Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. Business Plug-In B6 Information Security

6-2 LEARNING OUTCOMES 1. Describe the relationships and differences between hackers and viruses 2. Describe the relationship between information security policies and an information security plan 3. Provide an example of each of the three primary security areas: (1) authentication and authorization, (2) prevention and resistance, and (3) detection and response

6-3 PROTECTING INTELLECTUAL ASSETS O Organizational information is intellectual capital - it must be protected O Information security – The protection of information from accidental or intentional misuse by persons inside or outside an organization O Downtime – Refers to a period of time when a system is unavailable

6-4 PROTECTING INTELLECTUAL ASSETS Sources of Unplanned Downtime

6-5 PROTECTING INTELLECTUAL ASSETS How Much Will Downtime Cost Your Business?

6-6 Security Threats Caused by Hackers and Viruses O Hacker – Experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge O Black-hat hacker O Cracker O Cyberterrorist O Hactivist O Script kiddies or script bunnies O White-hat hacker

6-7 Security Threats Caused by Hackers and Viruses O Virus - Software written with malicious intent to cause annoyance or damage O Backdoor program O Denial-of-service attack (DoS) O Distributed denial-of-service attack (DDoS) O Polymorphic virus O Trojan-horse virus O Worm

6-8 Security Threats Caused by Hackers and Viruses How Computer Viruses Spread

6-9 Security Threats Caused by Hackers and Viruses O Security threats to ebusiness include O Elevation of privilege O Hoaxes O Malicious code O Packet tampering O Sniffer O Spoofing O Splogs O Spyware

6-10 THE FIRST LINE OF DEFENSE - PEOPLE O Organizations must enable employees, customers, and partners to access information electronically O The biggest issue surrounding information security is not a technical issue, but a people issue O Insiders O Social engineering O Dumpster diving

6-11 THE FIRST LINE OF DEFENSE - PEOPLE O The first line of defense an organization should follow to help combat insider issues is to develop information security policies and an information security plan O Information security policies O Information security plan

6-12 THE SECOND LINE OF DEFENSE - TECHNOLOGY O There are three primary information technology security areas

6-13 Authentication and Authorization O Identity theft – The forging of someone’s identity for the purpose of fraud O Phishing – A technique to gain personal information for the purpose of identity theft, usually by means of fraudulent O Pharming – Reroutes requests for legitimate websites to false websites

6-14 Authentication and Authorization O Authentication – A method for confirming users’ identities O Authorization – The process of giving someone permission to do or have something O The most secure type of authentication involves 1. Something the user knows 2. Something the user has 3. Something that is part of the user

6-15 Something the User Knows Such As a User ID and Password O This is the most common way to identify individual users and typically contains a user ID and a password O This is also the most ineffective form of authentication O Over 50 percent of help-desk calls are password related

6-16 O Smart cards and tokens are more effective than a user ID and a password O Tokens – Small electronic devices that change user passwords automatically O Smart card – A device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing Something the User Knows Such As a User ID and Password

6-17 Something That Is Part Of The User Such As a Fingerprint or Voice Signature O This is by far the best and most effective way to manage authentication O Biometrics – The identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting O Unfortunately, this method can be costly and intrusive

6-18 Prevention and Resistance O Downtime can cost an organization anywhere from $100 to $1 million per hour O Technologies available to help prevent and build resistance to attacks include 1. Content filtering 2. Encryption 3. Firewalls

6-19 Prevention and Resistance O Content filtering - Prevents s containing sensitive information from transmitting and stops spam and viruses from spreading

6-20 Prevention and Resistance O If there is an information security breach and the information was encrypted, the person stealing the information would be unable to read it O Encryption O Public key encryption (PKE) O Certificate authority O Digital certificate

6-21 Prevention and Resistance

6-22 Prevention and Resistance O One of the most common defenses for preventing a security breach is a firewall O Firewall – Hardware and/or software that guards a private network by analyzing the information leaving and entering the network

6-23 Prevention and Resistance O Sample firewall architecture connecting systems located in Chicago, New York, and Boston

6-24 Detection and Response O If prevention and resistance strategies fail and there is a security breach, an organization can use detection and response technologies to mitigate the damage O Intrusion detection software – Features full-time monitoring tools that search for patterns in network traffic to identify intruders