BUSINESS B1 Information Security
Learning Outcomes <ul><li>Describe the relationship between information security policies and an information security plan...
Information Security   : Intro <ul><li>Information security   – a broad term encompassing the protection of information fr...
Information Security   : People <ul><li>Organizations must enable employees, customers, and partners to access information...
Information Security   : Combat Insider   <ul><li>An organization should develop information security policies and an info...
Creating an information security plan <ul><li>Develop the information security policies </li></ul><ul><li>Communicate the ...
 
Information Security   : Technology <ul><li>Three primary information security areas </li></ul><ul><ul><li>Authentication ...
Authentication and Authorization <ul><li>Authentication – a method for confirming users’ identities </li></ul><ul><li>The ...
Something the User Knows such as a User ID and Password <ul><li>This is the most common way to identify individual users a...
Something the User Knows such as a User ID and Password
Something the User Has such as a Smart Card or Token <ul><li>Smart cards and tokens are more effective than a user ID and ...
Something that is Part of the User such as a Fingerprint or Voice Signature <ul><li>This is by far the best and most effec...
Prevention and Resistance <ul><li>Downtime can cost an organization anywhere from $100 to $1 million per hour </li></ul><u...
Content Filtering <ul><li>Organizations can use content filtering technologies to filter e-mail and prevent e-mails contai...
Encryption <ul><li>If there is an information security breach and the information was encrypted, the person stealing the i...
Firewalls <ul><li>One of the most common defenses for preventing a security breach is a firewall </li></ul><ul><li>Firewal...
Detection and Response <ul><li>If prevention and resistance strategies fail and there is a security breach, an organizatio...
Security Threats to E-business Sites <ul><li>Malicious code – includes a variety of threats such as viruses, worms, and Tr...
 
 
Upcoming SlideShare
Loading in...5
×

BUSINESS B1 Information Security Learning Outcomes

2,400

Published on

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,400
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
10
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

BUSINESS B1 Information Security Learning Outcomes

  1. 1. BUSINESS B1 Information Security
  2. 2. Learning Outcomes <ul><li>Describe the relationship between information security policies and an information security plan </li></ul><ul><li>Summarize the five steps to creating an information security plan </li></ul><ul><li>Provide an example of each of the three primary security areas: authentication and authorization, prevention and resistance, and detection and response </li></ul><ul><li>Describe the relationships and differences between hackers and viruses </li></ul>
  3. 3. Information Security : Intro <ul><li>Information security – a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization </li></ul><ul><li>This plug-in discusses how organizations can implement information security lines of defense through people first and technology second </li></ul>
  4. 4. Information Security : People <ul><li>Organizations must enable employees, customers, and partners to access information electronically </li></ul><ul><li>33% of security incidents originate within the organization </li></ul><ul><ul><li>Insiders – legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident </li></ul></ul>
  5. 5. Information Security : Combat Insider <ul><li>An organization should develop information security policies and an information security plan </li></ul><ul><li>Information security policies – identify the rules required to maintain information security </li></ul><ul><li>Information security plan – details how an organization will implement the information security policies </li></ul>
  6. 6. Creating an information security plan <ul><li>Develop the information security policies </li></ul><ul><li>Communicate the information security policies </li></ul><ul><li>Identify critical information assets and risks </li></ul><ul><ul><li>Firewall – hardware and/or software that guards a private network by analyzing the information leaving and entering the network </li></ul></ul><ul><ul><li>Intrusion detection software (IDS) – searches out patterns in network traffic to indicate attacks and quickly respond to prevent harm </li></ul></ul><ul><li>Test and reevaluate risks </li></ul><ul><li>Obtain stakeholder support </li></ul>
  7. 8. Information Security : Technology <ul><li>Three primary information security areas </li></ul><ul><ul><li>Authentication and authorization </li></ul></ul><ul><ul><li>Prevention and resistance </li></ul></ul><ul><ul><li>Detection and response </li></ul></ul>
  8. 9. Authentication and Authorization <ul><li>Authentication – a method for confirming users’ identities </li></ul><ul><li>The most secure type of authentication involves a combination of the following: </li></ul><ul><ul><li>Something the user knows such as a user ID and password </li></ul></ul><ul><ul><li>Something the user has such as a smart card or token </li></ul></ul><ul><ul><li>Something that is part of the user such as a fingerprint or voice signature </li></ul></ul>
  9. 10. Something the User Knows such as a User ID and Password <ul><li>This is the most common way to identify individual users and typically contains a user ID and a password </li></ul><ul><li>This is also the most ineffective form of authentication </li></ul><ul><li>Over 50 percent of help-desk calls are password related </li></ul>
  10. 11. Something the User Knows such as a User ID and Password
  11. 12. Something the User Has such as a Smart Card or Token <ul><li>Smart cards and tokens are more effective than a user ID and a password </li></ul><ul><ul><li>Tokens – small electronic devices that change user passwords automatically </li></ul></ul><ul><ul><li>Smart card – a device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing </li></ul></ul>
  12. 13. Something that is Part of the User such as a Fingerprint or Voice Signature <ul><li>This is by far the best and most effective way to manage authentication </li></ul><ul><ul><li>Biometrics – the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting </li></ul></ul><ul><li>Unfortunately, this method can be costly and intrusive </li></ul>
  13. 14. Prevention and Resistance <ul><li>Downtime can cost an organization anywhere from $100 to $1 million per hour </li></ul><ul><li>Technologies available to help prevent and build resistance to attacks include: </li></ul><ul><ul><li>Content filtering </li></ul></ul><ul><ul><li>Encryption </li></ul></ul><ul><ul><li>Firewalls </li></ul></ul>
  14. 15. Content Filtering <ul><li>Organizations can use content filtering technologies to filter e-mail and prevent e-mails containing sensitive information from transmitting and stop spam and viruses from spreading </li></ul><ul><li>Content filtering – occurs when organizations use software that filters content to prevent the transmission of unauthorized information </li></ul><ul><li>Spam – a form of unsolicited e-mail </li></ul>
  15. 16. Encryption <ul><li>If there is an information security breach and the information was encrypted, the person stealing the information would be unable to read it </li></ul><ul><li>Encryption – scrambles information into an alternative form that requires a key or password to decrypt the information </li></ul>
  16. 17. Firewalls <ul><li>One of the most common defenses for preventing a security breach is a firewall </li></ul><ul><li>Firewall – hardware and/or software that guards a private network by analyzing the information leaving and entering the network </li></ul>
  17. 18. Detection and Response <ul><li>If prevention and resistance strategies fail and there is a security breach, an organization can use detection and response technologies to mitigate the damage </li></ul><ul><li>Antivirus software is the most common type of detection and response technology </li></ul>
  18. 19. Security Threats to E-business Sites <ul><li>Malicious code – includes a variety of threats such as viruses, worms, and Trojan horses </li></ul><ul><li>Hoaxes – attack computer systems by transmitting a virus hoax, with a real virus attached </li></ul><ul><li>Spoofing – the forging of the return address on an e-mail so that the e-mail message appears to come from someone other than the actual sender </li></ul><ul><li>Sniffer – a program or device that can monitor data traveling over a network </li></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×