SlideShare a Scribd company logo

ISBB_Chapter6.pptx

Download as PPTX, PDF
A
AmanSoni665879

The document discusses information systems security. It introduces the CIA triad of confidentiality, integrity, and availability. It then describes several common information security tools including authentication, access control, encryption, passwords, backup systems, firewalls, virtual private networks, physical security, and security policies. It concludes by discussing steps individuals can take to improve their personal digital security.

Business
1 of 16
Chapter 6 Information Systems Security
Learning Objectives Upon successful completion of this chapter, you will be able to: • Identify the information security triad • Identify and understand the high-level concepts surrounding information security tools • Secure yourself digitally
Introduction • Computers and digital devices are becoming integral to conducting business – Which also makes them a target of attack • Devices needs to be secured • Networks that computers and devices use should also be secured
CIA Triad Availability Confidentiality – restrict access to authorized individuals Integrity – data has not been altered in an unauthorized manner Availability – information can be accessed and modified by authorized individuals in an appropriate timeframe
Tools for Information Security • Authentication • Access Control • Encryption • Passwords • Backup • Firewalls • Virtual Private Networks (VPN) • Physical Security • Security Policies
Authentication • Persons accessing the information is who they say they are • Factors of identification: – Something you know – user ID and password • User ID identifies you while the password authenticates you • Easy to compromise if weak password – Something you have – key or card • Can be lost or stolen – Something you are – physical characteristics (i.e., biometrics) • Much harder to compromise • A combination of at least 2 factors is recommended
Access Control • Once authenticated – only provide access to information necessary to perform their job duties to read, modify, add, and/or delete information by: – Access control list (ACL) created for each resource (information) • List of users that can read, write, delete or add information • Difficult to maintain all the lists – Role-based access control (RBAC) • Rather than individual lists • Users are assigned to roles • Roles define what they can access • Simplifies administration
Encryption • An algorithm (program) encodes or scrambles information during transmission or storage • Decoded/unscrambled by only authorized individuals to read it • How is this done? – Both parties agree on the encryption method (there are many) using keys • Symmetric key – sender and receiver have the key which can be risky • Public Key – use a public and private key where the public key is used to send an encrypted message and a private key that the receiver uses to decode the message
Passwords • Single-factor authentication (user ID/password) is the easiest to break • Password policies ensure that this risk is minimized by requiring: – A certain length to make it harder to guess – Contain certain characters – such as upper and lower case, one number, and a special character – Changing passwords regularly and do not a password to be reused – Employees do not share their password – Notifying the security department if they feel their password has been compromised. – Yearly confirmation from employees that they understand their responsibilities
Backup • Important information should be backed up and store in a separate location – Very useful in the event that the primary computer systems become unavailable • A good backup plan requires: – Understanding of the organizational information resources – Regular backups of all data – Offsite storage of backups – Test of the data restoration • Complementary practices: – UPS systems – Backup processing sites
Firewalls • Can be a piece of hardware and/or software • Inspects and stops packets of information that don’t apply to a strict set of rules – Inbound and outbound • Hardware firewalls are connected to the network • Software firewalls run on the operating system and intercepts packets as they arrive to a computer • Can implement multiple firewalls to allow segments of the network to be partially secured to conduct business • Intrusion Detection Systems (IDS) watch for specific types of activities to alert security personnel of potential network attack
Virtual Private Networks (VPN) • Some systems can be made private using an internal network to limit access to them – Can’t be accessed remotely and are more secure – Requires specific connections such as being onsite • VPN allows users to remotely access these systems over a public network like the Internet – Bypasses the firewall – Encrypts the communication or the data exchanged • CPP students have this ability for: – Exchange services from your Outlook client – Mapping a drive or mounting a file share – Instructions to establish a VPN connection can be found at https://ehelp.wiki.cpp.edu/VPN_(Virtual_Private_Network):_ Requirements
Physical Security • Protection of the actual equipment – Hardware – Networking components • Organizations need to identify assets that need to be physically secured: – Locked doors – Physical intrusion detection - e.g., using security cameras – Secured equipment – Environmental monitoring – temperature, humidity, and airflow for computer equipment – Employee training
Security Policies • Starting point in developing an overall security plan • Formal, brief, and high-level statement issued by senior management – Guidelines for employee use of the information resources – Embraces general beliefs, goals, objectives, and acceptable procedures – Includes company recourse if employees violate the policy • Security policies focus on confidentiality, integrity, and availability – Includes applicable government or industry regulations • Bring Your Own Device (BYOD) policies for mobile devices – Use when accessing/storing company information – Intellectual property implications • Difficult to balance the need for security and users’ needs
Personal Information Security • Simple steps that individuals can take to be more secure: – Keep your software up to date – Install antivirus software – Use public networks carefully – Backup your data – Secure your accounts with two-factor authentication – Make your passwords long, unique, and strong – Be suspicious of strange links and attachments • For more information on personal information security, visit the Stop, Think, Connect website at http://www.stopthinkconnect.org/
Summary • Identified the information security triad • Identified and understand the high-level concepts surrounding information security tools • How to secure yourself digitally

