1 / 10

CHAPTER 4

CHAPTER 4. Information Security. Factors Increasing the Threats to Information Security. Today’s interconnected, interdependent, wirelessly-networked business environment Smaller, faster, cheaper computers and storage devices Decreasing skills necessary to be a computer hacker

hector
Download Presentation

CHAPTER 4

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CHAPTER 4 Information Security

  2. Factors Increasing the Threats to Information Security • Today’s interconnected, interdependent, wirelessly-networked business environment • Smaller, faster, cheaper computers and storage devices • Decreasing skills necessary to be a computer hacker • Increased employee use of unmanaged devices • Lack of management support

  3. Unintentional Threats • Unintentional acts • Natural disasters • Technical failures / environmental hazards • Human error • Social Engineering (tailgating, shoulder surfing, etc.) • Management failures • Ways to prevent?

  4. Deliberate Threats • Espionage / Trespassing • Extortion • Sabotage / vandalism • Theft (equipment, information, or identity) • Software attacks • Many others

  5. Risk Management • Risk • Risk management • Risk analysis • Risk mitigation

  6. Risk Mitigation Strategies • Risk acceptance • Risk limitation • Risk transference

  7. Information Security Controls • Physical Controls • Access Controls • Communications Controls

  8. Access Controls • Authentication • Something the user is • Something the user has • Something the user does • Something the user knows • Authorization

  9. Communications Controls • Firewalls • Antivirus software • Whitelisting and Blacklisting software • Encryption • Digital Certificates • VPN • Employee Monitoring Systems

  10. Other things organizations can do... • Business Continuity Planning • Backup • Recovery • Information Security Auditing

More Related