Presentation is loading. Please wait.

Presentation is loading. Please wait.

BUSINESS B1 Information Security.

Published byJune Foster Modified over 9 years ago

Similar presentations

Presentation on theme: "BUSINESS B1 Information Security."— Presentation transcript:

1 BUSINESS B1 Information Security

2 Learning Outcomes Describe the relationship between information security policies and an information security plan Summarize the five steps to creating an information security plan Provide an example of each of the three primary security areas: authentication and authorization, prevention and resistance, and detection and response Describe the relationships and differences between hackers and viruses

3 Information Security : Intro
Information security – a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization This plug-in discusses how organizations can implement information security lines of defense through people first and technology second

4 Information Security : People
Organizations must enable employees, customers, and partners to access information electronically 33% of security incidents originate within the organization Insiders – legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident

5 Information Security : Combat Insider
An organization should develop information security policies and an information security plan Information security policies – identify the rules required to maintain information security Information security plan – details how an organization will implement the information security policies

6 Creating an information security plan
Develop the information security policies Communicate the information security policies Identify critical information assets and risks Firewall – hardware and/or software that guards a private network by analyzing the information leaving and entering the network Intrusion detection software (IDS) – searches out patterns in network traffic to indicate attacks and quickly respond to prevent harm Test and reevaluate risks Obtain stakeholder support

7

8 Information Security : Technology
Three primary information security areas Authentication and authorization Prevention and resistance Detection and response

9 Authentication and Authorization
Authentication – a method for confirming users’ identities The most secure type of authentication involves a combination of the following: Something the user knows such as a user ID and password Something the user has such as a smart card or token Something that is part of the user such as a fingerprint or voice signature

10 Something the User Knows such as a User ID and Password
This is the most common way to identify individual users and typically contains a user ID and a password This is also the most ineffective form of authentication Over 50 percent of help-desk calls are password related

11 Something the User Knows such as a User ID and Password

12 Something the User Has such as a Smart Card or Token
Smart cards and tokens are more effective than a user ID and a password Tokens – small electronic devices that change user passwords automatically Smart card – a device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing

13 Something that is Part of the User such as a Fingerprint or Voice Signature
This is by far the best and most effective way to manage authentication Biometrics – the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting Unfortunately, this method can be costly and intrusive

14 Prevention and Resistance
Downtime can cost an organization anywhere from $100 to $1 million per hour Technologies available to help prevent and build resistance to attacks include: Content filtering Encryption Firewalls

15 Content Filtering Organizations can use content filtering technologies to filter and prevent s containing sensitive information from transmitting and stop spam and viruses from spreading Content filtering – occurs when organizations use software that filters content to prevent the transmission of unauthorized information Spam – a form of unsolicited

16 Encryption If there is an information security breach and the information was encrypted, the person stealing the information would be unable to read it Encryption – scrambles information into an alternative form that requires a key or password to decrypt the information

17 Firewalls One of the most common defenses for preventing a security breach is a firewall Firewall – hardware and/or software that guards a private network by analyzing the information leaving and entering the network

18 Detection and Response
If prevention and resistance strategies fail and there is a security breach, an organization can use detection and response technologies to mitigate the damage Antivirus software is the most common type of detection and response technology

19 Security Threats to E-business Sites
Malicious code – includes a variety of threats such as viruses, worms, and Trojan horses Hoaxes – attack computer systems by transmitting a virus hoax, with a real virus attached Spoofing – the forging of the return address on an so that the message appears to come from someone other than the actual sender Sniffer – a program or device that can monitor data traveling over a network

20

21

Download ppt "BUSINESS B1 Information Security."

Similar presentations

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.

Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
CHAPTER OVERVIEW SECTION 4.1 – Ethics

CHAPTER OVERVIEW SECTION 4.1 – Ethics
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Sarbanes-Oxley: Where Information Technology, Finance, and Ethics Meet

Sarbanes-Oxley: Where Information Technology, Finance, and Ethics Meet
BUSINESS PLUG-IN B6 Information Security.

BUSINESS PLUG-IN B6 Information Security.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Business Plug-In B6 Information Security.

McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Business Plug-In B6 Information Security.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS

ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved ETHICS SECTION 4.1.

McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved ETHICS SECTION 4.1.
4-1 Chapter Four Overview SECTION 4.1 - ETHICS –Ethics –Information Ethics –Developing Information Management Policies –Ethics in the Workplace SECTION.

4-1 Chapter Four Overview SECTION ETHICS –Ethics –Information Ethics –Developing Information Management Policies –Ethics in the Workplace SECTION.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.

Similar presentations

Ads by Google