...Securing Information Systems LEARNING OBJECTIVES C H A P T E R 7 STUDENT LEARNING OBJECTIVES After completing this chapter, you will be able to answer the following questions: 1. Why are information systems vulnerable to destruction, error, and abuse? What is the business value of security and control? What are the components of an organizational framework for security and control? What are the most important tools and technologies for safeguarding information resources? 2. 3. 4. ISBN 1-256-42913-9 232 Essentials of MIS, Ninth Edition, by Kenneth C. Laudon and Jane P. Laudon. Published by Prentice Hall. Copyright © 2011 by Pearson Education, Inc. C HAPTER O UTLINE Chapter-Opening Case: Boston Celtics Score Big Points Against Spyware 7.1 System Vulnerability and Abuse 7.2 Business Value of Security and Control 7.3 Establishing a Framework for Security and Control 7.4 Technologies and Tools for Protecting Information Resources 7.5 Hands-on MIS Projects Business Problem-Solving Case: Are We Ready for Cyberwarfare? BOSTON CELTICS SCORE BIG POINTS AGAINST SPYWARE While the Boston Celtics were fighting for a spot in the playoffs several years ago, another fierce battle was being waged by its information systems. Jay Wessel, the team’s vice president of technology, was trying to score points against computer spyware. Wessel and his IT staff manage about 100 laptops issued to coaches and scouts, and sales, marketing, and finance employees, and these...
Words: 21009 - Pages: 85
...BOOKMARK THIS PAGE | PRINT THIS PAGE | CLOSE Internet Security Threat Report Volume 17 Custom Report SHARE THIS PAGE Symantec blocked a total of over 5.5 billion malware attacks in 2011, an 81% increase over 2010. Web based attacks increased by 36% with over 4,500 new attacks each day. 403 million new variants of malware were created in 2011, a 41% increase of 2010. SPAM volumes dropped by 34% in 2011 over rates in 2010. 39% of malware attacks via email used a link to a web page. Mobile vulnerabilities continued to rise, with 315 discovered in 2011. Only 8 zero-day vulnerabilities were discovered in 2011 compared with 14 in 2010. 50% of targeted attacks were aimed at companies with less than 2500 employees. Overall the number of vulnerabilities discovered in 2011 dropped 20%. Only 42% of targeted attacks are aimed at CEOs, Senior Managers and Knowledge Workers. In 2011 232 million identities were exposed. An average of 82 targeted attacks take place each day. Mobile threats are collecting data, tracking users and sending premium text messages. You are more likely to be infected by malware placed on a legitimate web site than one created by a hacker. Introduction Symantec has established some of the most comprehensive sources of Internet threat data in the world through the Symantec Global Intelligence Network, which is made up of more than 64.6 million attack sensors and records thousands of events per second. This network monitors attack activity in more than 200 countries...
Words: 44470 - Pages: 178
... 1 Executive Summary 1 2 Introduction 1 2.1 Purpose 3 2.2 Scope 3 2.3 Plan Information 3 3 Contingency Plan Overview 4 3.1 Applicable Provisions and Directives 4 3.2 Objectives 4 3.3 Organization 5 3.4 Contingency Phases 8 3.4.1 Response Phase 8 3.4.2 Resumption Phase 8 3.4.3 Recovery Phase 8 3.4.4 Restoration Phase 9 3.5 Assumptions 9 3.6 Critical Success Factors and Issues 9 3.7 Mission Critical Systems/Applications/Services 10 3.8 Threats 10 3.8.1 Probable Threats 11 4 System Description 12 4.1 Physical Environment 12 4.2 Technical Environment 12 5 Plan 12 5.1 Plan Management 12 5.1.1 Contingency Planning Workgroups 12 5.1.2 Contingency Plan Coordinator 12 5.1.3 System Contingency Coordinators 13 5.1.4 Incident Notification 13 5.1.5 Internal Personnel Notification 13 5.1.6 External Contact Notification 13 5.1.7 Media Releases 14 5.1.8 Alternate Site (s) 14 5.2 Teams 14 5.2.1 Damage Assessment Team 14 5.2.2 Operations Team 15 5.2.3 Communications Team 15 5.2.4 Data Entry and Control Team 15 5.2.5 Off-Site Storage Team 15 5.2.6 Administrative Management Team 15 5.2.7 Procurement Team 15 5.2.8 Configuration Management Team 16 5.2.9 Facilities Team 16 5.2.10 System Software Team 16 5.2.11 Internal Audit Team 16 5.2.12 User Assistance Team 16 5.3 Data Communications 16 5.4 Backups 16 5.4.1 Vital Records/Documentation...
