security is indeed a corporate priority and vital to all aspects of the business. • Security and control should be the responsibility of everyone in the organization.
Human Wall Is Always Better Than A Firewall . . . LET US BUILD A HUMAN WALL ALONG WITH FIREWALL
Security and control in mis

Recommandé

SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)Biswajit Bhattacharjee
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information systemOnline
 
Information systems
Information systemsInformation systems
Information systemsMeena Chauhan
 
Management Information System (MIS)
Management Information System (MIS)Management Information System (MIS)
Management Information System (MIS)Navneet Jingar
 
strategic information system
strategic information systemstrategic information system
strategic information systemPrateek Singh
 
MIS concepts
MIS conceptsMIS concepts
MIS conceptsSajan N. Thomas
 
Information system
Information systemInformation system
Information systemরেদওয়ান হৃদয়
 
Managing International Information Systems
Managing International Information Systems Managing International Information Systems
Managing International Information Systems Mostafa Ewees
 

Recommandé

SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)Biswajit Bhattacharjee
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information systemOnline
 
Information systems
Information systemsInformation systems
Information systemsMeena Chauhan
 
Management Information System (MIS)
Management Information System (MIS)Management Information System (MIS)
Management Information System (MIS)Navneet Jingar
 
strategic information system
strategic information systemstrategic information system
strategic information systemPrateek Singh
 
MIS concepts
MIS conceptsMIS concepts
MIS conceptsSajan N. Thomas
 
Information system
Information systemInformation system
Information systemরেদওয়ান হৃদয়
 
Managing International Information Systems
Managing International Information Systems Managing International Information Systems
Managing International Information Systems Mostafa Ewees
 
MANAGEMENT INFORMATION SYSTEM ppt
MANAGEMENT INFORMATION SYSTEM pptMANAGEMENT INFORMATION SYSTEM ppt
MANAGEMENT INFORMATION SYSTEM pptSuyash Sinha
 
Information management
Information managementInformation management
Information managementKishor Sakariya
 
Information management
Information managementInformation management
Information managementMuhammad Tufail Khan
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Types & Fundamentals of Information System
Types & Fundamentals of Information SystemTypes & Fundamentals of Information System
Types & Fundamentals of Information SystemAwais Mansoor Chohan
 
Transaction processing system (TPS)
Transaction processing system (TPS)Transaction processing system (TPS)
Transaction processing system (TPS)Jaisha Jaikishan
 
System vulnerability and abuse
System vulnerability and abuseSystem vulnerability and abuse
System vulnerability and abusePrakash Raval
 
Introduction to Information System
Introduction to Information SystemIntroduction to Information System
Introduction to Information Systemshaylor_swift
 
Ethical and social issues in information systems
Ethical and social issues in information systemsEthical and social issues in information systems
Ethical and social issues in information systemsAmity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 
Mis Mac
Mis MacMis Mac
Mis Macagoshgopal
 
Threats to Information Resources - MIS - Shimna
Threats to Information Resources - MIS - ShimnaThreats to Information Resources - MIS - Shimna
Threats to Information Resources - MIS - ShimnaChinnu Shimna
 
Concepts and components of information system
Concepts and components of information systemConcepts and components of information system
Concepts and components of information systemRohit Kumar
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
It infrastructure
It infrastructureIt infrastructure
It infrastructureRashed Kamrul
 
introduction to management information systems (MIS)
introduction to management information systems (MIS)introduction to management information systems (MIS)
introduction to management information systems (MIS)Sujan Oli
 
MIS-CH08: Securing Information Systems
MIS-CH08: Securing Information SystemsMIS-CH08: Securing Information Systems
MIS-CH08: Securing Information SystemsSukanya Ben
 
Structure of MIS
Structure of MISStructure of MIS
Structure of MISMohammed Jasir PV
 
cyber security legal perspective
cyber security legal perspectivecyber security legal perspective
cyber security legal perspectiveShoeb Ahmed
 
