business tech information security

all the processes and policies designed to protect an organization’s information and information systems (is) from unauthorized access, use, disclosure, disruption, modification, or destruction

information security

interconnected, interdependent, wirelessly networked business environment; smaller, faster, cheaper computers & storage devices; decreasing skills required to be a computer hacker; international organized crime taking over cybercrime; lack of management support

why is information security a major area of concern today?

high-level employees + great access privileges = greater threat; two areas pose significant threats: human resources (employees, contractors, consultants, janitors, guards) and information systems

human errors

carelessness with laptops; carelessness with other computing devices; opening questionable e-mails; careless internet surfing; weak password selection and use, never changing passwords, sharing passwords; carelessness with office space; carelessness with discarded equipment; careless monitoring of environmental hazards (dirt, dust, humidity, and static electricity) that are harmful to the operation of computing equipment

common human errors

espionage or trespass; information extortion; sabotage or vandalism; theft of equipment or information; identity theft; compromises to intellectual property; supervisory control and data acquisition (scada) attacks); cyberterrorism and cyberwarfare; software attacks

deliberate threats

financial gain; ideology; compromise; ego

what motivates threat actors?

may 6, 2021; cyberattack on u.s. pipeline; paid $4.4 m (75 bitcoin)

darkside attack

march 1 - June 1, 2021; meat producer cyberattack; paid $11 million

revil gang attack

malicious software: any software intentionally designed to cause damage to a computer, server, client, or computer network. it secretly acts against the interest of the computer user

ransomware

fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication

phishing

check it out; talk to someone; make a call if you’re not sure

how to detect phishing email

an attacker sends so many information requests to a target computer system that the target cannot handle them successfully and typically crashes (ceases to function); bombarding a “company’s front door” — a website - with unproductive traffic; very common - major websites experience them daily

denial of service (dos)

an attacker first takes over many computers, typically by using malicious software. these computers are called zombies or bots. the attacker uses these bots—which form a botnet—to deliver a coordinated stream of information requests to a target computer, causing it to crash; launched from multiple locations; more sophisticated; often a “botnet” of compromised computers or network-connected devices commanded by an attacker

distributed denial of service (ddos)

software programs that hide in other computer programs and reveal their designed behavior only when they are activated

trojan horse

typically a password, known only to the attacker, that allows him or her to access a computer system at will, without having to go through any security procedures (also called a trap door)

back door

a segment of computer code that is embedded within an organization’s existing computer programs and is designed to activate and perform a destructive action at a certain time or date

logic bomb

you get a phone call, pop-up, or email telling you there’s a problem with your computer

tech support scams

physical controls; access controls; communication controls

information security controls

prevent unauthorized individuals from gaining access to a company’s facilities

physical controls

authentication; authorization; password controls

access controls

secure the movement of data across networks

communication controls