Words: 17284 - Pages: 70
... 1 Executive Summary 1 2 Introduction 1 2.1 Purpose 3 2.2 Scope 3 2.3 Plan Information 3 3 Contingency Plan Overview 4 3.1 Applicable Provisions and Directives 4 3.2 Objectives 4 3.3 Organization 5 3.4 Contingency Phases 8 3.4.1 Response Phase 8 3.4.2 Resumption Phase 8 3.4.3 Recovery Phase 8 3.4.4 Restoration Phase 9 3.5 Assumptions 9 3.6 Critical Success Factors and Issues 9 3.7 Mission Critical Systems/Applications/Services 10 3.8 Threats 10 3.8.1 Probable Threats 11 4 System Description 12 4.1 Physical Environment 12 4.2 Technical Environment 12 5 Plan 12 5.1 Plan Management 12 5.1.1 Contingency Planning Workgroups 12 5.1.2 Contingency Plan Coordinator 12 5.1.3 System Contingency Coordinators 13 5.1.4 Incident Notification 13 5.1.5 Internal Personnel Notification 13 5.1.6 External Contact Notification 13 5.1.7 Media Releases 14 5.1.8 Alternate Site (s) 14 5.2 Teams 14 5.2.1 Damage Assessment Team 14 5.2.2 Operations Team 15 5.2.3 Communications Team 15 5.2.4 Data Entry and Control Team 15 5.2.5 Off-Site Storage Team 15 5.2.6 Administrative Management Team 15 5.2.7 Procurement Team 15 5.2.8 Configuration Management Team 16 5.2.9 Facilities Team 16 5.2.10 System Software Team 16 5.2.11 Internal Audit Team 16 5.2.12 User Assistance Team 16 5.3 Data Communications 16 5.4 Backups 16 5.4.1 Vital Records/Documentation...
Words: 17323 - Pages: 70
...Special Publication 800-48 Wireless Network Security Tom Karygiannis Les Owens 802.11, Bluetooth and Handheld Devices NIST Special Publication 800-48 Wireless Network Security 802.11, Bluetooth and Handheld Devices Recommendations of the National Institute of Standards and Technology Tom Karygiannis and Les Owens C O M P U T E R S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 November 2002 U.S. Department of Commerce Donald L. Evans, Secretary Technology Administration Phillip J. Bond, Under Secretary for Technology National Institute of Standards and Technology Arden L. Bement, Jr., Director W IRELESS NETWORK SECURITY Note to Readers This document is a publication of the National Institute of Standards and Technology (NIST) and is not subject to U.S. copyright. Certain commercial products are described in this document as examples only. Inclusion or exclusion of any product does not imply endorsement or non-endorsement by NIST or any agency of the U.S. Government. Inclusion of a product name does not imply that the product is the best or only product suitable for the specified purpose. Acknowledgments The authors wish to express their sincere thanks to numerous members of government, industry, and academia who have commented on this document. First, the authors wish to express their thanks to the staff at Booz Allen Hamilton...
