management information system presentation
TRANSCRIPT
![Page 1: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/1.jpg)
![Page 2: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/2.jpg)
![Page 3: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/3.jpg)
GROUP MEMBERS
IRFAN ABID-70
UMER ISMAEEL-79
MUHAMMAD AHMED-84
MUNIR AHMED-106
MUHAMMAD TOUQEER-130
![Page 4: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/4.jpg)
SECURING MANAGEMENT
INFORMATION
SYSTEM
![Page 5: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/5.jpg)
Introduction to MIS
An MIS provides managers with information and support for effective decision
making, and provides feedback on daily operations.
MIS is a system, which makes available the Right Information to the Right
Person at the Right place at the Right Time in the Right Form and at
Right Cost.
![Page 6: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/6.jpg)
The quality or state of being secure to be free from danger
Security is achieved using several strategies simultaneously or used in
combination with one another
Security is recognized as essential to protect vital processes and the
systems that provide those processes
Security is not something you buy, it is something you do
What is security?
![Page 7: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/7.jpg)
Vulnerability, Threat and Attack
A vulnerability:- is a weakness in security system
Can be in design, implementation, etc.
Can be hardware, or software
A threat:- is a set of circumstances that has the potential to cause loss or
harm
Or it’s a potential violation of security
Threat can be:
Accidental (natural disasters, human error, …)
Malicious (attackers, insider fraud, …)
An attack:- is the actual violation of security
![Page 8: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/8.jpg)
Why Systems are Vulnerable?
Hardware problems-
• Breakdowns, configuration errors, damage from
improper use or crime
Software problems-
• Programming errors, installation errors, unauthorized
changes)
Disasters-
• Power failures, flood, fires, etc.
Use of networks and computers outside of firm’s control
-
• E.g. with domestic or offshore outsourcing vendors
![Page 9: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/9.jpg)
![Page 10: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/10.jpg)
SO HOW DO WE OVERCOME THESE PROBLEMS???
![Page 11: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/11.jpg)
BUSINESS VALUE OF SECURITY AND
CONTROL
• Inadequate security and control may create serious legal liability.
• Businesses must protect not only their own information assets but also
those of customers, employees, and business partners. Failure to do so
can lead to costly litigation for data exposure or theft.
• A sound security and control framework that protects business information
assets can thus produce a high return on investment.
![Page 12: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/12.jpg)
ESTABLISHING A MANAGEMENT FRAMEWORK
FOR SECURITY AND CONTROL
General controls:
Establish framework for controlling design, security, and use of computer
programs
• Software controls
• Hardware controls
• Computer operations controls
• Data security controls
• Implementation controls
![Page 13: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/13.jpg)
ESTABLISHING A MANAGEMENT FRAMEWORK FOR
SECURITY AND CONTROL
Application controls:
• Input
• Processing
• Output
Unique to each computerized
application
![Page 14: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/14.jpg)
CREATING A CONTROL ENVIRONMENT
Controls:-
• Methods, policies, and procedures
• Ensures protection of organization’s assets
• Ensures accuracy and reliability of records, and
operational adherence to management standards
![Page 15: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/15.jpg)
Worldwide Damage from Digital Attacks
![Page 16: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/16.jpg)
![Page 17: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/17.jpg)
CREATING A CONTROL ENVIRONMENT
Disaster recovery plan:
Runs business in event of computer outage
Load balancing:
Distributes large number of requests for access among
multiple servers
![Page 18: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/18.jpg)
CREATING A CONTROL ENVIRONMENT
• Mirroring:
Duplicating all processes and transactions of server on backup server to
prevent any interruption
• Clustering:
Linking two computers together so that a second computer can act as a
backup to the primary computer or speed up processing
![Page 19: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/19.jpg)
CREATING A CONTROL ENVIRONMENT
Internet Security Challenges
Firewalls:-
• Hardware and software controlling flow of incoming and outgoing network
traffic
• Prevent unauthorized users from accessing private networks
• Two types: proxies and stateful inspection
Intrusion Detection System:-
• Monitors vulnerable points in network to detect and deter unauthorized
intruders
![Page 20: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/20.jpg)
Figure 10-7
A Corporate Firewall
![Page 21: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/21.jpg)
![Page 22: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/22.jpg)
Because they can
A large fraction of hacker attacks have been pranks
Financial Gain
Espionage
Venting anger at a company or organization
Terrorism
Why do Hackers Attack?
![Page 23: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/23.jpg)
Access Control - Physical
USER RESPONSIBILITIES
• Follow Security Procedures
• Wear Identity Cards
• Ask unauthorized visitor his credentials
• Attend visitors in Reception and Conference Room only
• Bring visitors in operations area without prior permission
• Bring hazardous and combustible material in secure area
• Practice “Piggybacking”
• Bring and use pen drives, zip drives, ipods, other storage devices
unless and otherwise authorized to do so
![Page 24: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/24.jpg)
Password Guidelines
Always use at least 8 character password with combination of
alphabets, numbers and special characters (*, %, @, #, $, ^)
Use passwords that can be easily remembered by you
Change password regularly as per policy
Use password that is significantly different from earlier passwords
Use passwords which reveals your personal information or words found
in dictionary
Write down or Store passwords
Share passwords over phone or Email
Use passwords which do not match above complexity criteria
![Page 25: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/25.jpg)
Dictionary Attack
Hacker tries all words in dictionary to crack password
70% of the people use dictionary words as passwords
Brute Force Attack
Try all permutations of the letters & symbols in the alphabet
Hybrid Attack
Words from dictionary and their variations used in attack
Shoulder Surfing
Hackers slyly watch over peoples shoulders to steal passwords
Dumpster Diving
People dump their trash papers in garbage which may contain information to crack passwords
Password Attacks - Types
![Page 26: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/26.jpg)
Internet Usage
Use internet services for business purposes only
Do not access internet through dial-up connectivity
Do not use internet for accessing auction sites
Do not use internet for hacking other computer systems
Do not use internet to download / upload commercial software /
copyrighted material
Technology Department is continuously monitoring Internet
Usage. Any illegal use of internet and other assets shall call for
Disciplinary Action.
![Page 27: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/27.jpg)
CREATING A CONTROL ENVIRONMENT
Antivirus Software
Antivirus software: -
Software that checks computer systems and drives for
the presence of computer viruses and can eliminate the
virus from the infected area
• Wi-Fi Protected Access specification
![Page 28: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/28.jpg)
This NEC PC has a biometric fingerprint reader
for fast yet secure access to files and networks.
New models of PCs are starting to use
biometric identification to authenticate users
![Page 29: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/29.jpg)
![Page 30: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/30.jpg)
MANAGEMENT CHALLENGES
Implementing an effective security policy
Applying quality assurance standards in large systems projects
What are the most important software quality assurance techniques?
Why are auditing information systems and safeguarding data quality so
important?
![Page 31: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/31.jpg)
Solution Guidelines
• Security and control must become a more visible and explicit
priority and area of information systems investment.
• Support and commitment from top management is required to
show that security is indeed a corporate priority and vital to all
aspects of the business.
• Security and control should be the responsibility of everyone in
the organization.
![Page 32: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/32.jpg)
. . . LET US BUILD A HUMAN WALL ALONG WITH FIREWALL
Human Wall Is Always Better Than A Firewall
![Page 33: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/33.jpg)
![Page 34: Management Information System Presentation](https://reader030.vdocuments.site/reader030/viewer/2022032616/55a5ac201a28abaa238b45c1/html5/thumbnails/34.jpg)