It infrastructure hardware and software
It infrastructure hardware and softwareIt infrastructure hardware and software
It infrastructure hardware and softwareProf. Othman Alsalloum
 
Information security
Information securityInformation security
Information securityLJ PROJECTS
 
Expert systems and decision making
Expert systems and decision makingExpert systems and decision making
Expert systems and decision makingAkhil Kumar
 
Contingency approach
Contingency approachContingency approach
Contingency approachLee Morley
 

Contenu connexe

Tendances

MANAGEMENT INFORMATION SYSTEM ppt
MANAGEMENT INFORMATION SYSTEM pptMANAGEMENT INFORMATION SYSTEM ppt
MANAGEMENT INFORMATION SYSTEM pptSuyash Sinha
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Types & Fundamentals of Information System
Types & Fundamentals of Information SystemTypes & Fundamentals of Information System
Types & Fundamentals of Information SystemAwais Mansoor Chohan
 
Transaction processing system (TPS)
Transaction processing system (TPS)Transaction processing system (TPS)
Transaction processing system (TPS)Jaisha Jaikishan
 
System vulnerability and abuse
System vulnerability and abuseSystem vulnerability and abuse
System vulnerability and abusePrakash Raval
 
Introduction to Information System
Introduction to Information SystemIntroduction to Information System
Introduction to Information Systemshaylor_swift
 
Threats to Information Resources - MIS - Shimna
Threats to Information Resources - MIS - ShimnaThreats to Information Resources - MIS - Shimna
Threats to Information Resources - MIS - ShimnaChinnu Shimna
 
Concepts and components of information system
Concepts and components of information systemConcepts and components of information system
Concepts and components of information systemRohit Kumar
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
introduction to management information systems (MIS)
introduction to management information systems (MIS)introduction to management information systems (MIS)
introduction to management information systems (MIS)Sujan Oli
 
MIS-CH08: Securing Information Systems
MIS-CH08: Securing Information SystemsMIS-CH08: Securing Information Systems
MIS-CH08: Securing Information SystemsSukanya Ben
 
cyber security legal perspective
cyber security legal perspectivecyber security legal perspective
cyber security legal perspectiveShoeb Ahmed
 
It infrastructure hardware and software
It infrastructure hardware and softwareIt infrastructure hardware and software
It infrastructure hardware and softwareProf. Othman Alsalloum
 
Information security
Information securityInformation security
Information securityLJ PROJECTS
 

Tendances (20)

MANAGEMENT INFORMATION SYSTEM ppt
MANAGEMENT INFORMATION SYSTEM pptMANAGEMENT INFORMATION SYSTEM ppt
MANAGEMENT INFORMATION SYSTEM ppt
 
Information management
Information managementInformation management
Information management
 
Information management
Information managementInformation management
Information management
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Types & Fundamentals of Information System
Types & Fundamentals of Information SystemTypes & Fundamentals of Information System
Types & Fundamentals of Information System
 
Transaction processing system (TPS)
Transaction processing system (TPS)Transaction processing system (TPS)
Transaction processing system (TPS)
 
System vulnerability and abuse
System vulnerability and abuseSystem vulnerability and abuse
System vulnerability and abuse
 
Introduction to Information System
Introduction to Information SystemIntroduction to Information System
Introduction to Information System
 
Ethical and social issues in information systems
Ethical and social issues in information systemsEthical and social issues in information systems
Ethical and social issues in information systems
 
Mis Mac
Mis MacMis Mac
Mis Mac
 
Threats to Information Resources - MIS - Shimna
Threats to Information Resources - MIS - ShimnaThreats to Information Resources - MIS - Shimna
Threats to Information Resources - MIS - Shimna
 
Concepts and components of information system
Concepts and components of information systemConcepts and components of information system
Concepts and components of information system
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
 