Words: 52755 - Pages: 212
...Fundamentals of Network Security John E. Canavan Artech House Boston • London http://www.artechhouse.com Library of Congress Cataloging-in-Publication Data Canavan, John E. Fundamentals of network security / John E. Canavan. p. cm.—(Artech House telecommunications library) Includes bibliographical references and index. ISBN 1-58053-176-8 (alk. paper) 1. Computer security. 2. Computer networks—Security measures. I. Title. II. Series. QA76.9.A25 C364 2000 005.8—dc21 00-050810 CIP British Library Cataloguing in Publication Data Canavan, John E. Fundamentals of network security.—(Artech House telecommunications library) 1. Computer networks—Security measures I. Title 005.8 1-58053-176-8 Cover design by Yekaterina Ratner Microsoft ® screen shots reprinted by permission from Microsoft Corporation. Netscape Communicator browser window © 1999 Netscape Communications Corporation. Used with permission. Netscape Communications has not authorized, sponsored, endorsed, or approved this publication and is not responsible for its content. Permission to reproduce screen shots from the PGP and Sniffer products has been provided by Network Associates, Inc. Network Associates, PGP, Pretty Good Privacy Sniffer, and Distributed Sniffer System are registered trademarks of Network Associates, Inc. and/or its affiliates in the U.S. and/or other countries. MIT screen shots used with permission. Qualcomm's Eudora screen shots used with permission. Copyright © 2001 ARTECH HOUSE, INC. 685 Canton Street...
Words: 95027 - Pages: 381
...Management of Information Security Third Edition This page intentionally left blank Management of Information Security Third Edition Michael Whitman, Ph.D., CISM, CISSP Herbert Mattord, M.B.A., CISM, CISSP Kennesaw State University ———————————————————————— Australia • Brazil • Japan • Korea • Mexico • Singapore • Spain • United Kingdom • United States Management of Information Security, Third Edition Michael E. Whitman and Herbert J. Mattord Vice President, Career and Professional Editorial: Dave Garza Executive Editor: Stephen Helba Managing Editor: Marah Bellegarde Product Manager: Natalie Pashoukos Developmental Editor: Lynne Raughley Editorial Assistant: Meghan Orvis Vice President, Career and Professional Marketing: Jennifer McAvey Marketing Director: Deborah S. Yarnell Senior Marketing Manager: Erin Coffin Marketing Coordinator: Shanna Gibbs Production Director: Carolyn Miller Production Manager: Andrew Crouth Senior Content Project Manager: Andrea Majot Senior Art Director: Jack Pendleton Cover illustration: Image copyright 2009. Used under license from Shutterstock.com Production Technology Analyst: Tom Stover © 2010 Course Technology, Cengage Learning ALL RIGHTS RESERVED. No part of this work covered by the copyright herein may be reproduced, transmitted, stored, or used in any form or by any means graphic, electronic, or mechanical, including but not limited to photocopying, recording, scanning, digitizing, taping, Web distribution, information networks...
Words: 229697 - Pages: 919
...INFORMATION RESOURCE GUIDE Computer, Internet and Network Systems Security An Introduction to Security i Security Manual Compiled By: S.K.PARMAR, Cst N.Cowichan Duncan RCMP Det 6060 Canada Ave., Duncan, BC 250-748-5522 sunny@seaside.net This publication is for informational purposes only. In no way should this publication by interpreted as offering legal or accounting advice. If legal or other professional advice is needed it is encouraged that you seek it from the appropriate source. All product & company names mentioned in this manual are the [registered] trademarks of their respective owners. The mention of a product or company does not in itself constitute an endorsement. The articles, documents, publications, presentations, and white papers referenced and used to compile this manual are copyright protected by the original authors. Please give credit where it is due and obtain permission to use these. All material contained has been used with permission from the original author(s) or representing agent/organization. ii T eofContent abl 1.0 INTRODUCTION........................................................................................................................................................... 2 1.1 BASIC INTERNET TECHNICAL DETAILS ........................................................................................................................ 2 1.1.1 TCP/IP : Transmission Control Protocol/Internet Protocol .........................................
