Chapter 2

Secure Information Systems

Stair/Reynolds, Principles of Information Systems, 14 th Edition. © 2021 Cengage. All Rights Reserved. May not be scanned,
copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Why Learn About Secure Information
Systems?
• Must secure data and information
• Must protect against malicious acts of theft
or disruption
• Complex trade-offs regarding IS security
• Security effort versus money spent
• Security versus system ease of use
• Pursuing prosecution versus avoiding negative
publicity

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 The Threat Landscape

• Cybercrime continues to increase

• Negatively impacting brands, reputations, and
earnings
• Money spent on cybersecurity products
and services
• Will exceed $1 trillion between 2017 and 2022
• Cybersecurity average cost is $11.7 million

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Surveys indicating alarming results

Cybersecurity Survey of Executives

89% 87%
90%
85% 77% 75%
80%
75%
70%
65%
Cyber security Need up to Maturity of
function does 50% more Careless their
no cyber member as vulnerability
fully meet their security source of attack identification as
r needs budget very low to
moderate

http://consulting.ey.com/cybersecurity-regained (2018)
http://www.pwc.com/us/en/services/consulting.cybersecurity/library/information-security-survey.html (2018)

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Why Computer Incidents Are So
Prevalent
• Increasing computer system complexity
• Billions of communicating devices on networks
• Organizations constantly changing software
• Adding new applications
• Modifying existing applications
• Replacing older, legacy information systems
• Bring your own device (BYOD) polices
• Pros and cons

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
Why Computer Incidents Are So
Prevalent

FIGURE 2.1
Total number of new software vulnerabilities identified annually

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
Perpetrators Most Likely to Initiate a
Cyberattack
Type of perpetrator Description
Careless insider An inside (employee, business partner, contractor,
consultant) who does not follow the organization’s
security polices and enables a cyberattack to occur
Malicious An insider who deliberately attempts to gain access
employees to and/or disrupt a company’s information systems
and business operations
Cybercriminal Someone who attacks a computer system or
network for financial gain

TABLE 2.1 Classifying perpetrators of computer crime

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
Perpetrators Most Likely to Initiate a
Cyberattack
Type of perpetrator Description
Hacktivist An individual who hacks computers or Web sites in
order to promote a political ideology
Lone wolf attacker Someone who violates computer or Internet security
maliciously or for illegal personal gain
Cyberterrorist State-sponsored individual or group who attempts
to destroy the infrastructure components of
governments, financial institutions, corporations,
utilities, and emergency response units

TABLE 2.1 (continued) Classifying perpetrators of computer crime

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Types of Attack Vectors
Attack type Description
Advanced A network attack in which an intruder gains access to a
persistent threat network and stays there—undetected—with the intention of
stealing data over a long period of time.
Blended threat A sophisticated threat that combines the features of a virus,
worm, Trojan horse, and other malicious code into a single
payload.
Phishing The act of fraudulently using email to try to get the recipient
to reveal personal data.
Rootkit A set of programs that enables its user to gain administrator-
level access to a computer without the end user’s consent or
knowledge. Once installed, the attacker can gain full control of
the system and even obscure the presence of the rootkit from
legitimate system administrators.

TABLE 2.2 Various types of cyberattacks

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Types of Attack Vectors

Attack type Description

Smishing A variation of phishing that involves the use of texting.
Social engineering The use of deception to trick individuals into divulging data
needed to gain access to an information system or network.
Spam The use of email systems to send unsolicited email to large
numbers of people.
Trojan horse A seemingly harmless program in which malicious code is
hidden. A victim on the receiving end of a Trojan horse is
usually tricked into opening it because it appears to be useful
software from a legitimate source.
Virus A piece of programming code, usually disguised as something
else, that causes a computer to behave in an unexpected and
usually undesirable manner.

TABLE 2.2 (continued) Various types of cyberattacks

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Types of Attack Vectors

Attack type Description

Vishing Similar to smishing except that the victims receive a voice
mail message telling them to call a phone number or access a
Web site.
Worm A harmful program that resides in the active memory of the
computer and duplicates itself. Worms differ from viruses in
that they can propagate without human intervention, often
sending copies of themselves to other computers by email.

TABLE 2.2 (continued) Various types of cyberattacks

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Cyberattacks That Pose Serious
Threats
• Ransomware stops computer until ransom
paid
• Characteristics
• Payment frequently demanded in Bitcoin
• Victims often pay
• Attacks on the increase
• Average ransom demand is just over $1000
• 20% of victims never recover files
• Causes
• Infected email attachment or pop-up window
• Vulnerability in software such as Microsoft’s Server
Message Block (SMB)

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Cyberattacks That Pose Serious
Threats
• Distributed denial-of-service attacks
• Hacker takes over computers via the Internet
• Target computer responds to stream of automated
requests
• Botnet
• Large group of targeted computers controlled by
hackers from one or more remote locations
• Legitimate owners unaware of control
• Data breach
• Unauthorized individuals release or access sensitive
data
Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
Cyberattacks That Pose Serious
Threats

FIGURE 2.3
Data breaches in government and industrial sectors in 2017

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Cyberattacks That Pose Serious
Threats
• Cyberespionage
• Deployment of malware to secretly steal high-
value data
• Data providing an unfair competitive advantage to the
perpetrator
• Cyberterrorism
• Intimidation of government or civilian population
• Use of information technology to disable critical
national infrastructure
• Achieve political, religious, or ideological goals

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Consequences of a Successful
Cyberattack

FIGURE 2.4
consequences of a successful cyberattack

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 The CIA Security Triad

• CIA security triad

• Confidentiality
• Integrity
• Availability
• Layered security solution design
• Make cyberattacks difficult
• Attacker eventually gives up
• Attacker detected before harm inflicted

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 The CIA Security Triad

FIGURE 2.5
A multi-layered security solution

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Implementing CIA at the
Organizational Level
• Security strategy
• Start with a risk assessment
• Identify and prioritize threats the organization faces
• Define a disaster recovery plan
• Ensures data and technology assets availability
• Review security policies guiding employees
• Follow recommended processes and practices
• Perform security audits
• Ensure established policies being followed
• Regulatory standards compliance

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Implementing CIA at the
Organizational Level
Adverse Business (estimated (likelihood cost of a Risk = Threat × priority
event objective frequency of success of successful Vulnerability × to be
threatened of event) this threat) attack Estimated cost mitigated
Data Provide safe, 18 per year 3% $5,000,000 $2,700,000 1
breach secure Web
of site
customer consumers
account can trust
data
Distribut 24/7 3 per year 25% $500,000 $375,000 2
ed operation
denial-of- of a retail
service Web
(DDoS) site
attack

TABLE 2.4 Risk assessment for a hypothetical company

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Implementing CIA at the
Organizational Level)
Adverse Business (estimated (likelihood cost of a Risk = Threat × priority
event objective frequency of success of successful Vulnerability × to be
threatened of event) this threat) attack Estimated cost mitigated
Email Rapid and 1,000 per 0.05% $200,000 $100,000 3
attachme reliable year
nt with communicati
harmful ons among
worm employees
and
suppliers
Harmful Employees’ 2,000 per 0.04% $50,000 $40,000 4
virus use year
of personal
productivity
software

TABLE 2.4 (continued) Risk assessment for a hypothetical company

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Implementing CIA at the
Organizational Level
Adverse Business (estimated (likelihood cost of a Risk = Threat × priority
event objective frequency of success of successful Vulnerability × to be
threatened of event) this threat) attack Estimated cost mitigated
Invoice Reliable cash 1 per 10% $200,000 $20,000 5
and flow year
payment
fraud

TABLE 2.4 (continued) Risk assessment for a hypothetical company

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Implementing CIA at the
Organizational Level
• Security dashboard
• Comprehensive display of performance
indicators
• Reduces effort to monitor and identify threats

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Implementing CIA at the
Organizational Level

FIGURE 2.6
An organizational security dashboard

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Implementing CIA at the Network
Level (1 of 6)
• Authentication methods
• Three types of user credentials
• Something you know (username, PIN or password)
• Something you possess (ID card, security card or
token)
• Something you are (biometric; fingerprint or retina scan)
• Use two-factor authorization
• Biometric authentication
• Physiological or behavioral measurements used
• Requires a reference model of the unique
characteristics stored digitally

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Implementing CIA at the Network
Level (2 of 6)
• Firewall
• Software, hardware, or a combination of both
• Stands between internal network and the
Internet
• Limits access based on access policy
• Next-generation firewall (NGFW)
• Hardware or software
• Detects and blocks sophisticated attacks
• Filters network traffic based on packet contents
• Goes deeper to inspect packet content
• Matches sequences of bytes for harmful activities
Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Implementing CIA at the Network
Level (3 of 6)
• Routers
• Networking device connecting multiple
networks together
• Forwards data packets
• Uses passphrase for security
• Additional layer of security
• Specify unique media access control (MAC) address
of each legitimate device
• Can restrict access to specific Web sites

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Implementing CIA at the Network
Level (4 of 6)
• Encryption
• Scramble messages or data
• Only authorized parties can read data
• Encryption key
• Value applied to plaintext to produce ciphertext
• Required to decipher ciphertext
• Encryption algorithms
• Symmetric and asymmetric
• Advanced Encryption Standard (AES)
• Common symmetric algorithm
• Use by the WPA2 security protocol
Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Implementing CIA at the Network
Level (5 of 6)
• Encryption (continued)
• Transport Layer Security (TLS)
• Communications protocol ensuring privacy between
communicating applications and their users on the Internet
• Proxy Servers and Virtual Private Networks
• Intermediary between a Web browser and another
Internet server
• Makes requests to Web sites, servers, and services
• Virtual private network (VPN)
• Enables remote users to access computing and storage
devices and share data

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
Implementing CIA at the Network
Level (6 of 6)

FIGURE 2.7
Proxy Server

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Implementing CIA at the Application
Level
• Authentication
• Authenticate users before they access
applications
• Require two-factor authentication
• User roles and accounts
• Users have authority to perform responsibilities
• Nothing more
• Implement proper separation-of-duties
• Data encryption
• Use data encryption on all enterprise systems
Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Implementing CIA at the End-User
Level (1 of 5)
• Security education
• Educate all workers
• Provide a security self-assessment
• Authentication methods
• Use multifactor schemes and fingerprints
• Antivirus software installed on each
computer
• Scan for a virus signature
• Data encryption
• Employ full-disk encryption to protect data
Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Implementing CIA at the End-User
Level (2 of 5)
Security assessment question Yes No
Do you have the most current version of your computer’s operating
system installed?
Do you have the most current version of firewall, antivirus, and
malware software installed?
Do you install updates to all your software when you receive notice
that a new update is available?
Do you use different, strong passwords for each of your accounts
and applications—a minimum of 12 characters, with a mix of capital
and lowercase letters, numbers, and special characters?
Are you familiar with and do you follow your organization’s policies
for accessing corporate Web sites and applications from your home
or remote locations (e.g., access via a VPN)?

TABLE 2.6 Self-assessment security test

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Implementing CIA at the End-User
Level (3 of 5)
Security assessment question Yes No
Have you set the encryption method to WPA2 and changed the
default name and password on your home wireless router?
When using a free, public wireless network, do you avoid checking
your email or accessing Web sites requiring a username and
password?
Do you refrain from clicking on a URL in an email from someone you
do not know?
Do you back up critical files to a separate device at least once a
week?
Are you familiar with and do you follow your organization’s policies
regarding the storage of personal or confidential data on your
device?

TABLE 2.6 (continued) Self-assessment security test

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Implementing CIA at the End-User
Level (4 of 5)
Security assessment question Yes No
Does your device have a security passcode that must be entered
before it accepts further input?
Have you installed Locate My Device or similar software in case your
device is lost or stolen?
Do you make sure not to leave your device unattended in a public
place where it can be easily stolen?
Have you reviewed, and do you understand the privacy settings that
control who can see or read what you do on Facebook and other
social media sites?

TABLE 2.6 (continued) Self-assessment security test

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Implementing CIA at the End-User
Level (5 of 5)
• Implementing safeguards against attacks
by malicious insiders
• Departing employees and contractors
• Promptly delete their computer accounts, login IDs,
and passwords
• Define employee roles carefully
• Separate key responsibilities properly
• Roles and user accounts
• Enough authority to perform responsibilities
• Nothing more

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Detection of a Cyberattack

• Intrusion detection system (IDS)

• Software and/or hardware
• Monitors system and network resources and
activities
• Detects network traffic attempting to circumvent
security measures
• Notifies network security personnel
• Two fundamentally different approaches
• Knowledge-based approaches
• Behavior-based approaches

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Detection of a Cyberattack

FIGURE 2.8 Intrusion detection system

An IDS notifies network security personnel when it detects network traffic that attempts to
circumvent the security measures of a networked computer environment.

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Response

• Incident notification
• Define who to notify
• Determine what to say
• Protection of evidence and activity logs
• Document as incident is resolved
• Capture evidence for future prosecution
• Capture system events, specific actions taken,
and external conversations in a logbook
• Use data for incident eradication and follow-up

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Response

• Incident containment
• Follow incident response plan
• Shut down or disconnect critical system from
the network
• Eradication
• Collect and log all possible criminal evidence
• Verify backups
• Create forensic disk image of compromised
system
• After virus eradication, create a new backup
Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Response

• Incident follow-up
• Determine exactly what happened
• Evaluate the response
• Write a formal incident report
• Detailed event chronology and incident impact
• Report key elements

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Using a Managed Security Service
Provider (MSSP)
• Difficult to keep up with computer criminals
and with new laws and regulations
• Managed security service provider
(MSSP)
• Company that monitors, manages, and
maintains computer and network security for
other organizations
• Provides a valuable service for IS departments
• Provides vulnerability scanning and Web
blocking and filtering capabilities
Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Computer Forensics

• Computer forensics
• Combines elements of law and computer
science
• Identifies, collects, examines, and preserves
data for admissibility in court
• Proper handling of a computer forensics
investigation is key for success in court of law
• Ask questions when evaluating readiness for a
security incident

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Computer Forensics

Question Yes No
Has a risk assessment been performed to identify investments in
time and resources that can protect the organization from its most
likely and most serious threats?
Have senior management and employees involved in implementing
security measures been educated about the concept of reasonable
assurance?
Has a security policy been formulated and broadly shared
throughout the organization?
Have automated systems policies been implemented that mirror
written policies?

TABLE 2.7 Questions to be considered when evaluating an organization’s

readiness for a security incident

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Computer Forensics

Question Yes No
Does the security policy address the following:
• Email with executable file attachments?
• Wireless networks and devices?
• Use of smartphones deployed as part of corporate rollouts as
well as those purchased by end users?

Is there an effective security education program for employees and

contract workers?
Has a layered security solution been implemented to prevent break-
ins?
Has a firewall been installed?
Is antivirus software installed on all personal computers?

TABLE 2.7 (continued) Questions to be considered when evaluating an

organization’s readiness for a security incident
Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Computer Forensics

Question Yes No
Is the antivirus software frequently updated?
Have precautions been taken to limit the impact of malicious
insiders?
Are the accounts, passwords, and login IDs of former employees
promptly deleted?
Are employee responsibilities adequately defined and separated?
Are individual roles defined so that users have authority to perform
their responsibilities and nothing more?
Is it a requirement to review at least quarterly the most critical
Internet security threats and implement safeguards against them?

TABLE 2.7 (continued) Questions to be considered when evaluating an

organization’s readiness for a security incident

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Computer Forensics

Question Yes No
Has it been verified that backup processes for critical software and
databases work correctly?
Has an intrusion detection system been implemented to catch
intruders in the act—both in the network and on critical computers
on the network?
Are periodic IT security audits conducted?
Has a comprehensive incident response plan been developed?
Has the security plan been reviewed and approved by legal and
senior management?

TABLE 2.7 (continued) Questions to be considered when evaluating an

organization’s readiness for a security incident

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Computer Forensics

Question Yes No
Does the plan address all of the following areas:
• Incident notification?
• Protection of evidence and activity logs?
• Incident containment?
• Eradication?
• Incident follow-up?

TABLE 2.7 (continued) Questions to be considered when evaluating an

organization’s readiness for a security incident

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 Summary

• Computer crime is rapidly growing

• Many different types of people responsible
for cyberattacks
• Many different attack types being used
• Countermeasures needed at all levels
• Organizational, network, application, end-user
• Security risk assessments, intrusion detection
systems, authentication methods, and training

Stair/Reynolds, Principles of Information Systems, 14th Edition. © 2021 Cengage. All Rights Reserved. May not be
scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.