It infrastructure
It infrastructureIt infrastructure
It infrastructure
 
introduction to management information systems (MIS)
introduction to management information systems (MIS)introduction to management information systems (MIS)
introduction to management information systems (MIS)
 
MIS-CH08: Securing Information Systems
MIS-CH08: Securing Information SystemsMIS-CH08: Securing Information Systems
MIS-CH08: Securing Information Systems
 
Structure of MIS
Structure of MISStructure of MIS
Structure of MIS
 
cyber security legal perspective
cyber security legal perspectivecyber security legal perspective
cyber security legal perspective
 
It infrastructure hardware and software
It infrastructure hardware and softwareIt infrastructure hardware and software
It infrastructure hardware and software
 
Information security
Information securityInformation security
Information security
 

En vedette

Expert systems and decision making
Expert systems and decision makingExpert systems and decision making
Expert systems and decision makingAkhil Kumar
 
Contingency approach
Contingency approachContingency approach
Contingency approachLee Morley
 
Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information SystemSatya P. Joshi
 
Mis of hero honda
Mis of hero hondaMis of hero honda
Mis of hero hondaneelnmanju
 
Management Information Systems in Maruti Suzuki
Management Information Systems in Maruti SuzukiManagement Information Systems in Maruti Suzuki
Management Information Systems in Maruti SuzukiMohammad Mohtashim
 
Contingency theory of management
Contingency theory of managementContingency theory of management
Contingency theory of managementARUN NAIK
 
Information system and security control
Information system and security controlInformation system and security control
Information system and security controlCheng Olayvar
 
REPORT WRITING:TYPES, FORMAT, STRUCTURE AND RELEVANCE
REPORT WRITING:TYPES, FORMAT, STRUCTURE AND RELEVANCEREPORT WRITING:TYPES, FORMAT, STRUCTURE AND RELEVANCE
REPORT WRITING:TYPES, FORMAT, STRUCTURE AND RELEVANCETulika Paul
 

En vedette (11)

Expert systems and decision making
Expert systems and decision makingExpert systems and decision making
Expert systems and decision making
 
Contingency approach
Contingency approachContingency approach
Contingency approach
 
Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information System
 
Cyber security mis
Cyber security misCyber security mis
Cyber security mis
 
Mis of hero honda
Mis of hero hondaMis of hero honda
Mis of hero honda
 
Management Information Systems in Maruti Suzuki
Management Information Systems in Maruti SuzukiManagement Information Systems in Maruti Suzuki
Management Information Systems in Maruti Suzuki
 
Contingency theory of management
Contingency theory of managementContingency theory of management
Contingency theory of management
 
McDonald's information systems
McDonald's information systemsMcDonald's information systems
McDonald's information systems
 
Information system and security control
Information system and security controlInformation system and security control
Information system and security control
 
MIS in walmart
MIS in walmartMIS in walmart
MIS in walmart
 
REPORT WRITING:TYPES, FORMAT, STRUCTURE AND RELEVANCE
REPORT WRITING:TYPES, FORMAT, STRUCTURE AND RELEVANCEREPORT WRITING:TYPES, FORMAT, STRUCTURE AND RELEVANCE
REPORT WRITING:TYPES, FORMAT, STRUCTURE AND RELEVANCE
 

Similaire à Security and control in mis

Security & control in mis
Security & control in misSecurity & control in mis
Security & control in misVishal Patyal
 
IM Unit 4 Security and its a control.ppt
IM Unit 4 Security and its a control.pptIM Unit 4 Security and its a control.ppt
IM Unit 4 Security and its a control.pptRAJESH S
 
How To Secure MIS
How To Secure MISHow To Secure MIS
How To Secure MISAaDi Malik
 
Management Information System Presentation
Management Information System PresentationManagement Information System Presentation
Management Information System PresentationAaDi Malik
 
Week 09_Cyber security u.pdf
Week 09_Cyber security u.pdfWeek 09_Cyber security u.pdf
Week 09_Cyber security u.pdfdhanywahyudi17
 
