Download presentation
Presentation is loading. Please wait.
1
CHAPTER 4 Information Security
2
CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate Threats to Information Security 4.4 What Organizations Are Doing to Protect Information Resources 4.5 Information Security Controls
3
LEARNING OBJECTIVES Identify the five factors that contribute to the increasing vulnerability of information resources, and provide a specific example of each one. Compare and contrast human mistakes and social engineering, and provide a specific example of each one. Discuss the nine types of deliberate attacks. Define the three risk mitigation strategies, and provide an example of each one in the context of you owning a home. Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
4
4.1 Introduction to Information Security
5
Key Information Security Terms
Threat Exposure Vulnerability
6
Five Factors Increasing the Vulnerability of Information Resources
Today’s interconnected, interdependent, wirelessly-networked business environment Smaller, faster, cheaper computers and storage devices Decreasing skills necessary to be a hacker
7
Five Factors Increasing the Vulnerability of Information Resources continued
Organized crime taking over cybercrime Lack of management support
8
4.2 Unintentional Threats to Information Security
9
Categories of Unintentional Threats
Human Errors Social Engineering
10
Human Errors Carelessness with laptops and portable computing devices
Opening questionable s Careless Internet surfing Poor password selection and use
11
Social Engineering Tailgating Shoulder Surfing
12
4.3 Deliberate Threats to Information Security
13
Deliberate Threats Espionage or trespass Information extortion
Sabotage or vandalism Theft of equipment or information
14
Deliberate Threats (continued)
Identity Theft Compromised to Intellectual Property Software Attacks SCADA Attacks Cyberterrorism and Cyberwarfare
15
Software Attacks Virus Worm Trojan Horse Logic Bomb Phishing attacks
Distributed denial-of-service attacks
16
4.4 What Organizations Are Doing to Protect Information Resources
17
Risk Management Risk Risk management Risk analysis Risk mitigation
18
Risk Mitigation Strategies
Risk Acceptance Risk limitation Risk transference
19
4.5 Information Security Controls
20
Information Security Controls
Physical controls Access controls Communications (network) controls
21
Access Controls Authentication Authorization
22
Communication or Network Controls
Firewalls Anti-malware systems Whitelisting and Blacklisting Encryption
23
Communication or Network Controls (continued)
Virtual private networking Secure Socket Layer Employee monitoring systems
24
Business Continuity Planning, Backup, and Recovery
Hot Site Warm Site Cold Site
25
Information Systems Auditing
Types of Auditors and Audits Internal External
26
IS Auditing Procedure Auditing around the computer
Auditing through the computer Auditing with the computer
27
Closing Case Information Security at the International Fund for Animal Welfare
The Problem The Solution The Results
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.