2 Identify the five factors that contribute to the increasing vulnerability of information resources, and provide a specific example of each one.Compare and contrast human mistakes and social engineering, and provide a specific example of each one.Discuss the ten types of deliberate attacks.Define the three risk mitigation strategies, and provide an example of each one in the context of owning a home.Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
3 Introduction to Information Security Unintentional Threats to Information SystemsDeliberate Threats to Information SystemsWhat Organizations Are Doing to Protect Information ResourcesInformation Security Controls
4 [ Opening Case Kim Dotcom: Pirate or Successful Entrepreneur? ] The ProblemThe LawThe Legal BattlesWhat We Learned from This CaseThe Results (in March 2013)
5 Small Businesses in Danger 4.1Small Businesses in Danger
6 Introduction to Information Security 4.1Introduction to Information SecuritySecurityInformation SecurityThreatExposureVulnerabilitySecurity: the degree of protection against criminal activity, danger, damage, and/or loss.Information Security: all of the processes and policies designed to protect an organization’s information and information systems (IS) from unauthorized access, use, disclosure, disruption, modifi cation, or destruction.Threat (to an information resource): any danger to which a system may be exposed.Exposure: is the harm, loss, or damage that can result if a threat compromises an information resource.Vulnerability (of an informatin resource): is the possibility that the system will be harmed by a threat.
7 Introduction to Information Security Five Factors Contributing to VulnerabilityToday’s interconnected, interdependent, wirelessly networked business environmentSmaller, faster, cheaper computers & storage devicesDecreasing skills necessary to be a computer hackerInternational organized crime taking over cybercrimeLack of management support
8 Unintentional Threats to Information Systems 4.2Unintentional Threats to Information SystemsHuman ErrorsSocial Engineering
9 Human ErrorsHigher level employees + greater access privileges = greater threatTwo areas pose significant threatsHuman ResourcesInformation SystemsOther areas of threats:Contract Labor, consultants, janitors, & guards
10 Human Errors Common Human Error Carelessness with Laptops Carelessness with Computing DevicesOpening QuestionableCareless Internet SurfingPoor Password Selection and UseCarelessness with One’s Office
11 Human Errors Common Human Error Carelessness with One’s Office Carelessness Using Unmanaged DevicesCarelessness with Discarded EquipmentCareless Monitoring of Environmental Hazards
12 Deliberate Threats to Information Systems 4.3Deliberate Threats to Information SystemsEspionage or TrespassInformation ExtortionSabotage or VandalismTheft of Equipment or InformationIdentity TheftCompromises to Intellectual Property
13 Deliberate Threats to Information Systems 4.3Deliberate Threats to Information SystemsSoftware AttacksAlien SoftwareSupervisory Control and Data Acquisition (SCADA) AttacksCyberterrorism and Cyberwarfare
14 Software Attacks Remote Attacks Requiring User Action VirusWormPhishing AttackSpear Phishing AttackDenial of Service AttackDistributed Denial of Service Attack
15 Software Attacks Remote Attacks Needing No User Action Denial of Service AttackDistributed Denial of Service Attack
16 Software Attacks Attacks by a Programmer Developing a System Trojan HorseBack DoorLogic Bomb
17 Alien Software Adware Spyware Spamware Cookies Keyloggers Tracking cookies
18 Can Anonymous Be Stopped? 4.2Can Anonymous Be Stopped?
19 Cyberwarfare Gains in Sophistication 4.3Cyberwarfare Gains in Sophistication
20 What Organizations Are Doing to Protect Information Resources 4.4What Organizations Are Doing to Protect Information ResourcesRiskRisk AnalysisRisk Mitigation
25 Authentication Something the user is Something the user has Something the user doesSomething the user knowsPasswords
26 Basic Guidelines for Passwords difficult to guess.long rather than short.They should have uppercase letters, lowercase letters, numbers, and special characters.not recognizable words.not the name of anything or anyone familiar, such as family names or names of pets.not a recognizable string of numbers, such as a Social Security number or a birthday.
27 Communication Controls FirewallsAnti-malware SystemsWhitelisting and BlacklistingEncryptionVirtual Private NetworkingSecure Socket LayerEmployee Monitoring Systems
28 Business Continuity Planning Disaster Recovery PlanHot SiteCold Site
29 Information Systems Auditing Types of Auditors and AuditsHow is Auditing Executed?