Download Business Plug-In B6 PowerPoint Presentation

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
Document related concepts

Cracking of wireless networks wikipedia , lookup

Distributed firewall wikipedia , lookup

Wireless security wikipedia , lookup

Computer security wikipedia , lookup

Transcript 
Business Plug-In B6
Information Security
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
LEARNING OUTCOMES
1. Describe the relationships and differences
between hackers and viruses
2. Describe the relationship between
information security policies and an
information security plan
3. Provide an example of each of the three
primary security areas: (1) authentication
and authorization, (2) prevention and
resistance, and (3) detection and response
6-2
PROTECTING INTELLECTUAL
ASSETS
O Organizational information is
intellectual capital - it must be
protected
O Information security – The protection
of information from accidental or
intentional misuse by persons inside
or outside an organization
O Downtime – Refers to a period of time
when a system is unavailable
6-3
PROTECTING INTELLECTUAL
ASSETS
Sources of Unplanned Downtime
6-4
PROTECTING INTELLECTUAL
ASSETS
How Much Will Downtime Cost Your Business?
6-5
Security Threats Caused by
Hackers and Viruses
O Hacker – Experts in technology who use their
knowledge to break into computers and
computer networks, either for profit or just
motivated by the challenge
O Black-hat hacker
O Cracker
O Cyberterrorist
O Hactivist
O Script kiddies or script bunnies
O White-hat hacker
6-6
Security Threats Caused by
Hackers and Viruses
O Virus - Software written with malicious intent
to cause annoyance or damage
O Backdoor program
O Denial-of-service attack (DoS)
O Distributed denial-of-service attack (DDoS)
O Polymorphic virus
O Trojan-horse virus
O Worm
6-7
Security Threats Caused by
Hackers and Viruses
How Computer Viruses Spread
6-8
Security Threats Caused by
Hackers and Viruses
O Security threats to ebusiness include
O Elevation of privilege
O Hoaxes
O Malicious code
O Packet tampering
O Sniffer
O Spoofing
O Splogs
O Spyware
6-9
THE FIRST LINE OF DEFENSE PEOPLE
O Organizations must enable employees,
customers, and partners to access
information electronically
O The biggest issue surrounding information
security is not a technical issue, but a people
issue
O Insiders
O Social engineering
O Dumpster diving
6-10
THE FIRST LINE OF DEFENSE PEOPLE
O The first line of defense an organization
should follow to help combat insider issues
is to develop information security policies
and an information security plan
O Information security policies
O Information security plan
6-11
THE SECOND LINE OF DEFENSE TECHNOLOGY
O There are three primary information
technology security areas
6-12
Authentication and Authorization
O Identity theft – The forging of
someone’s identity for the
purpose of fraud
O Phishing – A technique to gain
personal information for the
purpose of identity theft,
usually by means of fraudulent
email
O Pharming – Reroutes requests
for legitimate websites to false
websites
6-13
Authentication and Authorization
O Authentication – A method for confirming users’
identities
O Authorization – The process of giving someone
permission to do or have something
O The most secure type of authentication involves
1. Something the user knows
2. Something the user has
3. Something that is part of the user
6-14
Something the User Knows Such
As a User ID and Password
O This is the most common way to
identify individual users and
typically contains a user ID and
a password
O This is also the most ineffective
form of authentication
O Over 50 percent of help-desk
calls are password related
6-15
Something the User Knows Such
As a User ID and Password
O Smart cards and tokens are more
effective than a user ID and a
password
O Tokens – Small electronic devices that
change user passwords automatically
O Smart card – A device that is around
the same size as a credit card,
containing embedded technologies
that can store information and small
amounts of software to perform some
limited processing
6-16
Something That Is Part Of The User Such As a
Fingerprint or Voice Signature
O This is by far the best and most
effective way to manage
authentication
O Biometrics – The identification of a user
based on a physical characteristic, such
as a fingerprint, iris, face, voice, or
handwriting
O Unfortunately, this method can be
costly and intrusive
6-17
Prevention and Resistance
O Downtime can cost an organization
anywhere from $100 to $1 million per
hour
O Technologies available to help prevent
and build resistance to attacks include
1. Content filtering
2. Encryption
3. Firewalls
6-18
Prevention and Resistance
O Content filtering - Prevents
emails containing sensitive
information from transmitting
and stops spam and viruses
from spreading
6-19
Prevention and Resistance
O If there is an information security
breach and the information was
encrypted, the person stealing the
information would be unable to read it
O Encryption
O Public key encryption (PKE)
O Certificate authority
O Digital certificate
6-20
Prevention and Resistance
6-21
Prevention and Resistance
O One of the most common
defenses for preventing a
security breach is a firewall
O Firewall – Hardware and/or
software that guards a
private network by analyzing
the information leaving and
entering the network
6-22
Prevention and Resistance
O
Sample firewall architecture connecting systems
located in Chicago, New York, and Boston
6-23
Detection and Response
O If prevention and resistance
strategies fail and there is a
security breach, an
organization can use detection
and response technologies to
mitigate the damage
O Intrusion detection software –
Features full-time monitoring
tools that search for patterns in
network traffic to identify
intruders
6-24
Related documents
Chapter 5 Protecting Information Resources
Chapter 5 Protecting Information Resources
Viruses - StantonAPBiology
Viruses - StantonAPBiology
Viruses can enter a computer system in a number of ways, including
Viruses can enter a computer system in a number of ways, including
01-Intro
01-Intro
Viruses - BealBio
Viruses - BealBio
Windows Security
Windows Security
PPT WEEK 2 P 3
PPT WEEK 2 P 3
Document
Document
Security
Security
Computer Virus Could Become Biological
Computer Virus Could Become Biological
Network and Hackers
Network and Hackers
Three dimensions of information protection and monitoring
Three dimensions of information protection and monitoring
Security Whitepaper, PDF
Security Whitepaper, PDF