Lecture 5.1.pptx
Lecture 5.1.pptxLecture 5.1.pptx
Lecture 5.1.pptxDibyesh1
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewallsMurali Mohan
 
Security (IM).ppt
Security (IM).pptSecurity (IM).ppt
Security (IM).pptGooglePay16
 
Week-09-10-11-12 Fundamentals of Cybersecurity.pptx
Week-09-10-11-12 Fundamentals of Cybersecurity.pptxWeek-09-10-11-12 Fundamentals of Cybersecurity.pptx
Week-09-10-11-12 Fundamentals of Cybersecurity.pptxyasirkhokhar7
 
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha Schneider Electric
 
Meletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis Belsis MPhil/MRes/BSc
 
It security
It securityIt security
It securityavi2607
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsBilalMehmood44
 
Information systems security(1)
Information systems security(1)Information systems security(1)
Information systems security(1)Sandeep Agarwal
 

Similaire à Security and control in mis (20)

Security & control in mis
Security & control in misSecurity & control in mis
Security & control in mis
 
IM Unit 4 Security and its a control.ppt
IM Unit 4 Security and its a control.pptIM Unit 4 Security and its a control.ppt
IM Unit 4 Security and its a control.ppt
 
How To Secure MIS
How To Secure MISHow To Secure MIS
How To Secure MIS
 
Management Information System Presentation
Management Information System PresentationManagement Information System Presentation
Management Information System Presentation
 
Security and Control.ppt
Security and Control.pptSecurity and Control.ppt
Security and Control.ppt
 
Week 09_Cyber security u.pdf
Week 09_Cyber security u.pdfWeek 09_Cyber security u.pdf
Week 09_Cyber security u.pdf
 
Linux Security best Practices with Fedora
Linux Security best Practices with FedoraLinux Security best Practices with Fedora
Linux Security best Practices with Fedora
 
Lecture 5.1.pptx
Lecture 5.1.pptxLecture 5.1.pptx
Lecture 5.1.pptx
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
 
9 - Security
9 - Security9 - Security
9 - Security
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
 
Unit v
Unit vUnit v
Unit v
 
Security (IM).ppt
Security (IM).pptSecurity (IM).ppt
Security (IM).ppt
 
Week-09-10-11-12 Fundamentals of Cybersecurity.pptx
Week-09-10-11-12 Fundamentals of Cybersecurity.pptxWeek-09-10-11-12 Fundamentals of Cybersecurity.pptx
Week-09-10-11-12 Fundamentals of Cybersecurity.pptx
 
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha
 
Meletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information security
 
It security
It securityIt security
It security
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
 
Information systems security(1)
Information systems security(1)Information systems security(1)
Information systems security(1)
 
It security cognic_systems
It security cognic_systemsIt security cognic_systems
It security cognic_systems
 

Plus de Gurjit

ਮੌਲਿਕ ਅਧਿਕਾਰ.pptx
ਮੌਲਿਕ ਅਧਿਕਾਰ.pptxਮੌਲਿਕ ਅਧਿਕਾਰ.pptx
ਮੌਲਿਕ ਅਧਿਕਾਰ.pptxGurjit
 
ਨੈਤਿਕ ਕਦਰਾਂ-ਕੀਮਤਾਂ.pptx
ਨੈਤਿਕ ਕਦਰਾਂ-ਕੀਮਤਾਂ.pptxਨੈਤਿਕ ਕਦਰਾਂ-ਕੀਮਤਾਂ.pptx
ਨੈਤਿਕ ਕਦਰਾਂ-ਕੀਮਤਾਂ.pptxGurjit
 
Types of sales organisation structure
Types of sales organisation structureTypes of sales organisation structure
Types of sales organisation structureGurjit
 
Sales organisation sales force management(2)
Sales organisation sales force management(2)Sales organisation sales force management(2)
Sales organisation sales force management(2)Gurjit
 
