chapter 6 information security. chapter outline 4.1 introduction to information security 4.2...
TRANSCRIPT
![Page 1: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/1.jpg)
CHAPTER 6Information Security
![Page 2: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/2.jpg)
CHAPTER OUTLINE
4.1 Introduction to Information Security
4.2 Unintentional Threats to Information Security
4.3 Deliberate Threats to Information Security
4.4 What Organizations Are Doing to Protect
Information Resources
4.5 Information Security Controls
![Page 3: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/3.jpg)
LEARNING OBJECTIVES
1. Identify the five factors that contribute to the
increasing vulnerability of information resources,
and provide a specific example of each one.
2. Compare and contrast human mistakes and
social engineering, and provide a specific
example of each one.
3. Discuss the nine types of deliberate attacks.
![Page 4: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/4.jpg)
LEARNING OBJECTIVES (continued)
4. Define the three risk mitigation strategies, and
provide an example of each one in the context
of you owning a home.
5. Identify the three major types of controls that
organizations can use to protect their
information resources, and provide an example
of each one.
![Page 5: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/5.jpg)
7.1 Introduction to Information Security
© Sebastian/AgeFotostock America, Inc.
Information security refers to all of the processes and policies designed to protect an organization’s information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
![Page 6: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/6.jpg)
Key Information Security Terms
A threat to an information resource
is any danger to which a system may
be exposed.
vulnerability is the possibility that
the system will suffer harm by a threat
exposure of an information resources is the harm, loss or damage that can result if a threat compromises that resource.
![Page 7: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/7.jpg)
Smaller, Faster Devices
© PhotoEdit/Alamy Limited
© laggerbomber-Fotolia.com© Dragonian/iStockphoto
![Page 8: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/8.jpg)
Decreasing Skills Needed to be a Hacker
New & Easier Tools make it very easy to attack the Network
Attacks are becoming increasingly sophisticated
© Sven Taubert/Age Fotostock America, Inc.
![Page 9: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/9.jpg)
Organized Crime Taking Over Cybercrime
© Stockbroker xtra/AgeFotostock America, Inc.
![Page 10: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/10.jpg)
Lack of Management Support
© Sigrid Olsson/Photo Alto/Age Fotostock
![Page 11: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/11.jpg)
7.2 Unintentional Threats to Information Systems
George Doyle/ImageSource Limited
![Page 12: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/12.jpg)
Security Threats
![Page 13: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/13.jpg)
Human Errors
Carelessness with laptops and portable computing devices
Opening questionable e-mails
Careless Internet surfing
Poor password selection and use
And more
![Page 14: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/14.jpg)
Social Engineering
2 examples
Tailgating
Shoulder surfing
© Purestock/Age Fotostock America, Inc
![Page 15: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/15.jpg)
7.3 Deliberate Threats to Information Systems
![Page 16: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/16.jpg)
There are many types of deliberate attacks including:
• Espionage or Trespass
• Information extortion
• Sabotage or vandalism
• Theft of equipment or information
• Identity theft
• Compromises to intellectual property
• Soft ware attacks
• Alien soft ware
• Supervisory control and data acquisition (SCADA) attacks
• Cyberterrorism and cyberwarfare
![Page 17: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/17.jpg)
Deliberate Threats
Espionage or trespass• Competitive intelligence consists of legal information-
gathering techniques. • Industrial espionage crosses the legal boundary.
Information extortion
Sabotage or vandalism
Theft of equipment or information– For example, dumpster diving
© Diego Cervo/Age Fotostock America, Inc.
![Page 18: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/18.jpg)
Deliberate Threats (continued)
Identify theft
Compromises to intellectual property• Compromises to intellectual property• Intellectual property. Property created by individuals or
corporations which is protected under trade secret, patent, and copyright laws.
• Trade secret. Intellectual work, such as a business plan, that is a company secret and is not based on public information.
Frederic Lucano/Stone/Getty Images, Inc.
