topic 13

Managing Information Systems Security

• Information systems security refers to precautions taken to keep all aspects of information systems (e.g., hardware, software, network equipment, and data) safe from destruction, manipulation, or unauthorized access or use.
• The primary threats to the security of information systems include natural disasters, accidents, employees/consultants, links to outside business contacts, and outsiders (hackers/crackers).
• Securing against these threats must consider the primary goals of availability, integrity, confidentiality, and accountability.
• Information systems security involves four main tasks: assessing risks, developing a security strategy, implementing controls and training, and monitoring security.
• Risk assessments are performed to ensure that IS security programs make sense economically.
• A strategy should be formulated that details what information systems controls (in terms of technology, people, and policies) should be implemented.
• Policies and procedures that establish responsibilities include confidential information policy, use policy, and account management policy.
• Technological safeguards for reducing risk include physical access restrictions, firewalls, and encryption.
• Physical access control methods include biometrics, access control software, and smart cards.
• Firewalls can be implemented in hardware, software, or a combination of both to detect intrusion and prevent unauthorized access to or from a private network.
• Encryption can be used to protect data that is transmitted over the internet.
• Human safeguards can help protect information systems, including ethics, laws, and effective management.

Managing Information Systems Security

• Information systems security refers to precautions taken to keep all aspects of information systems (e.g., hardware, software, network equipment, and data) safe from destruction, manipulation, or unauthorized access or use.
• The primary threats to the security of information systems include natural disasters, accidents, employees/consultants, links to outside business contacts, and outsiders (hackers/crackers).
• Securing against these threats must consider the primary goals of availability, integrity, confidentiality, and accountability.
• Information systems security involves four main tasks: assessing risks, developing a security strategy, implementing controls and training, and monitoring security.
• Risk assessments are performed to ensure that IS security programs make sense economically.
• A strategy should be formulated that details what information systems controls (in terms of technology, people, and policies) should be implemented.
• Policies and procedures that establish responsibilities include confidential information policy, use policy, and account management policy.
• Technological safeguards for reducing risk include physical access restrictions, firewalls, and encryption.
• Physical access control methods include biometrics, access control software, and smart cards.
• Firewalls can be implemented in hardware, software, or a combination of both to detect intrusion and prevent unauthorized access to or from a private network.
• Encryption can be used to protect data that is transmitted over the internet.
• Human safeguards can help protect information systems, including ethics, laws, and effective management.

Managing Information Systems Security

• Information systems security refers to precautions taken to keep all aspects of information systems (e.g., hardware, software, network equipment, and data) safe from destruction, manipulation, or unauthorized access or use.
• The primary threats to the security of information systems include natural disasters, accidents, employees/consultants, links to outside business contacts, and outsiders (hackers/crackers).
• Securing against these threats must consider the primary goals of availability, integrity, confidentiality, and accountability.
• Information systems security involves four main tasks: assessing risks, developing a security strategy, implementing controls and training, and monitoring security.
• Risk assessments are performed to ensure that IS security programs make sense economically.
• A strategy should be formulated that details what information systems controls (in terms of technology, people, and policies) should be implemented.
• Policies and procedures that establish responsibilities include confidential information policy, use policy, and account management policy.
• Technological safeguards for reducing risk include physical access restrictions, firewalls, and encryption.
• Physical access control methods include biometrics, access control software, and smart cards.
• Firewalls can be implemented in hardware, software, or a combination of both to detect intrusion and prevent unauthorized access to or from a private network.
• Encryption can be used to protect data that is transmitted over the internet.
• Human safeguards can help protect information systems, including ethics, laws, and effective management.