Sales management
Sales managementSales management
Sales managementGurjit
 
Sales force management
Sales force managementSales force management
Sales force managementGurjit
 
Sales budgeting
Sales budgetingSales budgeting
Sales budgetingGurjit
 
Media.ppt
Media.pptMedia.ppt
Media.pptGurjit
 
Evaluation of advertisements
Evaluation of advertisementsEvaluation of advertisements
Evaluation of advertisementsGurjit
 
Advertising agencies
Advertising agenciesAdvertising agencies
Advertising agenciesGurjit
 
Advertising campaign.ppt
Advertising campaign.pptAdvertising campaign.ppt
Advertising campaign.pptGurjit
 
Advertising campaign.ppt
Advertising campaign.pptAdvertising campaign.ppt
Advertising campaign.pptGurjit
 
Controlling the sales force
Controlling the sales forceControlling the sales force
Controlling the sales forceGurjit
 
Copywriting
CopywritingCopywriting
CopywritingGurjit
 
Adversting budget methods
Adversting budget methodsAdversting budget methods
Adversting budget methodsGurjit
 
Merger+&+acquisition
Merger+&+acquisitionMerger+&+acquisition
Merger+&+acquisitionGurjit
 
Attitudes+and+scaling
Attitudes+and+scalingAttitudes+and+scaling
Attitudes+and+scalingGurjit
 
Performance of contract
Performance of contractPerformance of contract
Performance of contractGurjit
 
Perception
PerceptionPerception
PerceptionGurjit
 
Free consent
Free consentFree consent
Free consentGurjit
 

Plus de Gurjit (20)

ਮੌਲਿਕ ਅਧਿਕਾਰ.pptx
ਮੌਲਿਕ ਅਧਿਕਾਰ.pptxਮੌਲਿਕ ਅਧਿਕਾਰ.pptx
ਮੌਲਿਕ ਅਧਿਕਾਰ.pptx
 
ਨੈਤਿਕ ਕਦਰਾਂ-ਕੀਮਤਾਂ.pptx
ਨੈਤਿਕ ਕਦਰਾਂ-ਕੀਮਤਾਂ.pptxਨੈਤਿਕ ਕਦਰਾਂ-ਕੀਮਤਾਂ.pptx
ਨੈਤਿਕ ਕਦਰਾਂ-ਕੀਮਤਾਂ.pptx
 
Types of sales organisation structure
Types of sales organisation structureTypes of sales organisation structure
Types of sales organisation structure
 
Sales organisation sales force management(2)
Sales organisation sales force management(2)Sales organisation sales force management(2)
Sales organisation sales force management(2)
 
Sales management
Sales managementSales management
Sales management
 
Sales force management
Sales force managementSales force management
Sales force management
 
Sales budgeting
Sales budgetingSales budgeting
Sales budgeting
 
Media.ppt
Media.pptMedia.ppt
Media.ppt
 
Evaluation of advertisements
Evaluation of advertisementsEvaluation of advertisements
Evaluation of advertisements
 
Advertising agencies
Advertising agenciesAdvertising agencies
Advertising agencies
 
Advertising campaign.ppt
Advertising campaign.pptAdvertising campaign.ppt
Advertising campaign.ppt
 
Advertising campaign.ppt
Advertising campaign.pptAdvertising campaign.ppt
Advertising campaign.ppt
 
Controlling the sales force
Controlling the sales forceControlling the sales force
Controlling the sales force
 
Copywriting
CopywritingCopywriting
Copywriting
 
Adversting budget methods
Adversting budget methodsAdversting budget methods
Adversting budget methods
 
Merger+&+acquisition
Merger+&+acquisitionMerger+&+acquisition
Merger+&+acquisition
 
Attitudes+and+scaling
Attitudes+and+scalingAttitudes+and+scaling
Attitudes+and+scaling
 
Performance of contract
Performance of contractPerformance of contract
Performance of contract
 
Perception
PerceptionPerception
Perception
 
Free consent
Free consentFree consent
Free consent
 

Dernier

GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfphamnguyenenglishnb
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4MiaBumagat1
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptxmary850239
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfSpandanaRallapalli
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
FILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipinoFILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipinojohnmickonozaleda
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxSherlyMaeNeri
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Seán Kennedy
 

Dernier (20)

GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxYOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdf
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptxLEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
 
FILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipinoFILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipino
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptx
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...
 

