Your SlideShare is downloading. ×
BUSINESS B1 Information Security Learning Outcomes
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

BUSINESS B1 Information Security Learning Outcomes

2,241
views

Published on


0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,241
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
9
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. BUSINESS B1 Information Security
  • 2. Learning Outcomes
    • Describe the relationship between information security policies and an information security plan
    • Summarize the five steps to creating an information security plan
    • Provide an example of each of the three primary security areas: authentication and authorization, prevention and resistance, and detection and response
    • Describe the relationships and differences between hackers and viruses
  • 3. Information Security : Intro
    • Information security – a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization
    • This plug-in discusses how organizations can implement information security lines of defense through people first and technology second
  • 4. Information Security : People
    • Organizations must enable employees, customers, and partners to access information electronically
    • 33% of security incidents originate within the organization
      • Insiders – legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident
  • 5. Information Security : Combat Insider
    • An organization should develop information security policies and an information security plan
    • Information security policies – identify the rules required to maintain information security
    • Information security plan – details how an organization will implement the information security policies
  • 6. Creating an information security plan
    • Develop the information security policies
    • Communicate the information security policies
    • Identify critical information assets and risks
      • Firewall – hardware and/or software that guards a private network by analyzing the information leaving and entering the network
      • Intrusion detection software (IDS) – searches out patterns in network traffic to indicate attacks and quickly respond to prevent harm
    • Test and reevaluate risks
    • Obtain stakeholder support
  • 7.  
  • 8. Information Security : Technology
    • Three primary information security areas
      • Authentication and authorization
      • Prevention and resistance
      • Detection and response
  • 9. Authentication and Authorization
    • Authentication – a method for confirming users’ identities
    • The most secure type of authentication involves a combination of the following:
      • Something the user knows such as a user ID and password
      • Something the user has such as a smart card or token
      • Something that is part of the user such as a fingerprint or voice signature
  • 10. Something the User Knows such as a User ID and Password
    • This is the most common way to identify individual users and typically contains a user ID and a password
    • This is also the most ineffective form of authentication
    • Over 50 percent of help-desk calls are password related
  • 11. Something the User Knows such as a User ID and Password
  • 12. Something the User Has such as a Smart Card or Token
    • Smart cards and tokens are more effective than a user ID and a password
      • Tokens – small electronic devices that change user passwords automatically
      • Smart card – a device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing
  • 13. Something that is Part of the User such as a Fingerprint or Voice Signature
    • This is by far the best and most effective way to manage authentication
      • Biometrics – the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting
    • Unfortunately, this method can be costly and intrusive
  • 14. Prevention and Resistance
    • Downtime can cost an organization anywhere from $100 to $1 million per hour
    • Technologies available to help prevent and build resistance to attacks include:
      • Content filtering
      • Encryption
      • Firewalls
  • 15. Content Filtering
    • Organizations can use content filtering technologies to filter e-mail and prevent e-mails containing sensitive information from transmitting and stop spam and viruses from spreading
    • Content filtering – occurs when organizations use software that filters content to prevent the transmission of unauthorized information
    • Spam – a form of unsolicited e-mail
  • 16. Encryption
    • If there is an information security breach and the information was encrypted, the person stealing the information would be unable to read it
    • Encryption – scrambles information into an alternative form that requires a key or password to decrypt the information
  • 17. Firewalls
    • One of the most common defenses for preventing a security breach is a firewall
    • Firewall – hardware and/or software that guards a private network by analyzing the information leaving and entering the network
  • 18. Detection and Response
    • If prevention and resistance strategies fail and there is a security breach, an organization can use detection and response technologies to mitigate the damage
    • Antivirus software is the most common type of detection and response technology
  • 19. Security Threats to E-business Sites
    • Malicious code – includes a variety of threats such as viruses, worms, and Trojan horses
    • Hoaxes – attack computer systems by transmitting a virus hoax, with a real virus attached
    • Spoofing – the forging of the return address on an e-mail so that the e-mail message appears to come from someone other than the actual sender
    • Sniffer – a program or device that can monitor data traveling over a network
  • 20.  
  • 21.