Presentasi sedang didownload. Silahkan tunggu

Presentasi sedang didownload. Silahkan tunggu

Ethics, Privacy, and Information Security

Presentasi serupa


Presentasi berjudul: "Ethics, Privacy, and Information Security"— Transcript presentasi:

1 Ethics, Privacy, and Information Security
Chapter 3 Introduction to Information System Marcello Singadji

2 Learning Objectives Describe the major ethical issues related to information technology and identify situations in which they occur. Identify the many threats to information security. Understand the various defense mechanisms used to protect information systems. Explain IT auditing and planning for disaster recovery.

3 Topic Ethical Issues Threats to Information Security
Protecting Information Resources

4 Ethical Issues

5 Kasus Tahun 2001, duplikasi klikbca.com
Tahun 2004, data KPU yang acak-acak Tahun 2013, ATM dibobol oleh kakak- beradik

6 Ethical Issues Ethics Code of Ethics
Etika mengacu pada prinsip-prinsip benar dan salah yang digunakan untuk membuat suatu pilihan dalam berperilaku Kode etik adalah sekumpulan prinsip yang digunakan untuk memandu pengambilan keputusan oleh anggota organisasi

7 Fundamental Tenets of Ethics
Responsibility Accountability Liability Prinsip dasar Etika Responsibility berarti bahwa Anda menerima konsekuensi dari keputusan dan tindakan Accountability mengacu pada penentuan siapa yang bertanggung jawab atas tindakan yang diambil Liability Konsep hukum yang memberikan hak bagi seseorang untuk memperbaiki apa yang telah terjadi (pemulihan nama baik)

8 Unethical vs Illegal What is unethical is not necessarily illegal
Haruskah organisasi memonitor karyawannya menggunakan web dan ? Jika organisasi menjual informasi pelanggan kepada perusahaan lain? Jika komputer organisasi menggunakan perangkat lunak bajakan dan terdapat film dan musik hasil download?

9 The Four Categories of Ethical Issues
Privacy issues collecting, storing, and disseminating information about individuals. Accuracy issues the authenticity, fidelity, and accuracy of information that is collected and processed Property issues the ownership and value of information Accessibility issues revolve around who should have access to information and whether they should have to pay for this access

10

11 Threats to Information Security

12

13 Factor Increasing the Treats to Information Security
Today’s interconnected, interdependent, wirelessly networked business environment Government legislation Smaller, faster, cheaper computers and storage devices Decreasing skills necessary to be a computer hacker International organized crime taking over cyber- crime Downstream liability Increased employee use of unmanaged devices Lack of management support Faktor meningkatnya kejahatan terhadap aset informasi pada suatu organisasi: Adanya jaringan yang menghubungkan setiap organisasi Peraturan pemerintah Teknologi komputer yang semakin canggih Penurunan keterampilan yang diperlukan untuk menjadi seorang hacker komputer Adanya kejahatan yang terorganisir Meningkatnya penggunaan perangkat IT yang tidak terkontrol Kurangnya dukungan manajemen

14 Key Information Security Terms
Threat Exposure Vulnerability Risk Information systems controls Organisasi memiliki banyak sumber daya informasi (misalnya, komputer dan informasi, sistem informasi dan aplikasi, database, dan sebagainya). Sumber daya ini rentaan terhadap ancaman. Ancaman Pemaparan informasi Rentan terhadap ancaman Risiko adalah kemungkinan bahwa ancaman akan terjadi. adalah prosedur, atau perangkat lunak yang bertujuan untuk mencegah ancaman pada sistem

15 Security Threats

16 Categories of Threats to Information Systems - Whitman and Mattord (2003)
Unintentional acts Human Errors Natural disasters Technical failures Technical failures include problems with hardware and software Management failures Management failures involve a lack of funding for information security efforts and a lack of interest in those efforts. Deliberate acts Software attacks Identity theft Kesalahan yang tidak disengaja Kesalahan manusia Bencana alam Kesalahan teknis h/w & s/w error Kesalahan manajemen Kurangnya dana dan tidak ada upaya untuk meningkatkan keamanan informasi Disengaja Virus hacking

17 Protecting Information Resources

18 Risk!! There is always risk!

19 Risk Management Risk analysis Risk mitigation Controls evaluation
Risk acceptance Risk limitation Risk transference Controls evaluation

20 Controls Physical Controls Access Controls Communications Controls

21 Physical Controls

22 Access Controls Authentication

23 Access Controls Authorization Privilege Least privilege
Istimewa dan paling istimewa

24 Communications Controls
Firewalls Anti-malware systems Whitelisting and Blacklisting Intrusion Detection Systems Encryption.

25 Firewall

26 Encryption

27 Digital Certificates

28 Communications & Network Controls
Virtual Private Networking Secure Socket Layer (SSL) Vulnerability Management Systems Employee Monitoring Systems A virtual private network (VPN) is a private network that uses a public network (usually the Internet) to connect users. As such, VPNs integrate the global connectivity of the Internet with the security of a private network and thereby extend the reach of the organization’s networks. Secure socket layer, now called transport layer security (TLS), is an encryption standard used for secure transactions such as credit card purchases and online banking. TLS is indicated by a URL that begins with https rather than http, and it often has a small padlock icon in the browser’s status bar. TLS encrypts and decrypts data between a Web server and a browser end to end. Users need access to their organization’s network from any location and at any time. To accommodate these needs, vulnerability management systems, also called security on demand, extend the security perimeter that exists for the organization’s managed devices. That is, vulnerability management systems handle security vulnerabilities on unmanaged remote devices. Recall that we discussed the dangers inherent in using unmanaged devices earlier. Vendors of vulnerability management software include Symantec ( Trend Micro ( McAfee ( and Qualys (

29 Business Continuity Planning, Backup, and Recovery
Hot site fully configured computer facility, with all services, communications links, and physical plant operations Warm site does include computing equipment such as servers, but it often does not include user work stations

30 Information Systems Auditing
Auditors & Audits Types Internal External

31 How Is Auditing Executed How Is Auditing Executed?
Auditing around the computer Auditing through the computer Auditing with the computer Auditing sekitar komputer Auditing melalui komputer Auditing dengan komputer Auditing around the computer means verifying processing by checking for known outputs using specific inputs. This approach is best used in systems with limited outputs. In auditing through the computer, inputs, outputs, and processing are checked. Auditors review program logic and test data. Auditing with the computer means using a combination of client data, auditor software, and client and auditor hardware. This approach allows the auditor to perform tasks such as simulating payroll program logic using live data.

32

33 Referensi Introduction to Information Systems, Third Edition, R. Kelly Rainer Jr, Casey G. Cegielski, Wiley

34


Download ppt "Ethics, Privacy, and Information Security"

Presentasi serupa


Iklan oleh Google