Professional Documents
Culture Documents
Chapter 4 - Information Security
Chapter 4 - Information Security
Chapter 4 - Information Security
1 2 3 4 5
Identify the five factors Compare and contrast Discuss the ten types of Define the three-risk Identify the three major
that contribute to the human mistakes and social deliberate attacks. mitigation strategies, and types of controls that
increasing vulnerability of engineering, and provide a provide an example of organizations can use to
information resources, and specific example of each each one in the context of protect their information
provide a specific example one. owning a home. resources, and provide an
of each one. example of each one.
What’s in IT for Me?
Kim Dotcom: Pirate or Successful
Entrepreneur?
Read the Kim Dotcom case and answer the following
questions:
• Do cyberlocker sites show due diligence in protecting sensitive,
classified information?
• How can cyberlockers address copyright infringement more effectively?
• Does better protection against copyright infringement on cyberlocker
sites involve technology, policy, or both?
4.1 Introduction to Information Security
Security is defined as “as the degree of protection against criminal activity, danger, damage, and/or
loss.
Information Security is “all of the processes and policies designed to protect an organization’s
information and information systems (IS) from unauthorized access, use, disclosure, disruption,
modification, or destruction”.
Today, five key factors are contributing to the increasing vulnerability of
organizational information resources, making it much more difficult to secure
them:
Today’s interconnected,
Smaller, faster, cheaper Decreasing skills
interdependent,
computers and storage necessary to be a
wirelessly networked
devices; computer hacker;
business environment;
International organized
Lack of management
crime taking over
support.
cybercrime;
4.2 Unintentional Threats
to Information Systems
2. Tailgating
3. Shoulder surfing
4.3 Deliberate Threats to Information
System
Espionage or Information Sabotage or Theft of equipment
trespass extortion vandalism or information
Compromises to
Identity theft Software attacks Alien software
intellectual property
Supervisory control
Cyberterrorism and
and data acquisition
cyberwarfare
(SCADA) attacks
Espionage or Espionage or trespass occurs when an
unauthorized individual attempts to gain illegal
Trespass access to organizational information
Information
Extortion
Information extortion occurs
when an attacker either
threatens to steal, or actually
steals, information from a
company.
Sabotage and vandalism are deliberate
Sabotage or acts that involve defacing an organization’s
Web site, possibly damaging the
Vandalism organization’s image and causing its
customers to lose faith.
Theft of One form of theft, known as dumpster
to Intellectual
A patent is an official document that grants the holder
Property exclusive rights on an invention or a process for a
specified period of time.
Attacks
attacks, typically via the Web, to
make money.
Alien software is clandestine software that is
installed on your computer through duplicitous
methods.
Communications controls (also called network controls) secure the movement of data across
networks. Communications controls consist of firewalls, anti-malware systems, whitelisting and
blacklisting, encryption, virtual private networks (VPNs), secure socket layer (SSL), and employee
monitoring systems.
What’s In
IT For Me?