Pertemuan 23 & 24 Security and Ethical Challenges Matakuliah

advertisement
Matakuliah
Tahun
Versi
: J0454 / Sistem Informasi Manajemen
: 2006
:1/1
Pertemuan 23 & 24
Security and Ethical Challenges
1
Learning Outcomes
Pada akhir pertemuan ini, diharapkan mahasiswa
akan mampu :
• Mahasiswa akan dapat memilih strategi
penerapan dan pengembangan
manajemen keamanan teknologi informasi
 C4
2
Outline Materi
• Security, Ethical and Societal Challenges
of IT
• Computer Crime
• Privacy Issues
• Security Management of IT
• Tools of Security Management
• Internetworked Security Defenses
3
Security and Ethics
Business/IT Security, Ethics, and Society
Privacy
Employment
Business/IT
Security
Ethics and
Society
Health
Individuality
Crime
Working
Conditions
4
Security and Ethics
Ethical Responsibility
• Business Ethics
• Stockholder Theory
• Social Contract Theory
• Stakeholder Theory
5
Security and Ethics
Ethical Responsibility
6
Security and Ethics
Technology Ethics
7
Security and Ethics
Ethical Guidelines
8
Security Management
• Security is 6 to 8% of IT Budget in
Developing Countries
• 63% Have or Plan to Have Position of
Chief Privacy or Information Officer
in the Next Two Years
• 40% Have a Chief Privacy Officer
and Another 6% Intend One in the
Next Two Years
• 39% Acknowledge that their Systems
Have Been Compromised in the Past
Year
• 24% Have Cyber Risk Insurance and
5% Intend to Acquire Such Coverage9
Security Management
Security Technology Used
Antivirus
96%
Virtual Private Networks
86%
Intrusion-Detection Systems
85%
Content Filtering/Monitoring
77%
Public-Key Infrastructure
45%
Smart Cards
43%
Biometrics
19%
10
Security Management
PayPal, Inc. Cybercrime on the
Internet
• Online Payment Processing Company
• Observed Questionable Accounts Being
Opened
• Froze Accounts Used to Buy Expensive
Goods For Purchasers in Russia
• Used Sniffer Software and Located Users
Capturing PayPal Ids and Passwords
• More than $100,000 in Fraudulent
Charges
• Crooks Arrested by FBI
11
Security Management
Computer Crime
• Hacking
• Cyber Theft
• Unauthorized Use of
Work
• Piracy of Intellectual
Property
• Computer Viruses and
Worms
12
Security Management
Examples of Common Hacking
13
Security Management
Recourse Technologies:
Insider Computer Crime
• Link Between Company
Financial Difficulty and Insider
Computer Crimes
• Use of “Honey Pots” Filled with
Phony Data to Attract Hackers
• Software Catches Criminal
Activity in Seconds
• Crime Exposed and Stopped
14
Security Management
Internet Abuses in the Workplace
15
Security Management
Network Monitoring Software
16
Security Management
Copying Music CDs: Intellectual
Property Controversy
• RIAA Crack Down on Music
Piracy
• Web Sites Fighting Back
• 140 Million Writable Drives In
Use
• Billions of Blank CDs Sold
While Music CD Sales Are
Going Down
• Pirates Reluctant to Go Away
17
Security Management
Facts About Recent Computer
Viruses and Worms
18
Security Management
University of Chicago: The
Nimda Worm
• Nimda Worm Launch Sept. 18, 2001
Mass Mailing of Malicious Code
Attacking MS-Windows
• Took Advantage of Back Doors
Previously Left Behind
• In Four Hours the University of
Chicago’s Web Servers were Scanned
by 7,000 Unique IP Addresses
Looking for Weaknesses
• Many Servers Had to Be
Disconnected
19
Privacy Issues
Right to Privacy
• Computer Profiling
• Computer Matching
• Privacy Laws
• Computer Libel and
Censorship
• Spamming
• Flaming
20
Privacy Issues
Other Challenges
• Employment
Challenges
• Working Conditions
• Individuality Issues
• Health Issues
21
Privacy Issues
Ergonomics
22
Privacy Issues
Ergonomics
• Job Stress
• Cumulative Trauma
Disorders (CTDs)
• Carpal Tunnel
Syndrome
• Human Factors
Engineering
• Societal Solutions
23
Security Management of
Information Technology
