Presentation is loading. Please wait.

Presentation is loading. Please wait.

CHAPTER 6 Information Security

Published byJasper Holmes Modified over 8 years ago

Similar presentations

Presentation on theme: "CHAPTER 6 Information Security"— Presentation transcript:

1 CHAPTER 6 Information Security
Before, during, or after this chapter, you might want to show your students the PBS DVD entitled “Cyberwar”. It was done in 2003, but the topics remain current today (particularly in light of the cyber attack on Estonia and the Republic of Georgia). Further, see the cyber attack on the U.S. electrical grid in the Wall Street Journal, April, 8, 2009).

2 CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate Threats to Information Security 4.4 What Organizations Are Doing to Protect Information Resources 4.5 Information Security Controls

3 LEARNING OBJECTIVES 1. Identify the five factors that contribute to the increasing vulnerability of information resources, and provide a specific example of each one. 2. Compare and contrast human mistakes and social engineering, and provide a specific example of each one. 3. Discuss the nine types of deliberate attacks.

4 LEARNING OBJECTIVES (continued)
4. Define the three risk mitigation strategies, and provide an example of each one in the context of you owning a home. 5. Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.

5 7.1 Introduction to Information Security
Information security refers to all of the processes and policies designed to protect an organization’s information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. © Sebastian/AgeFotostock America, Inc.

6 Key Information Security Terms
A threat to an information resource is any danger to which a system may be exposed. exposure of an information resources is the harm, loss or damage that can result if a threat compromises that resource. vulnerability is the possibility that the system will suffer harm by a threat Information security refers to all of the processes and policies designed to protect an organization’s information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. A threat to an information resource is any danger to which a system may be exposed. The exposure of an information resources is the harm, loss or damage that can result if a threat compromises that resource. A system’s vulnerability is the possibility that the system will suffer harm by a threat.

7 Smaller, Faster Devices
© laggerbomber-Fotolia.com © Dragonian/iStockphoto © PhotoEdit/Alamy Limited

8 Decreasing Skills Needed to be a Hacker
New & Easier Tools make it very easy to attack the Network Attacks are becoming increasingly sophisticated © Sven Taubert/Age Fotostock America, Inc.

9 Organized Crime Taking Over Cybercrime
© Stockbroker xtra/AgeFotostock America, Inc.

10 Lack of Management Support
© Sigrid Olsson/Photo Alto/Age Fotostock

11 7.2 Unintentional Threats to Information Systems
George Doyle/ImageSource Limited

12 Security Threats

13 Human Errors Carelessness with laptops and portable computing devices Opening questionable s Careless Internet surfing Poor password selection and use And more

14 2 examples Social Engineering Tailgating Shoulder surfing
To deter tailgating, many companies have anti-tailgating doors protecting the entrance into high-security areas. Note that only one person at a time can go through this type of door. Shoulder surfing occurs when the attacker watches another person’s computer screen over that person’s shoulder. Particularly dangerous in public areas such as airports, commuter trains, and on airplanes. © Purestock/Age Fotostock America, Inc

15 7.3 Deliberate Threats to Information Systems

16 There are many types of deliberate attacks including:
• Espionage or Trespass • Information extortion • Sabotage or vandalism • Theft of equipment or information • Identity theft • Compromises to intellectual property • Soft ware attacks • Alien soft ware • Supervisory control and data acquisition (SCADA) attacks • Cyberterrorism and cyberwarfare

17 Deliberate Threats Espionage or trespass Information extortion
Competitive intelligence consists of legal information-gathering techniques. Industrial espionage crosses the legal boundary. Information extortion Sabotage or vandalism Theft of equipment or information For example, dumpster diving Espionage or trespass: Competitive intelligence consists of legal information-gathering techniques. Industrial espionage crosses the legal boundary. The two images show dumpster divers. Many dumpster divers wear protective clothing and use snorkels, as it is not a good idea to receive cuts from items in the dumpster, and the air is foul. © Diego Cervo/Age Fotostock America, Inc.

18 Deliberate Threats (continued)
Identify theft Compromises to intellectual property Intellectual property. Property created by individuals or corporations which is protected under trade secret, patent, and copyright laws. Trade secret. Intellectual work, such as a business plan, that is a company secret and is not based on public information. The identity theft video gives an excellent overview of the problem and how it affects lives. The video continues with a look at how to prevent identity theft. Compromises to intellectual property Intellectual property. Property created by individuals or corporations which is protected under trade secret, patent, and copyright laws. Trade secret. Intellectual work, such as a business plan, that is a company secret and is not based on public information. Patent. Document that grants the holder exclusive rights on an invention or process for 20 years. Copyright. Statutory grant that provides creators of intellectual property with ownership of the property for life of the creator plus 70 years. Piracy. Copying a software program without making payment to the owner. Virus is a segment of computer code that performs malicious actions by attaching to another computer program. Worm is a segment of computer code that performs malicious actions and will spread by itself without requiring another computer program. Trojan horse is a computer program that hides in another computer program and reveals its designated behavior only when it is activated. Logic bomb is a segment of computer code that is embedded inside an organization’s existing computer programs and is designed to activate and perform a destructive action at a certain time or date. Frederic Lucano/Stone/Getty Images, Inc.

