{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}



Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
BUSINESS PLUG-IN B6 Information Security LEARNING OUTCOMES 1. Describe the relationship between information security policies and an information security plan 2. Summarize the five steps to creating an information security plan 3. Provide an example of each of the three primary security areas: (1) authentication and authorization, (2) prevention and resistance, and (3) detection and response 4. Describe the relationships and differences between hackers and viruses INTRODUCTION Information security – a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization This plug-in discusses how organizations can implement information security lines of defense through people first and technology second The First Line of Defense - People The biggest issue surrounding information security is not a technical issue, but a people issue 38% of security incidents originate within the organization Insiders Social engineering The First Line of Defense - People The first line of defense an organization should follow to help combat insider issues is to develop information security policies and an information security plan Information security policies – identify the rules required to maintain information security Information security plan – details how an organization will implement the information security policies Five steps to creating an information security plan 1. Develop the information security policies 2. Communicate the information security policies 3. Identify critical information assets and risks 4. Test and reevaluate risks 5. Obtain stakeholder support The Second Line of Defense - Technology Three primary information security areas 1. Authentication and authorization 2. Prevention and resistance 3. Detection and response AUTHENTICATION AND AUTHORIZATION Authentication – a method for confirming users’ identities Authorization – the process of giving someone permission to do or have something The most secure type of authentication involves a combination of the following: 1. Something the user knows such as a user ID and password 2. Something the user has such as a smart card or token 3. Something that is part of the user such as a fingerprint or voice signature
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Something the User Knows such as a User ID and Password User ID and passwords are the most common way to identify individual users, and are the most ineffective form of authentication Identity theft – the forging of someone’s identity for the purpose of fraud Phishing – a technique to gain personal information for the purpose of identity theft Something the User Has such as a Smart Card or Token Smart cards and tokens are more effective than a user ID and a password Token – small electronic devices that change user passwords automatically Smart card
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}