Your SlideShare is downloading. ×
BUSINESS B1 Information Security Learning Outcomes
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

BUSINESS B1 Information Security Learning Outcomes


Published on

1 Like
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. BUSINESS B1 Information Security
  • 2. Learning Outcomes
    • Describe the relationship between information security policies and an information security plan
    • Summarize the five steps to creating an information security plan
    • Provide an example of each of the three primary security areas: authentication and authorization, prevention and resistance, and detection and response
    • Describe the relationships and differences between hackers and viruses
  • 3. Information Security : Intro
    • Information security – a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization
    • This plug-in discusses how organizations can implement information security lines of defense through people first and technology second
  • 4. Information Security : People
    • Organizations must enable employees, customers, and partners to access information electronically
    • 33% of security incidents originate within the organization
      • Insiders – legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident
  • 5. Information Security : Combat Insider
    • An organization should develop information security policies and an information security plan
    • Information security policies – identify the rules required to maintain information security
    • Information security plan – details how an organization will implement the information security policies
  • 6. Creating an information security plan
    • Develop the information security policies
    • Communicate the information security policies
    • Identify critical information assets and risks
      • Firewall – hardware and/or software that guards a private network by analyzing the information leaving and entering the network
      • Intrusion detection software (IDS) – searches out patterns in network traffic to indicate attacks and quickly respond to prevent harm
    • Test and reevaluate risks
    • Obtain stakeholder support
  • 7.  
  • 8. Information Security : Technology
    • Three primary information security areas
      • Authentication and authorization
      • Prevention and resistance
      • Detection and response
  • 9. Authentication and Authorization
    • Authentication – a method for confirming users’ identities
    • The most secure type of authentication involves a combination of the following:
      • Something the user knows such as a user ID and password
      • Something the user has such as a smart card or token
      • Something that is part of the user such as a fingerprint or voice signature
  • 10. Something the User Knows such as a User ID and Password
    • This is the most common way to identify individual users and typically contains a user ID and a password
    • This is also the most ineffective form of authentication
    • Over 50 percent of help-desk calls are password related
  • 11. Something the User Knows such as a User ID and Password
  • 12. Something the User Has such as a Smart Card or Token
    • Smart cards and tokens are more effective than a user ID and a password
      • Tokens – small electronic devices that change user passwords automatically
      • Smart card – a device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing
  • 13. Something that is Part of the User such as a Fingerprint or Voice Signature
    • This is by far the best and most effective way to manage authentication
      • Biometrics – the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting
    • Unfortunately, this method can be costly and intrusive
  • 14. Prevention and Resistance
    • Downtime can cost an organization anywhere from $100 to $1 million per hour
    • Technologies available to help prevent and build resistance to attacks include:
      • Content filtering
      • Encryption
      • Firewalls
  • 15. Content Filtering
    • Organizations can use content filtering technologies to filter e-mail and prevent e-mails containing sensitive information from transmitting and stop spam and viruses from spreading
    • Content filtering – occurs when organizations use software that filters content to prevent the transmission of unauthorized information
    • Spam – a form of unsolicited e-mail
  • 16. Encryption
    • If there is an information security breach and the information was encrypted, the person stealing the information would be unable to read it
    • Encryption – scrambles information into an alternative form that requires a key or password to decrypt the information
  • 17. Firewalls
    • One of the most common defenses for preventing a security breach is a firewall
    • Firewall – hardware and/or software that guards a private network by analyzing the information leaving and entering the network
  • 18. Detection and Response
    • If prevention and resistance strategies fail and there is a security breach, an organization can use detection and response technologies to mitigate the damage
    • Antivirus software is the most common type of detection and response technology
  • 19. Security Threats to E-business Sites
    • Malicious code – includes a variety of threats such as viruses, worms, and Trojan horses
    • Hoaxes – attack computer systems by transmitting a virus hoax, with a real virus attached
    • Spoofing – the forging of the return address on an e-mail so that the e-mail message appears to come from someone other than the actual sender
    • Sniffer – a program or device that can monitor data traveling over a network
  • 20.  
  • 21.