CHAPTER 4 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate.

Slides:



Advertisements
Similar presentations
4 Information Security.
Advertisements

Ethics, Privacy and Information Security
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Crime and Security in the Networked Economy Part 4.
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Chapter 8 Chapter 8 Digital Defense: Securing Your Data and Privacy
Security+ Guide to Network Security Fundamentals
CHAPTER 3 Ethics, Privacy and Information Security.
CHAPTER 4 Information Security
Lecture 10 Security and Control.
CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.
CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
E-Commerce Security and Fraud Issues and Protections
Threats and Attacks Principles of Information Security, 2nd Edition
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Chapter 3 Ethics, Privacy & Security
1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.
Our Digital World Second Edition
Securing Information Systems
Information Systems: Ethics, Privacy and Information Security
CHAPTER 4 Information Security
CHAPTER 3 Ethics, Privacy and Information Security.
CHAPTER 6 Information Security
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
Defining Security Issues
Kholoud AlSafadi Ethical Issues in Information Systems and the Internet.
7.1 © 2007 by Prentice Hall 7 Chapter Securing Information Systems.
CHAPTER 4 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate.
CHAPTER 4 Information Security. Key Information Security Terms Information Security refers to all of the processes and policies designed to protect an.
Security of systems Security risks come from two areas: employees (who introduce accidental and intentional risks) and external computer crime. Unfortunately.
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.
Prepared by: Dinesh Bajracharya Nepal Security and Control.
Chapter 12 by Lisa Reeves Bertin Securing Information in a Network.
C8- Securing Information Systems
7 Information Security.
Network Security Management Dr. Robert Chi Chair and Professor, IS department Chief editor, Journal of Electronic Commerce Research.
Information Security MGMT Summer 2012 Night #4, Lecture Part 2.
IS Network and Telecommunications Risks Chapter Six.
1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,
Data Security Overview. Data Security Periphery –Firewalls –Web Filtering –Intrusion Detection & Prevention Internal –Virus Protection –Anti Spy-ware.
7 Information Security.
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
Chapter 7 1Artificial Intelligent. OBJECTIVES Explain why information systems need special protection from destruction, error, and abuse Assess the business.
Chapter 161 Information Technology For Management 6 th Edition Turban, Leidner, McLean, Wetherbe Lecture Slides by L. Beaubien, Providence College John.
1 PROTECTING ORGANIZATION VALUABLE ASSET CASE STUDY: PT XYZ SYSTEM INFORMATION TECHNOLOGY Group Member :  Adhitya Trisnanda  Dini Dieny  Firmando Satryo.
Security and Ethics Safeguards and Codes of Conduct.
Chapter 7 Information Security. Chapter Outline 7.1 Introduction to Information Security 7.2 Unintentional Threats to Information Systems 7.3 Deliberate.
CHAPTER 7 Information Security. 1.Introduction to Information Security 2.Unintentional Threats to Information Systems 3.Deliberate Threats to Information.
CHAPTER 13 Information Security and Controls Introduction to Information Security 13.2 Unintentional Threats to Information Security 13.3 Deliberate.
Securing Information Systems
Information Systems Security
Securing Information Systems
CHAPTER 4 Information Security.
CHAPTER 13 Information Security and Controls
CHAPTER 4 Information Security.
Securing Information Systems
4 Information Security 70 slides.
CHAPTER 4 Information Security
Chapter 9 E-Commerce Security and Fraud Protection
CHAPTER 4 Information Security
Networking for Home and Small Businesses – Chapter 8
Networking for Home and Small Businesses – Chapter 8
Networking for Home and Small Businesses – Chapter 8
Presentation transcript:

CHAPTER 4 Information Security

CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate Threats to Information Security 4.4 What Organizations Are Doing to Protect Information Resources 4.5 Information Security Controls

LEARNING OBJECTIVES Identify the five factors that contribute to the increasing vulnerability of information resources, and provide a specific example of each one. Compare and contrast human mistakes and social engineering, and provide a specific example of each one. Discuss the nine types of deliberate attacks. Define the three risk mitigation strategies, and provide an example of each one in the context of you owning a home. Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.

4.1 Introduction to Information Security

Key Information Security Terms Information Security Threat Exposure Vulnerability

Five Factors Increasing the Vulnerability of Information Resources Today’s interconnected, interdependent, wirelessly- networked business environment Smaller, faster, cheaper computers and storage devices Decreasing skills necessary to be a hacker

Five Factors Increasing the Vulnerability of Information Resources continued Organized crime taking over cybercrime Lack of management support

4.2 Unintentional Threats to Information Security

Categories of Unintentional Threats Human Errors Social Engineering

Human Errors Carelessness with laptops and portable computing devices Opening questionable s Careless Internet surfing Poor password selection and use

Social Engineering Tailgating Shoulder Surfing

4.3 Deliberate Threats to Information Security

Deliberate Threats Espionage or trespass Information extortion Sabotage or vandalism Theft of equipment or information

Deliberate Threats (continued) Identity Theft Compromised to Intellectual Property Software Attacks SCADA Attacks Cyberterrorism and Cyberwarfare

Virus Worm Trojan Horse Logic Bomb Phishing attacks Distributed denial-of-service attacks Software Attacks

4.4 What Organizations Are Doing to Protect Information Resources

Risk Management Risk Risk management Risk analysis Risk mitigation

Risk Mitigation Strategies Risk Acceptance Risk limitation Risk transference

4.5 Information Security Controls

Information Security Controls Physical controls Access controls Communications (network) controls

Access Controls Authentication Authorization

Communication or Network Controls Firewalls Anti-malware systems Whitelisting and Blacklisting Encryption

Communication or Network Controls (continued) Virtual private networking Secure Socket Layer Employee monitoring systems

Business Continuity Planning, Backup, and Recovery Hot Site Warm Site Cold Site

Information Systems Auditing Types of Auditors and Audits –Internal –External

IS Auditing Procedure Auditing around the computer Auditing through the computer Auditing with the computer

Closing Case The Problem The Solution The Results

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.