Unformatted text preview:

CHAPTER 4CHAPTER OUTLINELEARNING OBJECTIVESLEARNING OBJECTIVES (continued)7.1 Introduction to Information SecurityKey Information Security TermsGet ProtectionThreats / ProtectionNetwork issuesFive Factors Increasing the Vulnerability of Information ResourcesNetworked Business EnvironmentSmaller, Faster DevicesPowerPoint PresentationOrganized Crime Taking Over CybercrimeLack of Management Support7.2 Unintentional Threats to Information SystemsSecurity ThreatsMost Dangerous EmployeesConsultants, Janitors and Security GuardsHuman ErrorsSocial EngineeringThe “King” of Social Engineering7.3 Deliberate Threats to Information SystemsThere are many types of deliberate attacks including:Deliberate ThreatsDeliberate Threats (continued)Slide 27Slide 28Slide 29Is the email really from eBay, or PayPal, or a bank?Is the email really from eBay, or PayPal, or a bank?Example Continued – bottom of the emailHow to see what is happening View SourceView Source – The Real LinkAnother Example – AmazonSlide 36Example of CAPTCHASlide 38What if a SCADA attack were successful?Example of SCADA attack (and cyberwarfare)7.4 What Organizations Are Doing to Protect ThemselvesRisk ManagementRisk Mitigation Strategies7.5 Information Security ControlsWhere Defense Mechanisms (Controls) Are LocatedAccess ControlsAccess Controls (continued)Communications ControlsCommunication or Network Controls (continued)Basic Home Firewall (top) and Corporate Firewall (bottom)How Public Key Encryption WorksHow Digital Certificates WorkVirtual Private Network and TunnelingEmployee Monitoring SystemBusiness Continuity Planning, Backup, and RecoveryInformation Systems AuditingIS Auditing ProcedureCHAPTER 4Information SecurityCHAPTER OUTLINE4.1 Introduction to Information Security4.2 Unintentional Threats to Information Security4.3 Deliberate Threats to Information Security4.4 What Organizations Are Doing to Protect Information Resources4.5 Information Security ControlsLEARNING OBJECTIVES1. Identify the five factors that contribute to the increasing vulnerability of information resources, and provide a specific example of each one.2. Compare and contrast human mistakes and social engineering, and provide a specific example of each one.3. Discuss the nine types of deliberate attacks.LEARNING OBJECTIVES (continued)4. Define the three risk mitigation strategies, and provide an example of each one in the context of you owning a home.5. Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.7.1 Introduction to Information Security© Sebastian/AgeFotostock America, Inc.Key Information Security TermsInformation Security Threat – a resource in danger Exposure – the magnitude of loss or damage Vulnerability – the possibility (i.e. the ‘odds’) that the system will suffer harm Example of a threat; bank attacks© Sebastian/AgeFotostock America, Inc.Get ProtectionC-NetSpywareUNCW resourcesMicrosoft Security EssentialsThreats / ProtectionFirewallsAnti-malwareWhitelisting and blacklistingEncryptionPublic keyPrivate keyDigital certificatesNetwork issuesVirtual private network (VPN)Secure socket layer (SSL) – see also HTTPSMonitor employeesUse IT audits (both internal and external)When all else fails – business continuity planFive Factors Increasing the Vulnerability of Information ResourcesToday’s interconnected, interdependent, wirelessly-networked business environmentSmaller, faster, cheaper computers and storage devicesDecreasing skills necessary to be a hackerOrganized crime taking over cybercrimeLack of management supportNetworked Business EnvironmentEspecially WIRELESS networksSmaller, Faster Devices© PhotoEdit/Alamy Limited© laggerbomber-Fotolia.com© Dragonian/iStockphotoDecreasing Skills Needed to be a HackerNew & Easier Tools make it very easy to attack the NetworkAttacks are becoming increasingly sophisticated © Sven Taubert/Age Fotostock America, Inc.Organized Crime Taking Over Cybercrime© Stockbroker xtra/AgeFotostock America, Inc.An international threatAre government agencies involved in cybercrime?Lack of Management Support© Sigrid Olsson/Photo Alto/Age Fotostock7.2 Unintentional Threats to Information SystemsGeorge Doyle/ImageSource LimitedSecurity ThreatsMost Dangerous EmployeesHuman resources and MISThese employees hold ALL the information© WAVEBREAKMEDIA LTD/Age Fotostock America, Inc.Consultants, Janitors and Security Guards© fatihhoca/iStockphotoSource: YouraPechkin/iStockphotoThese employees get wide access without much supervisionHuman ErrorsCarelessness with laptops and portable computing devicesOpening questionable e-mailsCareless Internet surfingPoor password selection and useAnd moreSocial EngineeringTwo examplesTailgatingShoulder surfing© Purestock/Age Fotostock America, IncThe “King” of Social EngineeringHacker Caught Kevin MitnickSocial engineering is a typically unintentional human error on the part of an employee, but it is the result of a deliberate action on the part of an attackerKevin Mitnick served several years in a federal prison. Upon his release, he opened his own consulting firm, advising companies on how to deter people like him See his company here7.3 Deliberate Threats to Information SystemsThere are many types of deliberate attacks including:• Espionage or Trespass• Information extortion• Sabotage or vandalism• Theft of equipment or information• Identity theft• Compromises to intellectual property• Soft ware attacks• Alien soft ware• Supervisory control and data acquisition (SCADA) attacks• Cyberterrorism and cyberwarfareDeliberate ThreatsEspionage or trespassInformation extortionSabotage or vandalismTheft of equipment or informationFor example, dumpster diving© Diego Cervo/Age Fotostock America, Inc.Deliberate Threats (continued)Identify theftIdentity theft videoCompromises to intellectual propertyFrederic Lucano/Stone/Getty Images, Inc.Deliberate Threats (continued)Software attacksVirus – segment of malicious computer code attached to another computer programWorm – segment of malicious computer code that does not require another computer program(see the Stuxnet Worm)Trojan horseLogic Bomb – segment of malicious computer code that causes damage at a specified timeSoftware attacks (continued)Phishing attacksPhishing slideshowPhishing quizPhishing


View Full Document

UNCW MIS 213 - Information Security

Download Information Security
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Information Security and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Information Security 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?