Information Systems Security, Slides of Management Information Systems

Identify the factors that contribute to the increasing vulnerability of information systems • Discuss the common types of security threats • Risk management process • Identify the types of security controls– Physical controls– Access controls– Communication (network) controls

Typology: Slides

2025/2026

Uploaded on 02/15/2026

vaibhavi-3
vaibhavi-3 🇸🇬

7 documents

1 / 49

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Topic 5:
Information Systems
Security
ISIT224 Management Information Systems
1
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31

Partial preview of the text

Download Information Systems Security and more Slides Management Information Systems in PDF only on Docsity!

Topic 5:

Information Systems

Security

ISIT224 Management Information Systems

  • Identify the factors that contribute to the increasing

vulnerability of information systems

  • Discuss the common types of security threats
  • Risk management process
  • Identify the types of security controls
    • Physical controls
    • Access controls
    • Communication (network) controls Lecture Outline 2

Security Threats 5

The be displaypicture e (^) d.can't Internet Security Challenges

  • Network open to anyone
  • Size of Internet means abuses can have wide impact
    • E.g., the use of fixed Internet addresses with cable / DSL modems creates fixed targets for hackers
    • E.g., unencrypted VOIP creates targets for hackers interception
    • E.g., e-mail, P2P, IM
      • Attachments with malicious software
      • Got interception when transmitting trade secrets 6

Wireless Security Challenges The service set identifiers (SSIDs) identifying the access points in a Wi-Fi network are broadcast multiple times (as illustrated by the orange sphere) and can be picked up fairly easily by intruders’ sniffer programs. 8

The be displaypicture e (^) d.can't Wireless Security Challenges

  • War driving
    • Eavesdroppers drive by buildings and try to detect SSID and gain access to network and resources
    • Once access point is breached, intruder can gain access to networked drives and files
  • Rogue access points
    • A wireless access point installed on a wired enterprise network without authorization from the network administrator
    • Experiment at the RSA Conference 2017 in San Francisco
    • à Implement a Wireless Intrusion Prevention System (WIPS) with automatic prevention turned on 9

Software Attacks

  • Worm: replicate, or spread, by itself (without requiring another computer program) - Have network awareness: use shared drives and shared folders to propagate from one machine to another - Once on a machine, it will use up all the CPU cycles, memory, bandwidth, and thereby, slow down the machine and the networks on which that machine is operating
  • Trojan horse: with a hidden intent to open backdoors
    • Appear in the form of (e.g., a beautiful screensaver that you want to download), once on your machine, deletes files and opens up a backdoor for hackers to take administrative control of your machine
    • Typically cannot self-replicate; relies on tricking users 11
  • Botnets: a network of infected computers by worms or Trojan horses, which can then be used to launch simultaneous attacks - Users are first tricked into installing some form of worms help the malware propagate to other network machines - Trojan horse opens up a backdoor for the attacker to control these machines
  • Are often employed by attackers to spread spam and to launch distributed denial of service attacks (DDoS attack) on a target machine Software Attacks 12
  • Phishing
    • An attempt to trick you into giving up your personal information by pretending to be someone you know
  • Spear Phishing
    • Target a specific person or organization by personalizing the message
    • E.g., information of ourselves disclosed online through Facebook or through e-commerce sites Identity Theft 14

Identity Theft 91% of cyber attacks in 2017 started with a phishing email. 15

  • How to crack it: try out all possible combinations of characters and words - Brute-Force Attack - Repeated guessing - Prevention: limit attempts per period - Dictionary Attack - Use dictionary words - Prevention: use non-words, digits, special characters Password Cracks 17
  • Occurs when an individual or computer program

fraudulently clicks an online ad without any

intention of learning more about the advertiser or

making a purchase.

  • Pay-per-click online advertising Click Fraud 18

Protection Mechanisms

  • Goal of risk management
    • To identify, control, and minimize the impact of threats
    • To reduce risk to acceptable levels
  • Security risk
    • The probability that a security threat will impact an information systems
  • Risk management process
      1. Risk analysis
      1. Risk mitigation
      1. Controls evaluation Security Risk Management 21