Submit Search
Upload
Fundamentals of Information Systems Security Chapter 11
•
Download as PPTX, PDF
•
1 like
•
839 views
Dr. Ahmed Al Zaidy
Follow
Chapter 11: Malicious Code and Activity
Read less
Read more
Education
Report
Share
Report
Share
1 of 56
Download now
Recommended
Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8
Dr. Ahmed Al Zaidy
Â
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3
Dr. Ahmed Al Zaidy
Â
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
Dr. Ahmed Al Zaidy
Â
Fundamentals of Information Systems Security Chapter 10
Fundamentals of Information Systems Security Chapter 10
Dr. Ahmed Al Zaidy
Â
Fundamentals of Information Systems Security Chapter 12
Fundamentals of Information Systems Security Chapter 12
Dr. Ahmed Al Zaidy
Â
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5
Dr. Ahmed Al Zaidy
Â
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
Dr. Ahmed Al Zaidy
Â
Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4
Dr. Ahmed Al Zaidy
Â
Recommended
Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8
Dr. Ahmed Al Zaidy
Â
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3
Dr. Ahmed Al Zaidy
Â
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
Dr. Ahmed Al Zaidy
Â
Fundamentals of Information Systems Security Chapter 10
Fundamentals of Information Systems Security Chapter 10
Dr. Ahmed Al Zaidy
Â
Fundamentals of Information Systems Security Chapter 12
Fundamentals of Information Systems Security Chapter 12
Dr. Ahmed Al Zaidy
Â
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5
Dr. Ahmed Al Zaidy
Â
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
Dr. Ahmed Al Zaidy
Â
Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4
Dr. Ahmed Al Zaidy
Â
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9
Dr. Ahmed Al Zaidy
Â
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7
Dr. Ahmed Al Zaidy
Â
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6
Dr. Ahmed Al Zaidy
Â
Security & Compliance
Security & Compliance
Amazon Web Services
Â
Isms awareness training
Isms awareness training
SAROJ BEHERA
Â
Information security
Information security
avinashbalakrishnan2
Â
Lesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPS
MLG College of Learning, Inc
Â
ISO 27001
ISO 27001
n|u - The Open Security Community
Â
Legal and ethical aspects
Legal and ethical aspects
CAS
Â
Information security in todays world
Information security in todays world
Sibghatullah Khattak
Â
ISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to know
PECB
Â
Chapter 3_dp-pertemuan 4&5
Chapter 3_dp-pertemuan 4&5
UNIVERSITAS TEKNOKRAT INDONESIA
Â
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
Toño Herrera
Â
Data Protection and Privacy
Data Protection and Privacy
Vertex Holdings
Â
Lesson 3
Lesson 3
MLG College of Learning, Inc
Â
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
Eryk Budi Pratama
Â
Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5
Mukesh Chinta
Â
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
The Open Group SA
Â
Darkweb
Darkweb
Sateesh Gollapudi
Â
Information security management system
Information security management system
Arani Srinivasan
Â
Funsec3e ppt ch11
Funsec3e ppt ch11
Skillspire LLC
Â
info-sys-security3.pptx
info-sys-security3.pptx
MhndHTaani
Â
More Related Content
What's hot
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9
Dr. Ahmed Al Zaidy
Â
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7
Dr. Ahmed Al Zaidy
Â
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6
Dr. Ahmed Al Zaidy
Â
Security & Compliance
Security & Compliance
Amazon Web Services
Â
Isms awareness training
Isms awareness training
SAROJ BEHERA
Â
Information security
Information security
avinashbalakrishnan2
Â
Lesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPS
MLG College of Learning, Inc
Â
ISO 27001
ISO 27001
n|u - The Open Security Community
Â
Legal and ethical aspects
Legal and ethical aspects
CAS
Â
Information security in todays world
Information security in todays world
Sibghatullah Khattak
Â
ISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to know
PECB
Â
Chapter 3_dp-pertemuan 4&5
Chapter 3_dp-pertemuan 4&5
UNIVERSITAS TEKNOKRAT INDONESIA
Â
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
Toño Herrera
Â
Data Protection and Privacy
Data Protection and Privacy
Vertex Holdings
Â
Lesson 3
Lesson 3
MLG College of Learning, Inc
Â
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
Eryk Budi Pratama
Â
Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5
Mukesh Chinta
Â
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
The Open Group SA
Â
Darkweb
Darkweb
Sateesh Gollapudi
Â
Information security management system
Information security management system
Arani Srinivasan
Â
What's hot
(20)
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9
Â
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7
Â
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6
Â
Security & Compliance
Security & Compliance
Â
Isms awareness training
Isms awareness training
Â
Information security
Information security
Â
Lesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPS
Â
ISO 27001
ISO 27001
Â
Legal and ethical aspects
Legal and ethical aspects
Â
Information security in todays world
Information security in todays world
Â
ISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to know
Â
Chapter 3_dp-pertemuan 4&5
Chapter 3_dp-pertemuan 4&5
Â
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
Â
Data Protection and Privacy
Data Protection and Privacy
Â
Lesson 3
Lesson 3
Â
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
Â
Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5
Â
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
Â
Darkweb
Darkweb
Â
Information security management system
Information security management system
Â
Similar to Fundamentals of Information Systems Security Chapter 11
Funsec3e ppt ch11
Funsec3e ppt ch11
Skillspire LLC
Â
info-sys-security3.pptx
info-sys-security3.pptx
MhndHTaani
Â
Funsec3e ppt ch03
Funsec3e ppt ch03
Skillspire LLC
Â
Dr_Kamal_ch01.pptx
Dr_Kamal_ch01.pptx
MhndHTaani
Â
Fundamentals of Information Systems Security Lesson 3Malic.docx
Fundamentals of Information Systems Security Lesson 3Malic.docx
shericehewat
Â
cryptography.pptx
cryptography.pptx
MhndHTaani
Â
Funsec3e ppt ch07
Funsec3e ppt ch07
Skillspire LLC
Â
Funsec3e ppt ch05
Funsec3e ppt ch05
Skillspire LLC
Â
Funsec3e ppt ch06
Funsec3e ppt ch06
Skillspire LLC
Â
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15
Dr. Ahmed Al Zaidy
Â
Proactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital Disruption
Mike Wons
Â
Global CCISO Forum 2018 | Ondrej Krehel | The Era of Cyber Extortion and Rans...
Global CCISO Forum 2018 | Ondrej Krehel | The Era of Cyber Extortion and Rans...
EC-Council
Â
Understanding Federal IT Compliance in Three Steps - SharePoint Fest DC
Understanding Federal IT Compliance in Three Steps - SharePoint Fest DC
Adam Levithan
Â
info-sys-security.pptx
info-sys-security.pptx
MhndHTaani
Â
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?
PECB
Â
Hacking3e ppt ch10
Hacking3e ppt ch10
Skillspire LLC
Â
Threat Landscape Lessons from IoTs and Honeynets
Threat Landscape Lessons from IoTs and Honeynets
Digital Transformation EXPO Event Series
Â
106 Threat defense and information security development trends
106 Threat defense and information security development trends
SsendiSamuel
Â
Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 13
Dr. Ahmed Al Zaidy
Â
Funsec3e ppt ch10
Funsec3e ppt ch10
Skillspire LLC
Â
Similar to Fundamentals of Information Systems Security Chapter 11
(20)
Funsec3e ppt ch11
Funsec3e ppt ch11
Â
info-sys-security3.pptx
info-sys-security3.pptx
Â
Funsec3e ppt ch03
Funsec3e ppt ch03
Â
Dr_Kamal_ch01.pptx
Dr_Kamal_ch01.pptx
Â
Fundamentals of Information Systems Security Lesson 3Malic.docx
Fundamentals of Information Systems Security Lesson 3Malic.docx
Â
cryptography.pptx
cryptography.pptx
Â
Funsec3e ppt ch07
Funsec3e ppt ch07
Â
Funsec3e ppt ch05
Funsec3e ppt ch05
Â
Funsec3e ppt ch06
Funsec3e ppt ch06
Â
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15
Â
Proactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital Disruption
Â
Global CCISO Forum 2018 | Ondrej Krehel | The Era of Cyber Extortion and Rans...
Global CCISO Forum 2018 | Ondrej Krehel | The Era of Cyber Extortion and Rans...
Â
Understanding Federal IT Compliance in Three Steps - SharePoint Fest DC
Understanding Federal IT Compliance in Three Steps - SharePoint Fest DC
Â
info-sys-security.pptx
info-sys-security.pptx
Â
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?