19 Patent. Document that grants the holder exclusive rights on an invention or process for 20 years.
Copyright. Statutory grant that provides creators of intellectual property with ownership of the property for life of the creator plus 70 years. Piracy. Copying a software program without making payment to the owner. Virus is a segment of computer code that performs malicious actions by attaching to another computer program.

20 Worm is a segment of computer code that performs malicious actions and will spread by itself without requiring another computer program. Trojan horse is a computer program that hides in another computer program and reveals its designated behavior only when it is activated. Logic bomb is a segment of computer code that is embedded inside an organization’s existing computer programs and is designed to activate and perform a destructive action at a certain time or date.

21 Deliberate Threats (continued)
Software attacks Trojan horse is a software program that hides in other computer programs when it is activated.Trojan horse is to capture your sensitive information (e.g., passwords, account numbers, etc.) and send them to the creator of the Trojan horse. virus is a segment of computer code that performs malicious actions by attaching to another computer program. A logic bomb is a segment of computer code that is embedded within an organization’s existing computer programs and is designed to activate and perform a destructive action at a certain time and date. worm is a segment of computer code that spreads by itself and performs malicious actions without requiring another computer program A virus is a segment of computer code that performs malicious actions by attaching to another computer program. A worm is a segment of computer code that spreads by itself and performs malicious actions without requiring another computer program. A Trojan horse is a software program that hides in other computer programs and reveal its designed behavior only when it is activated. A typical behavior of a Trojan horse is to capture your sensitive information (e.g., passwords, account numbers, etc.) and send them to the creator of the Trojan horse. A logic bomb is a segment of computer code that is embedded within an organization’s existing computer programs and is designed to activate and perform a destructive action at a certain time and date.

22 Deliberate Threats (continued)
Software attacks (continued) Phishing attacks Phishing slideshow Phishing quiz Phishing example Distributed denial-of-service attacks See botnet demonstration Phishing attacks use deception to acquire sensitive personal information by masquerading as official-looking s or instant messages. The phishing slideshow presents a nice demonstration of how phishing works. The phishing quiz presents a variety of s. You must decide which are legitimate and which are phishing attempts. The phishing examples show actual phishing attempts. In a distributed denial-of-service attack, the attacker first takes over many computers. These computers are called zombies or bots. Together, these bots form a botnet. The botnet demonstration shows how botnets are created and how they work.

23 How to Detect a Phish E-mail

24 Is the email really from eBay, or PayPal, or a bank?
As Spammers get better, their s look more genuine. How do you tell if it’s a scam and phishing for personal information? Here’s how ...

25 Is the email really from eBay, or PayPal, or a bank?
As an example, here is what the said: Return-path: From: Subject: You have 1 new Security Message Alert ! Note that they even give advice in the right column about security

26 Example Continued – bottom of the email

27 How to see what is happening View Source
In Outlook, right click on , click ‘view source’. In GroupWise, open and click on the Message Source tab. In Mozilla Thunderbird, click on View, and Source. Below is the part of the text that makes the look official – the images came from the PayPal website.

28

29 View Source – The Real Link
In the body it said, “If you are traveling, “Travelling Confirmation Here” . Here is where you are really being sent Notice that the link is not only not PayPal, it is an IP address, 2 giveaways of a fraudulent link.

30 Another Example – Amazon

31 Deliberate Threats (continued)
Alien Software Spyware collects personal information about users without their consent Two types of spyware are :- Keystroke loggers record your keystrokes and your Web browsing history Screen scrapers record a continuous “movie” of what you do on a screen. The spyware video provides a nice overview of spyware and how to avoid it. Spamware is alien software that is designed to use your computer as a launchpad for spammers. Spam is unsolicited . Cookies are small amounts of information that Web sites store on your computer. The cookie demo will show you how much information your computer sends when you connect to a Web site. Spyware collects personal information about users without their consent. Two types of spyware are keystroke loggers (keyloggers) and screen scrapers. Keystroke loggers record your keystrokes and your Web browsing history. Screen scrapers record a continuous “movie” of what you do on a screen. The spyware video provides a nice overview of spyware and how to avoid it. Spamware is alien software that is designed to use your computer as a launchpad for spammers. Spam is unsolicited . Cookies are small amounts of information that Web sites store on your computer. The cookie demo will show you how much information your computer sends when you connect to a Web site.

32 Cookies are small amounts of information that Web sites store on your computer. The cookie demo will show you how much information your computer sends when you connect to a Web site.

33 Example of CAPTCHA

Download ppt "CHAPTER 6 Information Security"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.

Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.
4 Information Security.

4 Information Security.
Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.

Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.

Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.
Chapter 9: Privacy, Crime, and Security

Chapter 9: Privacy, Crime, and Security
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Internet Safety Basics Never share names, schools, ages, phone numbers, or addresses. Never open an email from a stranger – it may contain viruses that.

Internet Safety Basics Never share names, schools, ages, phone numbers, or addresses. Never open an from a stranger – it may contain viruses that.
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing Email that bites Paying for Privacy Pirates.

MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing that bites Paying for Privacy Pirates.
CHAPTER 3 Ethics, Privacy and Information Security.

CHAPTER 3 Ethics, Privacy and Information Security.
CHAPTER 4 Information Security

CHAPTER 4 Information Security
CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.
CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments.

CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Similar presentations

Ads by Google