Abstract image of a woman sitting on books and studying on a laptop

Information security

Download as PPT, PDF
L
linalona515

This document discusses information security and the threats to information systems. It covers various types of threats including unintentional human errors, software attacks like viruses and worms, and alien software like adware and spyware. It also discusses the controls organizations use to protect information resources, which include physical controls over access to facilities, access controls like authentication and authorization, communication controls such as firewalls and encryption, business continuity planning for disasters, and information systems auditing. The key threats discussed are software attacks like viruses, worms, and Trojan horses, as well as alien software like adware, spyware, and keyloggers.

1 of 19
Downloaded 14 times
MGT417 INFORMATION TECHNOLOGY IN BUSINESS CHAPTER 4 Information Security
4.1 Introduction to Information Security • Security The degree of resistance to, or the protection from harm. • Information Security The practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. • Threat something that can cause damage or danger. • Exposure something that allows access to information or capabilities that can be used by a hacker as a stepping-stone into a system or network. • Vulnerability The mistake in software that can be directly used by a hacker to gain access to a system or network.
Five Factors Contributing to Vulnerability – Today’s interconnected, interdependent, wirelessly networked business environment – Smaller, faster, cheaper computers & storage devices – Decreasing skills necessary to be a computer hacker – International organized crime taking over cybercrime – Lack of management support
4.2 Unintentional Threats to Information Systems • Human Errors • Social Engineering
Common Human Error – Carelessness with Laptops – Carelessness with Computing Devices – Opening Questionable E-mail – Careless Internet Surfing – Poor Password Selection and Use – Carelessness with One’s Office – Carelessness Using Unmanaged Devices – Carelessness with Discarded Equipment – Careless Monitoring of Environmental Hazards
4.3 Deliberate Threats to Information Systems • Software Attacks • Alien Software • Supervisory Control and Data Acquisition (SCADA) Attacks • Cyberterrorism and Cyberwarfare
• Let's focus more to the most common threats ; -Software Attacks -Alien Software
Software Attacks • Remote Attacks Requiring User Action – Virus – Worm – Phishing Attack – Spear Phishing Attack • Denial of Service Attack • Distributed Denial of Service Attack
Software Attacks • Remote Attacks Needing No User Action – Denial of Service Attack – Distributed Denial of Service Attack • Attacks by a Programmer Developing a System – Trojan Horse
Alien Software • Adware • Spyware – Keyloggers • Spamware • Cookies – Tracking cookies
4.4 What Organizations Are Doing to Protect Information Resources • Risk • Risk Analysis • Risk Mitigation
4.5 Information Security Controls • Physical Controls • Access Controls • Communication Controls • Business Continuity Planning • Information Systems Auditing
Physical Controls • Prevent unauthorized individuals from gaining access to a company’s facilities. – Walls – Doors – Fencing – Gates – Locks – Badges – Guards – Alarm systems
Access Controls • Authentication Something that is very important such as password that necessary to access the information. • Authorization
Basic Guidelines for Passwords • difficult to guess. • long rather than short. • They should have uppercase letters, lowercase letters, numbers, and special characters. • not recognizable words. • not the name of anything or anyone familiar, such as family names or names of pets. • not a recognizable string of numbers, such as a Social Security number or a birthday.
Communication Controls • Firewalls • Anti-malware Systems • Whitelisting and Blacklisting • Encryption • Virtual Private Networking • Secure Socket Layer • Employee Monitoring Systems
Business Continuity Planning • Disaster Recovery Plan • Hot Site • Cold Site
Information Systems Auditing • Types of Auditors and Audits • How is Auditing Executed?
let's protect our information

More Related Content

PPTX
Cybersecurity
Eng Hasan Shamroukh CISCO Exams Author
 
PPT
Introduction To Information Security
belsis
 
PPTX
Cybersecurity
Sanjana Agarwal
 
PPTX
Ransomware by lokesh
Lokesh Bysani
 
PPTX
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Dheeraj Kataria
 
PPTX
Digital Forensics
Mithileysh Sathiyanarayanan
 
PPTX
Introduction to cyber security
RaviPrashant5
 
PDF
Building A Security Operations Center
Siemplify
 
Cybersecurity
Eng Hasan Shamroukh CISCO Exams Author
 
Introduction To Information Security
belsis
 
Cybersecurity
Sanjana Agarwal
 
Ransomware by lokesh
Lokesh Bysani
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Dheeraj Kataria
 
