1
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-1
Real World Cases
Security and Security and Ethical Ethical
ChallengesChallenges
Module V – Management Challenges
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-2
Real World Cases
Learning ObjectivesLearning Objectives1. Identify several ethical issues in how the
use of information technologies in business affects employment, individuality, working conditions, privacy crime, health, and solutions to societal problems.
2. Identify several types of security management strategies and defences, and explain how they can be used to ensure the security of business applications of information technology.
3. Propose several ways that business managers and professionals can help to lessen the harmful effects and increase the beneficial effects of the use of information technology.
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-3
Real World Cases
Security and EthicsSecurity and Ethics• Major Security Challenges• Serious Ethical Questions• Threats to Business and
Individuals•• Real World Case 1Real World Case 1-- FF--Secure, Secure,
Microsoft, GM, and Microsoft, GM, and VerizonVerizon: : The Business Challenge of The Business Challenge of Computer VirusesComputer Viruses Click to go to
Case 1END
BACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-4
Real World Cases
Security and EthicsSecurity and EthicsBusiness/IT Security, Ethics, and SocietyBusiness/IT Security, Ethics, and Society
Employment
Health
Individuality
Privacy
WorkingConditions
CrimeBusiness/IT
SecurityEthics and
Society
2
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-5
Real World Cases
Security and EthicsSecurity and Ethics
•Business Ethics•Stockholder Theory•Social Contract Theory•Stakeholder Theory
Ethical ResponsibilityEthical Responsibility
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-6
Real World Cases
Security and EthicsSecurity and EthicsEthical ResponsibilityEthical Responsibility
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-7
Real World Cases
Security and EthicsSecurity and EthicsTechnology EthicsTechnology Ethics
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-8
Real World Cases
Security and EthicsSecurity and EthicsEthical GuidelinesEthical Guidelines
3
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-9
Real World Cases
Security and EthicsSecurity and EthicsEnron Corporation: Failure Enron Corporation: Failure
in Business Ethicsin Business Ethics• Drove Stock Prices Higher Never
Mentioning Any Weaknesses• Promised Much – Delivered
Little• Finally Admitted Overstated
Earnings by $586 Million in 1997• 1998 Third Quarter Loss $638
Million – Filed Bankruptcy• Greed and Mismanagement
Destroyed a Potentially Successful Business Plan END
BACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-10
Real World Cases
Security ManagementSecurity Management• Security is 6 to 8% of IT Budget in
Developing Countries• 63% Have or Plan to Have Position of
Chief Privacy or Information Officer in the Next Two Years• 40% Have a Chief Privacy Officer
and Another 6% Intend One in the Next Two Years• 39% Acknowledge that their Systems
Have Been Compromised in the Past Year• 24% Have Cyber Risk Insurance and
5% Intend to Acquire Such Coverage
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-11
Real World Cases
Antivirus96%
Virtual Private Networks86%
Intrusion-Detection Systems85%
Content Filtering/Monitoring77%
Public-Key Infrastructure 45%
Smart Cards43%
Biometrics19%
Security Technology UsedSecurity Technology UsedSecurity ManagementSecurity Management
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-12
Real World Cases
PayPalPayPal, Inc. , Inc. CybercrimeCybercrime on the on the InternetInternet
• Online Payment Processing Company• Observed Questionable Accounts
Being Opened• Froze Accounts Used to Buy
Expensive Goods For Purchasers in Russia
• Used Sniffer Software and Located Users Capturing PayPal Ids and Passwords
• More than $100,000 in Fraudulent Charges
• Crooks Arrested by FBI
Security ManagementSecurity Management
4
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-13
Real World Cases
Computer CrimeComputer Crime•Hacking•Cyber Theft•Unauthorized Use of
Work•Piracy of Intellectual
Property•Computer Viruses and
Worms
Security ManagementSecurity Management
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-14
Real World Cases
Examples of Common HackingExamples of Common HackingSecurity ManagementSecurity Management
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-15
Real World Cases
Recourse Technologies: Recourse Technologies: Insider Computer CrimeInsider Computer Crime• Link Between Company
Financial Difficulty and Insider Computer Crimes• Use of “Honey Pots” Filled
with Phony Data to Attract Hackers• Software Catches Criminal
Activity in Seconds• Crime Exposed and Stopped
Security ManagementSecurity Management
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-16
Real World Cases
Internet Abuses in the WorkplaceInternet Abuses in the WorkplaceSecurity ManagementSecurity Management
5
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-17
Real World Cases
