Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Chapter 11 - Information Security Management

No description

Seong-Yun Kang

on 12 April 2011

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Chapter 11 - Information Security Management

Information security Management Security Issues Threats to Information Seurity Information Privacy Information
Security Management Information System Security Precautions taken to keep unauthorized people out of the other four components of IS framework Computer Security Computer Secrity Risk Computer Abuse Cybercrime Protection from Tampering
Physical Danger
Unwanted Disclosure Data - Event or action that might cause loss or damage Unehical act, NOT illegal
Many definitions
- some state says computer abuse is illigal Internet-based illegal act 1. Human Errors 2. Mailcious Human Activity 3. Hardware Problems 4. Natural Disasters = People can make mistake by accident Misunderstand operating procedures Physical Mistakes

Installation Errors = Bad guys do Bad things


destroying data - Breaking into systems - Introducing viruses and worms into a system - Unauthorized changes = All computer faluts Breakdown


Configuration Errors

Fire Thunder Snow Flood Earthquake Cyber Impostors Network and Internet Attacks Hakers White Hat Black Hat Gray Hat - Hire by organization so that they can fix and upgrade their technology - Intruders - Bad motives (Personal Gain or Damage) - Middle between white and black Cracker Script Kiddie/Bunny Unethical Employees Cyberextortionist Cyberterrorist - Person who "breaks in" to computer system and destory data - Crack: piece of software to defeat copyright protections - Juveniles that use prewritten programs - Access to Employer's program * Steal for... Money
Intellectual Property * Curiosity * Revenge * Obtain power Threatens to attack organization's Computer system - if Digital Ransom not received Usually happen across international boarder Attacks computer system for..... * Social
* Ideological
* Religious
* Political - Internet has more possiblilities to be compromised then indiviual stand-alone computer Malicious Software or Malware Virus Worm Trojan Horse Cybervandalism Sniffer Wardriving Denial of Service Attacks (DoS) Botnets Identity Thefit Phishing Pharming Evil Twins Click Fraud - Software Created with Criminal Intentions - Small Software or data order to be executed - Automatically copies it self - infects other programs - Independent Program - Move to Program by Program - Spreads itself - Move Computer to Computer Through the Networks - Hidden in first time - Trick, Back door program It is possible results Change your Desktop

Add silly icons

Destroy your computer - intentional defacement or Destruction of a website or information system - Electronic eavesdropping program - Get/Capture information while traveling through a network (Password, Security Code, etc) *Legitimate uses - Recover network password
- Monitor password abuse for server administrators - the Act of searching for wireless networks by a vehicle - associated with unprotected wireless access points - Flooding a server with requests that congests the network to a point
that they cannot provide services - Typically done through bogu web page or "ping" DDoS - Distributed Denial of Service Attacks - use more computer to attack - Network "Zombie" Put Malware on unprotect computer via network Used to attack Internet Services Websites or to do spam Collection of software robots or bots Steal personal information to impersonate Fake website, Fraud email to access personal information Redirecting users to a fraudulent
website when a legitimate URL is entered Wireless network that pretend to offer trustworthy Wi-Fi Fraudulently clicks on an online ad - The reight of individuals/Organizations to deny or restrict access to confidential information Spam Cookies Spyware
Adware < Information Gathering Tools > - Electornic Junk mail (usually sell advertise or promote goods or service) - WHY Spam?? Nobody wnats it or ever asks for it
No one ever eats it
Sometimes it is actually tasty (1% of junk mail is useful) - Spim - Spit Software program - Moniter users activities - unwanted piggyback programs - can remove erasing origianl data - Small program that is distributed in order to AD product Text File that contains information about User's Perferences (what does user look?, online shopping cart) (Unrequested sponsored advertisements, Pop-Up Ads) Keyloggers Record Keystrokes to Steal * Serial Number
* Password
to launch Internet attacks Using good Using bad - Parents can see what their child do while they are not in house - Competitor can look what the other companies do - Employer can see that employees do their job or not Thing that you can prevent intrusions Firewalls - Combination Hard/Software Anti-Virus and Anti-Spyware Intrusion Detection Software Honeypots - Counter-intelligence Data Endryption Human safeguard are important that
organization can deploy Developing an IS Security Plan Risk Analysis

Policies and Procedures



Auditing Be Careful
Full transcript