MANAGEMENT

INFORMATION SYSTEMS
Wondimeneh Mammo (Ass.Prof)

1
COPYRIGHT NOTICE
THIS MOTION PICTURE IS PROTECTED UNDER INTERNATIONAL LAWS
AND ITS UNAUTHORIZED DUPLICATION, EXHIBITION, DISTRIBUTION
OR USE MAY RESULT IN CIVIL LIABILITIES AND
CRIMINAL PROSECUTION, PEOPLE APPEARING IN THIS MOTION
PICTURE HAVE GIVEN THEIR CONSENT AND DO SO TO YARDSTICK
INTERNATIONAL PLC ONLY.

Copyright © 2021
Yardstick International College

2
CHAPTER
FIVE PART I
Information System Security

3
Session objective
- At the end of this session, students will be able to explain

- Major Threats To Information System Security

- Factors Contributing To Threat
- Managing Information System Security

4
Outline
● Introduction
● Major Threats To Information System Security
● Factors Contributing To Threat
● Computer Crime
● Managing Information System Security

5
Introduction
Information System Security

Threats – IS Factors Contributing Managing IS Security

Security to Threat
Goals
Definition of IS Security Strategy
Inadvertent act
Dimensions of IS ✔ Policy
Deliberate SW attack
Security ✔ Authentication
✔ Virus, Hacking, identity
Definition of IS Security ✔ Access control
theft, cyber-harassment,
Threats ✔ Encryption
war, crime
Natural Disaster ✔ Backup
Technical Failure ✔ Firewall
Management failure ✔ IDS
✔ Physical security

6
MAJOR THREATS TO INFORMATION
SYSTEM SECURITY

7
Definition of Information System Security
● Security is defined as “the quality/state of being secured – to be secured
from danger”
● Information security – practice of defending digital information from
unauthorized:
o Access
o Use
o Recording
o Disruption
o Modification
o Destruction

8
Dimensions of Information Security
● Information is:
o stored on computer hardware
o manipulated by software
o transmitted by communication network
o used by people, etc.
● Multiple layers of security:
o Physical security: physical items/objects/areas
o Personal security: individuals/groups
o Operations security: series of activities
o Communication security: media, technology and content
o Information security: confidentiality, integrity and accessibility

9
 QUESTION TIME
______ any action or interaction that would
cause alteration, destruction, removal of
information using IS.

CREDITS: This presentation template was created by

Slidesgo, including icons by Flaticon, infographics &
images by Freepik

MBA632
10
Information Security Threats
● Security Threat: any action or interaction that could cause disclosure,
alteration, loss, damage or unavailability of a company’s/individual’s assets
● Three components of threat:
o Target: organization’s assets that might be attacked (information, HW,
SW, Network service, etc.)
o Agent: people/organization originating threat
(intentional/non-intentional)
o Events: type of action that poses the threat

11
FACTORS CONTRIBUTING TO THREAT

12
Cont.…
INADVERTENT ACTS
● acts that happen by mistake
● not deliberate or with no malicious intent or ill will
● examples of inadvertent acts
o Acts of Human error and failure (inexperienced, poor training)
o Deviation from service quality,
o Communication error

13
Cont.…
DELEBERATE SOFTWARE ATTACKS
● Deliberate action aimed to violate/ compromise a system’s security
through the use of software:
o Use of malware
o Password cracking
o DoS and DDoS
o Spoofing
o Sniffing

14
Cont.…
NATURAL DISASTER
● dangerous - unexpected and occur without very little warning, causes
damage to information
TECHNICAL FAILURE
● Two Types: (Technical Hardware Failure
o Technical Software Failure
MANAGEMENT FAILURE
● Managers:
o Update, develop proper plan for good protection of the information,
Committed to upgrade

15
 QUESTION TIME
Among the factors that are contributing towards
information security ______ performed without deliberate
knowledge

A. Management failure
B. Inadvertent act
C. Technical failure
CREDITS: This presentation template was created by
D. Deliberate act including icons by Flaticon, infographics &
Slidesgo,
images by Freepik

