Page 433 - Using MIS
P. 433
Q5 How Can Technical Safeguards Protect Against Security Threats? 401
Hardware Software Data Procedures People
Technical Data Human
Safeguards Safeguards Safeguards
Identification and Data rights and Hiring
authorization responsibilities Training
Encryption Passwords Education
Firewalls Encryption Procedure design
Malware protection Backup and Administration
Figure 10-8 Application design recovery Assessment
Security Safeguards as They Physical security Compliance
Relate to the Five Components Accountability
incurring damage to your car, and how much risk you are willing to accept. Then you transfer
some of your risk to the insurer by buying a safeguard called an insurance policy. Instead of
buying just one insurance policy, organizations implement a variety of safeguards to protect
their data and hardware.
An easy way to remember information systems safeguards is to arrange them according to
the five components of an information system, as shown in Figure 10-8. Some of the safeguards
involve computer hardware and software. Some involve data; others involve procedures and
people. We will consider technical, data, and human safeguards in the next three questions.
Q5 How Can Technical Safeguards Protect Against
Security Threats?
Technical safeguards involve the hardware and software components of an information sys-
tem. Figure 10-9 lists primary technical safeguards. Consider each.
Identification and Authentication
Every information system today should require users to sign on with a username and password.
The username identifies the user (the process of identification), and the password authenticates
that user (the process of authentication).
Passwords have important weaknesses. In spite of repeated warnings (don’t let this happen to
you!), users often share their passwords, and many people choose ineffective, simple passwords. In
fact, a 2014 Verizon report states, “Passwords, usernames, emails, credit/debit card and financial
• Identification and authentication
• Encryption
• Firewalls Internet
• Malware protection Spyware Adware
• Design for secure applications App. App. App.
1
2
3
Figure 10-9
Technical Safeguards
