Presentation is loading. Please wait.

Presentation is loading. Please wait.

BUSINESS PLUG-IN B6 Information Security.

Published byDoreen Page Modified over 9 years ago

Similar presentations

Presentation on theme: "BUSINESS PLUG-IN B6 Information Security."— Presentation transcript:

1 BUSINESS PLUG-IN B6 Information Security

2 LEARNING OUTCOMES Describe the relationship between information security policies and an information security plan Summarize the five steps to creating an information security plan Provide an example of each of the three primary security areas: (1) authentication and authorization, (2) prevention and resistance, and (3) detection and response Describe the relationships and differences between hackers and viruses

3 INTRODUCTION Information security – a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization This plug-in discusses how organizations can implement information security lines of defense through people first and technology second

4 The First Line of Defense - People
The biggest issue surrounding information security is not a technical issue, but a people issue 38% of security incidents originate within the organization Insiders Social engineering

5 The First Line of Defense - People
The first line of defense an organization should follow to help combat insider issues is to develop information security policies and an information security plan Information security policies – identify the rules required to maintain information security Information security plan – details how an organization will implement the information security policies

6 The First Line of Defense - People
Five steps to creating an information security plan Develop the information security policies Communicate the information security policies Identify critical information assets and risks Test and reevaluate risks Obtain stakeholder support

7 The First Line of Defense - People

8 The Second Line of Defense - Technology
Three primary information security areas Authentication and authorization Prevention and resistance Detection and response

9 AUTHENTICATION AND AUTHORIZATION
Authentication – a method for confirming users’ identities Authorization – the process of giving someone permission to do or have something The most secure type of authentication involves a combination of the following: Something the user knows such as a user ID and password Something the user has such as a smart card or token Something that is part of the user such as a fingerprint or voice signature

10 Something the User Knows such as a User ID and Password
User ID and passwords are the most common way to identify individual users, and are the most ineffective form of authentication Identity theft – the forging of someone’s identity for the purpose of fraud Phishing – a technique to gain personal information for the purpose of identity theft

11 Something the User Has such as a Smart Card or Token
Smart cards and tokens are more effective than a user ID and a password Token – small electronic devices that change user passwords automatically Smart card – a device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing

12 Something That Is Part of the User such as a Fingerprint or Voice Signature
This is by far the best and most effective way to manage authentication Biometrics – the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting Unfortunately, this method can be costly and intrusive

13 PREVENTION AND RESISTANCE
Downtime can cost an organization anywhere from $100 to $1 million per hour Technologies available to help prevent and build resistance to attacks include: Content filtering Encryption Firewalls

14 Content Filtering Organizations can use content filtering technologies to filter and prevent s containing sensitive information from transmitting and stop spam and viruses from spreading Content filtering – occurs when organizations use software that filters content to prevent the transmission of unauthorized information Spam – a form of unsolicited

15 Content Filtering Worldwide corporate losses caused by Spam (in billions)

16 ENCRYPTION If there is an information security breach and the information was encrypted, the person stealing the information would be unable to read it Encryption – scrambles information into an alternative form that requires a key or password to decrypt the information Public key encryption – uses two keys: a public key that everyone can have and a private key for only the recipient

17 ENCRYPTION

18 FIREWALLS One of the most common defenses for preventing a security breach is a firewall Firewall – hardware and/or software that guards a private network by analyzing the information leaving and entering the network

19 FIREWALLS Sample firewall architecture connecting systems located in Chicago, New York, and Boston

20 DETECTION AND RESPONSE
If prevention and resistance strategies fail and there is a security breach, an organization can use detection and response technologies to mitigate the damage Antivirus software is the most common type of detection and response technology

21 DETECTION AND RESPONSE
Hacker - people very knowledgeable about computers who use their knowledge to invade other people’s computers White-hat hacker Black-hat hacker Hactivist Script kiddies or script bunnies Cracker Cyberterrorist

22 DETECTION AND RESPONSE
Virus - software written with malicious intent to cause annoyance or damage Worm Denial-of-service attack (DoS) Distributed denial-of-service attack (DDoS) Trojan-horse virus Backdoor program Polymorphic virus and worm

23 DETECTION AND RESPONSE
Security threats to ebusiness include: Elevation of privilege Hoaxes Malicious code Spoofing Spyware Sniffer Packet tampering

24 CLOSING CASE ONE Thinking Like the Enemy
The Intense School offers several security courses, including the five-day “Professional Hacking Boot Camp” and “Social Engineering in Two Days” Main philosophy of the Intense School is “To Know Thy Enemy” The school is taught by several notorious hackers

25 CLOSING CASE ONE QUESTIONS
How could an organization benefit from attending one of the courses offered at the Intense School? What are the two primary lines of security defense and how can organizational employees use the information taught by the Intense School when drafting an information security plan? Determine the difference between the two primary courses offered at the Intense school, “Professional Hacking Boot Camp” and “Social Engineering in Two Days.” Which course is more important for organizational employees to attend?

26 CLOSING CASE ONE QUESTIONS
If your employer sent you to take a course at the Intense School, which one would you choose and why? What are the ethical dilemmas involved with having such a course offered by a private company?

27 CLOSING CASE TWO Hacker Hunters
Hackers are a new breed of crime fighters Operation Firewall, targeting the ShadowCrew, a gang whose members were schooled in identity theft, bank account pillage, and selling illegal goods on the Internet, arrested 28 gang members in eight states and six countries

28 CLOSING CASE TWO QUESTIONS
What types of technology could big retailers use to prevent identity thieves from purchasing merchandise? What can organizations do to protect themselves from hackers looking to steal account data? Authorities frequently tap online service providers to track down hackers. Do you think it is ethical for authorities to tap an online service provider and read people’s ? Why or why not?

29 CLOSING CASE TWO QUESTIONS
Do you think it was ethical for authorities to use one of the high-ranking officials to trap other gang members? Why or why not? In a team, research the Internet and find the best ways to protect yourself from identity theft

Download ppt "BUSINESS PLUG-IN B6 Information Security."

Similar presentations

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.

Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.
CHAPTER OVERVIEW SECTION 4.1 – Ethics

CHAPTER OVERVIEW SECTION 4.1 – Ethics
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
MANAGING IT SYSTEMS Top Things to Keep in Mind to Protect Yourself and Others.

MANAGING IT SYSTEMS Top Things to Keep in Mind to Protect Yourself and Others.
Sarbanes-Oxley: Where Information Technology, Finance, and Ethics Meet

Sarbanes-Oxley: Where Information Technology, Finance, and Ethics Meet
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Business Plug-In B6 Information Security.

McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Business Plug-In B6 Information Security.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS

ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.

Similar presentations

Ads by Google