tailieunhanh - Lecture Management information systems (3rd Edition): Chapter 7 - Rainer, Prince, Watson

Chapter 7: Information security. In this chapter, the learning objectives are: Introduction to information security, unintentional threats to information systems, deliberate threats to information systems, what organizations are doing to protect information resources, information security controls. | CHAPTER 7 Information Security CHAPTER OUTLINE Introduction to Information Security Unintentional Threats to Information Systems Deliberate Threats to Information Systems What Organizations Are Doing to Protect Information Resources Information Security Controls LEARNING OBJECTIVES Identify the five factors that contribute to the increasing vulnerability of information resources, and provide a specific example of each one. Compare and contrast human mistakes and social engineering, and provide a specific example of each one. Discuss the 10 types of deliberate attacks. Define the three risk mitigation strategies, and provide an example of each one in the context of owning a home. Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one. Introduction to Information Security Key Information Security Terms Information Security Threat Exposure Vulnerability Five Factors Increasing the Vulnerability of Information Resources Today’s interconnected, interdependent, wirelessly-networked business environment Smaller, faster, cheaper computers and storage devices Decreasing skills necessary to be a hacker Five Factors Increasing the Vulnerability of Information Resources continued Organized crime taking over cybercrime Lack of management support Unintentional Threats to Information Security Categories of Unintentional Threats Human Errors Social Engineering Human Errors Carelessness with laptops and portable computing devices Opening questionable e-mails Careless Internet surfing Poor password selection and use Social Engineering Tailgating Shoulder Surfing Deliberate Threats to Information Security Deliberate Threats Espionage or trespass Information extortion Sabotage or vandalism Theft of equipment or information Deliberate Threats (continued) Identity Theft Compromised to Intellectual Property Software Attacks SCADA Attacks Cyberterrorism and Cyberwarfare Virus Worm Trojan Horse Logic Bomb Phishing attacks Distributed denial-of-service attacks Software Attacks What Organizations Are Doing to Protect Information Resources Risk Management Risk Risk management Risk analysis Risk mitigation Risk Mitigation Strategies Risk Acceptance Risk limitation Risk transference Information Security Controls Information Security Controls Physical controls Access controls Communications (network) controls Access Controls Authentication Authorization Communication or Network Controls Firewalls Anti-malware systems Whitelisting and Blacklisting Encryption Communication or Network Controls (continued) Virtual private networking Secure Socket Layer Employee monitoring systems Business Continuity Planning, Backup, and Recovery Hot Site Warm Site Cold Site Information Systems Auditing Types of Auditors and Audits Internal External IS Auditing Procedure Auditing around the computer Auditing through the computer Auditing with the computer Closing Case #1 The Problem The Solution The Results Closing Case #2 The Problem The Solution The Results