Words: 134858 - Pages: 540
...E-Marketing BM012-3-2-EMKT Individual Assignment | Table of Contents 1.0 INTRODUCTION 3 2.0 STRATEGY IDENTIFICATION 4 2.1Marketing Mix 4 2.11 Product 4 2.12 Price 4 2.13 Place 5 2.13 Promotion 5 3.0 ENVIRONMENTAL ANALYSIS 8 3.1 SWOT Analysis for Starbucks 8 3.2 PEST Analysis for Starbucks 10 3.21 Political 10 3.22 Economic 10 3.23 Social 11 3.24 Technological 11 4.0 E_MARKETING PLAN 14 4.1 E-Marketing Strategic Planning 14 4.11 Segmentation 14 4.12 Targeting 15 4.13 Differentiation 15 4.14 Positioning 16 4.2 Objectives 18 4.3 E-marketing Strategy 18 4.4 E-marketing Tactics 19 5.0 IMPLEMENTATION 22 5.1 Implementation Plan 22 5.2 Evaluation 24 6.0 CONCLUSION 25 7.0 REFERENCES 26 8.0 APPENDIX 30 1.0 INTRODUCTION Starbucks is a well known brand established 1971 at Seattle by Jerry Baldwine, Zev Seigle and Gorden Bawker. The company operates in approximately in 17,000 retail stores over 49 different countries including Malaysia. With the mission statement of “to inspire and nurture the human spirit-one person, one cup and one neighbourhood at a time” Starbucks have been expanding rapidly. Other than the world premium coffee Starbucks offers tea, cold beverages, complementary foods such as sandwiches and salads. (A. Mettlach, 2010) Starbucks has invested highly on IT to target their products and services to market segments. As a result Starbucks has attracted a large number of customers and established a...
Words: 7559 - Pages: 31
...Department of Commerce An Introduction to Computer Security: The NIST Handbook Special Publication 800-12 User Issues Assurance Contingency Planning I&A Training Personnel Access Controls Audit Planning Risk Management Crypto Physical Security Policy Support & Operations Program Management Threats Table of Contents I. INTRODUCTION AND OVERVIEW Chapter 1 INTRODUCTION 1.1 1.2 1.3 1.4 1.5 Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Important Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Legal Foundation for Federal Computer Security Programs . 3 3 4 5 7 Chapter 2 ELEMENTS OF COMPUTER SECURITY 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 Computer Security Supports the Mission of the Organization. 9 Computer Security is an Integral Element of Sound Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Computer Security Should Be Cost-Effective. . . . . . . . . . . . . . . . 11 Computer Security Responsibilities and Accountability Should Be Made Explicit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Systems Owners Have Security Responsibilities Outside Their Own Organizations...
Words: 93588 - Pages: 375
...THESIS ON E-ENABLED RELATIONSHIP MANAGEMENT IN BANKING SECTOR IN INDIA EXECUTIVE SUMMARY Relationship banking may be defined as the provision of financial services by a financial intermediary on the basis of long-term investment in obtaining firm or customer specific information through multiple interactions with diverse financial services (Boot, 2000). E- Enabled Relationship banking system refers to use of Information Technology and especially the internet. Customers could get connected by a network service provider directly to a host computer system of a bank such that customer service requests can be processed automatically without need for intervention by customer service representatives. Most of these systems are capable of distinguishing between those customer service requests which are capable of automated fulfillment and those requests which require handling by a customer service representative. Marketing is different from selling mainly in terms of orientation. In selling the efforts are product centred where as customer centric is the key to marketing. Marketing starts with target market and earns through customer satisfaction. Bank credit is a service product and not a physical product like soap. The service product is difficult to market because it is intangible, perishable (ends with single transaction), its heterogeneity makes each...
