1 / 27

CHAPTER 4

CHAPTER 4. Information Security. CHAPTER OUTLINE. 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate Threats to Information Security

baba
Download Presentation

CHAPTER 4

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CHAPTER 4 Information Security

  2. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate Threats to Information Security 4.4 What Organizations Are Doing to Protect Information Resources 4.5 Information Security Controls

  3. LEARNING OBJECTIVES • Identify the five factors that contribute to the increasing vulnerability of information resources, and provide a specific example of each one. • Compare and contrast human mistakes and social engineering, and provide a specific example of each one. • Discuss the nine types of deliberate attacks. • Define the three risk mitigation strategies, and provide an example of each one in the context of you owning a home. • Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.

  4. 4.1 Introduction to Information Security

  5. Key Information Security Terms • Information Security • Threat • Exposure • Vulnerability

  6. Five Factors Increasing the Vulnerability of Information Resources • Today’s interconnected, interdependent, wirelessly-networked business environment • Smaller, faster, cheaper computers and storage devices • Decreasing skills necessary to be a hacker

  7. Five Factors Increasing the Vulnerability of Information Resources continued • Organized crime taking over cybercrime • Lack of management support

  8. 4.2 Unintentional Threats to Information Security

  9. Categories of Unintentional Threats • Human Errors • Social Engineering

  10. Human Errors • Carelessness with laptops and portable computing devices • Opening questionable e-mails • Careless Internet surfing • Poor password selection and use

  11. Social Engineering • Tailgating • Shoulder Surfing

  12. 4.3 Deliberate Threats to Information Security

  13. Deliberate Threats • Espionage or trespass • Information extortion • Sabotage or vandalism • Theft of equipment or information

  14. Deliberate Threats (continued) • Identity Theft • Compromised to Intellectual Property • Software Attacks • SCADA Attacks • Cyberterrorism and Cyberwarfare

  15. Software Attacks • Virus • Worm • Trojan Horse • Logic Bomb • Phishing attacks • Distributed denial-of-service attacks

  16. 4.4 What Organizations Are Doing to Protect Information Resources

  17. Risk Management • Risk • Risk management • Risk analysis • Risk mitigation

  18. Risk Mitigation Strategies • Risk Acceptance • Risk limitation • Risk transference

  19. 4.5 Information Security Controls

  20. Information Security Controls • Physical controls • Access controls • Communications (network) controls

  21. Access Controls • Authentication • Authorization

  22. Communication or Network Controls • Firewalls • Anti-malware systems • Whitelisting and Blacklisting • Encryption

  23. Communication or Network Controls (continued) • Virtual private networking • Secure Socket Layer • Employee monitoring systems

  24. Business Continuity Planning, Backup, and Recovery • Hot Site • Warm Site • Cold Site

  25. Information Systems Auditing Types of Auditors and Audits • Internal • External

  26. IS Auditing Procedure • Auditing around the computer • Auditing through the computer • Auditing with the computer

  27. Closing CaseWho is Minding the Store • The Problem • The Solution • The Results

More Related