Chapter 2 Notes

Chapter 2 Notes - Chapter 2 Notes IS 1 CHAPTER 2 Learning...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Chapter 2 Notes IS 1 CHAPTER 2 Learning Objectives Upon completion of this material, you should be able to: Recognize that organizations have a business need for information security Understand that a successful information security program is the responsibility of both an organization’s general management and IT management Identify the threats posed to information security and the more common attacks associated with those threats, and differentiate threats to the information within systems from attacks against the information within systems Describe the issues facing software developers, as well as the most common errors made by developers, and explain how software development programs can create software that is more secure and reliable Introduction Primary mission of information security is to ensure systems and contents stay the same If no threats, could focus on improving systems, resulting in vast improvements in ease of use and usefulness Attacks on information systems are a daily occurrence Business Needs First Pg 41 Information security performs four important functions for an organization Protects the organization’s ability to function Enables safe operation of applications implemented on its IT systems Protects data the organization collects and uses Safeguards technology assets in use Protecting the Functionality of an Organization Management (general and IT) responsible for implementation Information security is both management issue and people issue Organization should address information security in terms of business impact and cost Enabling the Safe Operation of Applications Pg 42 Organization needs environments that safeguard applications using IT systems Management must continue to oversee infrastructure once in place—not defer to IT department Protecting Data that Organizations Collect and Use Organization, without data, loses its record of transactions and/or ability to deliver value to customers Protecting data in motion and data at rest are both critical aspects of information security Safeguarding Technology Assets in Organizations Organizations must have secure infrastructure services based on size and scope of enterprise Additional security services may be needed as organization expands More robust solutions may be needed to replace security programs the organization has outgrown Public Key Infrastructure (PKI) : an integrated systems of software, encryption methodologies, and legal agreements that can be used to support the entire information infrastructure
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Chapter 2 Notes IS 2 Involves the use of digital certificates to ensure the confidentiality of Internet communications and transactions Into each of these digital certificates, a certificate authority embeds an individual’s or an organization’s public encryption key, along with other identifying information, and Then cryptographically signs the certificate with a tamper-proof seal, thus
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 05/27/2011 for the course ITS 375 taught by Professor Thomas during the Fall '10 term at N.C. State.

Page1 / 8

Chapter 2 Notes - Chapter 2 Notes IS 1 CHAPTER 2 Learning...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online