This document discusses information security and the threats to information systems. It covers various types of threats including unintentional human errors, software attacks like viruses and worms, and alien software like adware and spyware. It also discusses the controls organizations use to protect information resources, which include physical controls over access to facilities, access controls like authentication and authorization, communication controls such as firewalls and encryption, business continuity planning for disasters, and information systems auditing. The key threats discussed are software attacks like viruses, worms, and Trojan horses, as well as alien software like adware, spyware, and keyloggers.