Â
Hacking3e ppt ch10
Hacking3e ppt ch10
Â
Threat Landscape Lessons from IoTs and Honeynets
Threat Landscape Lessons from IoTs and Honeynets
Â
106 Threat defense and information security development trends
106 Threat defense and information security development trends
Â
Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 13
Â
Funsec3e ppt ch10
Funsec3e ppt ch10
Â
More from Dr. Ahmed Al Zaidy
Chapter 14 Exploring Object-based Programming
Chapter 14 Exploring Object-based Programming
Dr. Ahmed Al Zaidy
Â
Chapter 13 Programming for web forms
Chapter 13 Programming for web forms
Dr. Ahmed Al Zaidy
Â
Chapter 12 Working with Document nodes and style sheets
Chapter 12 Working with Document nodes and style sheets
Dr. Ahmed Al Zaidy
Â
Chapter 11 Working with Events and Styles
Chapter 11 Working with Events and Styles
Dr. Ahmed Al Zaidy
Â
Chapter 10 Exploring arrays, loops, and conditional statements
Chapter 10 Exploring arrays, loops, and conditional statements
Dr. Ahmed Al Zaidy
Â
Chapter 9 Getting Started with JavaScript
Chapter 9 Getting Started with JavaScript
Dr. Ahmed Al Zaidy
Â
Chapter 8 Enhancing a website with multimedia
Chapter 8 Enhancing a website with multimedia
Dr. Ahmed Al Zaidy
Â
Chapter 7 Designing a web form
Chapter 7 Designing a web form
Dr. Ahmed Al Zaidy
Â
Chapter 6 Working with Tables and Columns
Chapter 6 Working with Tables and Columns
Dr. Ahmed Al Zaidy
Â
Chapter 5 Designing for the mobile web
Chapter 5 Designing for the mobile web
Dr. Ahmed Al Zaidy
Â
Chapter 4 Graphic Design with CSS
Chapter 4 Graphic Design with CSS
Dr. Ahmed Al Zaidy
Â
Chapter 3 Designing a Page Layout
Chapter 3 Designing a Page Layout
Dr. Ahmed Al Zaidy
Â
Chapter 2 Getting Started with CSS
Chapter 2 Getting Started with CSS
Dr. Ahmed Al Zaidy
Â
Chapter 1 Getting Started with HTML5
Chapter 1 Getting Started with HTML5
Dr. Ahmed Al Zaidy
Â
Integer overflows
Integer overflows
Dr. Ahmed Al Zaidy
Â
testing throughout-the-software-life-cycle-section-2
testing throughout-the-software-life-cycle-section-2
Dr. Ahmed Al Zaidy
Â
Fundamental of testing
Fundamental of testing
Dr. Ahmed Al Zaidy
Â
Chapter 15 Risk Mitigation
Chapter 15 Risk Mitigation
Dr. Ahmed Al Zaidy
Â
Chapter 14 Business Continuity
Chapter 14 Business Continuity
Dr. Ahmed Al Zaidy
Â
Chapter 13 Vulnerability Assessment and Data Security
Chapter 13 Vulnerability Assessment and Data Security
Dr. Ahmed Al Zaidy
Â
More from Dr. Ahmed Al Zaidy
(20)
Chapter 14 Exploring Object-based Programming
Chapter 14 Exploring Object-based Programming
Â
Chapter 13 Programming for web forms
Chapter 13 Programming for web forms
Â
Chapter 12 Working with Document nodes and style sheets
Chapter 12 Working with Document nodes and style sheets
Â
Chapter 11 Working with Events and Styles
Chapter 11 Working with Events and Styles
Â
Chapter 10 Exploring arrays, loops, and conditional statements
Chapter 10 Exploring arrays, loops, and conditional statements
Â
Chapter 9 Getting Started with JavaScript
Chapter 9 Getting Started with JavaScript
Â
Chapter 8 Enhancing a website with multimedia
Chapter 8 Enhancing a website with multimedia
Â
Chapter 7 Designing a web form
Chapter 7 Designing a web form
Â
Chapter 6 Working with Tables and Columns
Chapter 6 Working with Tables and Columns
Â
Chapter 5 Designing for the mobile web
Chapter 5 Designing for the mobile web
Â
Chapter 4 Graphic Design with CSS
Chapter 4 Graphic Design with CSS
Â
Chapter 3 Designing a Page Layout
Chapter 3 Designing a Page Layout
Â
Chapter 2 Getting Started with CSS
Chapter 2 Getting Started with CSS
Â
Chapter 1 Getting Started with HTML5
Chapter 1 Getting Started with HTML5
Â
Integer overflows
Integer overflows
Â
testing throughout-the-software-life-cycle-section-2
testing throughout-the-software-life-cycle-section-2
Â
Fundamental of testing
Fundamental of testing
Â
Chapter 15 Risk Mitigation
Chapter 15 Risk Mitigation
Â
Chapter 14 Business Continuity
Chapter 14 Business Continuity
Â
Chapter 13 Vulnerability Assessment and Data Security
Chapter 13 Vulnerability Assessment and Data Security
Â
Recently uploaded
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
Celine George
Â
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
Celine George
Â
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Â
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
Jisc
Â
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Â
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
UjwalaBharambe
Â
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
YousafMalik24
Â
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
Sabitha Banu
Â
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
mkooblal
Â
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
ssuser54595a
Â
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
Sabitha Banu
Â
MICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptx
abhijeetpadhi001
Â
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
Dr. Mazin Mohamed alkathiri
Â
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
Virag Sontakke
Â
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
InMediaRes1
Â
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
anshu789521
Â
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Sumit Tiwari
Â
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
UnboundStockton
Â
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
Mahmoud M. Sallam
Â
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptx
CapitolTechU
Â
Recently uploaded
(20)
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
