Professional Documents
Culture Documents
Information Security Management: Threats To Information Security and What We Can Do About It
Information Security Management: Threats To Information Security and What We Can Do About It
Information Security Management: Threats To Information Security and What We Can Do About It
Management
Threats to Information
Security and what we
can do about it
Before we start our Conversation
Ordering a Pizza?
What are the threats to information security?
Fires
Floods
Hurricanes
Earthquakes
and
Other acts of nature
This chart shows some of the security problems a company may
experience and the possible sources of the problems.
What are unauthorized data disclosure
threats?
For example, a new university dept.
administrator posts student names, numbers,
and grades in a public place.
The figure below lists the factors you should include in a risk assessment.
Once youve assessed the risks to your information system, you must make
decisions about how much security you want to pay for. Each decision carries
consequences.
Packet-filtering firewalls
are programs on
general-purpose
computers or on routers
that examine each
packet entering the
network
Malware Protection
Malware Protection is Adware is a benign
the fourth technical program thats also
installed without your
safeguard. Well permission. It resides in
concentrate on spyware your computers
and adware here. background and
observes your behavior.
Spyware are programs that
may be installed on your
computer without your
knowledge or permission.
If your computer displays
any of the symptoms in this
figure, you may have one of
these types of malware on
your computer.
safeguard your computer against
malware:
Install antivirus and antispyware programs.
Open email attachments only from known sources and even then be
wary.
Remember, data and the information from it are one of the most
important resources an organization has.
What human safeguards are available?
Human safeguards
for employees are
some of the most
important safeguards
an organization can
deploy.
They should be
coupled with
effective procedures
to help protect
information systems.
An organization needs human safeguards for
nonemployees whether they are temporary employees,
vendors, business partners, or the public. Here are a few
suggestions: