Matakuliah Tahun Versi : J0454 / Sistem Informasi Manajemen : 2006 :1/1 Pertemuan 23 & 24 Security and Ethical Challenges 1 Learning Outcomes Pada akhir pertemuan ini, diharapkan mahasiswa akan mampu : • Mahasiswa akan dapat memilih strategi penerapan dan pengembangan manajemen keamanan teknologi informasi C4 2 Outline Materi • Security, Ethical and Societal Challenges of IT • Computer Crime • Privacy Issues • Security Management of IT • Tools of Security Management • Internetworked Security Defenses 3 Security and Ethics Business/IT Security, Ethics, and Society Privacy Employment Business/IT Security Ethics and Society Health Individuality Crime Working Conditions 4 Security and Ethics Ethical Responsibility • Business Ethics • Stockholder Theory • Social Contract Theory • Stakeholder Theory 5 Security and Ethics Ethical Responsibility 6 Security and Ethics Technology Ethics 7 Security and Ethics Ethical Guidelines 8 Security Management • Security is 6 to 8% of IT Budget in Developing Countries • 63% Have or Plan to Have Position of Chief Privacy or Information Officer in the Next Two Years • 40% Have a Chief Privacy Officer and Another 6% Intend One in the Next Two Years • 39% Acknowledge that their Systems Have Been Compromised in the Past Year • 24% Have Cyber Risk Insurance and 5% Intend to Acquire Such Coverage9 Security Management Security Technology Used Antivirus 96% Virtual Private Networks 86% Intrusion-Detection Systems 85% Content Filtering/Monitoring 77% Public-Key Infrastructure 45% Smart Cards 43% Biometrics 19% 10 Security Management PayPal, Inc. Cybercrime on the Internet • Online Payment Processing Company • Observed Questionable Accounts Being Opened • Froze Accounts Used to Buy Expensive Goods For Purchasers in Russia • Used Sniffer Software and Located Users Capturing PayPal Ids and Passwords • More than $100,000 in Fraudulent Charges • Crooks Arrested by FBI 11 Security Management Computer Crime • Hacking • Cyber Theft • Unauthorized Use of Work • Piracy of Intellectual Property • Computer Viruses and Worms 12 Security Management Examples of Common Hacking 13 Security Management Recourse Technologies: Insider Computer Crime • Link Between Company Financial Difficulty and Insider Computer Crimes • Use of “Honey Pots” Filled with Phony Data to Attract Hackers • Software Catches Criminal Activity in Seconds • Crime Exposed and Stopped 14 Security Management Internet Abuses in the Workplace 15 Security Management Network Monitoring Software 16 Security Management Copying Music CDs: Intellectual Property Controversy • RIAA Crack Down on Music Piracy • Web Sites Fighting Back • 140 Million Writable Drives In Use • Billions of Blank CDs Sold While Music CD Sales Are Going Down • Pirates Reluctant to Go Away 17 Security Management Facts About Recent Computer Viruses and Worms 18 Security Management University of Chicago: The Nimda Worm • Nimda Worm Launch Sept. 18, 2001 Mass Mailing of Malicious Code Attacking MS-Windows • Took Advantage of Back Doors Previously Left Behind • In Four Hours the University of Chicago’s Web Servers were Scanned by 7,000 Unique IP Addresses Looking for Weaknesses • Many Servers Had to Be Disconnected 19 Privacy Issues Right to Privacy • Computer Profiling • Computer Matching • Privacy Laws • Computer Libel and Censorship • Spamming • Flaming 20 Privacy Issues Other Challenges • Employment Challenges • Working Conditions • Individuality Issues • Health Issues 21 Privacy Issues Ergonomics 22 Privacy Issues Ergonomics • Job Stress • Cumulative Trauma Disorders (CTDs) • Carpal Tunnel Syndrome • Human Factors Engineering • Societal Solutions 23 Security Management of Information Technology Tools of Security Management 24 Security Management of Information Technology Providence Health and Cervalis: Security Management Issues • Need for Security Management Caused by Increased Use of Links Between Business Units • Greater Openness Means Greater Vulnerabilities • Better Use of Identifying, Authenticating Users and Controlling Access to Data • Theft Should Be Made as Difficult as Possible 25 Security Management of Information Technology Internetworked Security Defenses •Encryption –Public Key –Private Key Graphically… 26 Security Management of Information Technology Encryption 27 Security Management of Information Technology Firewalls 3 4 Intranet Server 5 Host System Firewall Router Router 1 External Firewall Blocks Outsiders 2 Internal Firewall Blocks Restricted Materials 3 Use of Passwords and Browser Security 4 Performs Authentication and Encryption 5 Careful Network Interface Design 1 2 Internet Firewall 4 Intranet Server 28 Security Management of Information Technology MTV Networks: Denial of Service Defenses • MTV.com Website Targeted for Distributed Denial of Service (DDOS) Attacks During Fall Peak Periods • Some People Try to Crash MTV Sites • Parent Viacom Installed Software to Filter out DDOS Attacks • Website Downtime Reduced 29 Security Management of Information Technology Defending Against Denial of Service Attacks 30 Security Management of Information Technology Sonalysts, Inc.: Corporate eMail Monitoring • e-Sniff Monitoring Device Searches e-Mail by Key Word or Records of Web Sites Visited • 82% of Businesses Monitor Web Use • Close to 100% of Workers Register Some Improper Use 31 Security Management of Information Technology TrueSecure and 724 Inc.: Limitations of Antivirus Software • Much Software Was Unable to Stop Nimda Worm • Software Alone is Often Not Enough to Clean System • Until Better Software is Developed, A Complete System Disconnect and Purge May Be the Only Solution 32 Security Management of Information Technology Example Security Suite Interface 33 Security Management of Information Technology Other Security Measures • Security Codes • Multilevel Password System –Smart Cards • Backup Files –Child, Parent, Grandparent Files • System Security Monitors • Biometric Security 34 Security Management of Information Technology Example Security Monitor 35 Security Management of Information Technology Evaluation of Biometric Security 36 Security Management of Information Technology Computer Failure Controls • Fault Tolerant Systems –Fail-Over –Fail-Safe –Fail-Soft • Disaster Recovery 37 Security Management of Information Technology Methods of Fault Tolerance 38 Security Management of Information Technology Visa International: Fault Tolerant Systems • Only 100% Uptime is Acceptable • Only 98 Minutes of Downtime in 12 Years • 1 Billion Transactions Worth $2 Trillion in Transactions a Year • 4 Global Processing Centers • Multiple Layers of Redundancy and Backup • Software Testing and Art Form 39 Systems Controls and Audits • Information System Controls • Garbage-In, Garbage-Out (GIGO) • Auditing IT Security • Audit Trails • Control Logs 40 Systems Controls and Audits Processing Controls Input Controls Software Controls Hardware Controls Firewalls Checkpoints Security Codes Encryption Data Entry Screens Error Signals Control Totals Output Controls Security Codes Encryption Control Totals Control Listings End User Feedback Storage Controls Security Codes Encryption Backup Files Library Procedures Database Administration 41 Summary • Ethical and Societal Dimensions • Ethical Responsibility in Business • Security Management 42 Sumber Materi PPT • O’Brien, James A. (2005). Introduction to Information Systems (12th Edition). McGraw – Hill. Bab 11. Official PPT. 43