Â
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
Â
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Â
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
Â
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Â
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Â
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
Â
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
Â
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
Â
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
Â
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
Â
MICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptx
Â
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
Â
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
Â
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
Â
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
Â
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Â
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
Â
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
Â
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptx
Â
Fundamentals of Information Systems Security Chapter 11
1.
© 2018 Jones
and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Lesson 11 Malicious Code and Activity
2.
Page 2Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 2Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Learning Objective(s)  Describe how malicious attacks, threats, and vulnerabilities impact an IT infrastructure.
3.
Page 3Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 3Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Key Concepts  The impact of malicious code and malware on systems and organizations  Attackers, hackers, and social engineers  The phases of a computer attack  Tools and techniques to detect and prevent attacks
4.
Page 4Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 4Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Malicious Code and Activity  Malicious software (malware) • Any program that carries out actions that you do not intend  Malicious code attacks all three information security properties: • Confidentiality: Malware can disclose your organization’s private information • Integrity: Malware can modify database records, either immediately or over a period of time • Availability: Malware can erase or overwrite files or inflict considerable damage to storage media
5.
Page 5Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 5Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Characteristics, Architecture, and Operations of Malicious Software  An attacker gains administrative control of a system and uses commands to inflict harm  An attacker sends commands directly to a system; the system interprets and executes them  An attacker uses software programs that harm a system or that make the data unusable  An attacker uses legitimate remote administration tools and security probes to identify and exploit security vulnerabilities on a network
6.
Page 6Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 6Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. The Main Types of Malware  Viruses  Spam  Worms  Trojan horses  Logic bombs  Active content vulnerabilities  Malicious add- ons  Injection  Botnets  Denial of service attacks  Spyware  Adware  Phishing  Keystroke loggers  Hoaxes and myths  Homepage hijacking  Webpage defacements
7.
Page 7Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 7Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Viruses • Target computer hardware and software startup functions System infectors • Attack and modify executable programs (COM, EXE, SYS, and DLL files in Microsoft Windows) File infectors • (Also called macro infectors) Attack document files containing embedded macro programming capabilities Data infectors
8.
Page 8Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 8Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Typical Life Cycle of a Computer Virus
9.
Page 9Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 9Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. How a System Infector Virus Works
10.
Page 10Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 10Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. How a File Infector Virus Works
11.
Page 11Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 11Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. How a Macro Virus Works
12.
Page 12Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 12Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Other Virus Classifications Polymorphic viruses Stealth viruses Slow viruses Retro viruses Cross-platform viruses Multipartite viruses
13.
Page 13Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 13Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. How a Stealth Virus Works
14.
Page 14Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 14Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. How a Slow Virus Works How a Retro Virus Works
15.
Page 15Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 15Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. How a Multipartite Virus Works
16.
Page 16Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 16Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Rootkits Type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised Modify parts of the operating system to conceal traces of their presence Provide attackers with access to compromised computers and easy access to launching additional attacks Difficult to detect and remove
17.
Page 17Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 17Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Ransomware Attempts to generate funds directly from a computer user Attacks a computer and limits the user’s ability to access the computer’s data Encrypts important files or even the entire disk and makes them inaccessible One of the first ransomware programs was Crypt0L0cker
18.
Page 18Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 18Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Spam  Consumes computing resources bandwidth and CPU time  Diverts IT personnel from activities more critical to network security  Is a potential carrier of malicious code  Compromises intermediate systems to facilitate remailing services  Opt-out (unsubscribe) features in spam messages can represent a new form of reconnaissance attack to acquire legitimate target addresses
19.
Page 19Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 19Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Worms Designed to propagate from one host machine to another using the host’s own network communications protocols Unlike viruses, do not require a host program to survive and replicate The term “worm” stems from the fact that worms are programs with segments, working on different computers, all communicating over a network
20.
Page 20Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 20Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Worms (cont.)
21.
Page 21Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 21Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Trojan Horses Largest class of malware Any program that masquerades as a useful program while hiding its malicious intent Relies on social engineering to spread and operate Spreads through email messages, website downloads, social networking sites, and automated distribution agents (bots)
22.
Page 22Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 22Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Logic Bombs Programs that execute a malicious function of some kind when they detect certain conditions Typically originate with organization insiders because people inside an organization generally have more detailed knowledge of the IT infrastructure than outsiders
23.
Page 23Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 23Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Active Content Vulnerabilities  Active content • Refers to dynamic objects that do something when the user opens a webpage (ActiveX, Java, JavaScript, VBScript, macros, browser plugins, PDF files, and other scripting languages) • Has potential weaknesses that malware can exploit  Active content threats are considered mobile code because these programs run on a wide variety of computer platforms  Users download bits of mobile code, which gain access to the hard disk and do things like fill up desktop with infected file icons
24.
Page 24Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 24Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Malicious Add-Ons Add-ons are companion programs that extend the web browser; can decrease security Malicious add-ons are browser add-ons that contain some type of malware that, once installed, perform malicious actions Only install browser add-ons from sources you trust
25.
Page 25Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 25Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Injection Cross-site scripting (XSS) SQL injection LDAP injection XML injection Command injection
26.
Page 26Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 26Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Botnets  Robotically controlled networks  Attackers infect vulnerable machines with agents that perform various functions at the command of the bot-herder or controller  Controllers communicate with other members of the botnet using Internet Relay Chat (IRC) channels  Attackers can use botnets to distribute malware and spam and to launch DoS attacks against organizations or even countries
27.
Page 27Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 27Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Denial of Service Attacks Overwhelm a server or network segment to the point that the server or network becomes unusable Crash a server or network device or create so much network congestion that authorized users cannot access network resources Distributed denial of service (DDoS) attack uses intermediary hosts to conduct the attack
28.
Page 28Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 28Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. SYN Flood  Attacker uses IP spoofing to send a large number of packets requesting connections to the victim computer
29.
Page 29Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 29Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Smurf Attack  Attackers direct forged Internet Control Message Protocol (ICMP) echo request packets to IP broadcast addresses from remote locations to generate DoS attacks
30.
Page 30Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 30Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Spyware Any unsolicited background process that installs itself on a user’s computer and collects information about the user’s browsing habits and website activities Affects privacy and confidentiality Spyware cookies are cookies that share information across sites Some cookies are persistent and are stored on a hard drive indefinitely without user permission
31.
Page 31Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 31Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Adware Triggers nuisances such as popup ads and banners when user visits certain websites Affects productivity and may combine with active background activities Collects and tracks information about application, website, and Internet activity
32.
Page 32Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 32Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Phishing Tricks users into providing logon information on what appears to be a legitimate website but is actually a website set up by an attacker to obtain this information Spear-phishing • Attacker supplies information about victim that appears to come from a legitimate company Pharming • The use of social engineering to obtain access credentials such as usernames and passwords
33.
Page 33Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 33Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Keystroke Loggers Capture keystrokes or user entries and forwards information to attacker Enable the attacker to capture logon information, banking information, and other sensitive data
34.
Page 34Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 34Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Guidelines for Recognizing Hoaxes Did a legitimate entity (computer security expert, vendor, etc.) send the alert? Is there a request to forward the alert to others? Are there detailed explanations or technical terminology in the alert? Does the alert follow the generic format of a chain letter?
35.
Page 35Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 35Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Homepage Hijacking Exploiting a browser vulnerability to reset the homepage Covertly installing a browser helper object (BHO) Trojan program
36.
