1 Pertemuan 23 & 24 Security and Ethical Challenges Matakuliah: J0454 / Sistem Informasi Manajemen...

1

Pertemuan 23 & 24Security and Ethical Challenges

Matakuliah : J0454 / Sistem Informasi Manajemen

Tahun : 2006

Versi : 1 / 1

2

Learning Outcomes

Pada akhir pertemuan ini, diharapkan mahasiswa

akan mampu :

• Mahasiswa akan dapat memilih strategi penerapan dan pengembangan manajemen keamanan teknologi informasi C4

3

Outline Materi

• Security, Ethical and Societal Challenges of IT

• Computer Crime

• Privacy Issues

• Security Management of IT

• Tools of Security Management

• Internetworked Security Defenses

4

Security and Ethics

Business/IT Security, Ethics, and SocietyBusiness/IT Security, Ethics, and Society

Employment

Health

Individuality

Privacy

WorkingConditions

Crime

Business/ITSecurity

Ethics andSociety

5

Security and Ethics

• Business Ethics• Stockholder Theory• Social Contract Theory• Stakeholder Theory

Ethical ResponsibilityEthical Responsibility

6

Security and Ethics

Ethical ResponsibilityEthical Responsibility

7

Security and Ethics

Technology EthicsTechnology Ethics

8

Security and Ethics

Ethical GuidelinesEthical Guidelines

9

Security Management

• Security is 6 to 8% of IT Budget in Developing Countries

• 63% Have or Plan to Have Position of Chief Privacy or Information Officer in the Next Two Years

• 40% Have a Chief Privacy Officer and Another 6% Intend One in the Next Two Years

• 39% Acknowledge that their Systems Have Been Compromised in the Past Year

• 24% Have Cyber Risk Insurance and 5% Intend to Acquire Such Coverage

10

Antivirus 96%

Virtual Private Networks86%

Intrusion-Detection Systems85%

Content Filtering/Monitoring77%

Public-Key Infrastructure 45%

Smart Cards43%

Biometrics19%

Security Technology UsedSecurity Technology Used

Security Management

11

PayPal, Inc. Cybercrime on the InternetPayPal, Inc. Cybercrime on the Internet

• Online Payment Processing Company• Observed Questionable Accounts Being

Opened• Froze Accounts Used to Buy Expensive

Goods For Purchasers in Russia• Used Sniffer Software and Located Users

Capturing PayPal Ids and Passwords• More than $100,000 in Fraudulent

Charges• Crooks Arrested by FBI

Security Management

12

Computer CrimeComputer Crime• Hacking• Cyber Theft• Unauthorized Use of

Work• Piracy of Intellectual

Property• Computer Viruses and

Worms

Security Management

13

Examples of Common HackingExamples of Common Hacking

Security Management

14

Recourse Technologies: Insider Computer CrimeRecourse Technologies: Insider Computer Crime

• Link Between Company Financial Difficulty and Insider Computer Crimes

• Use of “Honey Pots” Filled with Phony Data to Attract Hackers

• Software Catches Criminal Activity in Seconds

• Crime Exposed and Stopped

Security Management

15

Internet Abuses in the WorkplaceInternet Abuses in the Workplace

Security Management

16

Network Monitoring SoftwareNetwork Monitoring Software

Security Management

17

Copying Music CDs: Intellectual Copying Music CDs: Intellectual Property ControversyProperty Controversy

• RIAA Crack Down on Music Piracy

• Web Sites Fighting Back• 140 Million Writable Drives In

Use• Billions of Blank CDs Sold

While Music CD Sales Are Going Down

• Pirates Reluctant to Go Away

Security Management

18

Facts About Recent Computer Facts About Recent Computer Viruses and WormsViruses and Worms

Security Management

19

University of Chicago: The University of Chicago: The Nimda WormNimda Worm

• Nimda Worm Launch Sept. 18, 2001 Mass Mailing of Malicious Code Attacking MS-Windows

• Took Advantage of Back Doors Previously Left Behind

• In Four Hours the University of Chicago’s Web Servers were Scanned by 7,000 Unique IP Addresses Looking for Weaknesses

• Many Servers Had to Be Disconnected

Security Management

20

Right to PrivacyRight to Privacy• Computer Profiling• Computer Matching• Privacy Laws• Computer Libel and Censorship

