1 / 18

INFORMATION SECURITY

Plug-in B6. INFORMATION SECURITY. THE FIRST LINE OF DEFENSE - PEOPLE. Organizations must enable employees, customers, and partners to access information electronically The biggest issue surrounding information security is not a technical issue, but a _______ issue

conan
Download Presentation

INFORMATION SECURITY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Plug-in B6 INFORMATION SECURITY

  2. THE FIRST LINE OF DEFENSE - PEOPLE • Organizations must enable employees, customers, and partners to access information electronically • The biggest issue surrounding information security is not a technical issue, but a _______ issue • ___% of security incidents originate within the organization • Insiders – legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident

  3. THE FIRST LINE OF DEFENSE - PEOPLE • The first line of defense an organization should follow to help combat insider issues is to develop information security _______ and an information security _____ • Information security policies– identify the rules required to maintain information security • Information security plan– details how an organization will __________ the information security policies

  4. THE FIRST LINE OF DEFENSE - PEOPLE • Hackers frequently use “_______ engineering” to obtain password • Social engineering – using one’s social skills to trick people into revealing access credentials or other information valuable to the attacker

  5. THE FIRST LINE OF DEFENSE - PEOPLE • Five steps to creating an information security plan: • Develop the information security policies • ____________ the information security policies • Identify critical information assets and risks • Test and reevaluate risks • Obtain ___________ support • Person, group, or organization that has direct or indirect stake in an organization because it can affect or be affected by the organization'sactions, objectives, and policies.

  6. THE SECOND LINE OF DEFENSE - TECHNOLOGY • There are three primary information technology security areas • Authentication and authorization • Prevention and resistance • Detection and response

  7. Authentication and Authorization • Authentication – a method for confirming users’ __________ • Authorization – giving someone _________ to do or have something • The most secure type of authentication involves: • Something the user knows such as a user ID and password • Something the user has such as a smart card or token • Something that is part of the user such as a fingerprint or voice signature

  8. Something the User Knows • This is the most common way to identify individual users and typically contains a user ID and a password • This is also the most _________ form of authentication • Over ____ percent of help-desk calls are password related

  9. Something the User Knows • Identity theft– a crime used to refer to ______ that involves someone pretending to be someone else in order to steal money or get other benefits. • Phishing– The act of sending an ______ to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft

  10. Something the User Knows • Smart cards and tokens are more effective than a user ID and a password • Tokens – may be a _________ device that an authorized user of computer services is given to ease authentication. • Smart card – a device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited ___________

  11. Something That Is Part Of The User • This is by far the best and most effective way to manage authentication • Biometrics– technologies that measure and analyze human body characteristics, such as fingerprints, eye retinas and irises, voice patterns, facial patterns and hand measurements, for ____________ purposes. • Unfortunately, this method can be costly and intrusive

  12. Prevention and Resistance • Downtime can cost an organization anywhere from $100 to $1 million per hour • Technologies available to help prevent and build resistance to attacks include: • Content filtering • Encryption • Firewalls

  13. Content Filtering • Organizations can use content filtering technologies to prevent e-mails containing sensitive information from transmitting and stop spam and viruses from spreading. • Content filtering –using software that filters content to prevent the transmission of unauthorized information • Spam – the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages • Corporate losses caused by spam (_______ $)

  14. Encryption • If there is an information security breach and the information was encrypted, the person stealing the information would be unable to read it • Encryption– the process of transforming information using an _________ (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key • Public key encryption (PKE) – an encryption system that uses two keys: a public key for everyone and a private key for the recipient

  15. Firewalls • One of the most common defenses for preventing a security breach is a firewall • Firewall– hardware and/or software that guards a private network by analyzing the information leaving and entering the network

  16. Detection and Response • Antivirus software is the most common type of detection and response technology • Hacker- people very knowledgeable about computers who use their knowledge to invade other people’s computers • White-hat hacker • Black-hat hacker • Hactivist • Script kiddies or script bunnies • Cracker • Cyber terrorist

  17. Detection and Response • Virus -software written with malicious intent to cause annoyance or damage • Worm: spreads itself among files & computers • Denial-of-service attack (DoS): flooding web sites • Distributed denial-of-service attack (DDoS): attacks from multiple computers • Trojan-horse: hides inside other software • Backdoor program: open a way for future attack • Polymorphic virus and worm: change their form as they propagate

  18. Detection and Response • Security threats to e-business include: • Elevation of privilege • Hoaxes • Malicious code • Spoofing • Spyware • Sniffer • Packet tampering

More Related