Page 36Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 36Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Webpage Defacements Someone gaining unauthorized access to a web server and altering the index page of a site on the server The attacker replaces the original pages on the site with altered versions
37.
Page 37Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 37Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. A Brief History of Malicious Code Threats 1970s and early 1980s academic research and UNIX 1980s: Early PC viruses 1990s: Early LAN viruses Mid-1990s: Smart applications and the Internet 2000 to present
38.
Page 38Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 38Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Threats to Business Organizations Attacks against confidentiality and privacy Attacks against data integrity Attacks against availability of services and resources Attacks against productivity and performance Attacks that create legal liability Attacks that damage reputation
39.
Page 39Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 39Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Internal Threats from Employees: Unsafe Computing Practices Exchange of untrusted disks or other media among systems Installation of unauthorized, unregistered software Unmonitored download of files from the Internet Uncontrolled dissemination of email or other messaging application attachments
40.
Page 40Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 40Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Anatomy of an Attack Phases of an attack Types of attacks The purpose of an attack What motivates attackers
41.
Page 41Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 41Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. What Motivates Attackers? Money Fame Political beliefs or systems Revenge
42.
Page 42Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 42Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. The Purpose of an Attack Denial of availability Data modification Data export Launch point
43.
Page 43Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 43Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Types of Attacks Unstructured attacks Structured attacks Direct attacks Indirect attacks
44.
Page 44Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 44Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. How a Direct Attack Works
45.
Page 45Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 45Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Phases of an Attack
46.
Page 46Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 46Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Reconnaissance and Probing Attacker collects all information to conduct the attack Tools include: • DNS and ICMP tools within the TCP/IP protocol suite • Standard and customized SNMP tools • Port scanners and port mappers • Security probes
47.
Page 47Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 47Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Access and Privilege Escalation Gain administrative rights to the system Establish the initial connection to a target host (typically a server platform)
48.
Page 48Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 48Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Covering Traces of the Attack Remove any traces of the attack Remove files you may have created and restore as many files to their pre- attack condition as possible Remove log file entries that may provide evidence of the attack
49.
Page 49Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 49Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Attack Prevention Tools and Techniques Defense in depth • The practice of layering defenses into zones to increase the overall protection level and provide more reaction time to respond to incidents - Application defenses - Operating system defenses - Network infrastructure defenses
50.
Page 50Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 50Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Application Defenses  Implementing regular antivirus screening on all host systems  Ensuring that virus definition files are up to date  Requiring scanning of all removable media  Installing personal firewall and IDS software on hosts  Deploying change detection software and integrity checking software  Maintaining logs  Implementing email usage controls and ensuring that email attachments are scanned
51.
Page 51Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 51Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Operating System Defenses  Deploying change detection and integrity checking software and maintaining logs  Deploying or enabling change detection and integrity checking software on all servers  Ensuring that operating systems are consistent and have been patched with the latest updates from vendors  Ensuring that only trusted sources are used when installing and upgrading OS code  Disabling unnecessary OS services and processes that may pose a security vulnerability
52.
Page 52Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 52Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Network Infrastructure Defenses  Creating chokepoints in the network  Using proxy services and bastion hosts to protect critical services  Using content filtering at chokepoints to screen traffic  Ensuring that only trusted sources are used when installing and upgrading OS code  Disabling any unnecessary network services and processes that may pose a security vulnerability  Maintaining up-to-date IDS signature databases  Applying security patches to network devices to ensure protection against new threats and reduce vulnerabilities
53.
Page 53Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 53Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Safe Recovery Techniques and Practices Store OS and data file backup images on external media to ease recovering from potential malware infection Scan new and replacement media for malware before reinstalling software Disable network access to systems during restore procedures or upgrades until you have re-enabled or installed protection software or services
54.
Page 54Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 54Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Implementing Effective Software Best Practices Adopt an acceptable use policy (AUP) for network services and resources Adopt standardized software to better control patches and upgrades and to ensure that you address vulnerabilities Consider implementing an ISO/IEC 27002- compliant security policy
55.
Page 55Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 55Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Incident Detection Tools and Techniques Antivirus scanning software Network monitors and analyzers Content/context filtering and logging software Honeypots and honeynets
56.
Page 56Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 56Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Summary The impact of malicious code and malware on systems and organizations Attackers, hackers, and social engineers The phases of a computer attack Tools and techniques to detect and prevent attacks
Download now