1 / 33

Information Security

Information Security. INTRODUCTION. Information security – a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization

Télécharger la présentation

Information Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.


Presentation Transcript

  1. Information Security

  2. INTRODUCTION • Information security – a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization • This plug-in discusses how organizations can implement information security lines of defense through people first and technology second

  3. The Second Line of Defense - Technology • Three primary information security areas • Authentication and authorization • Prevention and resistance • Detection and response

  4. AUTHENTICATION AND AUTHORIZATION • Authentication – a method for confirming users’ identities • Authorization – the process of giving someone permission to do or have something • The most secure type of authentication involves a combination of the following: • Something the user knows such as a user ID and password • Something the user has such as a smart card or token • Something that is part of the user such as a fingerprint or voice signature

  5. Something the User Knows such as a User ID and Password • User ID and passwords are the most common way to identify individual users, and are the most ineffective form of authentication • Identity theft – the forging of someone’s identity for the purpose of fraud • Phishing – a technique to gain personal information for the purpose of identity theft

  6. Something the User Knows such as a User ID and Password

  7. Something the User Has such as a Smart Card or Token • Smart cards and tokens are more effective than a user ID and a password • Token – small electronic devices that change user passwords automatically • Smart card – a device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing

  8. Something That Is Part of the User such as a Fingerprint or Voice Signature • This is by far the best and most effective way to manage authentication • Biometrics – the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting • Unfortunately, this method can be costly and intrusive

  9. PREVENTION AND RESISTANCE • Downtime can cost an organization anywhere from $100 to $1 million per hour • Technologies available to help prevent and build resistance to attacks include: • Content filtering • Encryption • Firewalls

  10. Encrypting Stored Data • Encryption • Uses high-level mathematical functions and computer algorithms to encode data • Files • Can be encrypted “on the fly” as they are being saved, and decrypted as they are opened • Encryption and decryption • Tend to slow down computer slightly when opening and saving files

  11. Content Filtering • Organizations can use content filtering technologies to filter e-mail and prevent e-mails containing sensitive information from transmitting and stop spam and viruses from spreading • Content filtering – occurs when organizations use software that filters content to prevent the transmission of unauthorized information • Spam – a form of unsolicited e-mail

  12. FIREWALLS • One of the most common defenses for preventing a security breach is a firewall • Firewall – hardware and/or software that guards a private network by analyzing the information leaving and entering the network

  13. FIREWALLS • Sample firewall architecture connecting systems located in Chicago, New York, and Boston

  14. DETECTION AND RESPONSE • If prevention and resistance strategies fail and there is a security breach, an organization can use detection and response technologies to mitigate the damage • Antivirus software is the most common type of detection and response technology

  15. BYU’s Free Antivirus Software • Log into Route-Y • Under the “Miscellaneous” tab choose Software Distribution, • Select the “Software” tab (near the top left) • Click on Symantec Products • DownloadAntivirus software for your operating system

  16. DETECTION AND RESPONSE • Hacker - people very knowledgeable about computers who use their knowledge to invade other people’s computers • White-hat hacker • Black-hat hacker • Hactivist • Script kiddies or script bunnies • Cracker • Cyberterrorist

  17. DETECTION AND RESPONSE • Virus -software written with malicious intent to cause annoyance or damage • Worm • Denial-of-service attack (DoS) • Distributed denial-of-service attack (DDoS) • Trojan-horse virus • Backdoor program • Polymorphic virus and worm

  18. DETECTION AND RESPONSE • Security threats to e-business include: • Elevation of privilege • Hoaxes • Malicious code • Spoofing • Spyware • Sniffer • Packet tampering

  19. Back Up Principles • Scope: • Documents, Data, Media • Executable Program files • Operating System and Drivers • Frequency • How often should you back up? • Cost of lost information vs • Cost of back up (time, media)

  20. Back Up Principles • Keep copy of backup files “off site” • Test back ups before deleting prior version • Protect hardware from natural disasters. • Maintain redundant or backup systems for critical functions. • Make plans for ongoing processing in the event of hardware/software/data disaster. (Consider 9/11)

  21. Back up Media - Magnetic Tape • Tape is a sequential media – not suitable for real time processing • Tape is used mainly for backup and archive • Relatively inexpensive & compact

  22. Back up Media – Hard Drives • High capacity • Relatively fast back up • Internal vs. external • Internal is less expensive • External is portable • Relatively inexpensive

  23. Back Up Media –Optical (CD, DVD) • CD = 650 – 850 MB; $.10 (<$.14/GB) • CD recorders are common • DVD = 4.7 – 17 GB; $.30 (<$.06/GB) • DVD recorders less common • Record once vs. many times (R vs. RW)

  24. Back Up Media –Solid State Devices • Compact Flash (CF) • Secure Digital (SD) • Flash Drive (USB/Thumb Drive) • Very portable • Damaged by electric pulses. • High cost/GB

  25. Software Patches • Set it to update automatically • Can seriously reduce viral vulnerability • Blaster example

  26. Scenario 1 • You receive an email from your mom. The text says “Here is the information you requested” and there is a word document attached. Do you open it?

  27. Scenario 2 • You buy a new computer at CompUSA. What do you need to do to keep it safe from attacks?

  28. Scenario 3 • You have a great iTunes collection. Your roommate’s friend wants to load his iPod too. What do you think?

  29. Scenario 4 • You receive an email from PayPal asking you to update your personal information. What do you do?

More Related