Recommended

security in is.pptx
security in is.pptxsecurity in is.pptx
security in is.pptx
selvapriyabiher
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
Net essentials6e ch10
Net essentials6e ch10Net essentials6e ch10
Net essentials6e ch10
APSU
 
CIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdfCIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdf
BabyBoy55
 
Coud discovery chap 5
Coud discovery chap 5Coud discovery chap 5
Coud discovery chap 5
Alain Charpentier
 
Operations Security Presentation
Operations Security PresentationOperations Security Presentation
Operations Security Presentation
Wajahat Rajab
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
Zaid Shabbir
 
basic-security-concepts-what-is-security48.ppt
basic-security-concepts-what-is-security48.pptbasic-security-concepts-what-is-security48.ppt
basic-security-concepts-what-is-security48.ppt
PawachMetharattanara
 

Recommended

security in is.pptx
security in is.pptxsecurity in is.pptx
security in is.pptx
selvapriyabiher
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
Net essentials6e ch10
Net essentials6e ch10Net essentials6e ch10
Net essentials6e ch10
APSU
 
CIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdfCIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdf
BabyBoy55
 
Coud discovery chap 5
Coud discovery chap 5Coud discovery chap 5
Coud discovery chap 5
Alain Charpentier
 
Operations Security Presentation
Operations Security PresentationOperations Security Presentation
Operations Security Presentation
Wajahat Rajab
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
Zaid Shabbir
 
basic-security-concepts-what-is-security48.ppt
basic-security-concepts-what-is-security48.pptbasic-security-concepts-what-is-security48.ppt
basic-security-concepts-what-is-security48.ppt
PawachMetharattanara
 
security introduction and overview lecture1 .pptx
security introduction and overview lecture1 .pptxsecurity introduction and overview lecture1 .pptx
security introduction and overview lecture1 .pptx
nagwaAboElenein
 
INFORMATION AND CYBER SECURITY
INFORMATION AND CYBER SECURITYINFORMATION AND CYBER SECURITY
INFORMATION AND CYBER SECURITY
Nishant Pawar
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
Desmond Devendran
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security Operations
Karthikeyan Dhayalan
 
Encryption: Who, What, When, Where, and Why It's Not a Panacea
Encryption: Who, What, When, Where, and Why It's Not a PanaceaEncryption: Who, What, When, Where, and Why It's Not a Panacea
Encryption: Who, What, When, Where, and Why It's Not a Panacea
Resilient Systems
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
Falgun Rathod
 
Operating system security
Operating system securityOperating system security
Operating system security
Ramesh Ogania
 
Protection in general purpose operating system
Protection in general purpose operating systemProtection in general purpose operating system
Protection in general purpose operating system
G Prachi
 
9780840024220 ppt ch09
9780840024220 ppt ch099780840024220 ppt ch09
9780840024220 ppt ch09
Kristin Harrison
 
Lessson 1
Lessson 1Lessson 1
Lessson 1
MLG College of Learning, Inc
 
cyber Forensics
cyber Forensicscyber Forensics
cyber Forensics
Muzzammil Wani
 
9780840024220 ppt ch05
9780840024220 ppt ch059780840024220 ppt ch05
9780840024220 ppt ch05
Kristin Harrison
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1
misecho
 
Mis
MisMis
Mis
misecho
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models
7wounders
 
Ch8ed12romney
Ch8ed12romneyCh8ed12romney
Ch8ed12romney
woyaoni
 
Mis
MisMis
Mis
misecho
 
Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecture
babak danyal
 
Survey of file protection techniques
Survey of file protection techniquesSurvey of file protection techniques
Survey of file protection techniques
G Prachi
 
