Post on 19-Dec-2015
1
Pertemuan 23 & 24Security and Ethical Challenges
Matakuliah : J0454 / Sistem Informasi Manajemen
Tahun : 2006
Versi : 1 / 1
2
Learning Outcomes
Pada akhir pertemuan ini, diharapkan mahasiswa
akan mampu :
• Mahasiswa akan dapat memilih strategi penerapan dan pengembangan manajemen keamanan teknologi informasi C4
3
Outline Materi
• Security, Ethical and Societal Challenges of IT
• Computer Crime
• Privacy Issues
• Security Management of IT
• Tools of Security Management
• Internetworked Security Defenses
4
Security and Ethics
Business/IT Security, Ethics, and SocietyBusiness/IT Security, Ethics, and Society
Employment
Health
Individuality
Privacy
WorkingConditions
Crime
Business/ITSecurity
Ethics andSociety
5
Security and Ethics
• Business Ethics• Stockholder Theory• Social Contract Theory• Stakeholder Theory
Ethical ResponsibilityEthical Responsibility
6
Security and Ethics
Ethical ResponsibilityEthical Responsibility
7
Security and Ethics
Technology EthicsTechnology Ethics
8
Security and Ethics
Ethical GuidelinesEthical Guidelines
9
Security Management
• Security is 6 to 8% of IT Budget in Developing Countries
• 63% Have or Plan to Have Position of Chief Privacy or Information Officer in the Next Two Years
• 40% Have a Chief Privacy Officer and Another 6% Intend One in the Next Two Years
• 39% Acknowledge that their Systems Have Been Compromised in the Past Year
• 24% Have Cyber Risk Insurance and 5% Intend to Acquire Such Coverage
10
Antivirus 96%
Virtual Private Networks86%
Intrusion-Detection Systems85%
Content Filtering/Monitoring77%
Public-Key Infrastructure 45%
Smart Cards43%
Biometrics19%
Security Technology UsedSecurity Technology Used
Security Management
11
PayPal, Inc. Cybercrime on the InternetPayPal, Inc. Cybercrime on the Internet
• Online Payment Processing Company• Observed Questionable Accounts Being
Opened• Froze Accounts Used to Buy Expensive
Goods For Purchasers in Russia• Used Sniffer Software and Located Users
Capturing PayPal Ids and Passwords• More than $100,000 in Fraudulent
Charges• Crooks Arrested by FBI
Security Management
12
Computer CrimeComputer Crime• Hacking• Cyber Theft• Unauthorized Use of
Work• Piracy of Intellectual
Property• Computer Viruses and
Worms
Security Management
13
Examples of Common HackingExamples of Common Hacking
Security Management
14
Recourse Technologies: Insider Computer CrimeRecourse Technologies: Insider Computer Crime
• Link Between Company Financial Difficulty and Insider Computer Crimes
• Use of “Honey Pots” Filled with Phony Data to Attract Hackers
• Software Catches Criminal Activity in Seconds
• Crime Exposed and Stopped
Security Management
15
Internet Abuses in the WorkplaceInternet Abuses in the Workplace
Security Management
16
Network Monitoring SoftwareNetwork Monitoring Software
Security Management
17
Copying Music CDs: Intellectual Copying Music CDs: Intellectual Property ControversyProperty Controversy
• RIAA Crack Down on Music Piracy
• Web Sites Fighting Back• 140 Million Writable Drives In
Use• Billions of Blank CDs Sold
While Music CD Sales Are Going Down
• Pirates Reluctant to Go Away
Security Management
18
Facts About Recent Computer Facts About Recent Computer Viruses and WormsViruses and Worms
Security Management
19
University of Chicago: The University of Chicago: The Nimda WormNimda Worm
• Nimda Worm Launch Sept. 18, 2001 Mass Mailing of Malicious Code Attacking MS-Windows
• Took Advantage of Back Doors Previously Left Behind
• In Four Hours the University of Chicago’s Web Servers were Scanned by 7,000 Unique IP Addresses Looking for Weaknesses
• Many Servers Had to Be Disconnected
Security Management
20
Right to PrivacyRight to Privacy• Computer Profiling• Computer Matching• Privacy Laws• Computer Libel and Censorship
• Spamming• Flaming
Privacy Issues
21
Other ChallengesOther Challenges
• Employment Challenges
• Working Conditions
• Individuality Issues
• Health Issues
Privacy Issues
22
ErgonomicsErgonomicsPrivacy Issues
23
ErgonomicsErgonomics• Job Stress• Cumulative Trauma
Disorders (CTDs)• Carpal Tunnel
Syndrome• Human Factors
Engineering• Societal Solutions
Privacy Issues
24
Tools of Security Management
Security Management of Information Technology