Digital Forensics
Mithileysh Sathiyanarayanan
 
Introduction to cyber security
RaviPrashant5
 
Building A Security Operations Center
Siemplify
 

What's hot(20)

PPT
Information Security
haneefvf1
 
PPTX
Ethical Hacking PPT (CEH)
Umesh Mahawar
 
PDF
Cybersecurity Employee Training
Paige Rasid
 
PPTX
Cybersecurity Priorities and Roadmap: Recommendations to DHS
John Gilligan
 
PDF
cybersecurity- A.Abutaleb
Fahmi Albaheth
 
PPTX
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
 
PPTX
SIEM : Security Information and Event Management
SHRIYARAI4
 
PPT
Data loss prevention (dlp)
Hussein Al-Sanabani
 
PPT
DLP
saurabh.sood
 
PPTX
Cyber security awareness for end users
NetWatcher
 
PDF
OSINT with Practical: Real Life Examples
SyedAmoz
 
PDF
Cyber Security Vulnerabilities
Siemplify
 
PPTX
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
PPTX
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
PDF
Information Security Awareness Training
Randy Bowman
 
PDF
End-User Security Awareness
Surya Bathulapalli
 
PPT
Information security
LJ PROJECTS
 
PPTX
osint - open source Intelligence
Osama Ellahi
 
PPTX
PPT-Security-for-Management.pptx
RSAArcher
 
PPT
Tata Kelola Keamanan Informasi
Directorate of Information Security | Ditjen Aptika
 
Information Security
haneefvf1
 
Ethical Hacking PPT (CEH)
Umesh Mahawar
 
Cybersecurity Employee Training
Paige Rasid
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
John Gilligan
 
cybersecurity- A.Abutaleb
Fahmi Albaheth
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
 
SIEM : Security Information and Event Management
SHRIYARAI4
 
Data loss prevention (dlp)
Hussein Al-Sanabani
 
DLP
saurabh.sood
 
Cyber security awareness for end users
NetWatcher
 
OSINT with Practical: Real Life Examples
SyedAmoz
 
Cyber Security Vulnerabilities
Siemplify
 
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Information Security Awareness Training
Randy Bowman
 
End-User Security Awareness
Surya Bathulapalli
 
Information security
LJ PROJECTS
 
osint - open source Intelligence
Osama Ellahi
 
PPT-Security-for-Management.pptx
RSAArcher
 
Tata Kelola Keamanan Informasi
Directorate of Information Security | Ditjen Aptika
 

Viewers also liked(6)

PPTX
Science Gateways: one portal, many e-Infrastructures and related services
riround
 
PDF
Information Security at the Workplace
John Macasio
 
PPT
Introduction to information security
Kumawat Dharmpal
 
PPTX
ISO 27001 - information security user awareness training presentation -part 2
Tanmay Shinde
 
PPTX
ISO 27001 - information security user awareness training presentation - Part 1
Tanmay Shinde
 
PPTX
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
 
Science Gateways: one portal, many e-Infrastructures and related services
riround
 
Information Security at the Workplace
John Macasio
 
Introduction to information security
Kumawat Dharmpal
 
ISO 27001 - information security user awareness training presentation -part 2
Tanmay Shinde
 
ISO 27001 - information security user awareness training presentation - Part 1
Tanmay Shinde
 
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
 

Similar to Information security(20)

PDF
DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!
Kevin Fisher
 
PDF
DRC -- Cybersecurity concepts2015
T. J. Saotome
 
PPTX
Lec 1- Intro to cyber security and recommendations
BilalMehmood44
 
PPTX
Security in Computer System
Manesh T
 
PDF
Security in computer systems fundamentals
Manesh T
 
PPTX
17 info sec_ma_imt_27_2_2012
RECIPA
 
PPTX
Hacking_and_Types_of_Hacking_Presentation.pptx
iampushpathakur025
 
PPTX
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
BAINIDA
 
PPTX
Using Technology and People to Improve your Threat Resistance and Cyber Security
Stephen Cobb
 
PPTX
IS Unit II.pptx
LAVANYAsrietacin
 
PDF
internet securityand cyber law Unit2
Royalzig Luxury Furniture
 
PDF
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
BAINIDA
 
PPTX
Threats to information security
arun alfie
 
PPTX
Cloud Security.pptx
Binod Rimal
 
PPTX
InformationSecurity
learnt
 
PPTX
AAU Chapter 5.pptxpppppppppppppppppppppppt
AYNETUTEREFE1
 
PPTX
DOC-20250311-WA00nnjnnnnnnnnnnnnnnnnnn..pptx
AlishbaAbbasi5
 
PDF
Lecture 7---Security (1).pdf
ZeeshanMajeed15
 
PPTX
Lecture 3 security threats in data analysis.pptx
chesenybrian2022
 
PPTX
Chapter_1_Detailed_Information_Security_Presentation.pptx
Yakob Utama Chandra ,SE., MMSI
 
DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!
Kevin Fisher
 
DRC -- Cybersecurity concepts2015
T. J. Saotome
 
Lec 1- Intro to cyber security and recommendations
BilalMehmood44
 
Security in Computer System
Manesh T
 
Security in computer systems fundamentals
Manesh T
 
17 info sec_ma_imt_27_2_2012
RECIPA
 
Hacking_and_Types_of_Hacking_Presentation.pptx
iampushpathakur025
 
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
BAINIDA
 
Using Technology and People to Improve your Threat Resistance and Cyber Security
Stephen Cobb
 
IS Unit II.pptx
LAVANYAsrietacin
 
internet securityand cyber law Unit2
Royalzig Luxury Furniture
 
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
BAINIDA
 
Threats to information security
arun alfie
 
Cloud Security.pptx
Binod Rimal
 
InformationSecurity
learnt
 
AAU Chapter 5.pptxpppppppppppppppppppppppt
AYNETUTEREFE1
 
DOC-20250311-WA00nnjnnnnnnnnnnnnnnnnnn..pptx
AlishbaAbbasi5
 
Lecture 7---Security (1).pdf
ZeeshanMajeed15
 
Lecture 3 security threats in data analysis.pptx
chesenybrian2022
 
Chapter_1_Detailed_Information_Security_Presentation.pptx
Yakob Utama Chandra ,SE., MMSI
 

Recently uploaded(20)

PDF
Human Resource Management Full PPT (1).pdf
Hjk
 
PDF
CyberSecurity Awareness Training Presentation v2025.09
DallasHaselhorst
 
PDF
Chapter 7 - Agentic AI and AI agents.pdf
Quan Risk
 
PDF
Attic Record Store Scavenger Hunt by Sydney Palakovich
slpalakovich
 
PDF
DLVU General Session 2025 - Corey and Jessica Perlman
Corey Perlman, Social Media Speaker and Consultant
 
PDF
Innovations in Nonprofit Management (www.kiu.ac.ug)
publication11
 
PPTX
Categories and Examples of Innovation
ssusere529b1
 
PDF
Most Visionary Executives Driving Innovation in Healthcare.pdf
worldcaremagazinedm
 
DOCX
Purity in Motion How Fluidized Bed Reactors Are Powering the High-Purity Sili...
cecvessels
 
PDF
S VIJAY KUMAR International Editor PRESENTED BY BB News International Corp SH...
MediaClipsPRSInterna
 
PDF
IMPACT Silver Sept 2025 Corp Deck Presentation
hartfordclubslide
 
PDF
IJACOBS Berhad-Annual Report 2012 (1).pdf
ssuser779440
 
PDF
The Visionary Leaders Inspiring the World to Watch 2025.pdf
cioprimemagazine
 
PDF
S Vijay Kumar Shaping Global Narratives through Excellence in Journalism
MediaClipsPRSInterna
 
PDF
ADP Innovation Summit 2025 - ADP Lyric picks up speed
Holger Mueller
 
PDF
Reporting for Finance in SAP S/4HANA, S4F07 Col09
Libreria ERP
 
PDF
The Future of Work: Navigating Automation (www.kiu.ac.ug)
publication11
 
PDF
Coral Reynolds - Most Transformational Leader Making An Impact In 2025.pdf
insightssuccess2
 
PDF
Human Resource Management Full PPT (1).pdf
Hjk
 
PDF
Generative AI - The Missing Return on Investment (ROI)
Dr. Tathagat Varma
 
Human Resource Management Full PPT (1).pdf
Hjk
 
CyberSecurity Awareness Training Presentation v2025.09
DallasHaselhorst
 
Chapter 7 - Agentic AI and AI agents.pdf
Quan Risk
 
Attic Record Store Scavenger Hunt by Sydney Palakovich
slpalakovich
 
DLVU General Session 2025 - Corey and Jessica Perlman
Corey Perlman, Social Media Speaker and Consultant
 
Innovations in Nonprofit Management (www.kiu.ac.ug)
publication11
 
Categories and Examples of Innovation
ssusere529b1
 
Most Visionary Executives Driving Innovation in Healthcare.pdf
worldcaremagazinedm
 
