CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments.

Slides:



Advertisements
Similar presentations
4 Information Security.
Advertisements

Ethics, Privacy and Information Security
1 MIS 2000 Class 22 System Security Update: Winter 2015.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Chapter 9 Information Systems Ethics, Computer Crime, and Security
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Chapter 9: Privacy, Crime, and Security
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
Chapter 8 Chapter 8 Digital Defense: Securing Your Data and Privacy
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
CHAPTER 3 Ethics, Privacy and Information Security.
CHAPTER 4 Information Security
CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Systems Design, Implementation, Maintenance, and Review Security, Privacy, and Ethics Chapters 13 & 14.
Chapter 9 Information Systems Ethics, Computer Crime, and Security
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
E-Commerce Security and Fraud Issues and Protections
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Chapter 3 Ethics, Privacy & Security
Our Digital World Second Edition
Securing Information Systems
Information Systems: Ethics, Privacy and Information Security
CHAPTER 4 Information Security
CHAPTER 3 Ethics, Privacy and Information Security.
CHAPTER 6 Information Security
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
CHAPTER 4 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate.
Kholoud AlSafadi Ethical Issues in Information Systems and the Internet.
Computer Security Fundamentals Chuck Easttom Chapter 1 Introduction to to Computer Security.
CHAPTER 4 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate.
CHAPTER 4 Information Security. Key Information Security Terms Information Security refers to all of the processes and policies designed to protect an.
Security of systems Security risks come from two areas: employees (who introduce accidental and intentional risks) and external computer crime. Unfortunately.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.
Anderson School of Management University of New Mexico.
Computing Essentials 2014 Privacy, Security and Ethics © 2014 by McGraw-Hill Education. This proprietary material solely for authorized instructor use.
Chapter 12 by Lisa Reeves Bertin Securing Information in a Network.
7 Information Security.
What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.
Chapter 01: Introduction to Network Security. Network  A Network is the inter-connection of communications media, connectivity equipment, and electronic.
Information Security MGMT Summer 2012 Night #4, Lecture Part 2.
Completing network setup. INTRODUCTION Course Overview Course Objectives.
Topic 5: Basic Security.
7 Information Security.
Chap1: Is there a Security Problem in Computing?.
Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.
Computer Security By Duncan Hall.
Security and Ethics Safeguards and Codes of Conduct.
MIS323 – Business Telecommunications Chapter 10 Security.
Chapter 7 Information Security. Chapter Outline 7.1 Introduction to Information Security 7.2 Unintentional Threats to Information Systems 7.3 Deliberate.
CHAPTER 7 Information Security. 1.Introduction to Information Security 2.Unintentional Threats to Information Systems 3.Deliberate Threats to Information.
CHAPTER 13 Information Security and Controls Introduction to Information Security 13.2 Unintentional Threats to Information Security 13.3 Deliberate.
Securing Information Systems
CHAPTER 4 Information Security.
Instructor Materials Chapter 7 Network Security
Lecture 14: Business Information Systems - ICT Security
CHAPTER 4 Information Security.
Securing Information Systems
4 Information Security 70 slides.
CHAPTER 4 Information Security
Chapter 9 E-Commerce Security and Fraud Protection
CHAPTER 4 Information Security
Presentation transcript:

CHAPTER 4 Information Security

Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments

Security is constantly evolving… XNrTs

Personal Security How secure are you? Do you secure your information? How hackable is your digital life?

Key Information Security Terms Information Security Vulnerability Threat Exposure/Attack © Sebastian/AgeFotostock America, Inc.

Introduction to Information Security © Sebastian/AgeFotostock America, Inc. Is it possible to secure the Internet?

Five Factors Increasing the Vulnerability of Information Resources 1. Today’s interconnected, interdependent, wirelessly-networked business environment 2. Smaller, faster, cheaper computers and storage devices 3. Decreasing skills necessary to be a hacker 4. Organized crime taking over cybercrime 5. Lack of management support

1. Networked Business Environment

2. Smaller, Faster Devices © PhotoEdit/Alamy Limited © laggerbomber-Fotolia.com © Dragonian/iStockphoto

3. Decreasing Skills Needed to be a Hacker New & Easier Tools make it very easy to attack the Network Attacks are becoming increasingly sophisticated © Sven Taubert/Age Fotostock America, Inc.