16
Computer Crime
What is computer crime?
● Using a computer to commit an illegal act
o Targeting a computer while committing an offense
o Unauthorized access of a server to destroy data
● Using a computer to:
o commit an offense: to embezzle funds
o support criminal activity: illegal gambling

17
Cont.…
Who commits a crime?
● Current or former employees; insider threat
● People with technical knowledge who commit business or information
sabotage for personal gain
● Career criminals who use computers to assist in crimes
● Outside crackers — commit millions of intrusions per year

18
 DISCUSSION POINT
- What are the possible reasons that employees have
been found to commit computer crime in the
utilization of information systems, briefly explain the
possible reasons

(Please discuss your thoughts on the LMS discussion board)

CREDITS: This presentation template was created by
Slidesgo, including icons by Flaticon, infographics &
images by Freepik

19
THANK YOU!

20
MANAGEMENT
INFORMATION SYSTEMS
Wondimeneh Mammo (Ass.Prof)

21
COPYRIGHT NOTICE
THIS MOTION PICTURE IS PROTECTED UNDER INTERNATIONAL LAWS
AND ITS UNAUTHORIZED DUPLICATION, EXHIBITION, DISTRIBUTION
OR USE MAY RESULT IN CIVIL LIABILITIES AND
CRIMINAL PROSECUTION, PEOPLE APPEARING IN THIS MOTION
PICTURE HAVE GIVEN THEIR CONSENT AND DO SO TO YARDSTICK
INTERNATIONAL PLC ONLY.

Copyright © 2021
Yardstick International College

22
CHAPTER
FIVE PART II
Information System Security

23
 QUESTION TIME
_______ individuals who can gain unauthorized access
companies IS resources

CREDITS: This presentation template was created by

Slidesgo, including icons by Flaticon, infographics &
images by Freepik

24
Types of Computer Crimes

Identity
Hacking & Cracking
Theft

Computer
Viruses

Cyber harassment,
Cyberstalking, Piracy
Cyberbullying

25
Hackers & Crackers
Hackers
● Anyone who can gain unauthorized access to computers
● White hat hackers don’t intend to do harm
Crackers
● Individuals who break into computer systems with the intent to commit
crime or do damage
● Also called black hat hackers
Hacktivists:
● Crackers who are motivated by political or ideological goals and who use
cracking to promote their interests

26
Computer Viruses
● perverse software which cause malicious activity (spread destructive
program routines)
o hindering execution of other programs
o modification or complete destruction of data
• destroy the contents of memory, hard disks, and other storage
devices
o sabotaging the operating system
● Types: Virus, Worms, Trojan Horses, Bombs,

27
Cont.…
● Reasons for perverse activity:
o For gaining publicity
o Revenge on company/person
o In-born natural desire to tease other people
o act of maniac

28
Spyware, Spam, and Cookies
● Spyware: software that monitors the computer use, such as the Web sites
visible or even the keystrokes of the user
● Spam: Bulk unsolicited e-mail sent to millions of users at extremely low
cost, typically seeking to sell a product, distribute malware, or conduct a
phishing attack
● Cookies: A small file Web sites place on a user’s computer; can be
legitimate (to capture items in a shopping cart) but can be abused (to
track individuals’ browsing habits) and can contain sensitive information
(like credit card numbers) and pose a security risk

29
Denial-of-Service (DoS)
● A denial-of-service attack seeks to
overload servers, typically using a network
of hacked computers that are controlled
remotely, by sending too many requests or
messages to the server for it to handle.
● When a server has too many requests to
handle, it becomes overloaded and unable
to serve the requests of legitimate users.

