Ch09 - Management of Information Security, 2 nd ed. 9-1...

Info iconThis preview shows pages 1–5. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Management of Information Security, 2 nd ed. 9-1 Chapter 9 Protection Mechanisms At a Glance Instructor’s Manual Table of Contents • Chapter Overview • Chapter Outline • Chapter Objectives • Setup Notes • Lecture Notes and Teaching Tips with Quick Quizzes • Key Terms Management of Information Security, 2 nd ed. 9-2 Chapter Overview Chapter 9 brings the reader into the world of technical risk controls by exploring access control approaches, including authentication, authorization, and biometric access controls as well as firewalls and the common approaches to firewall implementation. The technical control approaches for dial-up access, intrusion detection systems, and cryptography are also covered. Chapter Outline Lecture Topics Page # Introduction 341 Access Controls 342 Firewalls 353 Intrusion Detection Systems 362 Remote Access Protection 365 Wireless Network Protection 368 Scanning and Analysis Tools 370 Cryptography 374 Management of Information Security, 2 nd ed. 9-3 Chapter Objectives When you complete this chapter, you will be able to: • Describe the various access control approaches, including authentication, authorization, and biometric access controls • Identify the various types of firewalls and the common approaches to firewall implementation • Recognize the current issues in dial-up access and protection • Identify and describe the types of intrusion detection systems and the two strategies on which they are based • Explain cryptography and the encryption process, and compare and contrast symmetric and asymmetric encryption Setup Notes This chapter could be completed in a single class session, if there is sufficient time to cover the material. Unless the students have not had the opportunity to read the material in advance (in some settings, the textbooks are not made available until the first class meeting), it may be prudent to have a general discussion of the topic, with detailed lecture to follow at the next class meeting. The subject matter can be covered in 1.25 to 2.5 hours. Management of Information Security, 2 nd ed. 9-4 Lecture Notes and Teaching Tips with Quick Quizzes Introduction Information security is an emerging discipline that combines the efforts of people, policy, education, training, awareness, procedures, and technology to improve the confidentiality, integrity, and availability of an organization’s information assets. Technical controls alone cannot ensure a secure IT environment, but they are usually an essential part of information security programs. Managing the development and use of technical controls requires some knowledge and familiarity with the technology that enables them. Technical controls can enable policy enforcement where human behavior is difficult to regulate. Although technical controls can be an important part of an information security program, they must be combined with sound policy and education, training, and awareness efforts....
View Full Document

Page1 / 35

Ch09 - Management of Information Security, 2 nd ed. 9-1...

This preview shows document pages 1 - 5. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online