Security and control in mis

  • 1. MANAGEMENT INFORMATION SYSTEMS SECURITY AND CONTROL Submitted By: Gurjit Singh Shallu Thakur MBA 3rd sem.
  • 2. What is security?  The quality or state of being secure to be free from danger  Security is achieved using several strategies simultaneously or used in combination with one another  Security is recognized as essential to protect vital processes and the systems that provide those processes  Security is not something you buy, it is something you do
  • 3. OBJECTIVES • Explain why information systems need special protection from destruction, error, and abuse • Assess the business value of security and control • Evaluate elements of an organizational and managerial framework for security and control
  • 4. OBJECTIVES  Identify the challenges posed by information systems security and control and management solutions  Why are information systems so vulnerable to destruction, error, abuse, and system quality problems?  What types of controls are available for information systems?
  • 5. Vulnerability, Threat and Attack  A vulnerability:- is a weakness in security system ◦ Can be in design, implementation, etc. ◦ Can be hardware, or software  A threat:- is a set of circumstances that has the potential to cause loss or harm ◦ Or it’s a potential violation of security ◦ Threat can be:  Accidental (natural disasters, human error, …)  Malicious (attackers, insider fraud, …)  An attack:- is the actual violation of security
  • 6. Why Systems are Vulnerable?  Hardware problems- • Breakdowns, configuration errors, damage from improper use or crime  Software problems- • Programming errors, installation errors, unauthorized changes)  Disasters- • Power failures, flood, fires, etc.  Use of networks and computers outside of firm’s control - • E.g. with domestic or offshore outsourcing vendors
  • 7. SYSTEM VULNERABILITY AND ABUSE Concerns for System Builders and Users  Disaster Destroys computer hardware, programs, data files, and other equipment  Security Prevents unauthorized access, alteration, theft, or physical damage
  • 8. SYSTEM VULNERABILITY AND ABUSE Concerns for System Builders and Users  Errors- Cause computers to disrupt or destroy organization’s record-keeping and operations  Bugs- Program code defects or errors  Maintenance Nightmare- Maintenance costs high due to organizational change, software complexity, and faulty system analysis and design
  • 9. RISKS & THREATS Theft, Virus Attacks Systems & High User Network Knowledge Sabotage, Misuse Failure of IT Systems Natural Lack Of Lapse in Physical Security Calamities & Fire Documentation
  • 11. BUSINESS VALUE OF SECURITY AND CONTROL • Inadequate security and control may create serious legal liability. • Businesses must protect not only their own information assets but also those of customers, employees, and business partners. Failure to do so can lead to costly litigation for data exposure or theft. • A sound security and control framework that protects business information assets can thus produce a high return on investment.
  • 12. ESTABLISHING A MANAGEMENT FRAMEWORK FOR SECURITY AND CONTROL  General controls: Establish framework for controlling design, security, and use of computer programs • Software controls • Hardware controls • Computer operations controls • Data security controls • Implementation controls
  • 13. ESTABLISHING A MANAGEMENT FRAMEWORK FOR SECURITY AND CONTROL Application controls: Unique to each computerized application • Input • Processing • Output
  • 14. CREATING A CONTROL ENVIRONMENT Controls:- • Methods, policies, and procedures • Ensures protection of organization’s assets • Ensures accuracy and reliability of records, and operational adherence to management standards
  • 16. CREATING A CONTROL ENVIRONMENT Disaster recovery plan: Runs business in event of computer outage Load balancing: Distributes large number of requests for access among multiple servers
  • 17. CREATING A CONTROL ENVIRONMENT • Mirroring: Duplicating all processes and transactions of server on backup server to prevent any interruption • Clustering: Linking two computers together so that a second computer can act as a backup to the primary computer or speed up processing
