After reading this chapter, you should be able to answer the following questions: What are the security threats to information systems? What controls exist to protect the systems? How do computers identify users? What alternative security measures need to be taken? What is encryption and how does it solve several problems? What specific security problems does the Internet create? Can there be privacy with computers and the Internet? What are the advantages and problems with anonymity? | Introduction to MIS Chapter 4 Security, Privacy, Anonymity Outline Threats to Information Physical Security and Disaster Planning Logical Security and Data Protection Virus Threats User Identification and Biometrics Access controls Encryption and Authentication Internet Security Issues Privacy Anonymity Cases: Healthcare Appendix: Server Security Certificates Security, Privacy, and Anonymity Server Attacks Data interception The Internet Monitoring Employees & Consultants Links to business partners Outside hackers Threats to Information Accidents & Disasters Employees & Consultants Business Partnerships Outsiders Viruses Virus hiding in e-mail attachment. $$ Security Categories Physical attack & disasters Backup--off-site Cold/Shell site Hot site Disaster tests Personal computers! Logical Unauthorized disclosure Unauthorized modification Unauthorized withholding Denial of Service Horror Stories Security Pacific--Oct. 1978 Stanley Mark Rifkin Electronic Funds Transfer $ million Switzerland Soviet Diamonds Came back to . Equity Funding--1973 The Impossible Dream Stock Manipulation Insurance Loans Fake computer records Robert Morris--1989 Graduate Student Unix “Worm” Internet--tied up for 3 days Clifford Stoll--1989 The Cuckoo’s Egg Berkeley Labs Unix--account not balance Monitor, false information Track to East German spy Old Techniques Salami slice Bank deposit slips Trojan Horse Virus Manual v Automated Data Amount of data Identification of users Difficult to detect changes Speed Search Copy Statistical Inference Communication Lines SunGard is a premier provider of computer backup facilities and disaster planning services. Its fleet of Mobile Data Centers can be outfitted with a variety of distributed systems hardware and delivered at a disaster site within 48 hours. Disaster Planning Data Backup Backup is critical Offsite backup is critical Levels RAID (multiple drives) Real time replication Scheduled backups Data Backup Offsite backups are critical. . | Introduction to MIS Chapter 4 Security, Privacy, Anonymity Outline Threats to Information Physical Security and Disaster Planning Logical Security and Data Protection Virus Threats User Identification and Biometrics Access controls Encryption and Authentication Internet Security Issues Privacy Anonymity Cases: Healthcare Appendix: Server Security Certificates Security, Privacy, and Anonymity Server Attacks Data interception The Internet Monitoring Employees & Consultants Links to business partners Outside hackers Threats to Information Accidents & Disasters Employees & Consultants Business Partnerships Outsiders Viruses Virus hiding in e-mail attachment. $$ Security Categories Physical attack & disasters Backup--off-site Cold/Shell site Hot site Disaster tests Personal computers! Logical Unauthorized disclosure Unauthorized modification Unauthorized withholding Denial of Service Horror Stories Security Pacific--Oct. 1978 Stanley Mark Rifkin Electronic Funds Transfer $ million .
