【正文】 169。 2022 by Prentice Hall 7 Chapter Securing Information Systems 169。 2022 by Prentice Hall STUDENT LEARNING OBJECTIVES Essentials of Business Information Systems Chapter 7 Securing Information Systems ? Why are information systems vulnerable to destruction, error, and abuse? ? What is the business value of security and control? ? What are the ponents of an anizational framework for security and control? ? Evaluate the most important tools and technologies for safeguarding information resources. 169。 2022 by Prentice Hall Phishing: A Costly New Sport for Inter Users ? Problem: Large number of vulnerable users of online financial services, ease of creating bogus Web sites. ? Solutions: Deploy antiphishing software and services and a multilevel authentication system to identify threats and reduce phishing attempts. ? Deploying new tools, technologies, and security procedures, along with educating consumers, increases reliability and customer confidence. ? Demonstrates IT’s role in bating cyber crime. ? Illustrates digital technology as part of a multilevel solution as well as its limitations in overing discouraged consumers. Essentials of Business Information Systems Chapter 7 Securing Information Systems 169。 2022 by Prentice Hall ? Discuss suspicious s that members of the class have received: ? What made you suspicious of a particular ? ? Did you open the ? Were there any consequences to this action? ? Did you report the suspicious to anyone? ? What measures have you taken to protect yourself from phishing scams? Interactive Session: Phishing Phishing: A Costly New Sport for Inter Users Essentials of Business Information Systems Chapter 7 Securing Information Systems 169。 2022 by Prentice Hall System Vulnerability and Abuse ? An unprotected puter connected to Inter may be disabled within seconds ? Security: ? Policies, procedures and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems ? Controls: ? Methods, policies, and anizational procedures that ensure safety of anization’s assets。 accuracy and reliability of its accounting records。 and operational adherence to management standards Essentials of Business Information Systems Chapter 7 Securing Information Systems 169。 2022 by Prentice Hall Why Systems Are Vulnerable ? Hardware problems ? Breakdowns, configuration errors, damage from improper use or crime ? Software problems ? Programming errors, installation errors, unauthorized changes ? Disasters ? Power failures, flood, fires, etc. ? Use of works and puters outside of firm’s control ? . with domestic or offshore outsourcing vendors System Vulnerability and Abuse Essentials of Business Information Systems Chapter 7 Securing Information Systems 169。 2022 by Prentice Hall Contemporary Security Challenges and Vulnerabilities Figure 71 The architecture of a Webbased application typically includes a Web client, a server, and corporate information systems linked to databases. Each of these ponents presents security challenges and vulnerabilities. Floods, fires, power failures, and other electrical problems can cause disruptions at any point in the work. System Vulnerability and Abuse Essentials of Business Information Systems Chapter 7 Securing Information Systems 169。 2022 by Prentice Hall ? Inter vulnerabilities ? Network open to anyone ? Size of Inter means abuses can have wide impact ? Use of fixed Inter addresses with permanent connections to Inter eases identification by hackers ? Email attachments ? Email used for transmitting trade secrets ? IM messages lack security, can be easily intercepted System Vulnerability and Abuse Essentials of Business Information Systems Chapter 7 Securing Information Systems 169。 2022 by Prentice Hall ? Wireless security challenges ? Radio frequency bands easy to scan ? SSIDs (service set identifiers)（服務(wù)區(qū)標(biāo)識符） ? Identify access points ? Broadcast multiple times ? War driving ? Eavesdroppers drive by buildings and try to intercept work traffic ? When hacker gains access to SSID, has access to work’s resources ? WEP (Wired Equivalent Privacy) ? Security standard for ? Basic specification uses shared password for both users and access point ? Users often fail to use security features System Vulnerability and Abuse Essentials of Business Information Systems Chapter 7 Securing Information Systems 169。 2022 by Prentice Hall WEP是 Wired Equivalent Privacy的簡稱，有線等效保密（ WEP）協(xié)議是對在兩臺設(shè)備間無線傳輸?shù)臄?shù)據(jù)進(jìn)行加密的方式，用以防止非法用戶竊聽或侵入無線網(wǎng)絡(luò)。 169。 2022 by Prentice Hall WiFi Security Challenges Figure 72 Many WiFi works can be perated easily by intruders using sniffer programs to obtain an address to access the resources of a work without authorization. System Vulnerability and Abuse Essentials of Business Information Systems Chapter 7 Securing Information Systems 169。 2022 by Prentice Hall Malicious Software: Viruses, Worms, Trojan Horses, and Spyware ? Malware（惡意軟件） ? Viruses（病毒） ? Rogue software program that attaches itself to other software programs or data files in order to be executed ? Worms （蠕蟲） ? Independent puter programs that copy themselves from one puter to other puters over a work. ? Trojan horses（木馬） ? Software program that appears to be benign but then does something other than expected. System Vulnerability and Abuse Essentials of Business Information Systems Chapter 7