Download presentation
Presentation is loading. Please wait.
Published byChad Oliver Modified over 6 years ago
1
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer Fundamentals and Programming I
2
Protecting Intellectual Assets
Organizational information is intellectual capital and must be protected Health Insurance Portability Act (HIPA) is one example of information security in action
3
People are the first line of defense
Insiders account for 33% of security incidents in an organization Information security policies – identify the rules required to maintain information security Information security plan – details how an organization will implement the information security policies.
4
Steps for creating an Information Security Plan
Develop the information security policies Designate responsibility and accountability to individual to follow the security plans 2. Communicate the information security policies Training employees to follow security policies and communicate consequences for not following those policies.
5
Steps for creating an Information Security Plan
3. Identify critical information assets and risks Require user IDs, passwords and anti-virus software. Implement firewalls and Intrusion Detection Software. 4. Test and reevaluate risks Continually perform security reviews, audits, background checks, and security assessments.
6
Steps for creating an Information Security Plan
Obtain Stakeholder support Gain the approval and support of the board of directors and stakeholders concerning the security
7
Second line of Defense-Technology
Authentication and Authorization Prevention and Resistance Detection and Response
8
Authentication and Authorization
Authentication – method for confirming users identities Authorization – process of giving someone permission to do or have something
9
Authentication and Authorization
Something the user knows – user IDs and passwords. Identity theft – forging of someone’s identity for the purpose of fraud. Phishing – an online form of identity theft, commonly through . B. Something the user has – Smart Card – a device the size of a credit card that can store small amount of information. Tokens – small electronic devices that change user passwords automatically.
10
Authentication and Authorization
C. Something that is part of the user – fingerprint or voice signature 1. Biometrics – the identification of a user based on a physical characteristics, such as finger print, iris, face, voice or handwriting.
11
Prevention and Resistance
Content filtering – occurs when software is used that filters content to prevent the transmission of unauthorized information. Encryption – scrambles information into an alternative form that requires a key or password to decrypt the information. Firewall – hardware and/or software that guards a private network by analyzing the information leaving and entering the network.
12
Detection and Response
If prevention and resistance strategies fail an organization can use detection and response technologies to minimize and correct any damage. The most common being anti virus software, software that scans the system for potential threats to that system.
13
Detection and Response
Hacker – people very knowledgeable about computers who use their knowledge to invade other people’s computers. White-hat hacker Black-hat hacker Hactivists Script kiddies or Script bunnies Cracker Cyberterrorists
14
Detection and Response
Virus – software written with malicious intent to cause annoyance or damage. Worm Denial-of-service Attack (DoS) Distributed Denial-of-service Attack (DDoS) Trojan horse virus Backdoor program Polymorphic virus and worm
15
END
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.