4. Organized Crime Taking Over Cybercrime © Stockbroker xtra/AgeFotostock America, Inc. Cost of Cybercrime Any Guesses?

5. Lack of Management Support © Sigrid Olsson/Photo Alto/Age Fotostock

Categorizing Security Threats Security Threats: Unintentional and Deliberate

Unintentional Threats: Most Dangerous Employees Who are the most dangerous employees? Why are these the most dangerous? © WAVEBREAKMEDIA LTD/Age Fotostock America, Inc.

Unintentional Threats: Human Errors Common Human Mistakes: Carelessness Devices s Internet Poor password selection and use Ex. Bank Employees Ex. Gawker hack – most popular passwords. Any guesses on #1?

Unintentional Threats: Social Engineering the art of manipulating people into performing actions or divulging confidential information. Pretexting Phishing Baiting Vishing (IVR or phone phishing)

Deliberate Threats to Information Security Theft of equipment or information Examples Dumpster diving Laptop stolen from breaking in

Deliberate Threats (continued) Identify theft Stealing info off org databases Phishing Compromises to intellectual property Frederic Lucano/Stone/Getty Images, Inc.

Deliberate Threats (continued) Software attacks Virus Worm (see the rapid spread of the Slammer worm)Slammer worm Trojan horse Logic Bomb Phishing attacks Distributed denial-of-service attacks Ex. US BanksUS Banks

Deliberate Threats (continued) Alien Software Spyware Spamware Cookies Targeted Attack Supervisory control and data acquisition (SCADA) attacks Stuxnet © Manfred Grafweg/Age Fotostock America, Inc.

What Organizations Are Doing to Protect Themselves “The only truly secure system is powered off, cast in a block of concrete, and sealed in a lead room with armed guards, and even then I have my doubts”

What Organizations Are Doing to Protect Themselves How do you protect your own networks?

Information Security Controls 1. Physical controls 2. Access controls 3. Communications (network) controls Physical Controls Access Controls Communication Controls

Information Security Controls 1. Physical controls 2. Access controls 3. Communications (network) controls Access Controls

Access Controls: Authentication (proof of identity) Something the user is Something the user has Something the user does Something the user knows passwords passphrases

Access Controls: Authorization Permissions issued based on verified identity Privilege – operations that users can perform Least privilege – idea of granting privlege only if there is a justifiable need

Information Security Controls 1. Physical controls 2. Access controls 3. Communications (network) controls Communication Controls

Communications Controls Firewalls Anti-malware systems Whitelisting and Blacklisting Encryption VPN

Communications Controls -Firewalls Home Corporate China Firewall

Controls: Encryption (PKI) How Public Key Encryption Work s

Communication or Network Controls Virtual private networking

Protection of data Government Regulations HIPPA Sarbanes-Oxley PA74

Need to understand Risk Risk Management (identify, control, minimize) 1. Risk analysis 2. Risk mitigation (take action) 1. Acceptance 2. Limitation (most common) 3. Transference 3. Controls Evaluation control > cost of asset then the control is not cost effective © Youri van der Schalk/Age Fotostock America, Inc.

Business Continuity Planning, Backup, and Recovery Provide guidance to people who keep business operating after a disaster occurs. Options: Hot Site Warm Site Cold Site

Personal Risk Assessment To understand your own risk, get with another person and create an assessment. List out the following: 1. Assets (e.g. laptop, external drive, etc.) 2. Threats (e.g. natural, virus, etc.) 3. Controls (how do you control threats) Other ways to minimize personal risk

LEARNING OBJECTIVES 1. Identify the five factors that contribute to the increasing vulnerability of information resources, and provide a specific example of each one.

LEARNING OBJECTIVES 2. Compare and contrast human mistakes and social engineering, and provide a specific example of each one.

LEARNING OBJECTIVES (continued) 3. Define the three risk mitigation strategies, and provide an example of each one in the context of you owning a home.

LEARNING OBJECTIVES (continued) 4. Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.