Presentation is loading. Please wait.

Presentation is loading. Please wait.

CHAPTER 4 Information Security.

Similar presentations


Presentation on theme: "CHAPTER 4 Information Security."— Presentation transcript:

1 CHAPTER 4 Information Security

2 CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate Threats to Information Security 4.4 What Organizations Are Doing to Protect Information Resources 4.5 Information Security Controls

3 LEARNING OBJECTIVES Identify the five factors that contribute to the increasing vulnerability of information resources, and provide a specific example of each one. Compare and contrast human mistakes and social engineering, and provide a specific example of each one. Discuss the nine types of deliberate attacks. Define the three risk mitigation strategies, and provide an example of each one in the context of you owning a home. Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.

4 4.1 Introduction to Information Security

5 Key Information Security Terms
Threat Exposure Vulnerability

6 Five Factors Increasing the Vulnerability of Information Resources
Today’s interconnected, interdependent, wirelessly-networked business environment Smaller, faster, cheaper computers and storage devices Decreasing skills necessary to be a hacker

7 Five Factors Increasing the Vulnerability of Information Resources continued
Organized crime taking over cybercrime Lack of management support

8 4.2 Unintentional Threats to Information Security

9 Categories of Unintentional Threats
Human Errors Social Engineering

10 Human Errors Carelessness with laptops and portable computing devices
Opening questionable s Careless Internet surfing Poor password selection and use

11 Social Engineering Tailgating Shoulder Surfing

12 4.3 Deliberate Threats to Information Security

13 Deliberate Threats Espionage or trespass Information extortion
Sabotage or vandalism Theft of equipment or information

14 Deliberate Threats (continued)
Identity Theft Compromised to Intellectual Property Software Attacks SCADA Attacks Cyberterrorism and Cyberwarfare

15 Software Attacks Virus Worm Trojan Horse Logic Bomb Phishing attacks
Distributed denial-of-service attacks

16 4.4 What Organizations Are Doing to Protect Information Resources

17 Risk Management Risk Risk management Risk analysis Risk mitigation

18 Risk Mitigation Strategies
Risk Acceptance Risk limitation Risk transference

19 4.5 Information Security Controls

20 Information Security Controls
Physical controls Access controls Communications (network) controls

21 Access Controls Authentication Authorization

22 Communication or Network Controls
Firewalls Anti-malware systems Whitelisting and Blacklisting Encryption

23 Communication or Network Controls (continued)
Virtual private networking Secure Socket Layer Employee monitoring systems

24 Business Continuity Planning, Backup, and Recovery
Hot Site Warm Site Cold Site

25 Information Systems Auditing
Types of Auditors and Audits Internal External

26 IS Auditing Procedure Auditing around the computer
Auditing through the computer Auditing with the computer

27 Closing Case Information Security at the International Fund for Animal Welfare
The Problem The Solution The Results


Download ppt "CHAPTER 4 Information Security."

Similar presentations


Ads by Google