Network Monitoring SoftwareNetwork Monitoring SoftwareSecurity ManagementSecurity Management
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-18
Real World Cases
AGM Container Controls: AGM Container Controls: Stealing Time and ResourcesStealing Time and Resources• The Net Contains Many
Productivity Distractions• Remedies Include Monitoring
Internet Use and Blocking Sites Unrelated to Work• Importance of Telling
Employees About Monitoring• Use of Software Monitoring
Provided Rebuttal Answers To Web Use Discussions
Security ManagementSecurity Management
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-19
Real World Cases
Copying Music CDs: Intellectual Copying Music CDs: Intellectual Property ControversyProperty Controversy• RIAA Crack Down on Music
Piracy• Web Sites Fighting Back• 140 Million Writable Drives
In Use• Billions of Blank CDs Sold
While Music CD Sales Are Going Down• Pirates Reluctant to Go Away
Security ManagementSecurity Management
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-20
Real World Cases
Facts About Recent Computer Facts About Recent Computer Viruses and WormsViruses and Worms
Security ManagementSecurity Management
6
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-21
Real World Cases
University of Chicago: The University of Chicago: The NimdaNimda WormWorm• Nimda Worm Launch Sept. 18,
2001 Mass Mailing of Malicious Code Attacking MS-Windows
• Took Advantage of Back Doors Previously Left Behind
• In Four Hours the University of Chicago’s Web Servers were Scanned by 7,000 Unique IP Addresses Looking for Weaknesses
• Many Servers Had to Be Disconnected
Security ManagementSecurity Management
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-22
Real World Cases
Right to PrivacyRight to PrivacyPrivacy on the InternetAcxiomAcxiom, Inc. Challenges to , Inc. Challenges to
Consumer PrivacyConsumer Privacy• Acxiom – 30 Years
Amassing Massive Database• Sells Data to Subscribers• Use by Telemarketers
and Credit Firms
Privacy IssuesPrivacy Issues
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-23
Real World Cases
Right to PrivacyRight to Privacy•Computer Profiling•Computer Matching•Privacy Laws•Computer Libel and Censorship•Spamming•Flaming
Privacy IssuesPrivacy Issues
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-24
Real World Cases
Other ChallengesOther Challenges•Employment Challenges•Working Conditions• Individuality Issues•Health Issues
Privacy IssuesPrivacy Issues
7
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-25
Real World Cases
ErgonomicsErgonomicsPrivacy IssuesPrivacy Issues
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-26
Real World Cases
ErgonomicsErgonomics• Job Stress•Cumulative Trauma
Disorders (CTDs)•Carpal Tunnel
Syndrome•Human Factors
Engineering• Societal Solutions
Privacy IssuesPrivacy Issues
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-27
Real World Cases
Security Management of Security Management of Information TechnologyInformation Technology
• Business Value of Security Management• Protection for all Vital
Business ElementsReal World Real World Case 2Case 2--GeisingerGeisinger Health Systems and Health Systems and
DuDu Pont: Security Pont: Security Management of Data Management of Data Resources and Process Resources and Process Control Networks Control Networks
Click to go toCase 2
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-28
Real World Cases
Tools of Security Management
Security Management of Security Management of Information TechnologyInformation Technology
8
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-29
Real World Cases
Security Management of Security Management of Information TechnologyInformation Technology
• Need for Security Management Caused by Increased Use of Links Between Business Units• Greater Openness Means
Greater Vulnerabilities• Better Use of Identifying,
Authenticating Users and Controlling Access to Data• Theft Should Be Made as
Difficult as Possible
Providence Health and Providence Health and CervalisCervalis: : Security Management IssuesSecurity Management Issues
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-30
Real World Cases
Security Management of Security Management of Information TechnologyInformation Technology
•Encryption–Public Key–Private Key
GraphicallyGraphically……
InternetworkedInternetworked Security DefensesSecurity Defenses
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-31
Real World Cases
EncryptionEncryption
Security Management of Security Management of Information TechnologyInformation Technology
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-32
Real World Cases
FirewallsFirewalls
Security Management of Security Management of Information TechnologyInformation Technology
Firewall
IntranetServer
Firewall
Router Router
IntranetServer
Host System
Internet
1
2
3
4
4 5
1 External FirewallBlocks Outsiders
2 Internal FirewallBlocks Restricted Materials
3 Use of Passwords and Browser Security
4 Performs Authentication and Encryption
5 Careful Network Interface Design
9
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-33
Real World Cases
Security Management of Security Management of Information TechnologyInformation Technology
