Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.

Slides:



Advertisements
Similar presentations
1 MIS 2000 Class 22 System Security Update: Winter 2015.
Advertisements

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.
CHAPTER OVERVIEW SECTION 4.1 – Ethics
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Sarbanes-Oxley: Where Information Technology, Finance, and Ethics Meet
BUSINESS PLUG-IN B6 Information Security.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Business Plug-In B6 Information Security.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS
Security+ Guide to Network Security Fundamentals
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved ETHICS SECTION 4.1.
4-1 Chapter Four Overview SECTION ETHICS –Ethics –Information Ethics –Developing Information Management Policies –Ethics in the Workplace SECTION.
Security Awareness: Applying Practical Security in Your World
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
CSUN Information Systems IS312 Information Systems for Business Lecture 9 Ethic & Information Security.
CHAPTER FOUR ETHICS AND INFORMATION SECURITY MIS BUSINESS CONCERNS
OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.
1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.
Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module E Network Basics.
Securing Information Systems
Protecting People and Information: Threats and Safeguards
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.
BUS1MIS Management Information Systems Semester 1, 2012 Week 7 Lecture 1.
© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies.
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,
BUSINESS B1 Information Security.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
Technology in Action Alan Evans Kendall Martin Mary Anne Poatsy Twelfth Edition.
C8- Securing Information Systems
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Chapter 4 McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Operating system Security By Murtaza K. Madraswala.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
IT Essentials 1 Chapter 9 JEOPADY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,
McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Business Plug-In B6 Information Security.
McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Topic 5: Basic Security.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Chap1: Is there a Security Problem in Computing?.
Matt Broman Kodiac Gamble Devin Nichol SECTION 4.2 INFORMATION SECURITY.
Computer threats, Attacks and Assets upasana pandit T.E comp.
CPT 123 Internet Skills Class Notes Internet Security Session B.
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
Cybersecurity Test Review Introduction to Digital Technology.
LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.
ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.
Information Systems Design and Development Security Precautions Computing Science.
LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.
BUSINESS DRIVEN TECHNOLOGY
Information Security and Malicious Programs
CHAPTER FOUR OVERVIEW SECTION ETHICS
Instructor Materials Chapter 7 Network Security
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Sarbanes-Oxley: Where Information Technology, Finance, and Ethics Meet
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
INFORMATION SYSTEMS SECURITY and CONTROL
CHAPTER FOUR OVERVIEW SECTION ETHICS
Presentation transcript:

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security

B6-2 LEARNING OUTCOMES 1.Describe the relationships and differences between hackers and viruses. 2.Describe the relationship between information security policies and an information security plan. 3.Provide an example of each of the three primary information security areas: (1)authentication and authorization (2)prevention and resistance (3)detection and response

B6-3 PROTECTING INTELLECTUAL ASSETS Downtime—Refers to a period of time when a system is unavailable Information Security—A broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization This plug-in discusses how organizations can implement information security lines of defense through people first and technology second

B6-4 SECURITY THREATS Hackers are experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge A virus is software written with malicious intent to cause annoyance or damage

B6-5 SECURITY THREATS Adware is software that, while purporting to serve some useful function and often fulfilling that function, also allows Internet advertisers to display advertisements without the consent of the computer user –Spyware is a special class of adware that collects data about the user and transmits it over the Internet without the user’s knowledge or permission

B6-6 THE FIRST LINE OF DEFENSE—PEOPLE The majority of security incidents originate within the organization –Insiders –Social Engineering Information Security Policies—Identify the rules required to maintain information security Information Security Plan—Details how an organization will implement the information security policies

B6-7 THE FIRST LINE OF DEFENSE—PEOPLE Five steps to creating an information security plan: 1.Develop the information security policies. 2.Communicate the information security policies. 3.Identify critical information assets and risks. 4.Test and reevaluate risks. 5.Obtain stakeholder support.

B6-8 THE SECOND LINE OF DEFENSE— TECHNOLOGY Identity Theft—The forging of someone’s identity for the purpose of fraud Phishing—A technique to gain personal information for the purpose of identity theft Authentication—A method for confirming users’ identities Authorization—The process of giving someone permission to do or have something Pharming—Reroutes requests for legitimate websites to false websites

B6-9 AUTHENTICATION AND AUTHORIZATION Something the User Has such as: –Token — Small electronic devices that change user passwords automatically –Smart Card — A device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing Smart cards and tokens are more effective than a user ID and a password

B6-10 AUTHENTICATION AND AUTHORIZATION Something That Is Part of the User such as: –Fingerprint or Voice Signature Biometrics—The identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting –This is by far the best and most effective way to manage authentication –Unfortunately, this method can be costly and intrusive

B6-11 DATA: PREVENTION AND RESISTANCE Content Filtering — Occurs when organizations use software that filters content to prevent the transmission of unauthorized information Encryption — Scrambles information into an alternative form that requires a key or password to decrypt the information Public Key Encryption — Uses two keys: a public key that everyone can have and a private key for only the recipient

B6-12 DATA: PREVENTION AND RESISTANCE

B6-13 DATA: PREVENTION AND RESISTANCE Certificate Authority—A trusted third party, such as VeriSign, that validates user identities by means of digital certificates Digital Certificate—A data file that identifies individuals or organizations online and is comparable to a digital signature Firewall—Hardware and/or software that guards a private network by analyzing the information leaving and entering the network

B6-14 DATA: PREVENTION AND RESISTANCE

B6-15 ATTACK: DETECTION AND RESPONSE If prevention and resistance strategies fail and there is a security breach, an organization can use detection and response technologies to mitigate the damage Antivirus software is the most common type of detection and response technology Intrusion Detection Software (IDS)—Features full-time monitoring tools that search for patterns in network traffic to identify intruders

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.