O'Brien - Intro. to Information Systems
advertisement
Module V – Management Challenges Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Security and Ethical Challenges Real World Cases KEY TERMS BACK NEXT END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-1 Learning Objectives Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END 1. Identify several ethical issues in how the use of information technologies in business affects employment, individuality, working conditions, privacy crime, health, and solutions to societal problems. 2. Identify several types of security management strategies and defences, and explain how they can be used to ensure the security of business applications of information technology. 3. Propose several ways that business managers and professionals can help to lessen the harmful effects and increase the beneficial effects of the use of information technology. Copyright 2005, McGraw-Hill/Irwin, Inc. 11-2 Security and Ethics Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT • Major Security Challenges • Serious Ethical Questions • Threats to Business and Individuals • Real World Case 1- F-Secure, Microsoft, GM, and Verizon: The Business Challenge of Click to go to Computer Viruses Case 1 END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-3 Security and Ethics Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Business/IT Security, Ethics, and Society Privacy Employment Business/IT Security Ethics and Society Health Crime Real World Cases KEY TERMS BACK NEXT END Individuality Copyright 2005, McGraw-Hill/Irwin, Inc. Working Conditions 11-4 Security and Ethics Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Ethical Responsibility • Business Ethics • Stockholder Theory • Social Contract Theory • Stakeholder Theory Real World Cases KEY TERMS BACK NEXT END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-5 Security and Ethics Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Ethical Responsibility Real World Cases KEY TERMS BACK NEXT END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-6 Security and Ethics Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Technology Ethics Real World Cases KEY TERMS BACK NEXT END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-7 Security and Ethics Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Ethical Guidelines Real World Cases KEY TERMS BACK NEXT END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-8 Security and Ethics Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END Enron Corporation: Failure in Business Ethics • Drove Stock Prices Higher Never Mentioning Any Weaknesses • Promised Much – Delivered Little • Finally Admitted Overstated Earnings by $586 Million in 1997 • 1998 Third Quarter Loss $638 Million – Filed Bankruptcy • Greed and Mismanagement Destroyed a Potentially Successful Business Plan Copyright 2005, McGraw-Hill/Irwin, Inc. 11-9 Security Management Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END • Security is 6 to 8% of IT Budget in Developing Countries • 63% Have or Plan to Have Position of Chief Privacy or Information Officer in the Next Two Years • 40% Have a Chief Privacy Officer and Another 6% Intend One in the Next Two Years • 39% Acknowledge that their Systems Have Been Compromised in the Past Year • 24% Have Cyber Risk Insurance and 5% Intend to Acquire Such Coverage Copyright 2005, McGraw-Hill/Irwin, Inc. 11-10 Security Management Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Security Technology Used Antivirus 96% Virtual Private Networks 86% Intrusion-Detection Systems 85% Content Filtering/Monitoring 77% Public-Key Infrastructure 45% Real World Cases Smart Cards 43% KEY TERMS BACK NEXT Biometrics 19% END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-11 Security Management Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END PayPal, Inc. Cybercrime on the Internet • Online Payment Processing Company • Observed Questionable Accounts Being Opened • Froze Accounts Used to Buy Expensive Goods For Purchasers in Russia • Used Sniffer Software and Located Users Capturing PayPal Ids and Passwords • More than $100,000 in Fraudulent Charges • Crooks Arrested by FBI Copyright 2005, McGraw-Hill/Irwin, Inc. 11-12 Security Management Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END Computer Crime • Hacking • Cyber Theft • Unauthorized Use of Work • Piracy of Intellectual Property • Computer Viruses and Worms Copyright 2005, McGraw-Hill/Irwin, Inc. 11-13 Security Management Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Examples of Common Hacking Real World Cases KEY TERMS BACK NEXT END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-14 Security Management Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END Recourse Technologies: Insider Computer Crime • Link Between Company Financial Difficulty and Insider Computer Crimes • Use of “Honey Pots” Filled with Phony Data to Attract