  • 18. CREATING A CONTROL ENVIRONMENT Internet Security Challenges Firewalls:- • Hardware and software controlling flow of incoming and outgoing network traffic • Prevent unauthorized users from accessing private networks • Two types: proxies and stateful inspection Intrusion Detection System:- • Monitors vulnerable points in network to detect and deter unauthorized intruders
  • 20. CREATING A CONTROL ENVIRONMENT Internet Security • Challenges Encryption: - Coding and scrambling of messages to prevent their access without authorization • Authentication: - Ability of each party in a transaction to ascertain identity of other party • Message integrity: - Ability to ascertain that transmitted message has not been copied or altered
  • 21. CREATING A CONTROL ENVIRONMENT Internet Security Challenges  Digital signature: -Digital code attached to electronically transmitted message to uniquely identify contents and sender  Digital certificate: -Attachment to electronic message to verify the sender and to provide receiver with means to encode reply  Secure Electronic Transaction (SET): - Standard for securing credit card transactions over Internet and other networks
  • 22. USER RESPONSIBILITIES Access Control - Physical • Follow Security Procedures • Wear Identity Cards • Ask unauthorized visitor his credentials • Attend visitors in Reception and Conference Room only • Bring visitors in operations area without prior permission • Bring hazardous and combustible material in secure area • Practice “Piggybacking” • Bring and use pen drives, zip drives, ipods, other storage devices unless and otherwise authorized to do so
  • 23. USER RESPONSIBILITIES Password Guidelines  Always use at least 8 character password with combination of alphabets, numbers and special characters (*, %, @, #, $, ^)  Use passwords that can be easily remembered by you  Change password regularly as per policy  Use password that is significantly different from earlier passwords Use passwords which reveals your personal information or words found in dictionary Write down or Store passwords Share passwords over phone or Email Use passwords which do not match above complexity criteria
  • 24. USER RESPONSIBILITIES Internet Usage  Use internet services for business purposes only  Do not access internet through dial-up connectivity  Do not use internet for accessing auction sites  Do not use internet for hacking other computer systems  Do not use internet to download / upload commercial software / copyrighted material Technology Department is continuously monitoring Internet Usage. Any illegal use of internet and other assets shall call for Disciplinary Action.
  • 25. CREATING A CONTROL ENVIRONMENT Antivirus Software Antivirus software: - Software that checks computer systems and drives for the presence of computer viruses and can eliminate the virus from the infected area • Wi-Fi Protected Access specification
  • 26. This NEC PC has a biometric fingerprint reader for fast yet secure access to files and networks. New models of PCs are starting to use biometric identification to authenticate
  • 27. MANAGEMENT OPPORTUNITIES, CHALLENGES AND SOLUTIONS oManagement Opportunities: - Creation of secure, reliable Web sites and systems that can support e-commerce and e- business strategies
  • 28. MANAGEMENT CHALLENGES Designing systems that are neither over-controlled nor under-controlled provide network and infrastructure security to a financial services firm in a Web-enabled high-threat environment
  • 29. MANAGEMENT CHALLENGES  Implementing an effective security policy  Applying quality assurance standards in large systems projects  What are the most important software quality assurance techniques?  Why are auditing information systems and safeguarding data quality so important?
  • 30. Solution Guidelines • Security and control must become a more visible and explicit priority and area of information systems investment. • Support and commitment from top management is required to show that security is indeed a corporate priority and vital to all aspects of the business. • Security and control should be the responsibility of everyone in the organization.
  • 31. Human Wall Is Always Better Than A Firewall . . . LET US BUILD A HUMAN WALL ALONG WITH FIREWALL