INFORMATION SECURITY

Plug-in B6

THE FIRST LINE OF DEFENSE - PEOPLE

Organizations must enable employees, customers, and partners to access information electronically

The biggest issue surrounding information security is not a technical issue, but a _______ issue

___% of security incidents originate within the organization Insiders – legitimate users who purposely

or accidentally misuse their access to the environment and cause some kind of business-affecting incident

THE FIRST LINE OF DEFENSE - PEOPLE

The first line of defense an organization should follow to help combat insider issues is to develop information security _______ and an information security _____ Information security policies – identify the

rules required to maintain information security

Information security plan – details how an organization will __________ the information security policies

THE FIRST LINE OF DEFENSE - PEOPLE

Hackers frequently use “_______ engineering” to obtain password

Social engineering – using one’s social skills to trick people into revealing access credentials or other information valuable to the attacker

THE FIRST LINE OF DEFENSE - PEOPLE

Five steps to creating an information security plan:

1. Develop the information security policies2. ____________ the information security

policies3. Identify critical information assets and risks4. Test and reevaluate risks5. Obtain ___________ support

Person, group, or organization that has direct or indirect stake in an organization because it can affect or be affected by the organization's actions, objectives, and policies.

THE SECOND LINE OF DEFENSE - TECHNOLOGY

There are three primary information technology security areas

1. Authentication and authorization2. Prevention and resistance3. Detection and response

Authentication and Authorization

Authentication – a method for confirming users’ __________

Authorization – giving someone _________ to do or have something

The most secure type of authentication involves:

1. Something the user knows such as a user ID and password

2. Something the user has such as a smart card or token

3. Something that is part of the user such as a fingerprint or voice signature

Something the User Knows

This is the most common way to identify individual users and typically contains a user ID and a password

This is also the most _________ form of authentication

Over ____ percent of help-desk calls are password related

Something the User Knows

Identity theft – a crime used to refer to ______ that involves someone pretending to be someone else in order to steal money or get other benefits.

Phishing – The act of sending an ______ to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft

Something the User Knows

Smart cards and tokens are more effective than a user ID and a password

Tokens – may be a _________ device that an authorized user of computer services is given to ease authentication.

Smart card – a device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited ___________

Something That Is Part Of The User

This is by far the best and most effective way to manage authentication

Biometrics – technologies that measure and analyze human body characteristics, such as fingerprints, eye retinas and irises, voice patterns, facial patterns and hand measurements, for ____________ purposes.

Unfortunately, this method can be costly and intrusive

Prevention and Resistance

Downtime can cost an organization anywhere from $100 to $1 million per hour

Technologies available to help prevent and build resistance to attacks include:

1. Content filtering2. Encryption3. Firewalls

Content Filtering

Organizations can use content filtering technologies to prevent e-mails containing sensitive information from transmitting and stop spam and viruses from spreading.

Content filtering –using software that filters content to prevent the transmission of unauthorized information

Spam – the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages

Corporate losses caused by spam (_______ $)

Encryption

If there is an information security breach and the information was encrypted, the person stealing the information would be unable to read it

Encryption – the process of transforming information using an _________ (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key

Public key encryption (PKE) – an encryption system that uses two keys: a public key for everyone and a private key for the recipient

Firewalls

One of the most common defenses for preventing a security breach is a firewall

Firewall – hardware and/or software that guards a private network by analyzing the information leaving and entering the network

Detection and Response

Antivirus software is the most common type of detection and response technology

Hacker - people very knowledgeable about computers who use their knowledge to invade other people’s computers

White-hat hacker Black-hat hacker Hactivist Script kiddies or script bunnies Cracker Cyber terrorist

Detection and Response

Virus - software written with malicious intent to cause annoyance or damage

Worm: spreads itself among files & computers Denial-of-service attack (DoS): flooding web

sites Distributed denial-of-service attack (DDoS):

attacks from multiple computers Trojan-horse: hides inside other software Backdoor program: open a way for future

attack Polymorphic virus and worm: change their

form as they propagate

Detection and Response

Security threats to e-business include: Elevation of privilege Hoaxes Malicious code Spoofing Spyware Sniffer Packet tampering