Scribd Logo
Upload

Welcome to Scribd!

  • Week0501 Information Security

    Uploaded by

    Donni Wasington Napitupulu
    10 views36 pages

    Original Title

    Week0501 Information Security (1)

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    10 views36 pages

    Week0501 Information Security

    Uploaded by

    Donni Wasington Napitupulu

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 36

    Keamanan Informasi

    Dipresentasikan oleh:
    Hernawati Susanti Samosir
    21 Februari 2021
    Email: hernawati@del.ac.id

    Materi Kuliah Minggu 5


    Introduction to Information System and Database
    12S4081
    Objectives

    • Identify the five factors that contribute to the increasing vulnerability


    of information resources, and provide a specific example of each
    one.
    • Compare and contrast human mistakes and social engineering, and
    provide a specific example of each one.
    • Discuss the ten types of deliberate attacks.
    • Define the three risk mitigation strategies, and provide an example
    of each one in the context of owning a home.
    • Identify the three major types of controls that organizations can use
    to protect their information resources, and provide an example of
    each one.
    Agendas

    • Introduction to Information Security


    • Unintentional Threats to Information Systems
    • Deliberate Threats to Information Systems
    • What Organizations Are Doing to Protect
    Information Resources
    • Information Security Controls
    4.1 Introduction to Information
    Security
    • Security
    • Information Security
    • Threat
    • Exposure
    • Vulnerability
    Introduction to Information Security

    • Five Factors Contributing to Vulnerability


    – Today’s interconnected, interdependent, wirelessly networked
    business environment
    – Smaller, faster, cheaper computers & storage devices
    – Decreasing skills necessary to be a computer hacker
    – International organized crime taking over cybercrime
    – Lack of management support
    Information Criteria: CIA Triad

    6
    Security Threats
    • Threats from the outside
    • Threats from the inside

    WSA|DSI|2016 7
    4.2 Categories of Threats to
    Information Systems
    • Unintentional acts
    • Natural disasters
    • Technical failures
    • Management failures
    • Deliberate acts
    (from Whitman and Mattord, 2003)
    Unintentional Acts

    • Human Errors: Tailgating, shoulder surfing,


    carelessness with laptop, poor password use
    • Environmental hazards: (e.g., dirt, dust, humidity)
    • Deviations in quality of service by service providers
    (e.g., utilities)
    Human Errors

    • Higher level employees + greater access privileges =


    greater threat
    • Two areas pose significant threats
    – Human Resources
    – Information Systems
    • Other areas of threats:
    – Contract Labor, consultants, janitors, & guards
    Human Errors

    • Common Human Error


    – Carelessness with Laptops
    – Carelessness with Computing Devices
    – Opening Questionable E-mail
    – Careless Internet Surfing
    – Poor Password Selection and Use
    – Carelessness with One’s Office
    Human Errors

    • Common Human Error


    – Carelessness with One’s Office
    – Carelessness Using Unmanaged Devices
    – Carelessness with Discarded Equipment
    – Careless Monitoring of Environmental Hazards
    4.3 Deliberate Threats to
    Information Systems
    • Espionage or Trespass
    • Information Extortion
    • Sabotage or Vandalism
    • Theft of Equipment or Information
    • Identity Theft
    • Compromises to Intellectual Property
    4.3 Deliberate Threats to
    Information Systems
    • Software Attacks
    • Alien Software
    • Supervisory Control and Data Acquisition
    (SCADA) Attacks
    • Cyberterrorism and Cyberwarfare
    Software Attacks

    • Remote Attacks Requiring User Action


    – Virus
    – Worm
    – Phishing Attack
    – Spear Phishing Attack
    • Denial of Service Attack
    • Distributed Denial of Service Attack
    Software Attacks

    • Remote Attacks Needing No User Action


    – Denial of Service Attack
    – Distributed Denial of Service Attack
    Software Attacks

    • Attacks by a Programmer Developing a System


    – Trojan Horse
    – Back Door
    – Logic Bomb
    Alien Software

    • Adware
    • Spyware
    – Keyloggers
    • