Understand the security threatloss scenario threat o

This preview shows page 13 - 18 out of 41 pages.

Understand the security threat/loss scenarioThreat:oPerson or organization seeks to obtain data or other assets illegally, without owners permission and often without owner’sknowledgeVulnerability:oOpportunity for threats to gain access to individuals or organizational assetsSafeguard:oMeasure individuals or organizations take to block threat from obtaining an assetTarget:
oAsset desired by threat°°Sources of threatsHuman error example:o1. Employee misunderstands operating procedures and accidentally deletes customer recordso2. Employee inadvertently installs an old database on top of current one while doing backing upo3. Physical accidents, such as driving a forklift through wall of a computer roomcomputer crime:ointentional destruction or theft of data or other system componentsnatural disasters: ofires, flood, hurricanes, earthquakes, tsunamis, avalanches, other acts of nature; includes initial loss of capability and service, and losses recovery costs°Types of security losses1. Unauthorized data disclosure2. Incorrect data modification3. Faulty service4. Denial of service (DOS)5. Loss of infrastructure °°Goal of IS securityTo protect information by finding an appropriate trade-off between risk of loss and cost of implementing safeguards
°How should you respond to security threats? How should organizations respond to security threats?
oComplianceoaccountability°°Technical safeguardsIdentification and authenticationoUsername and identifies the user and password authenticates the useroSmart cardsoBiometric authenticationoSingle sign on – today’s systems can authenticate users from one system to multiple systems and networksEncryptionoProcess of transforming clear text into unintelligible text for secure storage and communicationoSymmetric vs. asymmetric encryptionoPublic vs. private keyohttps protocol uses the secure sockets layer (SSL) for secured data transmissionFirewallsoPerimeter firewall sits outside organizational network; is first device that internet traffic encountersoPacket-filtering firewall examines each part of a message and determines whether to let that part passMalware protectionoAntivirus and antispyware programsoScan frequentlyoUpdate malware definitions
oOpen email attachments only from known sourcesoInstall software updatesoBrowse only reputable internet neighborhoodsDesign for secure applications°°SQL injectionUser enters SQL statement into a form instead of a name or other dataAccepted code becomes part of database commands issuedImproper data disclosure, data damage and loss possible

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture