Click here to load reader
Chapter 6 Powerpoint Slides
Nov 22, 2014
- 1. 6- 6 Chapter Securing Information Systems 66 percent of all Webroot-scanned personal computers are infected with at least 25 spyware programs. Webroot (2005)
- 2. Learning Objectives 6-
- 3. Learning Objectives 6-
- 4. Information Systems Security
- All systems connected to a network are at risk
- Internal threats
- External threats
- Information systems security
- Precautions to keep IS safe from unauthorized access and use
- Increased need for good computer security with increased use of the Internet
- 5. Primary Threats to Information Systems Security
- Accidents and natural disasters
- Power outages, cats walking across keyboards
- Employees and consultants
- Links to outside business contacts
- Travel between business affiliates
- Outsiders
- Viruses
- 6. Unauthorized Access
- Unauthorized people
- Look through electronic data
- Peek at monitors
- Intercept electronic communication
- Theft of computers or storage media
- Determined hackers gain administrator status
- 7. Gaining Access to a Password
- Brute force
- Try combinations until a match is found
- Protection:
- Wait time requirements after unsuccessful login attempt
- CAPTCHA
- 8. Information Modification
- User accesses electronic information
- User changes information
- Employee gives himself a raise
- 9. Denial of Service Attack
- Attackers prevent legitimate users from accessing services
- Zombie computers
- Created by viruses or worms
- Attack Web sites
- 10. Computer Viruses
- Corrupt and destroy data
- Destructive code can
- Erase a hard drive
- Seize control of a computer
- Worms
- Variation of a virus
- Replicate endlessly across the Internet
- Servers crash
- MyDoom attack on Microsofts Web site
- 11. Spyware
- Within freeware or shareware
- Within a Web site
- Gathers information about a user
- Credit card information
- Behavior tracking for marketing purposes
- Eats up computers memory and network bandwidth
- Adware special kind of spyware
- Collects information for banner ad customization
- 12. Spam
- Electronic junk mail
- Advertisements of products and services
- Eats up storage space
- Compromises network bandwidth
- Spim
- Spam over IM
- 13. Protection Against Spam
- Barracuda Spam Firewall 600
- Filters spam and other email threats
- Decreases amount of spam processed by the central e-mail server
- Handles 3,000 10,000 active email users
- Spam messages blocked or quarantines
- 14. Phishing
- Attempts to trick users into giving away credit card numbers
- Phony messages
- Duplicates of legitimate Web sites
- E.g., eBay, PayPal have been used
- 15. Cookies
- Messages passed to a Web browser from a Web server
- Used for Web site customization
- Cookies may contain sensitive information
- Cookie management and cookie killer software
- Internet Explorer Web browser settings
- 16. Other Threats to IS Security
- Employees writing passwords on paper
- No installation of antivirus software
- Use of default network passwords
- Letting outsiders view monitors
- 17. Other Threats to IS Security (II)
- Organizations fail to limit access to some files
- Organizations fail to install firewalls
- Not doing proper background checks
- Lack of employee monitoring
- Fired employees who are resentful
- 18. Learning Objectives 6-
- 19. Safeguarding Information Systems Resources
- Information systems audits
- Risk analysis
- Process of assessing the value of protected assets
- Cost of loss vs. cost of protection
- Risk reduction
- Measures taken to protect the system
- Risk acceptance
- Measures taken to absorb the damages
- Risk transfer
- Transferring the absorption of risk to a third party
- 20. Technological Safeguards
- Physical access restrictions
- Authentication
- Use of passwords
- Photo ID cards, smart cards
- Keys to unlock a computer
- Combination
- Authentication limited to
- Something you have
- Something you know
- Something you are
- 21. Biometrics
- Form of authentication
- Fingerprints
- Retinal patterns
- Body weight
- Etc.
- Fast authentication
- High security
Related Documents See more >
