39-40_091130_Chpt12 - Chapter 12 Information Security...

Info iconThis preview shows pages 1–13. Sign up to view the full content.

View Full Document Right Arrow Icon
MIS 301 Introduction to IT Management Lizhen Xu IROM Department McCombs School of Business Chapter 12 Information Security Management
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Ch. 12 Information Security Management Sources and types of security threats Elements of a security program Technical safeguards Data safeguards Human safeguards What is necessary for disaster preparedness? How should organizations respond to security incidents?
Background image of page 2
Security Threats
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Human Error and Mistakes Internal employees Misunderstand operating procedures and accidentally delete customer records Poorly written application programs and poorly designed procedures External personnel Customers Business partners
Background image of page 4
Natural Events and Disasters Disasters Fires, floods, hurricanes, earthquakes, tsunamis, avalanches & other acts of nature Losses Initial loss of capability and service losses stemming from actions to recover from the initial problem
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Malicious Human Activities Internal employees Who intentionally destroy data or other systems components. Who sell cooperate information for profit External personnel Competitors Script kiddies Attackers Criminals Terrorists
Background image of page 6
How many of you have ever used “Free Wi-Fi” in public places such as airports, cafes, coffee houses? Windows XP Windows Vista
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
1) Sniffing
Background image of page 8
“Man-in-the-Middle” Attack (MITM) A form of active eavesdropping Attacker makes independent connections with victims and relays messages between them Victims believe that they are talking directly to each other over a private connection when in fact the entire conversation is controlled by the attacker
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
“Man-in-the-Middle” Attack (MITM) Alice Bob Encrypted Message Message Bob’s Public Key Bob’s Private Key Decrypt Encryption Message
Background image of page 10
“Man-in-the-Middle” Attack (MITM) “Meet me at midnight!” Alice Bob Bob’s Public Key Eve Bob’s Public Key Eve’s Public Key Encryption “Bob’s” Public Key Eve’s Public Key Eve’s Private Key Decryption “Meet me at midnight!” “…You wish…” “Don’t see me any more!” Encryption Bob’s Public Key Decryption Bob’s Private Key “Don’t see me any more!” “Bob’s” Public Key
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
“Man-in-the-Middle” Attack (MITM) Simple asymmetric encryption is vulnerable to MITM attack! One way of defense against MITM:
Background image of page 12
Image of page 13
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 12/17/2010 for the course MIS 03765 taught by Professor Xu during the Fall '09 term at University of Texas at Austin.

Page1 / 49

39-40_091130_Chpt12 - Chapter 12 Information Security...

This preview shows document pages 1 - 13. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online