MIS3302Mod05
Page 1: Introduction
Module title: Protecting Information Resources
Reference: Bidgoli, MIS, 11th Edition.
Page 2: Module Objectives (1 of 2)
5.1 Explain cybercrime and its impact on the global economy.
5.2 Describe information technologies that could be used in computer crimes.
5.3 Describe basic safeguards in computer, network, and cyber security.
5.4 Identify the ten most common intentional security threats.
Page 3: Module Objectives (2 of 2)
5.5 Describe the nine security measures and enforcement that a comprehensive security system should include.
5.6 Summarize the guidelines for a comprehensive security system, including business continuity planning.
Page 4: Risks Associated with Information Technologies
Information technologies can invade privacy and commit crimes.
Prevention measures:
Regular OS updates.
Use antivirus and antispyware software.
Utilize e-mail security features.
Page 5: The Costs of Cyber Crime to the Global Economy
Projected cost of cybercrime: $10.5 trillion annually by 2025 (Cybersecurity Ventures).
Cost factors include:
Loss of revenue.
Stolen identities and intellectual property.
Damage to reputations.
Cost of enhancing cybersecurity.
Loss of business information.
Page 6: Spyware and Adware
Spyware:
Gathers information about users.
Can alter computer settings.
Prevention through antivirus or antispyware software.
Adware:
Collects user information to display targeted ads.
Prevented by using ad-blocking features.
Page 7: Types of Cyber Threats (1 of 2)
Phishing:
Fraudulent emails mimicking legitimate sources.
Spear Phishing:
Targeted phishing attacks.
Pharming:
Hijacking official websites to redirect users.
Baiting:
Offers of free items to lure users into traps.
Page 8: Types of Cyber Threats (2 of 2)
Quid Pro Quo:
Exchange of sensitive info for a service.
SMiShing:
SMS phishing to download malware.
Vishing:
Voice technology used to acquire sensitive info.
Page 9: Keystroke Loggers
Software or hardware that records keystrokes.
Used legally for employee monitoring and maliciously for stealing data.
Prevention: Use antivirus and antispyware programs.
Page 10: Sniffing and Spoofing
Sniffing:
Capturing network traffic by hackers.
Spoofing:
Posing as authorized users to access sensitive information.
Page 11: Computer Crime and Fraud
Computer fraud: Unauthorized use of computer data for personal benefit.
Examples of computer crimes:
Denial-of-service attacks.
Identity theft.
Software piracy.
Spreading viruses and malware.
Sabotage.
Page 12: Computer and Network Security - Basic Safeguards (1 of 5)
Goals of a comprehensive security system:
Protect organizational resources.
Components include:
Hardware, Software, Procedures, Personnel.
Page 13: CIA Triangle
Confidentiality: Information only disclosed to authorized users.
Integrity: Accuracy of information resources.
Availability: Access to information and recovery from failure.
Page 14: Exhibit 5.1
McCumber Cube (Overview not included).
Page 15: McCumber Cube
Evaluates information security across nine characteristics.
Considers different states: Transmission, Storage, Processing.
Page 16: Levels of Network Security
Level 1: Front-end servers (e-mail and web servers).
Level 2: Back-end systems (workstations).
Level 3: Corporate network (intrusion protection).
Page 17: Fault-Tolerant Systems
Design fault-tolerant systems to ensure availability during failures.
Common methods include:
Uninterruptible power supply (UPS).
Redundant array of independent disks (RAID).
Mirror disks.
Page 18: Knowledge Check - Security Levels
Question regarding the first level of network security.
Page 19: Knowledge Check - Answer
Answer: Public web server is the first level of network security, protecting front-end servers.
Page 20: Security Threats Overview (1 of 6)
Viruses: Self-propagating code triggered by events.
Worms: Spread independently without a host program.
Page 21: Security Threats Overview (2 of 6)
Trojan Programs: Hidden harmful code in popular software.
Logic Bombs: Trigger cross-program harmful actions.