• Worldwide Search for Active IP Addresses• Sophisticated Probes Scan
Any Home or Work Location• Personal Firewalls Help Block
Intruders• Firewalls Generally Good at
Protecting Computers from Most Hacking Efforts
Barry Nance: Testing PC Barry Nance: Testing PC Firewall SecurityFirewall Security
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-34
Real World Cases
Security Management of Security Management of Information TechnologyInformation Technology
• MTV.com Website Targeted for Distributed Denial of Service (DDOS) Attacks During Fall Peak Periods• Some People Try to Crash MTV
Sites• Parent Viacom Installed Software
to Filter out DDOS Attacks• Website Downtime Reduced
MTV Networks: Denial of MTV Networks: Denial of Service DefensesService Defenses
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-35
Real World Cases
Defending Against Denial of Defending Against Denial of Service AttacksService Attacks
Security Management of Security Management of Information TechnologyInformation Technology
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-36
Real World Cases
• e-Sniff Monitoring Device Searches e-Mail by Key Word or Records of Web Sites Visited• 82% of Businesses Monitor
Web Use• Close to 100% of Workers
Register Some Improper Use
SonalystsSonalysts, Inc.: Corporate e, Inc.: Corporate e--Mail MonitoringMail Monitoring
Security Management of Security Management of Information TechnologyInformation Technology
10
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-37
Real World Cases
Security Management of Security Management of Information TechnologyInformation Technology
• Much Software Was Unable to Stop Nimda Worm• Software Alone is Often Not
Enough to Clean System• Until Better Software is
Developed, A Complete System Disconnect and Purge May Be the Only Solution
TrueSecureTrueSecure and 724 Inc.: and 724 Inc.: Limitations of Antivirus SoftwareLimitations of Antivirus Software
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-38
Real World Cases
Example Security Suite InterfaceExample Security Suite Interface
Security Management of Security Management of Information TechnologyInformation Technology
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-39
Real World Cases
Other Security MeasuresOther Security Measures
Security Management of Security Management of Information TechnologyInformation Technology
• Security Codes• Multilevel Password
System–Smart Cards
• Backup Files–Child, Parent, Grandparent
Files• System Security Monitors• Biometric Security END
BACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-40
Real World Cases
Example Security MonitorExample Security Monitor
Security Management of Security Management of Information TechnologyInformation Technology
11
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-41
Real World Cases
Evaluation of Biometric Evaluation of Biometric SecuritySecurity
Security Management of Security Management of Information TechnologyInformation Technology
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-42
Real World Cases
Computer Failure ControlsComputer Failure Controls
Security Management of Security Management of Information TechnologyInformation Technology
•Fault Tolerant Systems–Fail-Over–Fail-Safe–Fail-Soft•Disaster Recovery
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-43
Real World Cases
Methods of Fault ToleranceMethods of Fault Tolerance
Security Management of Security Management of Information TechnologyInformation Technology
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-44
Real World Cases
Visa International: Fault Visa International: Fault Tolerant SystemsTolerant Systems
Security Management of Security Management of Information TechnologyInformation Technology
• Only 100% Uptime is Acceptable• Only 98 Minutes of Downtime in
12 Years• 1 Billion Transactions Worth $2
Trillion in Transactions a Year• 4 Global Processing Centers• Multiple Layers of Redundancy
and Backup• Software Testing and Art Form
12
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-45
Real World Cases
Systems Controls Systems Controls and Auditsand Audits
• Information System Controls•Garbage-In, Garbage-
Out (GIGO)•Auditing IT Security•Audit Trails•Control Logs END
BACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-46
Real World Cases
Systems Controls Systems Controls and Auditsand Audits
Security CodesEncryption
Data Entry ScreensError SignalsControl Totals
Security CodesEncryption
Control TotalsControl Listings
End User Feedback
Security CodesEncryption
Backup FilesLibrary Procedures
Database Administration
InputControls
OutputControls
StorageControls
ProcessingControls
Software ControlsHardware Controls
FirewallsCheckpoints
ENDBACK NEXT
Security, Ethical, and Societal Challenges of ITEthical Responsibility of Business ProfessionalsComputer CrimePrivacy IssuesHealth IssuesSection IITools of Security ManagementInternetworkedSecurity DefensesSystem Controls and Audits
KEY TERMS
Copyright 2005, McGraw-Hill/Irwin, Inc. 11-47
Real World Cases
SummarySummary• Ethical and
Societal Dimensions
• Ethical Responsibility in Business
• Security Management
Top Related