Network Security, Change Control, Outsourcing
Network Security, Change Control, OutsourcingNetwork Security, Change Control, Outsourcing
Network Security, Change Control, Outsourcing
Nicholas Davis
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
agatadrynko
 
Lundin Gold Corporate Presentation - June 2024
Lundin Gold Corporate Presentation - June 2024Lundin Gold Corporate Presentation - June 2024
Lundin Gold Corporate Presentation - June 2024
Adnet Communications
 

More Related Content

Similar to ISBB_Chapter6.pptx

security introduction and overview lecture1 .pptx
security introduction and overview lecture1 .pptxsecurity introduction and overview lecture1 .pptx
security introduction and overview lecture1 .pptx
nagwaAboElenein
 
INFORMATION AND CYBER SECURITY
INFORMATION AND CYBER SECURITYINFORMATION AND CYBER SECURITY
INFORMATION AND CYBER SECURITY
Nishant Pawar
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
Desmond Devendran
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security Operations
Karthikeyan Dhayalan
 
Encryption: Who, What, When, Where, and Why It's Not a Panacea
Encryption: Who, What, When, Where, and Why It's Not a PanaceaEncryption: Who, What, When, Where, and Why It's Not a Panacea
Encryption: Who, What, When, Where, and Why It's Not a Panacea
Resilient Systems
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
Falgun Rathod
 
Operating system security
Operating system securityOperating system security
Operating system security
Ramesh Ogania
 
Protection in general purpose operating system
Protection in general purpose operating systemProtection in general purpose operating system
Protection in general purpose operating system
G Prachi
 
9780840024220 ppt ch09
9780840024220 ppt ch099780840024220 ppt ch09
9780840024220 ppt ch09
Kristin Harrison
 
Lessson 1
Lessson 1Lessson 1
Lessson 1
MLG College of Learning, Inc
 
cyber Forensics
cyber Forensicscyber Forensics
cyber Forensics
Muzzammil Wani
 
9780840024220 ppt ch05
9780840024220 ppt ch059780840024220 ppt ch05
9780840024220 ppt ch05
Kristin Harrison
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1
misecho
 
Mis
MisMis
Mis
misecho
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models
7wounders
 
Ch8ed12romney
Ch8ed12romneyCh8ed12romney
Ch8ed12romney
woyaoni
 
Mis
MisMis
Mis
misecho
 
Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecture
babak danyal
 
Survey of file protection techniques
Survey of file protection techniquesSurvey of file protection techniques
Survey of file protection techniques
G Prachi
 
Network Security, Change Control, Outsourcing
Network Security, Change Control, OutsourcingNetwork Security, Change Control, Outsourcing
Network Security, Change Control, Outsourcing
Nicholas Davis
 

Similar to ISBB_Chapter6.pptx (20)

security introduction and overview lecture1 .pptx
security introduction and overview lecture1 .pptxsecurity introduction and overview lecture1 .pptx
security introduction and overview lecture1 .pptx
 
INFORMATION AND CYBER SECURITY
INFORMATION AND CYBER SECURITYINFORMATION AND CYBER SECURITY
INFORMATION AND CYBER SECURITY
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security Operations
 
Encryption: Who, What, When, Where, and Why It's Not a Panacea
Encryption: Who, What, When, Where, and Why It's Not a PanaceaEncryption: Who, What, When, Where, and Why It's Not a Panacea
Encryption: Who, What, When, Where, and Why It's Not a Panacea
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Protection in general purpose operating system
Protection in general purpose operating systemProtection in general purpose operating system
Protection in general purpose operating system
 
9780840024220 ppt ch09
9780840024220 ppt ch099780840024220 ppt ch09
9780840024220 ppt ch09
 
Lessson 1
Lessson 1Lessson 1
Lessson 1
 
cyber Forensics
cyber Forensicscyber Forensics
cyber Forensics
 
9780840024220 ppt ch05
9780840024220 ppt ch059780840024220 ppt ch05
9780840024220 ppt ch05
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1
 
Mis
MisMis
Mis
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models
 
Ch8ed12romney
Ch8ed12romneyCh8ed12romney
Ch8ed12romney
 
Mis
MisMis
Mis
 
Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecture
 
Survey of file protection techniques
Survey of file protection techniquesSurvey of file protection techniques
Survey of file protection techniques
 
Network Security, Change Control, Outsourcing
Network Security, Change Control, OutsourcingNetwork Security, Change Control, Outsourcing
Network Security, Change Control, Outsourcing
 

