Software vulnerability

Software errors are constant threat to information systems

Can enable malware to slip past antivirus defenses
Patches
Created by software vendors to update and fix vulnerabilities
Business Value of Security and Control
Business value of security and control
Protection of confidential corporate and personal information
Electronic Records Management (ERM)
Policies, procedures, and tools for managing retention,
destruction, and storage of electronic records
Legal and regulatory requirements for ERM
HIPAA - Outlines medical security and privacy rules
Gramm-Leach-Bliley Act - Requires financial institutions to
ensure security and confidentiality of customer data
Sarbanes-Oxley Act - Imposes responsibility on companies and
their management to safeguard accuracy and integrity of
financial information used internally and released externally

Electronic evidence and computer forensics

Legal cases today increasingly rely on evidence represented as
digital data
Computer forensics
Scientific collection, examination, authentication, preservation,
and analysis of data on computer storage media so that it can be
used as evidence in a court
Establishing a Framework for Security and Control
ISO 17799
International standards for security and control specifies best
practices in information systems security and control
Risk Assessment
Determines level of risk to firm if specific activity or process is
not properly controlled

Technologies and Tools for Security

Security policy
Chief Security Officer (CSO)