Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Managing Information
Resources & Security
1
Learning Objectives
Recognize the difficulties in managing
information resources.
2
Learning Objectives (cont.)
Describe the major methods of defending
information systems.
8
SLAs & Information Centers
Backup IS controls
Decryption Integrity (of data)
Encryption Risk
Exposure Threats (or hazards)
Fault Vulnerability
tolerance
12
Security Threats
13
Cyber Crime
Crimes can be performed by outsiders who
penetrate a computer system (hackers) or by
insiders who are authorized to use the
computer system but are misusing their
authorization.
A cracker is a malicious hacker, who may
represent a serious problem for a corporation.
17
Types of Defense Controls
The defense controls are divided into two major
categories:
General controls
Application controls
• Safeguards that are intended to protect specific
applications.
18
Types of Controls
19
Security Measures
An access control system guards against
unauthorized dial-in attempts.
The use of preassigned personal
identification number (PIN).
Modems. It is quite easy for attackers to penetrate
them and for employees to leak secret corporate
information to external networks.
24
Disaster Recovery Plan
A disaster recovery plan is essential to any security
system.
Here are some key thoughts about disaster
recovery by Knoll (1986):
The purpose of a recovery plan is to keep the
business running after a disaster occurs.
Recovery planning is part of asset protection.
Planning should focus first on recovery from a total
loss of all capabilities.
Proof of capability usually involves some kind of
what-if analysis that shows that the recovery plan is
current.
All critical applications must be identified and their
recovery procedures addressed in the plan. 25
Backup Location
In the event of a major disaster, it is often
necessary to move a centralized computing
facility to a far-away backup location.
28
Risk-Management (cont.)
End-users are
friends, not enemies,
of the IS department.
Ethical Issues.
34
Managerial Issues (cont.)
Responsibilities for Auditing information
security should be systems should be
assigned in all areas. institutionalized into
the organizational
Security awareness culture.
programs are
important for any Organizing the ISD in
organization, a multinational
especially if it is corporation is a
heavily dependent complex issue.
on IT.
35