Recently uploaded

ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
agatadrynko
 
Lundin Gold Corporate Presentation - June 2024
Lundin Gold Corporate Presentation - June 2024Lundin Gold Corporate Presentation - June 2024
Lundin Gold Corporate Presentation - June 2024
Adnet Communications
 
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdfThe 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
thesiliconleaders
 
2022 Vintage Roman Numerals Men Rings
2022 Vintage Roman Numerals Men Rings2022 Vintage Roman Numerals Men Rings
2022 Vintage Roman Numerals Men Rings
aragme
 
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdfModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
fisherameliaisabella
 
Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024
FelixPerez547899
 
Industrial Tech SW: Category Renewal and Creation
Industrial Tech SW: Category Renewal and CreationIndustrial Tech SW: Category Renewal and Creation
Industrial Tech SW: Category Renewal and Creation
Christian Dahlen
 
buy old yahoo accounts buy yahoo accounts
buy old yahoo accounts buy yahoo accountsbuy old yahoo accounts buy yahoo accounts
buy old yahoo accounts buy yahoo accounts
Susan Laney
 
Recruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media MasterclassRecruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media Masterclass
LuanWise
 
amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
marketing317746
 
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
my Pandit
 
The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...
balatucanapplelovely
 
In the Adani-Hindenburg case, what is SEBI investigating.pptx
In the Adani-Hindenburg case, what is SEBI investigating.pptxIn the Adani-Hindenburg case, what is SEBI investigating.pptx
In the Adani-Hindenburg case, what is SEBI investigating.pptx
Adani case
 
Authentically Social Presented by Corey Perlman
Authentically Social Presented by Corey PerlmanAuthentically Social Presented by Corey Perlman
Authentically Social Presented by Corey Perlman
Corey Perlman, Social Media Speaker and Consultant
 
Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431
ecamare2
 
Part 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 SlowdownPart 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 Slowdown
jeffkluth1
 
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Lviv Startup Club
 
Chapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .pptChapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .ppt
ssuser567e2d
 
How to Implement a Real Estate CRM Software
How to Implement a Real Estate CRM SoftwareHow to Implement a Real Estate CRM Software
How to Implement a Real Estate CRM Software
SalesTown
 
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
my Pandit
 

Recently uploaded (20)

ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
 
Lundin Gold Corporate Presentation - June 2024
Lundin Gold Corporate Presentation - June 2024Lundin Gold Corporate Presentation - June 2024
Lundin Gold Corporate Presentation - June 2024
 
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdfThe 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
 
2022 Vintage Roman Numerals Men Rings
2022 Vintage Roman Numerals Men Rings2022 Vintage Roman Numerals Men Rings
2022 Vintage Roman Numerals Men Rings
 
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdfModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
 
Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024
 
Industrial Tech SW: Category Renewal and Creation
Industrial Tech SW: Category Renewal and CreationIndustrial Tech SW: Category Renewal and Creation
Industrial Tech SW: Category Renewal and Creation
 
buy old yahoo accounts buy yahoo accounts
buy old yahoo accounts buy yahoo accountsbuy old yahoo accounts buy yahoo accounts
buy old yahoo accounts buy yahoo accounts
 
Recruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media MasterclassRecruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media Masterclass
 
amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
 
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
 
The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...
 
In the Adani-Hindenburg case, what is SEBI investigating.pptx
In the Adani-Hindenburg case, what is SEBI investigating.pptxIn the Adani-Hindenburg case, what is SEBI investigating.pptx
In the Adani-Hindenburg case, what is SEBI investigating.pptx
 
Authentically Social Presented by Corey Perlman
Authentically Social Presented by Corey PerlmanAuthentically Social Presented by Corey Perlman
Authentically Social Presented by Corey Perlman
 
Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431
 
Part 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 SlowdownPart 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 Slowdown
 
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
 
Chapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .pptChapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .ppt
 
How to Implement a Real Estate CRM Software
How to Implement a Real Estate CRM SoftwareHow to Implement a Real Estate CRM Software
How to Implement a Real Estate CRM Software
 
