Plug-in B6
1 / 18

INFORMATION SECURITY - PowerPoint PPT Presentation

  • Uploaded on

Plug-in B6. INFORMATION SECURITY. THE FIRST LINE OF DEFENSE - PEOPLE. Organizations must enable employees, customers, and partners to access information electronically The biggest issue surrounding information security is not a technical issue, but a _______ issue

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'INFORMATION SECURITY' - conan

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Information security

Plug-in B6


The first line of defense people

  • Organizations must enable employees, customers, and partners to access information electronically

  • The biggest issue surrounding information security is not a technical issue, but a _______ issue

  • ___% of security incidents originate within the organization

    • Insiders – legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident

The first line of defense people1

  • The first line of defense an organization should follow to help combat insider issues is to develop information security _______ and an information security _____

    • Information security policies– identify the rules required to maintain information security

    • Information security plan– details how an organization will __________ the information security policies

The first line of defense people2

  • Hackers frequently use “_______ engineering” to obtain password

    • Social engineering – using one’s social skills to trick people into revealing access credentials or other information valuable to the attacker

The first line of defense people3

  • Five steps to creating an information security plan:

    • Develop the information security policies

    • ____________ the information security policies

    • Identify critical information assets and risks

    • Test and reevaluate risks

    • Obtain ___________ support

      • Person, group, or organization that has direct or indirect stake in an organization because it can affect or be affected by the organization'sactions, objectives, and policies.

The second line of defense technology

  • There are three primary information technology security areas

    • Authentication and authorization

    • Prevention and resistance

    • Detection and response

Authentication and authorization
Authentication and Authorization

  • Authentication – a method for confirming users’ __________

  • Authorization – giving someone _________ to do or have something

  • The most secure type of authentication involves:

    • Something the user knows such as a user ID and password

    • Something the user has such as a smart card or token

    • Something that is part of the user such as a fingerprint or voice signature

Something the user knows
Something the User Knows

  • This is the most common way to identify individual users and typically contains a user ID and a password

  • This is also the most _________ form of authentication

  • Over ____ percent of help-desk calls are password related

Something the user knows1
Something the User Knows

  • Identity theft– a crime used to refer to ______ that involves someone pretending to be someone else in order to steal money or get other benefits.

  • Phishing– The act of sending an ______ to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft

Something the user knows2
Something the User Knows

  • Smart cards and tokens are more effective than a user ID and a password

    • Tokens – may be a _________ device that an authorized user of computer services is given to ease authentication.

    • Smart card – a device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited ___________

Something that is part of the user
Something That Is Part Of The User

  • This is by far the best and most effective way to manage authentication

    • Biometrics– technologies that measure and analyze human body characteristics, such as fingerprints, eye retinas and irises, voice patterns, facial patterns and hand measurements, for ____________ purposes.

  • Unfortunately, this method can be costly and intrusive

Prevention and resistance
Prevention and Resistance

  • Downtime can cost an organization anywhere from $100 to $1 million per hour

  • Technologies available to help prevent and build resistance to attacks include:

    • Content filtering

    • Encryption

    • Firewalls

Content filtering
Content Filtering

  • Organizations can use content filtering technologies to prevent e-mails containing sensitive information from transmitting and stop spam and viruses from spreading.

    • Content filtering –using software that filters content to prevent the transmission of unauthorized information

    • Spam – the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages

    • Corporate losses caused by spam (_______ $)


  • If there is an information security breach and the information was encrypted, the person stealing the information would be unable to read it

    • Encryption– the process of transforming information using an _________ (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key

    • Public key encryption (PKE) – an encryption system that uses two keys: a public key for everyone and a private key for the recipient


  • One of the most common defenses for preventing a security breach is a firewall

    • Firewall– hardware and/or software that guards a private network by analyzing the information leaving and entering the network

Detection and response
Detection and Response

  • Antivirus software is the most common type of detection and response technology

  • Hacker- people very knowledgeable about computers who use their knowledge to invade other people’s computers

    • White-hat hacker

    • Black-hat hacker

    • Hactivist

    • Script kiddies or script bunnies

    • Cracker

    • Cyber terrorist

Detection and response1
Detection and Response

  • Virus -software written with malicious intent to cause annoyance or damage

    • Worm: spreads itself among files & computers

    • Denial-of-service attack (DoS): flooding web sites

    • Distributed denial-of-service attack (DDoS): attacks from multiple computers

    • Trojan-horse: hides inside other software

    • Backdoor program: open a way for future attack

    • Polymorphic virus and worm: change their form as they propagate

Detection and response2
Detection and Response

  • Security threats to e-business include:

    • Elevation of privilege

    • Hoaxes

    • Malicious code

    • Spoofing

    • Spyware

    • Sniffer

    • Packet tampering