Hackers • Software Catches Criminal Activity in Seconds • Crime Exposed and Stopped Copyright 2005, McGraw-Hill/Irwin, Inc. 11-15 Security Management Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Internet Abuses in the Workplace Real World Cases KEY TERMS BACK NEXT END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-16 Security Management Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Network Monitoring Software Real World Cases KEY TERMS BACK NEXT END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-17 Security Management Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END AGM Container Controls: Stealing Time and Resources • The Net Contains Many Productivity Distractions • Remedies Include Monitoring Internet Use and Blocking Sites Unrelated to Work • Importance of Telling Employees About Monitoring • Use of Software Monitoring Provided Rebuttal Answers To Web Use Discussions Copyright 2005, McGraw-Hill/Irwin, Inc. 11-18 Security Management Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END Copying Music CDs: Intellectual Property Controversy • RIAA Crack Down on Music Piracy • Web Sites Fighting Back • 140 Million Writable Drives In Use • Billions of Blank CDs Sold While Music CD Sales Are Going Down • Pirates Reluctant to Go Away Copyright 2005, McGraw-Hill/Irwin, Inc. 11-19 Security Management Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Facts About Recent Computer Viruses and Worms Real World Cases KEY TERMS BACK NEXT END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-20 Security Management Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END University of Chicago: The Nimda Worm • Nimda Worm Launch Sept. 18, 2001 Mass Mailing of Malicious Code Attacking MS-Windows • Took Advantage of Back Doors Previously Left Behind • In Four Hours the University of Chicago’s Web Servers were Scanned by 7,000 Unique IP Addresses Looking for Weaknesses • Many Servers Had to Be Disconnected Copyright 2005, McGraw-Hill/Irwin, Inc. 11-21 Privacy Issues Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END Right to Privacy Privacy on the Internet Acxiom, Inc. Challenges to Consumer Privacy • Acxiom – 30 Years Amassing Massive Database • Sells Data to Subscribers • Use by Telemarketers and Credit Firms Copyright 2005, McGraw-Hill/Irwin, Inc. 11-22 Privacy Issues Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END Right to Privacy • Computer Profiling • Computer Matching • Privacy Laws • Computer Libel and Censorship • Spamming • Flaming Copyright 2005, McGraw-Hill/Irwin, Inc. 11-23 Privacy Issues Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT Other Challenges • Employment Challenges • Working Conditions • Individuality Issues • Health Issues END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-24 Privacy Issues Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Ergonomics Real World Cases KEY TERMS BACK NEXT END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-25 Privacy Issues Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END Ergonomics • Job Stress • Cumulative Trauma Disorders (CTDs) • Carpal Tunnel Syndrome • Human Factors Engineering • Societal Solutions Copyright 2005, McGraw-Hill/Irwin, Inc. 11-26 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END Security Management of Information Technology • Business Value of Security Management • Protection for all Vital Business Elements Real World Case 2Geisinger Health Systems and Du Pont: Security Management of Data Resources and Process Click to go to Case 2 Control Networks Copyright 2005, McGraw-Hill/Irwin, Inc. 11-27 Security Management of Information Technology Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Tools of Security Management Real World Cases KEY TERMS BACK NEXT END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-28 Security Management of Information Technology Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END Providence Health and Cervalis: Security Management Issues • Need for Security Management Caused by Increased Use of Links Between Business Units • Greater Openness Means Greater Vulnerabilities • Better Use of Identifying, Authenticating Users and Controlling Access to Data • Theft Should Be Made as Difficult as Possible Copyright 2005, McGraw-Hill/Irwin, Inc. 11-29 Security Management of Information Technology Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Internetworked Security Defenses •Encryption –Public Key –Private Key Graphically… Real World Cases KEY TERMS BACK NEXT END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-30 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Security Management of Information Technology Encryption Real World Cases KEY TERMS BACK NEXT END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-31 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Security Management of Information Technology Firewalls 1 External Firewall Blocks Outsiders 3 4 Intranet