Managing Information Systems Security

• Information systems security refers to precautions taken to keep all aspects of information systems (e.g., hardware, software, network equipment, and data) safe from destruction, manipulation, or unauthorized access or use.
• The primary threats to the security of information systems include natural disasters, accidents, employees/consultants, links to outside business contacts, and outsiders (hackers/crackers).
• Securing against these threats must consider the primary goals of availability, integrity, confidentiality, and accountability.
• Information systems security involves four main tasks: assessing risks, developing a security strategy, implementing controls and training, and monitoring security.
• Risk assessments are performed to ensure that IS security programs make sense economically.
• A strategy should be formulated that details what information systems controls (in terms of technology, people, and policies) should be implemented.
• Policies and procedures that establish responsibilities include confidential information policy, use policy, and account management policy.
• Technological safeguards for reducing risk include physical access restrictions, firewalls, and encryption.
• Physical access control methods include biometrics, access control software, and smart cards.
• Firewalls can be implemented in hardware, software, or a combination of both to detect intrusion and prevent unauthorized access to or from a private network.
• Encryption can be used to protect data that is transmitted over the internet.
• Human safeguards can help protect information systems, including ethics, laws, and effective management.

Managing Information Systems Security

• Information systems security refers to precautions taken to keep all aspects of information systems (e.g., hardware, software, network equipment, and data) safe from destruction, manipulation, or unauthorized access or use.
• The primary threats to the security of information systems include natural disasters, accidents, employees/consultants, links to outside business contacts, and outsiders (hackers/crackers).
• Securing against these threats must consider the primary goals of availability, integrity, confidentiality, and accountability.
• Information systems security involves four main tasks: assessing risks, developing a security strategy, implementing controls and training, and monitoring security.
• Risk assessments are performed to ensure that IS security programs make sense economically.
• A strategy should be formulated that details what information systems controls (in terms of technology, people, and policies) should be implemented.
• Policies and procedures that establish responsibilities include confidential information policy, use policy, and account management policy.
• Technological safeguards for reducing risk include physical access restrictions, firewalls, and encryption.
• Physical access control methods include biometrics, access control software, and smart cards.
• Firewalls can be implemented in hardware, software, or a combination of both to detect intrusion and prevent unauthorized access to or from a private network.
• Encryption can be used to protect data that is transmitted over the internet.
• Human safeguards can help protect information systems, including ethics, laws, and effective management.

Managing Information Systems Security

• Information systems security refers to precautions taken to keep all aspects of information systems (e.g., hardware, software, network equipment, and data) safe from destruction, manipulation, or unauthorized access or use.
• The primary threats to the security of information systems include natural disasters, accidents, employees/consultants, links to outside business contacts, and outsiders (hackers/crackers).
• Securing against these threats must consider the primary goals of availability, integrity, confidentiality, and accountability.
• Information systems security involves four main tasks: assessing risks, developing a security strategy, implementing controls and training, and monitoring security.
• Risk assessments are performed to ensure that IS security programs make sense economically.
• A strategy should be formulated that details what information systems controls (in terms of technology, people, and policies) should be implemented.
• Policies and procedures that establish responsibilities include confidential information policy, use policy, and account management policy.
• Technological safeguards for reducing risk include physical access restrictions, firewalls, and encryption.
• Physical access control methods include biometrics, access control software, and smart cards.
• Firewalls can be implemented in hardware, software, or a combination of both to detect intrusion and prevent unauthorized access to or from a private network.
• Encryption can be used to protect data that is transmitted over the internet.
• Human safeguards can help protect information systems, including ethics, laws, and effective management.

Managing Information Systems Security

• Information systems security refers to precautions taken to keep all aspects of information systems (e.g., hardware, software, network equipment, and data) safe from destruction, manipulation, or unauthorized access or use.
• The primary threats to the security of information systems include natural disasters, accidents, employees/consultants, links to outside business contacts, and outsiders (hackers/crackers).
• Securing against these threats must consider the primary goals of availability, integrity, confidentiality, and accountability.
• Information systems security involves four main tasks: assessing risks, developing a security strategy, implementing controls and training, and monitoring security.
• Risk assessments are performed to ensure that IS security programs make sense economically.
• A strategy should be formulated that details what information systems controls (in terms of technology, people, and policies) should be implemented.
• Policies and procedures that establish responsibilities include confidential information policy, use policy, and account management policy.
• Technological safeguards for reducing risk include physical access restrictions, firewalls, and encryption.
• Physical access control methods include biometrics, access control software, and smart cards.
• Firewalls can be implemented in hardware, software, or a combination of both to detect intrusion and prevent unauthorized access to or from a private network.
• Encryption can be used to protect data that is transmitted over the internet.
• Human safeguards can help protect information systems, including ethics, laws, and effective management.