1 / 15

INFORMATION SECURITY

INFORMATION SECURITY. The protection of information from accidental or intentional misuse of a persons inside or outside an organization. Comp 212 – Computer Fundamentals and Programming I. Protecting Intellectual Assets. Organizational information is intellectual capital and must be protected.

saki
Download Presentation

INFORMATION SECURITY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer Fundamentals and Programming I

  2. Protecting Intellectual Assets Organizational information is intellectual capital and must be protected Health Insurance Portability Act (HIPA) is one example of information security in action

  3. People are the first line of defense Insiders account for 33% of security incidents in an organization Information security policies – identify the rules required to maintain information security Information security plan – details how an organization will implement the information security policies.

  4. Steps for creating an Information Security Plan Develop the information security policies Designate responsibility and accountability to individual to follow the security plans 2. Communicate the information security policies Training employees to follow security policies and communicate consequences for not following those policies.

  5. Steps for creating an Information Security Plan 3. Identify critical information assets and risks Require user IDs, passwords and anti-virus software. Implement firewalls and Intrusion Detection Software. 4. Test and reevaluate risks Continually perform security reviews, audits, background checks, and security assessments.

  6. Steps for creating an Information Security Plan Obtain Stakeholder support Gain the approval and support of the board of directors and stakeholders concerning the security

  7. Second line of Defense-Technology Authentication and Authorization Prevention and Resistance Detection and Response

  8. Authentication and Authorization • Authentication – method for confirming users identities • Authorization – process of giving someone permission to do or have something

  9. Authentication and Authorization • Something the user knows – user IDs and passwords. • Identity theft – forging of someone’s identity for the purpose of fraud. • Phishing – an online form of identity theft, commonly through e-mail. • B. Something the user has – • Smart Card – a device the size of a credit card that can store small amount of information. • Tokens – small electronic devices that change user passwords automatically.

  10. Authentication and Authorization C. Something that is part of the user – fingerprint or voice signature 1. Biometrics – the identification of a user based on a physical characteristics, such as finger print, iris, face, voice or handwriting.

  11. Prevention and Resistance • Content filtering – occurs when software is used that filters content to prevent the transmission of unauthorized information. • Encryption – scrambles information into an alternative form that requires a key or password to decrypt the information. • Firewall – hardware and/or software that guards a private network by analyzing the information leaving and entering the network.

  12. Detection and Response • If prevention and resistance strategies fail an organization can use detection and response technologies to minimize and correct any damage. • The most common being anti virus software, software that scans the system for potential threats to that system.

  13. Detection and Response • Hacker – people very knowledgeable about computers who use their knowledge to invade other people’s computers. • White-hat hacker • Black-hat hacker • Hactivists • Script kiddies or Script bunnies • Cracker • Cyberterrorists

  14. Detection and Response • Virus – software written with malicious intent to cause annoyance or damage. • Worm • Denial-of-service Attack (DoS) • Distributed Denial-of-service Attack (DDoS) • Trojan horse virus • Backdoor program • Polymorphic virus and worm

  15. END

More Related