Server 5 Host System Firewall Router Router 3 Use of Passwords and Browser Security 4 Performs Authentication and Encryption 5 Careful Network Interface Design Internet Firewall 4 KEY TERMS BACK NEXT Internal Firewall Blocks Restricted Materials 1 2 Real World Cases 2 Intranet Server END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-32 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END Security Management of Information Technology Barry Nance: Testing PC Firewall Security • Worldwide Search for Active IP Addresses • Sophisticated Probes Scan Any Home or Work Location • Personal Firewalls Help Block Intruders • Firewalls Generally Good at Protecting Computers from Most Hacking Efforts Copyright 2005, McGraw-Hill/Irwin, Inc. 11-33 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END Security Management of Information Technology MTV Networks: Denial of Service Defenses • MTV.com Website Targeted for Distributed Denial of Service (DDOS) Attacks During Fall Peak Periods • Some People Try to Crash MTV Sites • Parent Viacom Installed Software to Filter out DDOS Attacks • Website Downtime Reduced Copyright 2005, McGraw-Hill/Irwin, Inc. 11-34 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Security Management of Information Technology Defending Against Denial of Service Attacks Real World Cases KEY TERMS BACK NEXT END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-35 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END Security Management of Information Technology Sonalysts, Inc.: Corporate eMail Monitoring • e-Sniff Monitoring Device Searches e-Mail by Key Word or Records of Web Sites Visited • 82% of Businesses Monitor Web Use • Close to 100% of Workers Register Some Improper Use Copyright 2005, McGraw-Hill/Irwin, Inc. 11-36 Security Management of Information Technology Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END TrueSecure and 724 Inc.: Limitations of Antivirus Software • Much Software Was Unable to Stop Nimda Worm • Software Alone is Often Not Enough to Clean System • Until Better Software is Developed, A Complete System Disconnect and Purge May Be the Only Solution Copyright 2005, McGraw-Hill/Irwin, Inc. 11-37 Security Management of Information Technology Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Example Security Suite Interface Real World Cases KEY TERMS BACK NEXT END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-38 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END Security Management of Information Technology Other Security Measures • Security Codes • Multilevel Password System –Smart Cards • Backup Files –Child, Parent, Grandparent Files • System Security Monitors • Biometric Security Copyright 2005, McGraw-Hill/Irwin, Inc. 11-39 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Security Management of Information Technology Example Security Monitor Real World Cases KEY TERMS BACK NEXT END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-40 Security Management of Information Technology Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Evaluation of Biometric Security Real World Cases KEY TERMS BACK NEXT END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-41 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END Security Management of Information Technology Computer Failure Controls •Fault Tolerant Systems –Fail-Over –Fail-Safe –Fail-Soft •Disaster Recovery Copyright 2005, McGraw-Hill/Irwin, Inc. 11-42 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Security Management of Information Technology Methods of Fault Tolerance Real World Cases KEY TERMS BACK NEXT END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-43 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END Security Management of Information Technology Visa International: Fault Tolerant Systems • Only 100% Uptime is Acceptable • Only 98 Minutes of Downtime in 12 Years • 1 Billion Transactions Worth $2 Trillion in Transactions a Year • 4 Global Processing Centers • Multiple Layers of Redundancy and Backup • Software Testing and Art Form Copyright 2005, McGraw-Hill/Irwin, Inc. 11-44 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END Systems Controls and Audits • Information System Controls • Garbage-In, GarbageOut (GIGO) • Auditing IT Security • Audit Trails • Control Logs Copyright 2005, McGraw-Hill/Irwin, Inc. 11-45 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Systems Controls and Audits Processing Controls Input Controls Security Codes Encryption Data Entry Screens Error Signals Control Totals Output Controls Security Codes Encryption Control Totals Control Listings End User Feedback Storage Controls Real World Cases Security Codes Encryption Backup Files Library Procedures Database Administration KEY TERMS BACK NEXT Software Controls Hardware Controls Firewalls Checkpoints END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-46 Summary Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END • Ethical and Societal Dimensions • Ethical Responsibility in Business • Security Management Copyright 2005, McGraw-Hill/Irwin, Inc. 11-47 KEY TERMS Antivirus software Ethical foundations Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END Audit trail Auditing business systems Backup files Biometric security Business ethics Computer crime Computer matching Computer monitoring Computer virus Denial of service Disaster recovery Encryption Ergonomics Ethical and Societal Impacts of business/IT a. Employment b. Health c. Individuality d. Societal Solutions e. Working Conditions Copyright 2005, McGraw-Hill/Irwin, Inc. Fault tolerant Firewall Flaming Hacking Information system controls Intellectual property piracy Passwords Privacy issues Responsible professional Security management Software piracy Spamming System security monitor Unauthorized use 11-48 Optional Case Studies Real World Case 1 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END F-Secure – Microsoft GM and Verizon: The Business Challenge of Computer Viruses Click to go to Case 1 Real World Case 2 Geisinger Health Systems and DuPont: Security Management of Data Resources and Process Control Networks Click to go to Case 2 Real World Case 3 Banner Health – Arlington County and Others: Security Management of Windows Software Click to go to Case 3 Real World Case 4 Online Resources – Lehman Brothers and Others: Managing Network Security Systems Copyright 2005, McGraw-Hill/Irwin, Inc. Click to go to Case 4 11-49 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Enterprise and Global Management of Information Technology Real World Cases Chapter 12 KEY TERMS BACK NEXT END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-50 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases F-Secure – Microsoft GM and Verizon: The Business Challenge of Computer Viruses 1- What security measures should companies, business professionals, and consumers take to protect their systems from being damaged by computer worms and viruses? Return to Chapter 11 KEY TERMS BACK NEXT Return to Cases Page END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-51 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END F-Secure – Microsoft GM and Verizon: The Business Challenge of Computer Viruses Discussion Points Would Include: • Businesses Should – “Get Serious” About Cyber Security – Stop Relying on Microsoft 's Backbone • Businesses Need Better Procedures for Security Updating • Businesses Should Update Security Defenses Copyright 2005, McGraw-Hill/Irwin, Inc. 11-52 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases F-Secure – Microsoft GM and Verizon: The Business Challenge of Computer Viruses 2- What is the business and ethical responsibility of Microsoft in helping to prevent the spread of computer viruses? Have they met this responsibility? Why or why not? KEY TERMS BACK NEXT END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-53 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END F-Secure – Microsoft GM and Verizon: The Business Challenge of Computer Viruses Discussion Points Would Include: Microsoft (95% Market Share) Must Ensure Software is Hostile to Hackers Must Write Better Software Microsoft and Others Must make Security Higher Priority The Responsibility of Security is the User Not Bender Copyright 2005, McGraw-Hill/Irwin, Inc. 11-54 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits F-Secure – Microsoft GM and Verizon: The Business Challenge of Computer Viruses 3- What are several possible reasons why some companies (like GM) were seriously affected by computer viruses, while others (like Verizon) were not? Return to Chapter 11 Real World Cases KEY TERMS BACK NEXT Return to Cases Page END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-55 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases F-Secure – Microsoft GM and Verizon: The Business Challenge of Computer Viruses Reasons Would Include: • Undue Dependence on Microsoft for Quality Software • GM Ignored Security until It was Too Late • Companies Paid More Attention to Bottom Line than Security Return to Chapter 11 KEY TERMS BACK NEXT Return to Cases Page END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-56 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END F-Secure – Microsoft GM and Verizon: The Business Challenge of Computer Viruses Reasons Would Include: • Undue Dependence on Microsoft for Quality Software • GM Ignored Security until It was Too Late • Companies Paid More Attention to Bottom Line than Security • Inadequate Planning for Improving Security Return to Chapter 11 Return to Cases Page Copyright 2005, McGraw-Hill/Irwin, Inc. 11-57 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Geisinger Health Systems and DuPont: Security Management of Data Resources and Process Control Networks 1- What are several possible reasons why some companies (like GM) were