Tools of Security Management
24
Security Management of
Information Technology
Providence Health and Cervalis:
Security Management Issues
• Need for Security Management
Caused by Increased Use of Links
Between Business Units
• Greater Openness Means Greater
Vulnerabilities
• Better Use of Identifying,
Authenticating Users and
Controlling Access to Data
• Theft Should Be Made as Difficult
as Possible
25
Security Management of
Information Technology
Internetworked Security Defenses
•Encryption
–Public Key
–Private Key
Graphically…
26
Security Management of
Information Technology
Encryption
27
Security Management of
Information Technology
Firewalls
3
4
Intranet
Server
5
Host
System
Firewall
Router
Router
1
External Firewall
Blocks Outsiders
2
Internal Firewall
Blocks Restricted
Materials
3
Use of Passwords
and Browser
Security
4
Performs
Authentication
and Encryption
5
Careful Network
Interface Design
1
2
Internet
Firewall
4
Intranet
Server
28
Security Management of
Information Technology
MTV Networks: Denial of
Service Defenses
• MTV.com Website Targeted for
Distributed Denial of Service
(DDOS) Attacks During Fall Peak
Periods
• Some People Try to Crash MTV
Sites
• Parent Viacom Installed Software to
Filter out DDOS Attacks
• Website Downtime Reduced
29
Security Management of
Information Technology
Defending Against Denial of
Service Attacks
30
Security Management of
Information Technology
Sonalysts, Inc.: Corporate eMail Monitoring
• e-Sniff Monitoring Device
Searches e-Mail by Key Word
or Records of Web Sites
Visited
• 82% of Businesses Monitor
Web Use
• Close to 100% of Workers
Register Some Improper Use
31
Security Management of
Information Technology
TrueSecure and 724 Inc.: Limitations
of Antivirus Software
• Much Software Was Unable
to Stop Nimda Worm
• Software Alone is Often Not
Enough to Clean System
• Until Better Software is
Developed, A Complete
System Disconnect and
Purge May Be the Only
Solution
32
Security Management of
Information Technology
Example Security Suite Interface
33
Security Management of
Information Technology
Other Security Measures
• Security Codes
• Multilevel Password System
–Smart Cards
• Backup Files
–Child, Parent, Grandparent
Files
• System Security Monitors
• Biometric Security
34
Security Management of
Information Technology
Example Security Monitor
35
Security Management of
Information Technology
Evaluation of Biometric
Security
36
Security Management of
Information Technology
Computer Failure Controls
• Fault Tolerant
Systems
–Fail-Over
–Fail-Safe
–Fail-Soft
• Disaster Recovery
37
Security Management of
Information Technology
Methods of Fault Tolerance
38
Security Management of
Information Technology
Visa International: Fault
Tolerant Systems
• Only 100% Uptime is Acceptable
• Only 98 Minutes of Downtime in 12
Years
• 1 Billion Transactions Worth $2
Trillion in Transactions a Year
• 4 Global Processing Centers
• Multiple Layers of Redundancy and
Backup
• Software Testing and Art Form
39
Systems Controls and
Audits
• Information System Controls
• Garbage-In, Garbage-Out
(GIGO)
• Auditing IT Security
• Audit Trails
• Control Logs
40
Systems Controls and
Audits
Processing
Controls
Input
Controls
Software Controls
Hardware Controls
Firewalls
Checkpoints
Security Codes
Encryption
Data Entry Screens
Error Signals
Control Totals
Output
Controls
Security Codes
Encryption
Control Totals
Control Listings
End User Feedback
Storage
Controls
Security Codes
Encryption
Backup Files
Library Procedures
Database Administration
41
Summary
• Ethical and Societal
Dimensions
• Ethical
Responsibility in
Business
• Security
Management
42
Sumber Materi PPT
•
O’Brien, James A. (2005). Introduction
to Information Systems (12th Edition).
McGraw – Hill. Bab 11. Official PPT.
43
Download