2Identify the five factors that contribute to the increasing vulnerability of information resources, and provide a specific example of each one.Compare and contrast human mistakes and social engineering, and provide a specific example of each one.Discuss the ten types of deliberate attacks.Define the three risk mitigation strategies, and provide an example of each one in the context of owning a home.Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
3Introduction to Information Security Unintentional Threats to Information SystemsDeliberate Threats to Information SystemsWhat Organizations Are Doing to Protect Information ResourcesInformation Security Controls
4[ Opening Case Kim Dotcom: Pirate or Successful Entrepreneur? ] The ProblemThe LawThe Legal BattlesWhat We Learned from This CaseThe Results (in March 2013)
5Small Businesses in Danger 4.1Small Businesses in Danger
6Introduction to Information Security 4.1Introduction to Information SecuritySecurityInformation SecurityThreatExposureVulnerabilitySecurity: the degree of protection against criminal activity, danger, damage, and/or loss.Information Security: all of the processes and policies designed to protect an organization’s information and information systems (IS) from unauthorized access, use, disclosure, disruption, modifi cation, or destruction.Threat (to an information resource): any danger to which a system may be exposed.Exposure: is the harm, loss, or damage that can result if a threat compromises an information resource.Vulnerability (of an informatin resource): is the possibility that the system will be harmed by a threat.
7Introduction to Information Security Five Factors Contributing to VulnerabilityToday’s interconnected, interdependent, wirelessly networked business environmentSmaller, faster, cheaper computers & storage devicesDecreasing skills necessary to be a computer hackerInternational organized crime taking over cybercrimeLack of management support
8Unintentional Threats to Information Systems 4.2Unintentional Threats to Information SystemsHuman ErrorsSocial Engineering
9Human ErrorsHigher level employees + greater access privileges = greater threatTwo areas pose significant threatsHuman ResourcesInformation SystemsOther areas of threats:Contract Labor, consultants, janitors, & guards
10Human Errors Common Human Error Carelessness with Laptops Carelessness with Computing DevicesOpening QuestionableCareless Internet SurfingPoor Password Selection and UseCarelessness with One’s Office
11Human Errors Common Human Error Carelessness with One’s Office Carelessness Using Unmanaged DevicesCarelessness with Discarded EquipmentCareless Monitoring of Environmental Hazards
12Deliberate Threats to Information Systems 4.3Deliberate Threats to Information SystemsEspionage or TrespassInformation ExtortionSabotage or VandalismTheft of Equipment or InformationIdentity TheftCompromises to Intellectual Property
13Deliberate Threats to Information Systems 4.3Deliberate Threats to Information SystemsSoftware AttacksAlien SoftwareSupervisory Control and Data Acquisition (SCADA) AttacksCyberterrorism and Cyberwarfare
14Software Attacks Remote Attacks Requiring User Action VirusWormPhishing AttackSpear Phishing AttackDenial of Service AttackDistributed Denial of Service Attack
15Software Attacks Remote Attacks Needing No User Action Denial of Service AttackDistributed Denial of Service Attack
16Software Attacks Attacks by a Programmer Developing a System Trojan HorseBack DoorLogic Bomb
17Alien Software Adware Spyware Spamware Cookies Keyloggers Tracking cookies
18Can Anonymous Be Stopped? 4.2Can Anonymous Be Stopped?
19Cyberwarfare Gains in Sophistication 4.3Cyberwarfare Gains in Sophistication
20What Organizations Are Doing to Protect Information Resources 4.4What Organizations Are Doing to Protect Information ResourcesRiskRisk AnalysisRisk Mitigation
25Authentication Something the user is Something the user has Something the user doesSomething the user knowsPasswords
26Basic Guidelines for Passwords difficult to guess.long rather than short.They should have uppercase letters, lowercase letters, numbers, and special characters.not recognizable words.not the name of anything or anyone familiar, such as family names or names of pets.not a recognizable string of numbers, such as a Social Security number or a birthday.
27Communication Controls FirewallsAnti-malware SystemsWhitelisting and BlacklistingEncryptionVirtual Private NetworkingSecure Socket LayerEmployee Monitoring Systems
28Business Continuity Planning Disaster Recovery PlanHot SiteCold Site
29Information Systems Auditing Types of Auditors and AuditsHow is Auditing Executed?