1 / 51

Introduction to Business Information Systems

Introduction to Business Information Systems. Prof. Dr. Roland M. Müller, Berlin School of Economics and Law. Agenda. Security concepts Counter Measures Some recent incidences Malware How can you protect yourself? Phishing Skimming Identity Fraud Trends. What Is Security?.

darrel-levy
Télécharger la présentation

Introduction to Business Information Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to Business Information Systems Prof. Dr. Roland M. Müller, Berlin School of Economics and Law Intro. BIS, IBMAN

  2. Agenda • Security concepts • Counter Measures • Some recent incidences • Malware • How can you protect yourself? • Phishing • Skimming • Identity Fraud • Trends

  3. What Is Security? Management of Information Security, 3rd Edition • Security is defined as “the quality or state of being secure, to be free from danger” • Security is often achieved by means of several strategies, undertaken simultaneously, or used in combination with one another • Information Security is the protection of information and its three dimensions or critical elements: confidentiality, integrity, and availability (CIA Triangle). • Information Security includes the systems and hardware that use, store, and transmit that information

  4. Key Concepts of Information Security Management of Information Security, 3rd Edition • Confidentiality • The characteristic of information whereby only those with sufficient privileges may access certain information • Measures used to protect confidentiality • Information classification • Secure document storage • Application of general security policies • Education of information custodians and end users

  5. Key Concepts of Information Security (cont’d.) Management of Information Security, 3rd Edition • Integrity • The quality or state of being whole, complete, and uncorrupted • Information integrity is threatened If exposed to corruption, damage, destruction, or other disruption of its authentic state. • Corruption can occur while information is being compiled, stored, or transmitted .

  6. Key Concepts of Information Security (cont’d.) Management of Information Security, 3rd Edition • Availability • The characteristic of information that enables user access to information in a required format, without interference or obstruction • A user in this definition may be either a person or another computer system. • Availability does not imply that the information is accessible to any user. • Implies availability to authorized users

  7. Security aspects / elements • Confidentiality • Integrity • Availability • Posession • Utility • Authenticity Which aspect is most impotant for (and why) - Banks - Government - Airlines

  8. Threats • Malicious • Malicious software (Virus, Worm, Trojan horse, …) • Spoofing • Scanning • Snooping • Scavenging • Unintentional • Malfunction • Human error • Physical • Fire • Water • Power loss • Vandalim

  9. Attackers • Script-kiddies • Professionals, criminals • (Ex-)Employees • Competitors • Intelligence agency • Students

  10. Trojan Horse

  11. Virus, Worms, Trojan Horses 1) Computer Virus: • Needs a host file • Copies itself • Executable 2) Network Worm: • No host (self-contained) • Copies itself • Executable 3) Trojan Horse: • No host (self-contained) • Does not copy itself • Imposter Program

  12. Browser Cookies

  13. Using Web Addresses to Stay Safe • LEGITIMATE: • www.bankofamerica.com • www.bankofamerica.com/smallbusiness • SUSPICIOUS: • bankofamerica.xyz.com • www.xyz.com/bankofamerica

  14. https://www.bankofamerica.com. https://

  15. Validating Identities Online

  16. Open WLAN • Everybody can listen! • Session hijacking • Video: http://www.youtube.com/watch?v=ZtZPR-TAEZw • Use VPN • Use https • Use ForceTLS • Don‘t use it for login-in services

  17. Session hijacking:Don‘t try this at home (or here) • § 202a StGB Spying out data:Up to 3 years in prison! • § 202b StGB Interception of data:Up to 2 years in prison! • § 202c StGB Preparing for Spying out or Interception of data:Up to 1 year in prison!

  18. Phishing • http://www.youtube.com/watch?v=7MtYVSGe1ME

  19. Phishing test • Phishing test: http://www.sonicwall.com/phishing/

  20. Attack 1: Phishing

  21. Agenda • Security concepts • Counter Measures • Some recent incidences • Malware • How can you protect yourself? • Phishing • Skimming • Identity Fraud • Trends

  22. Skimming • http://www.youtube.com/watch?v=m3qK46L2b_c

  23. Attack 2: Skimming (ATM)

  24. Attack 2: Skimming (POS)

  25. Agenda • Security concepts • Counter Measures • Some recent incidences • Malware • How can you protect yourself? • Phishing • Skimming • Identity Fraud • Trends

  26. Attack 3: Identity theft • Financial Identity Theftusing another's name and SSN to obtain goods and services • Criminal Identity Theftposing as another when apprehended for a crime • Identity Cloningusing another's information to assume his or her identity in daily life • Business/Commercial Identity Theftusing another's business name to obtain credit

  27. Attack 3: Identity fraud • Michelle Brown • Filled in rental form • Over $ 50,000 in goods and services were procured in her name • The ‘other’ Michelle was engaged in drug trafficking • Damaged credit profile • Warrant out for arrest • Prison record • Testified before the US Senate Committee Hearing on Identity Theft. • Film: The Michelle Brown story

  28. Financial Losses Related to Identity Theft 10 million new victims per year $76 billion in losses for 2009 Average “take” from Identity Theft is almost 10 times greater than from an armed robbery Average incident cost $4,800 to businesses involved $500 to consumer involved 200-600 hours of consumer time 2009 275,284 Internet fraud complaints $276 million Internet fraud loss

  29. Financial Losses Related to Identity Theft (cont’d.) 2007 to 2008: a rise of $25 million or 33%

  30. What is Identity Theft? Name + Non-public information Social security number Credit card number Medical information Drivers license Credit bureau information Non-public information used to commit fraud or other crimes Low risk, high reward - it’s all about money Directly to use your accounts or identity To resell your accounts or identity on the black market

  31. Identity Theft Web Sites – How easy is it to acquire information? People Finder License Plate Drivers License Social Security Card College Degree Credit Card Collector

  32. People Finder

  33. License Plate

  34. Drivers License

  35. Social Security Card

  36. College Degree

  37. College Degree

  38. Change of Address

  39. http://www.youtube.com/watch?v=M4z7BH9Ll7k

  40. Video • http://www.wired.com/techbiz/people/magazine/17-01/ff_max_butler?currentPage=all • http://link.brightcove.com/services/player/bcpid1815813330?bctid=5310498001

  41. Videos for Executives, Employees, and Customers Federal Trade Commission’s Educational Phishing Video http://www.ftc.gov/bcp/edu/multimedia/ecards/phishing/ Federal Deposit Insurance Corporation (FDIC) (Video) Don’t Be an Online Victim: How to Guard against Internet Thieves and Electronic Scans http://edgecastcdn.net/00003F/anon.vodium/fdic/identitytheft/index.html Contact the FDIC Call Center 1-877-ASKFDIC (877-275-3342); TDD: 1-800-925-4618

  42. Trends • Hacking is more and more a criminal profession • Internet fraud rise • Identity fraud (internal, external) • Regulations become more important • Dependency on the Internet is high, point of no return has been passed • Outsourcing

More Related