30
Sniffing
● use of a program or device that can monitor data traveling over a network
● Unauthorized sniffers – sniff/extract critical information; can’t be detected

31
 QUESTION TIME
An act of monitoring data travelling over a network using
a device or a program is known as

A. DoS
B. Sniffing
C. Identity theft
CREDITS: This presentation template was created by
D. SpoofingSlidesgo, including icons by Flaticon, infographics &
images by Freepik

32
Identity Theft
● Stealing Social Security, credit card, bank account numbers and
information
o thieves even withdraw money directly from victims’ bank accounts
o organizations keep information about individuals in accessible
databases
● One of the fastest growing information crimes
● Possible solutions
o Government and private sector working together to change practices
o Use of biometrics and encryption

33
Software Piracy
● Unauthorized copying of computer programs, which is intellectual
property protected by copy right law.
● using software that isn’t properly licensed and paid for, such as by
purchasing one copy of a product and then using it on multiple
computers.
● Huge profit loss by software publishers.
Region Piracy Level Dollar Loss
(in US$ millions)
North America Western 19% 10,958
Europe 32% 13,749
Asia/Pacific 60% 20,998
Latin America 61% 7,459
Middle East/Africa 58% 4,159
Eastern Europe 62% 6,133
Worldwide 42% 63,456 34
Managing Information System Security

35
 QUESTION TIME
True or False

CIA is an acronym that we can use in order to realize goal of

information security

CREDITS: This presentation template was created by

Slidesgo, including icons by Flaticon, infographics &
images by Freepik

36
Goals of Information Security
● Availability:
o Ensuring that legitimate users can access the system
● Integrity
o Preventing unauthorized manipulations of data and systems
● Confidentiality
o Protecting data from unauthorized access
● Accountability
o Ensuring that actions can be traced

37
Developing IS Security Strategy
Options for addressing information security risks
● Risk Reduction
o Actively installing countermeasures
● Risk Acceptance
o Accepting any losses that occur
● Risk Transference
o Have someone else absorb the risk (insurance, outsourcing)
● Risk Avoidance
o Using alternative means, avoiding risky tasks

38
Cont.…
● A strategy is developed detailing the information security controls
● Types of Controls
o Preventive
• negative event from occurring: intruders
o Detective
• recognizing wrong incidents: unauthorized access attempts
o Corrective
• mitigating the impact
● Principles of least permissions and least privileges

39
Cont.…
● IS Security Mechanisms:
o Developing Information System Security Policy
o Use of authentication mechanism
o Access control
o Back-ups
o Firewalls
o Intrusion detection system
o Physical Security

40
IS Security Policy & Procedure
● Policies and procedures include:
o Information policy: handling, storage, transmission, and destroying
o Security policy: access limitations, audit-control software, firewalls,
etc.
o Use policy: proper use
o Backup policy: requirements – critical data
o Account management policy: adding & removing users
o Incident handling procedures: list procedures to follow when
handling a security breach.
o Disaster recovery plan: restore computer operations in case of a
natural or deliberate disaster

41
Authentication Mechanism
● Use of Passwords: secret alphanumeric text used for authentication
o can be compromised if it is weak
● Use of key or smart cards:
o can be easily stolen/lost
● Use of physical characteristics
o Biometric: Identification via fingerprints, retinal patterns in the eye,
facial features, or other bodily characteristics

42
Access Control
● which users are authorized to read, write, modify, add, delete after login
through password
● only those with such capabilities are allowed to perform those functions

43
Physical Security
● Locked doors
● Physical intrusion detection
o Security cameras
● Secured equipment – e.g. hard disc – locked
● Environmental monitoring
o monitoring temperature, humidity, airflow  for servers and other high
value equipment
● Employee training – how to secure

44
Antivirus
● used to prevent, detect and remove malware
● It runs in the background at all times.
● It should be kept updated.
● It runs computer disk scans periodically.
● Eg. McAfee, Norton, Kaspersky.

45
 DISCUSSION POINT
- Explain the role of back up as a remedial solution for
possible security problems by citing the war in the
Northern Ethiopia and the damages made and how
the banking industry has managed to restore back
those branches that were completely destroyed
during the war.
CREDITS: This presentation template was created by
Slidesgo, including icons by Flaticon, infographics &
(Please discuss your thoughts imagesonbythe
Freepik
LMS discussion board)

46
THANK YOU!

47