Plug-in B6
This presentation is the property of its rightful owner.
Sponsored Links
1 / 18

INFORMATION SECURITY PowerPoint PPT Presentation


  • 80 Views
  • Uploaded on
  • Presentation posted in: General

Plug-in B6. INFORMATION SECURITY. THE FIRST LINE OF DEFENSE - PEOPLE. Organizations must enable employees, customers, and partners to access information electronically The biggest issue surrounding information security is not a technical issue, but a _______ issue

Download Presentation

INFORMATION SECURITY

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Information security

Plug-in B6

INFORMATION SECURITY


The first line of defense people

THE FIRST LINE OF DEFENSE - PEOPLE

  • Organizations must enable employees, customers, and partners to access information electronically

  • The biggest issue surrounding information security is not a technical issue, but a _______ issue

  • ___% of security incidents originate within the organization

    • Insiders – legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident


The first line of defense people1

THE FIRST LINE OF DEFENSE - PEOPLE

  • The first line of defense an organization should follow to help combat insider issues is to develop information security _______ and an information security _____

    • Information security policies– identify the rules required to maintain information security

    • Information security plan– details how an organization will __________ the information security policies


The first line of defense people2

THE FIRST LINE OF DEFENSE - PEOPLE

  • Hackers frequently use “_______ engineering” to obtain password

    • Social engineering – using one’s social skills to trick people into revealing access credentials or other information valuable to the attacker


The first line of defense people3

THE FIRST LINE OF DEFENSE - PEOPLE

  • Five steps to creating an information security plan:

    • Develop the information security policies

    • ____________ the information security policies

    • Identify critical information assets and risks

    • Test and reevaluate risks

    • Obtain ___________ support

      • Person, group, or organization that has direct or indirect stake in an organization because it can affect or be affected by the organization'sactions, objectives, and policies.


The second line of defense technology

THE SECOND LINE OF DEFENSE - TECHNOLOGY

  • There are three primary information technology security areas

    • Authentication and authorization

    • Prevention and resistance

    • Detection and response


Authentication and authorization

Authentication and Authorization

  • Authentication – a method for confirming users’ __________

  • Authorization – giving someone _________ to do or have something

  • The most secure type of authentication involves:

    • Something the user knows such as a user ID and password

    • Something the user has such as a smart card or token

    • Something that is part of the user such as a fingerprint or voice signature


Something the user knows

Something the User Knows

  • This is the most common way to identify individual users and typically contains a user ID and a password

  • This is also the most _________ form of authentication

  • Over ____ percent of help-desk calls are password related


Something the user knows1

Something the User Knows

  • Identity theft– a crime used to refer to ______ that involves someone pretending to be someone else in order to steal money or get other benefits.

  • Phishing– The act of sending an ______ to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft


Something the user knows2

Something the User Knows

  • Smart cards and tokens are more effective than a user ID and a password

    • Tokens – may be a _________ device that an authorized user of computer services is given to ease authentication.

    • Smart card – a device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited ___________


Something that is part of the user

Something That Is Part Of The User

  • This is by far the best and most effective way to manage authentication

    • Biometrics– technologies that measure and analyze human body characteristics, such as fingerprints, eye retinas and irises, voice patterns, facial patterns and hand measurements, for ____________ purposes.

  • Unfortunately, this method can be costly and intrusive


Prevention and resistance

Prevention and Resistance

  • Downtime can cost an organization anywhere from $100 to $1 million per hour

  • Technologies available to help prevent and build resistance to attacks include:

    • Content filtering

    • Encryption

    • Firewalls


Content filtering

Content Filtering

  • Organizations can use content filtering technologies to prevent e-mails containing sensitive information from transmitting and stop spam and viruses from spreading.

    • Content filtering –using software that filters content to prevent the transmission of unauthorized information

    • Spam – the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages

    • Corporate losses caused by spam (_______ $)


Encryption

Encryption

  • If there is an information security breach and the information was encrypted, the person stealing the information would be unable to read it

    • Encryption– the process of transforming information using an _________ (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key

    • Public key encryption (PKE) – an encryption system that uses two keys: a public key for everyone and a private key for the recipient


Firewalls

Firewalls

  • One of the most common defenses for preventing a security breach is a firewall

    • Firewall– hardware and/or software that guards a private network by analyzing the information leaving and entering the network


Detection and response

Detection and Response

  • Antivirus software is the most common type of detection and response technology

  • Hacker- people very knowledgeable about computers who use their knowledge to invade other people’s computers

    • White-hat hacker

    • Black-hat hacker

    • Hactivist

    • Script kiddies or script bunnies

    • Cracker

    • Cyber terrorist


Detection and response1

Detection and Response

  • Virus -software written with malicious intent to cause annoyance or damage

    • Worm: spreads itself among files & computers

    • Denial-of-service attack (DoS): flooding web sites

    • Distributed denial-of-service attack (DDoS): attacks from multiple computers

    • Trojan-horse: hides inside other software

    • Backdoor program: open a way for future attack

    • Polymorphic virus and worm: change their form as they propagate


Detection and response2

Detection and Response

  • Security threats to e-business include:

    • Elevation of privilege

    • Hoaxes

    • Malicious code

    • Spoofing

    • Spyware

    • Sniffer

    • Packet tampering


  • Login