![Page 1: BUSINESS B1 Information Security. 2 Learning Outcomes Describe the relationship between information security policies and an information security plan](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e495503460f94b3c85b/html5/thumbnails/1.jpg)
BUSINESS B1
Information Security
![Page 2: BUSINESS B1 Information Security. 2 Learning Outcomes Describe the relationship between information security policies and an information security plan](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e495503460f94b3c85b/html5/thumbnails/2.jpg)
2
Learning Outcomes
• Describe the relationship between information security policies and an information security plan
• Summarize the five steps to creating an information security plan
• Provide an example of each of the three primary security areas: authentication and authorization, prevention and resistance, and detection and response
• Describe the relationships and differences between hackers and viruses
![Page 3: BUSINESS B1 Information Security. 2 Learning Outcomes Describe the relationship between information security policies and an information security plan](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e495503460f94b3c85b/html5/thumbnails/3.jpg)
3
Information Security : Intro
Information security – a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization
This plug-in discusses how organizations can implement information security lines of defense through people first and technology second
![Page 4: BUSINESS B1 Information Security. 2 Learning Outcomes Describe the relationship between information security policies and an information security plan](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e495503460f94b3c85b/html5/thumbnails/4.jpg)
4
Information Security : People
Organizations must enable employees, customers, and partners to access information electronically
33% of security incidents originate within the organization Insiders – legitimate users who purposely or
accidentally misuse their access to the environment and cause some kind of business-affecting incident
![Page 5: BUSINESS B1 Information Security. 2 Learning Outcomes Describe the relationship between information security policies and an information security plan](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e495503460f94b3c85b/html5/thumbnails/5.jpg)
5
Information Security : Combat Insider
An organization should develop information security policies and an information security plan
Information security policies – identify the rules required to maintain information security
Information security plan – details how an organization will implement the information security policies
![Page 6: BUSINESS B1 Information Security. 2 Learning Outcomes Describe the relationship between information security policies and an information security plan](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e495503460f94b3c85b/html5/thumbnails/6.jpg)
6
Creating an information security plan
Develop the information security policies Communicate the information security policies Identify critical information assets and risks
Firewall – hardware and/or software that guards a private network by analyzing the information leaving and entering the network
Intrusion detection software (IDS) – searches out patterns in network traffic to indicate attacks and quickly respond to prevent harm
Test and reevaluate risks Obtain stakeholder support
![Page 7: BUSINESS B1 Information Security. 2 Learning Outcomes Describe the relationship between information security policies and an information security plan](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e495503460f94b3c85b/html5/thumbnails/7.jpg)
![Page 8: BUSINESS B1 Information Security. 2 Learning Outcomes Describe the relationship between information security policies and an information security plan](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e495503460f94b3c85b/html5/thumbnails/8.jpg)
8
Information Security : Technology
Three primary information security areas Authentication and authorization Prevention and resistance Detection and response
![Page 9: BUSINESS B1 Information Security. 2 Learning Outcomes Describe the relationship between information security policies and an information security plan](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e495503460f94b3c85b/html5/thumbnails/9.jpg)
9
Authentication and Authorization
Authentication – a method for confirming users’ identities
The most secure type of authentication involves a combination of the following: Something the user knows such as a user ID
and password Something the user has such as a smart
card or token Something that is part of the user such as a
fingerprint or voice signature
![Page 10: BUSINESS B1 Information Security. 2 Learning Outcomes Describe the relationship between information security policies and an information security plan](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e495503460f94b3c85b/html5/thumbnails/10.jpg)
10
Something the User Knows such as a User ID and Password This is the most common way to identify
individual users and typically contains a user ID and a password
This is also the most ineffective form of authentication
Over 50 percent of help-desk calls are password related
![Page 11: BUSINESS B1 Information Security. 2 Learning Outcomes Describe the relationship between information security policies and an information security plan](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e495503460f94b3c85b/html5/thumbnails/11.jpg)
11
Something the User Knows such as a User ID and Password
![Page 12: BUSINESS B1 Information Security. 2 Learning Outcomes Describe the relationship between information security policies and an information security plan](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e495503460f94b3c85b/html5/thumbnails/12.jpg)
12
Something the User Has such as a Smart Card or Token Smart cards and tokens are more effective
than a user ID and a password Tokens – small electronic devices that change
user passwords automatically Smart card – a device that is around the same
size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing
![Page 13: BUSINESS B1 Information Security. 2 Learning Outcomes Describe the relationship between information security policies and an information security plan](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e495503460f94b3c85b/html5/thumbnails/13.jpg)
13
Something that is Part of the User such as a Fingerprint or Voice Signature
This is by far the best and most effective way to manage authentication Biometrics – the identification of a user based
on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting
Unfortunately, this method can be costly and intrusive
![Page 14: BUSINESS B1 Information Security. 2 Learning Outcomes Describe the relationship between information security policies and an information security plan](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e495503460f94b3c85b/html5/thumbnails/14.jpg)
14
Prevention and Resistance
Downtime can cost an organization anywhere from $100 to $1 million per hour
Technologies available to help prevent and build resistance to attacks include: Content filtering Encryption Firewalls
![Page 15: BUSINESS B1 Information Security. 2 Learning Outcomes Describe the relationship between information security policies and an information security plan](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e495503460f94b3c85b/html5/thumbnails/15.jpg)
15
Content Filtering
Organizations can use content filtering technologies to filter e-mail and prevent e-mails containing sensitive information from transmitting and stop spam and viruses from spreading
Content filtering – occurs when organizations use software that filters content to prevent the transmission of unauthorized information
Spam – a form of unsolicited e-mail
![Page 16: BUSINESS B1 Information Security. 2 Learning Outcomes Describe the relationship between information security policies and an information security plan](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e495503460f94b3c85b/html5/thumbnails/16.jpg)
16
Encryption
If there is an information security breach and the information was encrypted, the person stealing the information would be unable to read it
Encryption – scrambles information into an alternative form that requires a key or password to decrypt the information
![Page 17: BUSINESS B1 Information Security. 2 Learning Outcomes Describe the relationship between information security policies and an information security plan](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e495503460f94b3c85b/html5/thumbnails/17.jpg)
17
Firewalls
One of the most common defenses for preventing a security breach is a firewall
Firewall – hardware and/or software that guards a private network by analyzing the information leaving and entering the network
![Page 18: BUSINESS B1 Information Security. 2 Learning Outcomes Describe the relationship between information security policies and an information security plan](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e495503460f94b3c85b/html5/thumbnails/18.jpg)
18
Detection and Response
If prevention and resistance strategies fail and there is a security breach, an organization can use detection and response technologies to mitigate the damage
Antivirus software is the most common type of detection and response technology
![Page 19: BUSINESS B1 Information Security. 2 Learning Outcomes Describe the relationship between information security policies and an information security plan](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e495503460f94b3c85b/html5/thumbnails/19.jpg)
19
Security Threats to E-business Sites
Malicious code – includes a variety of threats such as viruses, worms, and Trojan horses
Hoaxes – attack computer systems by transmitting a virus hoax, with a real virus attached
Spoofing – the forging of the return address on an e-mail so that the e-mail message appears to come from someone other than the actual sender
Sniffer – a program or device that can monitor data traveling over a network
![Page 20: BUSINESS B1 Information Security. 2 Learning Outcomes Describe the relationship between information security policies and an information security plan](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e495503460f94b3c85b/html5/thumbnails/20.jpg)
![Page 21: BUSINESS B1 Information Security. 2 Learning Outcomes Describe the relationship between information security policies and an information security plan](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e495503460f94b3c85b/html5/thumbnails/21.jpg)