Scribd
Upload
115 views

IT Security

The document discusses information security and the threats organizations face from human errors, social engineering, and software attacks. It also outlines the controls organizations implement for physical, access, communication, business continuity, and auditing to protect their information resources and mitigate risks.

Uploaded by

shannon casey
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
115 views

IT Security

The document discusses information security and the threats organizations face from human errors, social engineering, and software attacks. It also outlines the controls organizations implement for physical, access, communication, business continuity, and auditing to protect their information resources and mitigate risks.

Uploaded by

shannon casey
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 32

Information Security

MBA – IT Management
• Security
• Information Security

• Threat
• Exposure
• Vulnerability

2
Introduction to Information Security
• Five Factors Contributing to Vulnerability
• Today’s interconnected, interdependent, wirelessly
networked business environment

• Smaller, faster, cheaper computers & storage devices


• Decreasing skills necessary to be a computer hacker
• International organized crime taking over cybercrime
• Lack of management support
3
• Human Errors

• Social Engineering

4
5
Human Errors (1 of 3)
• Higher level employees + greater access privileges = greater
threat

• Two areas pose significant threats


• Human Resources
• Information Systems
• Other areas of threats:
• Contract Labor, consultants, janitors, & guards 6
Human Errors (2 of 3)
• Common Human Error
• Carelessness with Laptops
• Carelessness with Computing Devices

• Opening Questionable E-mail


• Careless Internet Surfing
• Poor Password Selection and Use
7
Human Errors (3 of 3)

• Common Human Error


• Carelessness with One’s Office
• Carelessness Using Unmanaged Devices

• Carelessness with Discarded Equipment


• Careless Monitoring of Environmental Hazards

8
Social Engineering

• an attack in which the perpetrator uses social skills


to trick or manipulate legitimate employees into
providing confidential company information such
as passwords.

• Example:
• Kevin Mitnick, world famous hacker and former
FBI’s most wanted.
Copyright ©2018 John Wiley & Sons, Inc. 9
Deliberate Threats to Information Systems (1
of 2)

• Espionage or Trespass
• Information Extortion
• Sabotage or Vandalism
• Theft of Equipment or Information
10
• Identity Theft
Deliberate Threats to Information Systems (2
of 2)

• Software Attacks
• Alien Software

• Supervisory Control and Data Acquisition


(SCADA) Attacks
• Cyberterrorism and Cyberwarfare
11
• The St. Louis Cardinals Accused of Hacking the
Houston Astros

12
Software Attacks (1 of 3)

• Remote Attacks Requiring User Action


• Virus
• Worm
• Phishing Attack
• Spear Phishing Attack

13
Software Attacks (2 of 3)
• Remote Attacks Needing No User Action

• Denial of Service Attack


• Distributed Denial of Service Attack

14
Software Attacks (3 of 3)

• Attacks by a Programmer Developing a System

• Trojan Horse
• Back Door
• Logic Bomb
• Ransomware
15
Alien Software

• Adware
• Spyware
• Keyloggers

• Spamware
• Cookies
• Tracking cookies
16
• The Cyberattack on Ukraine

17
What Organizations Are Doing to
Protect Information Resources

• Risk
• Risk Analysis
• Risk Mitigation

18
Risk Mitigation

• Risk Acceptance
• Risk Limitation
• Risk Transference

19
Information Security Controls

• Physical Controls
• Access Controls
• Communication Controls
• Business Continuity Planning
• Information Systems Auditing
20
Physical Controls

• Prevent unauthorized individuals from gaining access to a


company’s facilities.
• Walls
• Doors
• Fencing
• Gates
• Locks
• Badges
• Guards
• Alarm systems 21
22
Access Controls

• Authentication
• Authorization

Copyright ©2018 John Wiley & Sons, Inc. 23


Authentication

• Something the user is


• Something the user has
• Something the user does
• Something the user knows
• Passwords

24
Basic Guidelines for Passwords
• difficult to guess.
• long rather than short.
• They should have uppercase letters, lowercase letters, numbers, and
special characters.

• not recognizable words.


• not the name of anything or anyone familiar, such as family names
or names of pets.
• not a recognizable string of numbers, such as a Social Security
number or a birthday. 25
Communication Controls

• Firewalls
• Anti-malware Systems
• Whitelisting and Blacklisting
• Encryption
• Virtual Private Networking
• Transport Layer Security (TLS)
• Employee Monitoring Systems 26
27
28
FIGURE 4.5 How digital certificates work.

29
FIGURE 4.6 Virtual private network (VPN) and tunneling.

30
Business Continuity Plan
• Disaster Recovery Plan
• Hot Site
• Warm Site
• Cold Site

Copyright ©2018 John Wiley & Sons, Inc. 31


Information Systems Auditing

• Types of Auditors and Audits


• How is Auditing Executed?

32

You might also like