Bài giảng Business Driven Technology - Business plug-in B6 - Information Security

BUSINESS PLUG-IN B6Information SecurityLEARNING OUTCOMESDescribe the relationship between information security policies and an information security planSummarize the five steps to creating an information security planProvide an example of each of the three primary security areas: (1) authentication and authorization, (2) prevention and resistance, and (3) detection and responseDescribe the relationships and differences between hackers and virusesINTRODUCTIONInformation security – a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organizationThis plug-in discusses how organizations can implement information security lines of defense through people first and technology secondThe First Line of Defense - PeopleThe biggest issue surrounding information security is not a technical issue, but a people issue38% of security incidents originate within the organizationInsiders Social engineeringThe First Line of Defense - PeopleThe first line of defense an organization should follow to help combat insider issues is to develop information security policies and an information security planInformation security policies – identify the rules required to maintain information securityInformation security plan – details how an organization will implement the information security policiesThe First Line of Defense - PeopleFive steps to creating an information security planDevelop the information security policiesCommunicate the information security policiesIdentify critical information assets and risksTest and reevaluate risksObtain stakeholder supportThe First Line of Defense - PeopleThe Second Line of Defense - TechnologyThree primary information security areasAuthentication and authorizationPrevention and resistanceDetection and responseAUTHENTICATION AND AUTHORIZATIONAuthentication – a method for confirming users’ identitiesAuthorization – the process of giving someone permission to do or have somethingThe most secure type of authentication involves a combination of the following:Something the user knows such as a user ID and passwordSomething the user has such as a smart card or tokenSomething that is part of the user such as a fingerprint or voice signatureSomething the User Knows such as a User ID and PasswordUser ID and passwords are the most common way to identify individual users, and are the most ineffective form of authenticationIdentity theft – the forging of someone’s identity for the purpose of fraudPhishing – a technique to gain personal information for the purpose of identity theftSomething the User Has such as a Smart Card or TokenSmart cards and tokens are more effective than a user ID and a passwordToken – small electronic devices that change user passwords automaticallySmart card – a device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processingSomething That Is Part of the User such as a Fingerprint or Voice SignatureThis is by far the best and most effective way to manage authenticationBiometrics – the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwritingUnfortunately, this method can be costly and intrusivePREVENTION AND RESISTANCEDowntime can cost an organization anywhere from $100 to $1 million per hourTechnologies available to help prevent and build resistance to attacks include:Content filteringEncryptionFirewallsContent FilteringOrganizations can use content filtering technologies to filter email and prevent emails containing sensitive information from transmitting and stop spam and viruses from spreadingContent filtering – occurs when organizations use software that filters content to prevent the transmission of unauthorized informationSpam – a form of unsolicited emailContent FilteringWorldwide corporate losses caused by Spam (in billions) ENCRYPTIONIf there is an information security breach and the information was encrypted, the person stealing the information would be unable to read itEncryption – scrambles information into an alternative form that requires a key or password to decrypt the informationPublic key encryption – uses two keys: a public key that everyone can have and a private key for only the recipientENCRYPTIONFIREWALLSOne of the most common defenses for preventing a security breach is a firewallFirewall – hardware and/or software that guards a private network by analyzing the information leaving and entering the networkFIREWALLSSample firewall architecture connecting systems located in Chicago, New York, and BostonDETECTION AND RESPONSEIf prevention and resistance strategies fail and there is a security breach, an organization can use detection and response technologies to mitigate the damageAntivirus software is the most common type of detection and response technologyDETECTION AND RESPONSEHacker - people very knowledgeable about computers who use their knowledge to invade other people’s computersWhite-hat hackerBlack-hat hackerHactivistScript kiddies or script bunniesCrackerCyberterroristDETECTION AND RESPONSEVirus - software written with malicious intent to cause annoyance or damageWormDenial-of-service attack (DoS)Distributed denial-of-service attack (DDoS)Trojan-horse virusBackdoor programPolymorphic virus and wormDETECTION AND RESPONSESecurity threats to ebusiness include:Elevation of privilegeHoaxesMalicious codeSpoofingSpywareSnifferPacket tamperingCLOSING CASE ONEThinking Like the EnemyThe Intense School offers several security courses, including the five-day “Professional Hacking Boot Camp” and “Social Engineering in Two Days”Main philosophy of the Intense School is “To Know Thy Enemy”The school is taught by several notorious hackersCLOSING CASE ONE QUESTIONSHow could an organization benefit from attending one of the courses offered at the Intense School?What are the two primary lines of security defense and how can organizational employees use the information taught by the Intense School when drafting an information security plan?Determine the difference between the two primary courses offered at the Intense school, “Professional Hacking Boot Camp” and “Social Engineering in Two Days.” Which course is more important for organizational employees to attend?CLOSING CASE ONE QUESTIONSIf your employer sent you to take a course at the Intense School, which one would you choose and why?What are the ethical dilemmas involved with having such a course offered by a private company?CLOSING CASE TWOHacker HuntersHackers are a new breed of crime fightersOperation Firewall, targeting the ShadowCrew, a gang whose members were schooled in identity theft, bank account pillage, and selling illegal goods on the Internet, arrested 28 gang members in eight states and six countriesCLOSING CASE TWO QUESTIONSWhat types of technology could big retailers use to prevent identity thieves from purchasing merchandise?What can organizations do to protect themselves from hackers looking to steal account data?Authorities frequently tap online service providers to track down hackers. Do you think it is ethical for authorities to tap an online service provider and read people’s email? Why or why not?CLOSING CASE TWO QUESTIONSDo you think it was ethical for authorities to use one of the high-ranking officials to trap other gang members? Why or why not?In a team, research the Internet and find the best ways to protect yourself from identity theft