• Spamming• Flaming

Privacy Issues

21

Other ChallengesOther Challenges

• Employment Challenges

• Working Conditions

• Individuality Issues

• Health Issues

Privacy Issues

22

ErgonomicsErgonomicsPrivacy Issues

23

ErgonomicsErgonomics• Job Stress• Cumulative Trauma

Disorders (CTDs)• Carpal Tunnel

Syndrome• Human Factors

Engineering• Societal Solutions

Privacy Issues

24

Tools of Security Management

Security Management of Information Technology

25


• Need for Security Management Caused by Increased Use of Links Between Business Units

• Greater Openness Means Greater Vulnerabilities

• Better Use of Identifying, Authenticating Users and Controlling Access to Data

• Theft Should Be Made as Difficult as Possible

Providence Health and Cervalis: Providence Health and Cervalis: Security Management IssuesSecurity Management Issues

26


•Encryption–Public Key–Private Key

Graphically…Graphically…

Internetworked Security DefensesInternetworked Security Defenses

27

EncryptionEncryption


28

FirewallsFirewalls


Firewall

IntranetServer

Firewall

Router Router

IntranetServer

Host System

Internet

1

2

3

4

4 5

1 External FirewallBlocks Outsiders

2 Internal FirewallBlocks Restricted Materials

3 Use of Passwords and Browser Security

4 Performs Authentication and Encryption

5 Careful Network Interface Design

29


• MTV.com Website Targeted for Distributed Denial of Service (DDOS) Attacks During Fall Peak Periods

• Some People Try to Crash MTV Sites

• Parent Viacom Installed Software to Filter out DDOS Attacks

• Website Downtime Reduced

MTV Networks: Denial of MTV Networks: Denial of Service DefensesService Defenses

30

Defending Against Denial of Defending Against Denial of Service AttacksService Attacks


31

• e-Sniff Monitoring Device Searches e-Mail by Key Word or Records of Web Sites Visited

• 82% of Businesses Monitor Web Use

• Close to 100% of Workers Register Some Improper Use

Sonalysts, Inc.: Corporate e-Sonalysts, Inc.: Corporate e-Mail MonitoringMail Monitoring


32


• Much Software Was Unable to Stop Nimda Worm

• Software Alone is Often Not Enough to Clean System

• Until Better Software is Developed, A Complete System Disconnect and Purge May Be the Only Solution

TrueSecure and 724 Inc.: Limitations TrueSecure and 724 Inc.: Limitations of Antivirus Softwareof Antivirus Software

33

Example Security Suite InterfaceExample Security Suite Interface


34

Other Security MeasuresOther Security Measures


• Security Codes• Multilevel Password System

–Smart Cards• Backup Files

–Child, Parent, Grandparent Files

• System Security Monitors• Biometric Security

35

Example Security MonitorExample Security Monitor


36

Evaluation of Biometric SecurityEvaluation of Biometric Security


37

Computer Failure ControlsComputer Failure Controls


• Fault Tolerant Systems–Fail-Over–Fail-Safe–Fail-Soft

• Disaster Recovery

38

Methods of Fault ToleranceMethods of Fault Tolerance


39

Visa International: Fault Tolerant SystemsVisa International: Fault Tolerant Systems


• Only 100% Uptime is Acceptable• Only 98 Minutes of Downtime in 12

Years• 1 Billion Transactions Worth $2

Trillion in Transactions a Year• 4 Global Processing Centers• Multiple Layers of Redundancy and

Backup• Software Testing and Art Form

40

Systems Controls and Audits

• Information System Controls• Garbage-In, Garbage-Out

(GIGO)• Auditing IT Security• Audit Trails• Control Logs

41

Systems Controls and Audits

Security CodesEncryption

Data Entry ScreensError SignalsControl Totals


Control TotalsControl Listings

End User Feedback


Backup FilesLibrary Procedures

Database Administration

InputControls

OutputControls

StorageControls

ProcessingControls

Software ControlsHardware Controls

FirewallsCheckpoints

42

Summary• Ethical and Societal

Dimensions• Ethical

Responsibility in Business

• Security Management

43

Sumber Materi PPT

• O’Brien, James A. (2005). Introduction to Information Systems (12th Edition). McGraw – Hill. Bab 11. Official PPT.

1 Pertemuan 23 & 24 Security and Ethical Challenges Matakuliah: J0454 / Sistem Informasi Manajemen...

Documents

Transcript of 1 Pertemuan 23 & 24 Security and Ethical Challenges Matakuliah: J0454 / Sistem Informasi Manajemen...