Page 22: Security Threats Overview (3 of 6)
Backdoors (Trapdoors): Allow bypassing security protocols.
Blended Threats: Combine features of various malicious codes.
Page 23: Security Threats Overview (4 of 6)
Rootkits: Groups of tools for unauthorized access.
Page 24: Security Threats Overview (5 of 6)
Denial-of-Service (DoS) Attacks: Flood systems to disrupt operations.
Distributed DoS (DDoS): Multiple systems cooperating for attacks.
Botnet: Group of infected devices under control.
Page 25: Security Threats Overview (6 of 6)
Social Engineering: Manipulating individuals to disclose private info.
Cryptojacking: Utilizing victim's computer power for mining.
Page 26: Security Measures Overview
Types of security measures include:
Biometric, Non-biometric, Physical measures.
Access controls.
Virtual private networks.
Data encryption.
CERT involvement.
Page 27: Biometric Security Measures
Unique physiological traits used for security.
Examples: Facial recognition, fingerprints, iris analysis.
Page 28: Nonbiometric Security Measures
Three main types:
Callback modems.
Firewalls.
Intrusion detection systems.
Page 29: Callback Modems
Verify user access by calling back the user post-logoff.
Page 30: Firewalls
Act as a filter between networks.
Types include:
Packet-filtering.
Application-filtering.
Proxy servers.
Page 31: Exhibit 5.3
Basic Firewall Configuration (Overview not included).
Page 32: Exhibit 5.4
Proxy Server (Overview not included).
Page 33: Intrusion Detection Systems (IDS)
Protect against access and identify attack signatures.
Page 34: Physical Security Measures
Control physical access to systems.
Includes:
Cable locks, ID badges, room shielding.
Page 35: Access Controls (1 of 2)
Designed to protect from unauthorized access and maintain data integrity.
Terminal security erases screens after inactivity.
Password requirements for system access.
Page 36: Access Controls (2 of 2)
Password Managers: Generate and encrypt passwords.
Other security techniques include zero login and biometric identification.
Page 37: Virtual Private Networks
Provide secure message transmission via encryption.
Advantages and disadvantages discussed.
Page 38: Data Encryption (1 of 3)
Transforms plaintext into ciphertext using encryption algorithms.
Common protocols: SSL, TLS.
Page 39: Data Encryption (2 of 3)
Public Key Infrastructure (PKI): Enables secure data exchange using trust-based keys.
Page 40: Data Encryption (3 of 3)
Asymmetric vs. Symmetric encryption explained.
Page 41: E-Commerce Transaction Security Measures
Address confidentiality, authentication, integrity, and nonrepudiation.
Page 42: Computer Emergency Response Team (CERT)
Developed by DARPA; focuses on security breaches and attack prevention.
Page 43: Zero Trust Security
Requires verification for all access, with principles like least-privilege access and MFA.
Page 44: Knowledge Check Activity 5-2
Question regarding secure data transmission methods.
Page 45: Knowledge Check Activity 5-2: Answer
Answer: Use a virtual private network (VPN) for secure transmission.
Page 46: Guidelines for a Comprehensive Security System (1 of 3)
Steps for developing a plan:
Form a security committee.
Raise employee awareness.
Maintain strong passwords and software updates.
Page 47: Guidelines for a Comprehensive Security System (2 of 3)
Additional steps include:
Lock sensitive information.
Employ antivirus and firewalls.
Page 48: Guidelines for a Comprehensive Security System (3 of 3)
Further steps:
Maintain fire protection measures.
Implement zero-trust practices.
Page 49: Business Continuity Planning (1 of 3)
Outlines procedures for maintaining operations during disasters.
Page 50: Business Continuity Planning (2 of 3)
Additional preparation tasks discussed.
Page 51: Business Continuity Planning (3 of 3)
Steps for resuming operations after a disaster.
Page 52: Self Assessment
Questions posed regarding security measures and challenges in implementing a security plan.
Page 53: Summary (1 of 2)
Recap of the module objectives presented.
Page 54: Summary (2 of 2)
Continued recap of module objectives.