![Page 1: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/1.jpg)
CHAPTER 4
Information Security
![Page 2: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/2.jpg)
Announcements
Friday Class Quiz 1 Review
Monday Class Quiz 1 – Access Basics
Questions/Comments
![Page 3: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/3.jpg)
Security is constantly evolving…
https://www.youtube.com/watch?v=Ie0bRyXNrTs
![Page 4: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/4.jpg)
Personal Security
How secure are you?
Do you secure your information?
How hackable is your digital life?
![Page 5: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/5.jpg)
Key Information Security Terms
Information Security
Vulnerability Threat Exposure/Attack
© Sebastian/AgeFotostock America, Inc.
![Page 6: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/6.jpg)
Introduction to Information Security
© Sebastian/AgeFotostock America, Inc.
Is it possible to secure the Internet?
![Page 7: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/7.jpg)
Five Factors Increasing the Vulnerability of Information Resources
1. Today’s interconnected, interdependent, wirelessly-networked business environment
2. Smaller, faster, cheaper computers and storage devices
3. Decreasing skills necessary to be a hacker
4. Organized crime taking over cybercrime
5. Lack of management support
![Page 8: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/8.jpg)
1. Networked Business Environment
![Page 9: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/9.jpg)
2. Smaller, Faster Devices
© PhotoEdit/Alamy Limited
© laggerbomber-Fotolia.com© Dragonian/iStockphoto
![Page 10: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/10.jpg)
3. Decreasing Skills Needed to be a Hacker
New & Easier Tools make it very easy to attack the Network
Attacks are becoming increasingly sophisticated
© Sven Taubert/Age Fotostock America, Inc.
![Page 11: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/11.jpg)
4. Organized Crime Taking Over Cybercrime
© Stockbroker xtra/AgeFotostock America, Inc.
Cost of Cybercrime
Any Guesses?
http://www.zdnet.com/norton-cybercrime-cost-110-billion-last-year-7000003745/?s_cid=e539
![Page 12: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/12.jpg)
5. Lack of Management Support
© Sigrid Olsson/Photo Alto/Age Fotostock
![Page 13: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/13.jpg)
Categorizing Security Threats
Security Threats:Unintentional and
Deliberate
![Page 14: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/14.jpg)
Unintentional Threats:Most Dangerous EmployeesWho are the most dangerous employees?
Why are these the most
dangerous?
© WAVEBREAKMEDIA LTD/Age Fotostock America, Inc.
![Page 15: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/15.jpg)
Unintentional Threats:Human Errors
Common Human Mistakes:Carelessness
Devices E-mails Internet
Poor password selection and use Ex. Bank Employees Ex. Gawker hack – most popular passwords.
Any guesses on #1?
![Page 16: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/16.jpg)
Unintentional Threats:Social Engineering
the art of manipulating people into performing actions or divulging confidential information.
Pretexting
Phishing
Baiting
Vishing (IVR or phone phishing)
![Page 17: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/17.jpg)
Deliberate Threats to Information Security
Theft of equipment or information Examples
Dumpster diving Laptop stolen from breaking in
![Page 18: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/18.jpg)
Deliberate Threats (continued)
Identify theft Stealing info off org
databases Phishing
Compromises to intellectual property
Frederic Lucano/Stone/Getty Images, Inc.
![Page 19: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/19.jpg)
Deliberate Threats (continued)
Software attacks Virus Worm (see the rapid spread of the Slammer
worm) Trojan horse Logic Bomb Phishing attacks Distributed denial-of-service attacks
Ex. US Banks
![Page 20: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/20.jpg)
Deliberate Threats (continued)
Alien SoftwareSpyware
Spamware
Cookies
Targeted Attack Supervisory control and data acquisition (SCADA) attacks
Stuxnet
© Manfred Grafweg/Age Fotostock America, Inc.
![Page 21: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/21.jpg)
What Organizations Are Doing to Protect Themselves
“The only truly secure system is powered off, cast in a block of concrete, and sealed in a lead room with armed
guards, and even then I have my doubts”
![Page 22: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/22.jpg)
What Organizations Are Doing to Protect Themselves
How do you protect your own networks?
![Page 23: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/23.jpg)
Information Security Controls
1. Physical controls
2. Access controls
3. Communications (network) controls
Physical ControlsAccess Controls
Communication Controls
![Page 24: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/24.jpg)
Information Security Controls
1. Physical controls
2. Access controls
3. Communications (network) controls
Access Controls
![Page 25: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/25.jpg)
Access Controls: Authentication (proof of identity)
Something the user is
Something the user has
Something the user does
Something the user knows passwords passphrases
![Page 26: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/26.jpg)
Access Controls: Authorization
Permissions issued based on verified identity
Privilege – operations that users can perform
Least privilege – idea of granting privlege only if there is a justifiable need
![Page 27: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/27.jpg)
Information Security Controls
1. Physical controls
2. Access controls
3. Communications (network) controls
Communication Controls
![Page 28: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/28.jpg)
Communications Controls
Firewalls
Anti-malware systems
Whitelisting and Blacklisting
Encryption
VPN
![Page 29: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/29.jpg)
Communications Controls -Firewalls
Home
Corporate
China Firewall
![Page 30: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/30.jpg)
Controls: Encryption (PKI)How Public Key Encryption Works
![Page 31: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/31.jpg)
Communication or Network Controls
Virtual private networking
![Page 32: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/32.jpg)
Protection of data
Government Regulations HIPPA Sarbanes-Oxley PA74
![Page 33: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/33.jpg)
Need to understand Risk
Risk Management (identify, control, minimize)
1.Risk analysis
2.Risk mitigation (take action)
1. Acceptance
2. Limitation (most common)
3. Transference
3.Controls Evaluationcontrol > cost of asset then the control is not cost effective
© Youri van der Schalk/Age FotostockAmerica, Inc.
![Page 34: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/34.jpg)
Business Continuity Planning, Backup, and Recovery
Provide guidance to people who keep business operating after a disaster occurs.
Options: Hot Site Warm Site Cold Site
![Page 35: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/35.jpg)
Personal Risk Assessment
To understand your own risk, get with another person and create an assessment.
List out the following:
1.Assets (e.g. laptop, external drive, etc.)
2.Threats (e.g. natural, virus, etc.)
3.Controls (how do you control threats)
Other ways to minimize personal risk
![Page 36: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/36.jpg)
LEARNING OBJECTIVES
1. Identify the five factors that contribute to the increasing vulnerability of information resources, and provide a specific example of each one.
![Page 37: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/37.jpg)
LEARNING OBJECTIVES
2. Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
![Page 38: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/38.jpg)
LEARNING OBJECTIVES (continued)
3. Define the three risk mitigation strategies, and provide an example of each one in the context of you owning a home.
![Page 39: CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments](https://reader031.vdocument.in/reader031/viewer/2022020921/56649d345503460f94a0a346/html5/thumbnails/39.jpg)
LEARNING OBJECTIVES (continued)
4. Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.