seriously affected by computer viruses, while others (like Verizon) were not? Return to Chapter 11 Real World Cases KEY TERMS BACK NEXT Return to Cases Page END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-58 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END Geisinger Health Systems and DuPont: Security Management of Data Resources and Process Control Networks Discussion Points Would Include: • Key Components of a Security System: – Understanding Workflow – Assessing Risk – Educating Users • MvChart needed Installed on Hardware Separate from EMK system Copyright 2005, McGraw-Hill/Irwin, Inc. 11-59 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END Geisinger Health Systems and DuPont: Security Management of Data Resources and Process Control Networks Discussion Points Would Include: • Biometric and Proximity Devices Streamline Secure Network Access • Requiring Caregivers Access to Patient Information via the Internet Using: – Electronic Token Identification – A Virtual Private Network • Other Encryption Methods Copyright 2005, McGraw-Hill/Irwin, Inc. 11-60 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Geisinger Health Systems and DuPont: Security Management of Data Resources and Process Control Networks 2- What security measures is Du Pont taking to protect their process control networks? Are these measures adequate? Explain your evaluation. Real World Cases KEY TERMS BACK NEXT END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-61 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END Geisinger Health Systems and DuPont: Security Management of Data Resources and Process Control Networks Discussion Points Would Include: • Du Pont Co.-The Critical Manufacturing Processes, will Isolate Process Systems from Business systems by: – Not Connecting our Networks, – Or it will Add Firewalls to Control Access Copyright 2005, McGraw-Hill/Irwin, Inc. 11-62 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END Geisinger Health Systems and DuPont: Security Management of Data Resources and Process Control Networks Discussion Points Would Include: • A Team-IT Staffers, Process-Control Engineers, and Manufacturing Employees was Established to: – Discern Control Devices Critical to Manufacturing, Safety and Continuity of Production – Identify Assets of – Hardware, Data, and Software Applications – Testing Fixes and Workarounds for Specific Machines – Recognizing Precise Vulnerabilities Differ by Environment – Determining how to Separate Networks Copyright 2005, McGraw-Hill/Irwin, Inc. 11-63 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Geisinger Health Systems and DuPont: Security Management of Data Resources and Process Control Networks 3- What are several other steps Geisinger and Du Pont could take to increase the security of their data and network resources? Explain the value of your proposals. Return to Chapter 11 Real World Cases KEY TERMS BACK NEXT Return to Cases Page END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-64 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases Geisinger Health Systems and DuPont: Security Management of Data Resources and Process Control Networks Discussion Points Would Include: Include the Concepts Presented in the Chapter Material and Additional Considerations That You Have Located on the Internet Return to Chapter 11 KEY TERMS BACK NEXT Return to Cases Page END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-65 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Banner Health Arlington County and Others: Security Management of Windows Software 1- What security problems are typically remedied by Microsoft’s security patches for Windows? Why do such problems arise in the first place? Real World Cases KEY TERMS BACK NEXT Return to Cases Page END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-66 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END Banner Health Arlington County and Others: Security Management of Windows Software Discussion Points Would Include: • Vulnerability to Computer Viruses (Worms) • Microsoft’s Push to Deliver New Versions – That have not been tested and/or • Designed Properly to Reduce Vulnerability Copyright 2005, McGraw-Hill/Irwin, Inc. 11-67 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Banner Health Arlington County and Others: Security Management of Windows Software 2- What challenges does the process of applying Windows patches pose for many businesses? What are some limitations of the patching process? Real World Cases KEY TERMS BACK NEXT END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-68 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END Banner Health Arlington County and Others: Security Management of Windows Software Discussion Points Would Include: • Patching Required Companies to Drop Everything with Finite Resources • Larger Companies Need Time to Properly Test • Companies Faced with Limited Scope