25
Security Management of Information Technology
• Need for Security Management Caused by Increased Use of Links Between Business Units
• Greater Openness Means Greater Vulnerabilities
• Better Use of Identifying, Authenticating Users and Controlling Access to Data
• Theft Should Be Made as Difficult as Possible
Providence Health and Cervalis: Providence Health and Cervalis: Security Management IssuesSecurity Management Issues
26
Security Management of Information Technology
•Encryption–Public Key–Private Key
Graphically…Graphically…
Internetworked Security DefensesInternetworked Security Defenses
27
EncryptionEncryption
Security Management of Information Technology
28
FirewallsFirewalls
Security Management of Information Technology
Firewall
IntranetServer
Firewall
Router Router
IntranetServer
Host System
Internet
1
2
3
4
4 5
1 External FirewallBlocks Outsiders
2 Internal FirewallBlocks Restricted Materials
3 Use of Passwords and Browser Security
4 Performs Authentication and Encryption
5 Careful Network Interface Design
29
Security Management of Information Technology
• MTV.com Website Targeted for Distributed Denial of Service (DDOS) Attacks During Fall Peak Periods
• Some People Try to Crash MTV Sites
• Parent Viacom Installed Software to Filter out DDOS Attacks
• Website Downtime Reduced
MTV Networks: Denial of MTV Networks: Denial of Service DefensesService Defenses
30
Defending Against Denial of Defending Against Denial of Service AttacksService Attacks
Security Management of Information Technology
31
• e-Sniff Monitoring Device Searches e-Mail by Key Word or Records of Web Sites Visited
• 82% of Businesses Monitor Web Use
• Close to 100% of Workers Register Some Improper Use
Sonalysts, Inc.: Corporate e-Sonalysts, Inc.: Corporate e-Mail MonitoringMail Monitoring
Security Management of Information Technology
32
Security Management of Information Technology
• Much Software Was Unable to Stop Nimda Worm
• Software Alone is Often Not Enough to Clean System
• Until Better Software is Developed, A Complete System Disconnect and Purge May Be the Only Solution
TrueSecure and 724 Inc.: Limitations TrueSecure and 724 Inc.: Limitations of Antivirus Softwareof Antivirus Software
33
Example Security Suite InterfaceExample Security Suite Interface
Security Management of Information Technology
34
Other Security MeasuresOther Security Measures
Security Management of Information Technology
• Security Codes• Multilevel Password System
–Smart Cards• Backup Files
–Child, Parent, Grandparent Files
• System Security Monitors• Biometric Security
35
Example Security MonitorExample Security Monitor
Security Management of Information Technology
36
Evaluation of Biometric SecurityEvaluation of Biometric Security
Security Management of Information Technology
37
Computer Failure ControlsComputer Failure Controls
Security Management of Information Technology
• Fault Tolerant Systems–Fail-Over–Fail-Safe–Fail-Soft
• Disaster Recovery
38
Methods of Fault ToleranceMethods of Fault Tolerance
Security Management of Information Technology
39
Visa International: Fault Tolerant SystemsVisa International: Fault Tolerant Systems
Security Management of Information Technology
• Only 100% Uptime is Acceptable• Only 98 Minutes of Downtime in 12
Years• 1 Billion Transactions Worth $2
Trillion in Transactions a Year• 4 Global Processing Centers• Multiple Layers of Redundancy and
Backup• Software Testing and Art Form
40
Systems Controls and Audits
• Information System Controls• Garbage-In, Garbage-Out
(GIGO)• Auditing IT Security• Audit Trails• Control Logs
41
Systems Controls and Audits
Security CodesEncryption
Data Entry ScreensError SignalsControl Totals
Security CodesEncryption
Control TotalsControl Listings
End User Feedback
Security CodesEncryption
Backup FilesLibrary Procedures
Database Administration
InputControls
OutputControls
StorageControls
ProcessingControls
Software ControlsHardware Controls
FirewallsCheckpoints
42
Summary• Ethical and Societal
Dimensions• Ethical
Responsibility in Business
• Security Management
43
Sumber Materi PPT
• O’Brien, James A. (2005). Introduction to Information Systems (12th Edition). McGraw – Hill. Bab 11. Official PPT.