Scribd Logo
Upload

Welcome to Scribd!

  • Information Security

    Uploaded by

    mhatet_ignacio
    5 views22 pages

    Original Title

    INFORMATION SECURITY.pptx

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views22 pages

    Information Security

    Uploaded by

    mhatet_ignacio

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 22

    INFORMATIO

    N
    SECURITY
    SECURITY
    0 The degree of protection against criminal activity,
    danger, damage, and/or loss
    INFORMATION SECURITY
    0 Are all of the processes and policies designed to
    protect an organization’s information and
    information systems from unauthorized access, use,
    disclosure, disruption, modification, or destruction.

    0 Information and information systems can be


    compromised by deliberate criminal actions and by
    anything that can impair the proper functioning of
    an organization’s information systems
    INFORMATION SECURITY
    0 Organizations collect huge amounts of information
    and employs numerous information systems that
    are subject to myriad threats.
    0 THREATS – a threat can be either "intentional" (i.e.,
    intelligent; e.g., an individual cracker or a criminal
    organization) or "accidental" (e.g., the possibility of
    a computer malfunctioning, or the possibility of a
    natural disaster such as an earthquake, a fire, or a
    tornado) or otherwise a circumstance, capability,
    action, or event.
    4 Key Factors Contributing to Increasing
    Vulnerability of Organizational Information
    Resources
    0 1. Today’s interconnected, interdependent,
    wireless networked business environment
    0 2. Smaller, faster, cheaper computers and
    storage devices
    0 3. Decreasing skills necessary to be a
    computer hacker
    0 4. International organized crime taking
    over cybercrime
    1. Today’s interconnected, interdependent,
    wireless networked business environment

    0 The internet now enables millions of


    computers and computer networks to
    communicate freely and seamlessly with
    one another.
    0 Organizations and individuals are
    exposed to a world of untrusted
    networks and potential attackers
    2. Smaller, faster, cheaper computers and
    storage devices

    0 Computers and storage devices continue


    to become smaller, faster, cheaper and
    more portable with greater storage
    capacity, making it easier to steal or lose
    a computer device that may contain
    huge amounts of sensitive information's.
    3. Decreasing skills necessary to be a
    computer hacker
    0 Internet contains “scripts” (information
    and computer programs), that users
    with few skills can download and use to
    attack any information system
    connected to the internet
    4. International organized crime
    taking over cybercrime
    0 The network, powered by skillful
    hackers, targets known software
    security weaknesses. These crimes are
    typically non-violent, but quite lucrative.
    0 CYBERCRIME – illegal activities
    conducted over computer networks
    2 Major Categories of Threats
    1. Unintentional 2. Deliberate
    Threats Threats
    a. Espionage or Trespass
    a. Human b. Information Extortion
    Errors c. Sabotage or Vandalism
    d. Theft of
    b. Social Equipment/Information
    Engineering e. Compromises to Intellectual
    Property
    f. Software Attacks
    g. Alien Software
    h. Cyberterrorism/
    Cyberwarfare
    Unintentional Threats
    0 HUMAN ERRORS
    The higher the level of employee, the greater the threats
    he/she poses to information security.
    0 HUMAN RESOURCES
    Have access to sensitive personal information about all
    employees
    0 INFORMATION SYSTEMS
    I.S. Employees not only have information but often control
    the means to create, store, transmit and modify the data
    Unintentional Threats
    0 HUMAN MISTAKES
    1. Carelessness with laptops
    2. Opening questionable e-mails
    3. Carelessness internet surfing
    4. Poor password selection and use
    5. Carelessness with one’s office
    6. Carelessness using unmanaged devices
    7. Carelessness with discarded equipment
    Unintentional Threats
    0 SOCIAL ENGINEERING
    An attack in which the perpetrator uses social skills to
    trick or manipulate a legitimate employee into
    providing confidential company information such as
    passwords.

    Ex. Impersonates someone else on the phone such as


    company manager
    DELIBERATE THREATS
    0 1. ESPIONAGE/TRESPASS
    Occurs when an unauthorized individual attempts to
    gain illegal access to organizational information.
    DELIBERATE THREATS
    0 2. INFORMATION EXTORTION
    Occurs when an attacker either threatens to steal, or
    actually steals information from a company.
    DELIBERATE THREATS
    0 3. SABOTAGE/VANDALISM
    Are deliberate acts that involve defacing an
    organization’s image and causing its customers to lose
    faith.

    Ex. CYBERACTIVIST – Operation that protest the


    policies or actions of an organizations or government
    agencies
    DELIBERATE THREATS
    0 4. THEFT OF INFORMATION/
    EQUIPMENT
    Storage devices like laptops, smartphones,
    digital cameras, IPods are becoming smaller
    and easier for attackers to use steal
    information.
    DELIBERATE THREATS
    0 5. IDENTITY THEFT – The deliberate
    assumptions of another person’s identity, usually to
    gain access to his/her financial information or to
    frame for a crime.
    0 Stealing mail/ Dumpster Diving
    0 Stealing Personal Information in Computer Databases
    0 Infiltrating Organizations that store large amounts of
    personal information
    0 Impersonating a trusted organization in electronic
    communication
    DELIBERATE THREATS
    0 6. COMPROMISES TO INTELLECTUAL PROPERTY

    A. INTELLECTUAL PROPERTY – Property created by individual or


    corporations that is protected under trade secret, patent, and copyright
    laws.

    B. TRADE SECRET – An intellectual work, such as business plan that is a


    company secret

    C. COPYRIGHT – Is a statutory grant that provides the creators or owners


    of intellectual property with ownership of the property.

    D. PIRACY – is copying a program without making payment to the owner


    DELIBERATE THREATS
    0 7 SOFTWARE ATTACKS – Hackers used malicious software to
    infect as many computers as possible
    A. REMOTE ATTACKS REQUIRING USER ACTIONS
    Virus
    Worm
    Phishing Attacks
    B. REMOTE ATTACKS NEEDING NO USER ACTION
    Denial-of-Service Attack
    Distributed Denial-of-Service Attack
    C. ATTACKS BY A PROGRAMMER DEVELOPING A SYSTEM
    Trojan horse
    Back door
    Logic bomb
    DELIBERATE THREATS
    0 8. ALIEN SOFTWARE – Is clandestine software that
    is installed on your web surfing habits and other
    personal behavior.
    Ex. SPYWARE – a software that collects personal
    information about users without their consents.
    CAPTCHA – is a test, the fact that you can transcribe them
    means you are probably not a software program run by an
    unauthorized person.
    SPAMWARE – emails from spammers are sent to everyone
    in your email address book, but appear to come from you
    DELIBERATE THREATS
    0 9. CYBERTERRORISM and CYBERWARFARE
    Malicious acts in which attacker use a target’s computer
    systems, particularly via internet, to cause, real-world
    harm or severe disruption.

    CYBERTERRORISM – carried by individual/group


    CYBERWARFARE – carried out by nation states

    You might also like