![Page 19: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/19.jpg)
• Patent. Document that grants the holder exclusive rights on an invention or process for 20 years.
• Copyright. Statutory grant that provides creators of intellectual property with ownership of the property for life of the creator plus 70 years.
• Piracy. Copying a software program without making payment to the owner.
• Virus is a segment of computer code that performs malicious actions by attaching to another computer program.
![Page 20: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/20.jpg)
• Worm is a segment of computer code that performs malicious actions and will spread by itself without requiring another computer program.
• Trojan horse is a computer program that hides in another computer program and reveals its designated behavior only when it is activated.
• Logic bomb is a segment of computer code that is embedded inside an organization’s existing computer programs and is designed to activate and perform a destructive action at a certain time or date.
![Page 21: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/21.jpg)
Deliberate Threats (continued)Software attacks
virus is a segment of
computer code that performs
malicious actions by
attaching to another
computer program.
worm is a segment of
computer code that spreads by
itself and performs malicious
actions without requiring another
computer program
Trojan horse is a software
program that hides in other
computer programs when
it is activated.Trojan
horse is to capture your
sensitive information
(e.g., passwords,
account numbers, etc.) and send them to the creator of
the Trojan horse.
A logic bomb is a segment of computer code
that is embedded within an
organization’s existing
computer programs and is
designed to activate and perform a
destructive action at a
certain time and date.
![Page 22: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/22.jpg)
Software attacks (continued)Phishing attacks
• Phishing slideshow• Phishing quiz• Phishing example• Phishing example
Distributed denial-of-service attacks
• See botnet demonstration
Deliberate Threats (continued)
![Page 23: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/23.jpg)
How to Detect a Phish E-mail
![Page 24: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/24.jpg)
Is the email really from eBay, or PayPal, or a bank?
As Spammers get better, their emails look more genuine. How do you tell if it’s a scam and phishing for personal information? Here’s how ...
![Page 25: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/25.jpg)
Is the email really from eBay, or PayPal,
or a bank? As an example, here is what the email said:
– Return-path: <[email protected]>– From: "PayPal"<[email protected]>– Subject: You have 1 new Security Message Alert !
Note that they even give
advice in the right column
about security
![Page 26: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/26.jpg)
Example Continued – bottom of the email
![Page 27: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/27.jpg)
How to see what is happening View Source
• In Outlook, right click on email, click ‘view source’.
• In GroupWise, open email and click on the Message Source tab.
• In Mozilla Thunderbird, click on View, and Source.
• Below is the part of the text that makes the email look official – the images came from the PayPal website.
![Page 28: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/28.jpg)
![Page 29: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/29.jpg)
View Source – The Real Link
• In the body it said, “If you are traveling, “Travelling Confirmation Here” .
• Here is where you are really being sent– href=3Dftp://futangiu:[email protected]/
index.htm.
• Notice that the link is not only not PayPal, it is an IP address, 2 giveaways of a fraudulent link.
![Page 30: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/30.jpg)
Another Example – Amazon
![Page 31: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/31.jpg)
Deliberate Threats (continued)Alien SoftwareSpyware collects personal information about users without their consent
Two types of spyware are :-Keystroke loggers record your keystrokes and your Web browsing history
Screen scrapers record a continuous “movie” of what you do on a screen.
The spyware video provides a nice overview of spyware and how to avoid
it.
Spamware is alien software that is designed to use your computer as a launchpad for spammers. Spam is
unsolicited e-mail.
Cookies
are small amounts of information that Web sites store on your computer.• The cookie demo will show you how much information your computer sends when you connect to a
Web site.
Cookies
![Page 32: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/32.jpg)
Cookies
are small amounts of information that Web sites store on your computer.
The cookie demo will show you how much information your
computer sends when you connect to a Web site.
![Page 33: CHAPTER 6 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate](https://reader034.vdocuments.us/reader034/viewer/2022042519/56649e175503460f94b0238e/html5/thumbnails/33.jpg)
Example of CAPTCHA