Purity in Motion How Fluidized Bed Reactors Are Powering the High-Purity Sili...
cecvessels
 
S VIJAY KUMAR International Editor PRESENTED BY BB News International Corp SH...
MediaClipsPRSInterna
 
IMPACT Silver Sept 2025 Corp Deck Presentation
hartfordclubslide
 
IJACOBS Berhad-Annual Report 2012 (1).pdf
ssuser779440
 
The Visionary Leaders Inspiring the World to Watch 2025.pdf
cioprimemagazine
 
S Vijay Kumar Shaping Global Narratives through Excellence in Journalism
MediaClipsPRSInterna
 
ADP Innovation Summit 2025 - ADP Lyric picks up speed
Holger Mueller
 
Reporting for Finance in SAP S/4HANA, S4F07 Col09
Libreria ERP
 
The Future of Work: Navigating Automation (www.kiu.ac.ug)
publication11
 
Coral Reynolds - Most Transformational Leader Making An Impact In 2025.pdf
insightssuccess2
 
Human Resource Management Full PPT (1).pdf
Hjk
 
Generative AI - The Missing Return on Investment (ROI)
Dr. Tathagat Varma
 

Information security

  • 1.
  • 2.
    4.1 Introduction toInformation Security • Security The degree of resistance to, or the protection from harm. • Information Security The practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. • Threat something that can cause damage or danger. • Exposure something that allows access to information or capabilities that can be used by a hacker as a stepping-stone into a system or network. • Vulnerability The mistake in software that can be directly used by a hacker to gain access to a system or network.
  • 3.
    Five Factors Contributingto Vulnerability – Today’s interconnected, interdependent, wirelessly networked business environment – Smaller, faster, cheaper computers & storage devices – Decreasing skills necessary to be a computer hacker – International organized crime taking over cybercrime – Lack of management support
  • 4.
    4.2 Unintentional Threatsto Information Systems • Human Errors • Social Engineering
  • 5.
    Common Human Error –Carelessness with Laptops – Carelessness with Computing Devices – Opening Questionable E-mail – Careless Internet Surfing – Poor Password Selection and Use – Carelessness with One’s Office – Carelessness Using Unmanaged Devices – Carelessness with Discarded Equipment – Careless Monitoring of Environmental Hazards
  • 6.
    4.3 Deliberate Threatsto Information Systems • Software Attacks • Alien Software • Supervisory Control and Data Acquisition (SCADA) Attacks • Cyberterrorism and Cyberwarfare
  • 7.
    • Let's focusmore to the most common threats ; -Software Attacks -Alien Software
  • 8.
    Software Attacks • RemoteAttacks Requiring User Action – Virus – Worm – Phishing Attack – Spear Phishing Attack • Denial of Service Attack • Distributed Denial of Service Attack
  • 9.
    Software Attacks • RemoteAttacks Needing No User Action – Denial of Service Attack – Distributed Denial of Service Attack • Attacks by a Programmer Developing a System – Trojan Horse
  • 10.
    Alien Software • Adware •Spyware – Keyloggers • Spamware • Cookies – Tracking cookies
  • 11.
    4.4 What OrganizationsAre Doing to Protect Information Resources • Risk • Risk Analysis • Risk Mitigation
  • 12.
    4.5 Information SecurityControls • Physical Controls • Access Controls • Communication Controls • Business Continuity Planning • Information Systems Auditing
  • 13.
    Physical Controls • Preventunauthorized individuals from gaining access to a company’s facilities. – Walls – Doors – Fencing – Gates – Locks – Badges – Guards – Alarm systems
  • 14.
    Access Controls • Authentication Somethingthat is very important such as password that necessary to access the information. • Authorization
  • 15.
    Basic Guidelines forPasswords • difficult to guess. • long rather than short. • They should have uppercase letters, lowercase letters, numbers, and special characters. • not recognizable words. • not the name of anything or anyone familiar, such as family names or names of pets. • not a recognizable string of numbers, such as a Social Security number or a birthday.
  • 16.
    Communication Controls • Firewalls •Anti-malware Systems • Whitelisting and Blacklisting • Encryption • Virtual Private Networking • Secure Socket Layer • Employee Monitoring Systems
  • 17.
    Business Continuity Planning •Disaster Recovery Plan • Hot Site • Cold Site
  • 18.
    Information Systems Auditing •Types of Auditors and Audits • How is Auditing Executed?
  • 19.
    let's protect ourinformation