MIS3302Mod05

Page 1: Introduction

• Module title: Protecting Information Resources

• Reference: Bidgoli, MIS, 11th Edition.

Page 2: Module Objectives (1 of 2)

• 5.1 Explain cybercrime and its impact on the global economy.

• 5.2 Describe information technologies that could be used in computer crimes.

• 5.3 Describe basic safeguards in computer, network, and cyber security.

• 5.4 Identify the ten most common intentional security threats.

Page 3: Module Objectives (2 of 2)

• 5.5 Describe the nine security measures and enforcement that a comprehensive security system should include.

• 5.6 Summarize the guidelines for a comprehensive security system, including business continuity planning.

Page 4: Risks Associated with Information Technologies

• Information technologies can invade privacy and commit crimes.

• Prevention measures:

  • Regular OS updates.

  • Use antivirus and antispyware software.

  • Utilize e-mail security features.

Page 5: The Costs of Cyber Crime to the Global Economy

• Projected cost of cybercrime: $10.5 trillion annually by 2025 (Cybersecurity Ventures).

• Cost factors include:

  • Loss of revenue.

  • Stolen identities and intellectual property.

  • Damage to reputations.

  • Cost of enhancing cybersecurity.

  • Loss of business information.

Page 6: Spyware and Adware

• Spyware:

  • Gathers information about users.

  • Can alter computer settings.

  • Prevention through antivirus or antispyware software.

• Adware:

  • Collects user information to display targeted ads.

  • Prevented by using ad-blocking features.

Page 7: Types of Cyber Threats (1 of 2)

• Phishing:

  • Fraudulent emails mimicking legitimate sources.

• Spear Phishing:

  • Targeted phishing attacks.

• Pharming:

  • Hijacking official websites to redirect users.

• Baiting:

  • Offers of free items to lure users into traps.

Page 8: Types of Cyber Threats (2 of 2)

• Quid Pro Quo:

  • Exchange of sensitive info for a service.

• SMiShing:

  • SMS phishing to download malware.

• Vishing:

  • Voice technology used to acquire sensitive info.

Page 9: Keystroke Loggers

• Software or hardware that records keystrokes.

• Used legally for employee monitoring and maliciously for stealing data.

• Prevention: Use antivirus and antispyware programs.

Page 10: Sniffing and Spoofing

• Sniffing:

  • Capturing network traffic by hackers.

• Spoofing:

  • Posing as authorized users to access sensitive information.

Page 11: Computer Crime and Fraud

• Computer fraud: Unauthorized use of computer data for personal benefit.

• Examples of computer crimes:

  • Denial-of-service attacks.

  • Identity theft.

  • Software piracy.

  • Spreading viruses and malware.

  • Sabotage.

Page 12: Computer and Network Security - Basic Safeguards (1 of 5)

• Goals of a comprehensive security system:

  • Protect organizational resources.

• Components include:

  • Hardware, Software, Procedures, Personnel.

Page 13: CIA Triangle

• Confidentiality: Information only disclosed to authorized users.

• Integrity: Accuracy of information resources.

• Availability: Access to information and recovery from failure.

Page 14: Exhibit 5.1

• McCumber Cube (Overview not included).

Page 15: McCumber Cube

• Evaluates information security across nine characteristics.

• Considers different states: Transmission, Storage, Processing.

Page 16: Levels of Network Security

• Level 1: Front-end servers (e-mail and web servers).

• Level 2: Back-end systems (workstations).

• Level 3: Corporate network (intrusion protection).

Page 17: Fault-Tolerant Systems

• Design fault-tolerant systems to ensure availability during failures.

• Common methods include:

  • Uninterruptible power supply (UPS).

  • Redundant array of independent disks (RAID).

  • Mirror disks.

Page 18: Knowledge Check - Security Levels

• Question regarding the first level of network security.

Page 19: Knowledge Check - Answer

• Answer: Public web server is the first level of network security, protecting front-end servers.

Page 20: Security Threats Overview (1 of 6)

• Viruses: Self-propagating code triggered by events.

• Worms: Spread independently without a host program.

Page 21: Security Threats Overview (2 of 6)

• Trojan Programs: Hidden harmful code in popular software.

• Logic Bombs: Trigger cross-program harmful actions.

Page 22: Security Threats Overview (3 of 6)

• Backdoors (Trapdoors): Allow bypassing security protocols.

• Blended Threats: Combine features of various malicious codes.

Page 23: Security Threats Overview (4 of 6)

• Rootkits: Groups of tools for unauthorized access.

Page 24: Security Threats Overview (5 of 6)

• Denial-of-Service (DoS) Attacks: Flood systems to disrupt operations.

• Distributed DoS (DDoS): Multiple systems cooperating for attacks.

• Botnet: Group of infected devices under control.

Page 25: Security Threats Overview (6 of 6)

• Social Engineering: Manipulating individuals to disclose private info.

• Cryptojacking: Utilizing victim's computer power for mining.

Page 26: Security Measures Overview

• Types of security measures include:

  • Biometric, Non-biometric, Physical measures.

  • Access controls.

  • Virtual private networks.

  • Data encryption.

  • CERT involvement.

Page 27: Biometric Security Measures

• Unique physiological traits used for security.

• Examples: Facial recognition, fingerprints, iris analysis.

Page 28: Nonbiometric Security Measures

• Three main types:

  • Callback modems.

  • Firewalls.

  • Intrusion detection systems.

Page 29: Callback Modems

• Verify user access by calling back the user post-logoff.

Page 30: Firewalls

• Act as a filter between networks.

• Types include:

  • Packet-filtering.

  • Application-filtering.

  • Proxy servers.

Page 31: Exhibit 5.3

• Basic Firewall Configuration (Overview not included).

Page 32: Exhibit 5.4

• Proxy Server (Overview not included).

Page 33: Intrusion Detection Systems (IDS)

• Protect against access and identify attack signatures.

Page 34: Physical Security Measures

• Control physical access to systems.

• Includes:

  • Cable locks, ID badges, room shielding.

Page 35: Access Controls (1 of 2)

• Designed to protect from unauthorized access and maintain data integrity.

  • Terminal security erases screens after inactivity.

  • Password requirements for system access.

Page 36: Access Controls (2 of 2)

• Password Managers: Generate and encrypt passwords.

• Other security techniques include zero login and biometric identification.

Page 37: Virtual Private Networks

• Provide secure message transmission via encryption.

• Advantages and disadvantages discussed.

Page 38: Data Encryption (1 of 3)

• Transforms plaintext into ciphertext using encryption algorithms.

• Common protocols: SSL, TLS.

Page 39: Data Encryption (2 of 3)

• Public Key Infrastructure (PKI): Enables secure data exchange using trust-based keys.

Page 40: Data Encryption (3 of 3)

• Asymmetric vs. Symmetric encryption explained.

Page 41: E-Commerce Transaction Security Measures

• Address confidentiality, authentication, integrity, and nonrepudiation.

Page 42: Computer Emergency Response Team (CERT)

• Developed by DARPA; focuses on security breaches and attack prevention.

Page 43: Zero Trust Security

• Requires verification for all access, with principles like least-privilege access and MFA.

Page 44: Knowledge Check Activity 5-2

• Question regarding secure data transmission methods.

Page 45: Knowledge Check Activity 5-2: Answer

• Answer: Use a virtual private network (VPN) for secure transmission.

Page 46: Guidelines for a Comprehensive Security System (1 of 3)

• Steps for developing a plan:

  • Form a security committee.

  • Raise employee awareness.

  • Maintain strong passwords and software updates.

Page 47: Guidelines for a Comprehensive Security System (2 of 3)

• Additional steps include:

  • Lock sensitive information.

  • Employ antivirus and firewalls.

Page 48: Guidelines for a Comprehensive Security System (3 of 3)

• Further steps:

  • Maintain fire protection measures.

  • Implement zero-trust practices.

Page 49: Business Continuity Planning (1 of 3)

• Outlines procedures for maintaining operations during disasters.

Page 50: Business Continuity Planning (2 of 3)

• Additional preparation tasks discussed.

Page 51: Business Continuity Planning (3 of 3)

• Steps for resuming operations after a disaster.

Page 52: Self Assessment

• Questions posed regarding security measures and challenges in implementing a security plan.

Page 53: Summary (1 of 2)

• Recap of the module objectives presented.

Page 54: Summary (2 of 2)

• Continued recap of module objectives.