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
 

ISBB_Chapter6.pptx

  • 2. Learning Objectives Upon successful completion of this chapter, you will be able to: • Identify the information security triad • Identify and understand the high-level concepts surrounding information security tools • Secure yourself digitally
  • 3. Introduction • Computers and digital devices are becoming integral to conducting business – Which also makes them a target of attack • Devices needs to be secured • Networks that computers and devices use should also be secured
  • 4. CIA Triad Availability Confidentiality – restrict access to authorized individuals Integrity – data has not been altered in an unauthorized manner Availability – information can be accessed and modified by authorized individuals in an appropriate timeframe
  • 5. Tools for Information Security • Authentication • Access Control • Encryption • Passwords • Backup • Firewalls • Virtual Private Networks (VPN) • Physical Security • Security Policies
  • 6. Authentication • Persons accessing the information is who they say they are • Factors of identification: – Something you know – user ID and password • User ID identifies you while the password authenticates you • Easy to compromise if weak password – Something you have – key or card • Can be lost or stolen – Something you are – physical characteristics (i.e., biometrics) • Much harder to compromise • A combination of at least 2 factors is recommended
  • 7. Access Control • Once authenticated – only provide access to information necessary to perform their job duties to read, modify, add, and/or delete information by: – Access control list (ACL) created for each resource (information) • List of users that can read, write, delete or add information • Difficult to maintain all the lists – Role-based access control (RBAC) • Rather than individual lists • Users are assigned to roles • Roles define what they can access • Simplifies administration
  • 8. Encryption • An algorithm (program) encodes or scrambles information during transmission or storage • Decoded/unscrambled by only authorized individuals to read it • How is this done? – Both parties agree on the encryption method (there are many) using keys • Symmetric key – sender and receiver have the key which can be risky • Public Key – use a public and private key where the public key is used to send an encrypted message and a private key that the receiver uses to decode the message
  • 9. Passwords • Single-factor authentication (user ID/password) is the easiest to break • Password policies ensure that this risk is minimized by requiring: – A certain length to make it harder to guess – Contain certain characters – such as upper and lower case, one number, and a special character – Changing passwords regularly and do not a password to be reused – Employees do not share their password – Notifying the security department if they feel their password has been compromised. – Yearly confirmation from employees that they understand their responsibilities
  • 10. Backup • Important information should be backed up and store in a separate location – Very useful in the event that the primary computer systems become unavailable • A good backup plan requires: – Understanding of the organizational information resources – Regular backups of all data – Offsite storage of backups – Test of the data restoration • Complementary practices: – UPS systems – Backup processing sites
  • 11. Firewalls • Can be a piece of hardware and/or software • Inspects and stops packets of information that don’t apply to a strict set of rules – Inbound and outbound • Hardware firewalls are connected to the network • Software firewalls run on the operating system and intercepts packets as they arrive to a computer • Can implement multiple firewalls to allow segments of the network to be partially secured to conduct business • Intrusion Detection Systems (IDS) watch for specific types of activities to alert security personnel of potential network attack
  • 12. Virtual Private Networks (VPN) • Some systems can be made private using an internal network to limit access to them – Can’t be accessed remotely and are more secure – Requires specific connections such as being onsite • VPN allows users to remotely access these systems over a public network like the Internet – Bypasses the firewall – Encrypts the communication or the data exchanged • CPP students have this ability for: – Exchange services from your Outlook client – Mapping a drive or mounting a file share – Instructions to establish a VPN connection can be found at https://ehelp.wiki.cpp.edu/VPN_(Virtual_Private_Network):_ Requirements
  • 13. Physical Security • Protection of the actual equipment – Hardware – Networking components • Organizations need to identify assets that need to be physically secured: – Locked doors – Physical intrusion detection - e.g., using security cameras – Secured equipment – Environmental monitoring – temperature, humidity, and airflow for computer equipment – Employee training
  • 14. Security Policies • Starting point in developing an overall security plan • Formal, brief, and high-level statement issued by senior management – Guidelines for employee use of the information resources – Embraces general beliefs, goals, objectives, and acceptable procedures – Includes company recourse if employees violate the policy • Security policies focus on confidentiality, integrity, and availability – Includes applicable government or industry regulations • Bring Your Own Device (BYOD) policies for mobile devices – Use when accessing/storing company information – Intellectual property implications • Difficult to balance the need for security and users’ needs
  • 15. Personal Information Security • Simple steps that individuals can take to be more secure: – Keep your software up to date – Install antivirus software – Use public networks carefully – Backup your data – Secure your accounts with two-factor authentication – Make your passwords long, unique, and strong – Be suspicious of strange links and attachments • For more information on personal information security, visit the Stop, Think, Connect website at http://www.stopthinkconnect.org/
  • 16. Summary • Identified the information security triad • Identified and understand the high-level concepts surrounding information security tools • How to secure yourself digitally