for Downtime Copyright 2005, McGraw-Hill/Irwin, Inc. 11-69 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Banner Health Arlington County and Others: Security Management of Windows Software 3- Does the business value of applying Windows patches outweigh its costs, limitations, and the demands it places on the IT function? Why or why not? Real World Cases KEY TERMS BACK NEXT Return to Cases Page END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-70 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases Banner Health Arlington County and Others: Security Management of Windows Software Discussion Points Would Include: • Exploit-Proof Code Patching is Best Strategy • Microsoft’s Windows Update Patch Management Program – Has a Critical Shortcoming – Could Fool Users-They have Been Properly Patched – Users are Really Vulnerable-Patch not Fixed • Users have Reported Patches don't Always Deploy Properly KEY TERMS BACK NEXT Return to Cases Page END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-71 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END Banner Health Arlington County and Others: Security Management of Windows Software Discussion Points Would Include: • Exploit-Proof Code Patching is Best Strategy • Microsoft’s Windows Update Patch Management Program – Has a Critical Shortcoming – Could Fool Users-They have Been Properly Patched – Users are Really Vulnerable-Patch not Fixed • Users have Reported Patches don't Always Deploy Properly Return to • Microsoft Patches have Serious Cases Page Security Vulnerability Copyright 2005, McGraw-Hill/Irwin, Inc. 11-72 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases Online Resources – Lehman Brothers and Others: Managing Network Security Systems 1- What is the function of each of the network security tools identified in this case? Visit the websites of security firms Check Point and NetForensics to help you answer. KEY TERMS BACK NEXT Return to Cases Page END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-73 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END Online Resources – Lehman Brothers and Others: Managing Network Security Systems Discussion Points Would Include: • • • • Network Intrusion-Detection Systems Firewalls Anti-Virus Tools Automating the Process – – – – Gathering Consolidating Correlating Prioritizing Data from Security Event • Collecting Data from Individual Security Systems • “Normalizing” Data to Quickly Identify Potential Attacks Copyright 2005, McGraw-Hill/Irwin, Inc. 11-74 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Online Resources – Lehman Brothers and Others: Managing Network Security Systems 2- What is the value of security information management software to a company? Use the companies in this case as examples. Real World Cases KEY TERMS BACK NEXT END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-75 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END Online Resources – Lehman Brothers and Others: Managing Network Security Systems Discussion Points Would Include: • Provides a Single Place To Get Information • Automated Gathering, Consolidating, and Correlating Data – Into a Usable Format to Analyze – Used to Establish Priorities • Permits Businesses to React Faster to Activity • Reduces the Number of False Alerts • Allows Companies to Drill Down into Attach Details Copyright 2005, McGraw-Hill/Irwin, Inc. 11-76 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT Online Resources – Lehman Brothers and Others: Managing Network Security Systems 3- What can smaller firms who cannot afford the cost of such software do to properly manage and use the information about security from their network security systems? Give several examples. Return to Cases Page END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-77 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases Online Resources – Lehman Brothers and Others: Managing Network Security Systems Discussion Points Would Include: • Plan for Having Periodic Audits of IT Security • Review/Update Regularly Control Features of IT • Regularly Change Passwords-To Access System • Develop a Backup Plan and Implement KEY TERMS BACK NEXT Return to Cases Page END Copyright 2005, McGraw-Hill/Irwin, Inc. 11-78 Security, Ethical, and Societal Challenges of IT Ethical Responsibility of Business Professionals Computer Crime Privacy Issues Health Issues Section II Tools of Security Management Internetworked Security Defenses System Controls and Audits Real World Cases KEY TERMS BACK NEXT END Online Resources – Lehman Brothers and Others: Managing Network Security Systems Discussion Points Would Include: • Plan for Having Periodic Audits of IT Security • Review/Update Regularly Control Features of IT • Regularly Change Passwords-To Access System • Develop a Backup Plan and Implement • Develop Plan for Disaster Recovery Return to Cases Page Copyright 2005, McGraw-Hill/Irwin, Inc. 11-79
