Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.

Published byChastity Reynolds Modified over 8 years ago

Similar presentations

Presentation on theme: "Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security."— Presentation transcript:

1 Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security

2 B6-2 LEARNING OUTCOMES 1.Describe the relationships and differences between hackers and viruses. 2.Describe the relationship between information security policies and an information security plan. 3.Provide an example of each of the three primary information security areas: (1)authentication and authorization (2)prevention and resistance (3)detection and response

3 B6-3 PROTECTING INTELLECTUAL ASSETS Downtime—Refers to a period of time when a system is unavailable Information Security—A broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization This plug-in discusses how organizations can implement information security lines of defense through people first and technology second

4 B6-4 SECURITY THREATS Hackers are experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge A virus is software written with malicious intent to cause annoyance or damage

5 B6-5 SECURITY THREATS Adware is software that, while purporting to serve some useful function and often fulfilling that function, also allows Internet advertisers to display advertisements without the consent of the computer user –Spyware is a special class of adware that collects data about the user and transmits it over the Internet without the user’s knowledge or permission

6 B6-6 THE FIRST LINE OF DEFENSE—PEOPLE The majority of security incidents originate within the organization –Insiders –Social Engineering Information Security Policies—Identify the rules required to maintain information security Information Security Plan—Details how an organization will implement the information security policies

7 B6-7 THE FIRST LINE OF DEFENSE—PEOPLE Five steps to creating an information security plan: 1.Develop the information security policies. 2.Communicate the information security policies. 3.Identify critical information assets and risks. 4.Test and reevaluate risks. 5.Obtain stakeholder support.

8 B6-8 THE SECOND LINE OF DEFENSE— TECHNOLOGY Identity Theft—The forging of someone’s identity for the purpose of fraud Phishing—A technique to gain personal information for the purpose of identity theft Authentication—A method for confirming users’ identities Authorization—The process of giving someone permission to do or have something Pharming—Reroutes requests for legitimate websites to false websites

9 B6-9 AUTHENTICATION AND AUTHORIZATION Something the User Has such as: –Token — Small electronic devices that change user passwords automatically –Smart Card — A device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing Smart cards and tokens are more effective than a user ID and a password

10 B6-10 AUTHENTICATION AND AUTHORIZATION Something That Is Part of the User such as: –Fingerprint or Voice Signature Biometrics—The identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting –This is by far the best and most effective way to manage authentication –Unfortunately, this method can be costly and intrusive

11 B6-11 DATA: PREVENTION AND RESISTANCE Content Filtering — Occurs when organizations use software that filters content to prevent the transmission of unauthorized information Encryption — Scrambles information into an alternative form that requires a key or password to decrypt the information Public Key Encryption — Uses two keys: a public key that everyone can have and a private key for only the recipient

12 B6-12 DATA: PREVENTION AND RESISTANCE

13 B6-13 DATA: PREVENTION AND RESISTANCE Certificate Authority—A trusted third party, such as VeriSign, that validates user identities by means of digital certificates Digital Certificate—A data file that identifies individuals or organizations online and is comparable to a digital signature Firewall—Hardware and/or software that guards a private network by analyzing the information leaving and entering the network

14 B6-14 DATA: PREVENTION AND RESISTANCE

15 B6-15 ATTACK: DETECTION AND RESPONSE If prevention and resistance strategies fail and there is a security breach, an organization can use detection and response technologies to mitigate the damage Antivirus software is the most common type of detection and response technology Intrusion Detection Software (IDS)—Features full-time monitoring tools that search for patterns in network traffic to identify intruders

Download ppt "Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security."

Similar presentations

1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.

Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.
CHAPTER OVERVIEW SECTION 4.1 – Ethics

CHAPTER OVERVIEW SECTION 4.1 – Ethics
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Sarbanes-Oxley: Where Information Technology, Finance, and Ethics Meet

Sarbanes-Oxley: Where Information Technology, Finance, and Ethics Meet
BUSINESS PLUG-IN B6 Information Security.

BUSINESS PLUG-IN B6 Information Security.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Business Plug-In B6 Information Security.

McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Business Plug-In B6 Information Security.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS

ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved ETHICS SECTION 4.1.

McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved ETHICS SECTION 4.1.
4-1 Chapter Four Overview SECTION 4.1 - ETHICS –Ethics –Information Ethics –Developing Information Management Policies –Ethics in the Workplace SECTION.

4-1 Chapter Four Overview SECTION ETHICS –Ethics –Information Ethics –Developing Information Management Policies –Ethics in the Workplace SECTION.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
CSUN Information Systems IS312 Information Systems for Business Lecture 9 Ethic & Information Security.

CSUN Information Systems IS312 Information Systems for Business Lecture 9 Ethic & Information Security.
CHAPTER FOUR ETHICS AND INFORMATION SECURITY MIS BUSINESS CONCERNS

CHAPTER FOUR ETHICS AND INFORMATION SECURITY MIS BUSINESS CONCERNS

Similar presentations

Ads by Google