Words: 19932 - Pages: 80
...Technology Technology Administration U.S. Department of Commerce An Introduction to Computer Security: The NIST Handbook Special Publication 800-12 User Issues Assurance Contingency Planning I&A Training Personnel Access Controls Audit Planning Risk Management Crypto Physical Security Policy Support & Operations Program Management Threats Table of Contents I. INTRODUCTION AND OVERVIEW Chapter 1 INTRODUCTION 1.1 1.2 1.3 1.4 1.5 Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Important Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Legal Foundation for Federal Computer Security Programs . 3 3 4 5 7 Chapter 2 ELEMENTS OF COMPUTER SECURITY 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 Computer Security Supports the Mission of the Organization. 9 Computer Security is an Integral Element of Sound Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Computer Security Should Be Cost-Effective. . . . . . . . . . . . . . . . 11 Computer Security Responsibilities and Accountability Should Be Made Explicit. . . . . . . . . . . . . . . ....
Words: 93564 - Pages: 375
...can also be positive. FORCES OF CHANGE AND THEIR ACCOMPANYING VALUES FORCES OF CHANGE & ACCOMPANYING VALUES Turbulence Intellectual capital, Intellectual propert, ,information sharing Networking, innovation, R&D INFORMATION AGE K-Economy GLOBALIZATION DEVELOPMENT Autonomy, Pride, Dignity Independence, Indigenization “CultureBound” Customer Focus; Speed, Responsiveness; Continuous Learning; Accurate & Up-To-Date Information Quality; Value Added; Cost Effectiveness; Humanization; Ecological Specialisation; Objectivity; Materialism; SystemsOrientation MODERNIZATION WESTERNIZATION Individualism; Secularism; Freedom Of Expression; Consumerism INDUSTRIALIZATION Mechanization; Rational Thinking; Bureaucracy; Efficiency; Productivity; Mobility; Discipline; Mechanical Time Orientation; Reliability Stable 1800 AGRICULTURAL Revolution Time line Simple division of labor, labor intensive, Collectivism, sharing 2000 FORCES OF CHANGE & ACCOMPANYING VALUES Turbulence Intellectual capital, Intellectual propert, ,information sharing Networking, innovation, R&D INFORMATION AGE K-Economy GLOBALIZATION DEVELOPMENT Autonomy, Pride, Dignity Independence, Indigenization “CultureBound” Customer Focus; Speed, Responsiveness; Continuous Learning; Accurate & Up-To-Date Information Quality; Value Added; Cost Effectiveness; Humanization; Ecological Specialisation; Objectivity; Materialism; SystemsOrientation MODERNIZATION WESTERNIZATION Individualism;...
Words: 23543 - Pages: 95
...Shaping the Internet by William H. Dutton Anna Dopatka Michael Hills Ginette Law and Victoria Nash Oxford Internet Institute University of Oxford 1 St Giles Oxford OX1 3JS United Kingdom 19 August 2010 A report prepared for UNESCO’s Division for Freedom of Expression, Democracy and Peace. The opinions expressed in this report are those of the authors and do not necessarily reflect the views of UNESCO or its Division for Freedom of Expression, Democracy and Peace. Preface As stated in its Constitution, UNESCO is dedicated to “Promoting the free flow of ideas by word and image”. Part of this mission, therefore, is to promote freedom of expression and freedom of the press through sensitization and monitoring activities, as a central element in building strong democracies, contributing to good governance, promoting civic participation and the rule of law, and encouraging human development and security. Media independence and pluralism are fostered by the Organization, providing advisory services on media legislation and sensitizing governments and parliamentarians, as well as civil society and relevant professional associations. However, UNESCO recognizes that the principle of freedom of expression must apply not only to traditional media, but also to the Internet. Providing an unprecedented volume of resources for information and knowledge...
Words: 39228 - Pages: 157
...ahead of a customer base to purchase the produce. While the owner has been operating the rooftop farm successfully since 2009, there is still not a very strong customer base. In order to expand the business and to develop a customer base consisting of substantial proportion of repeat clientele, the owner has decided to expand the online presence of the business. In order to determine the best design for the online presence, we must first examine the current business model to explore how an online presence can impact growth while meeting the needs of customers and ABCveggies. At first glance, it would seem that Sarasota is an ideal location for year round farming, with plenty of sunshine, and only a few days of frost (if any) in an average year. Rain is seasonal, with summer being the...
Words: 13245 - Pages: 53
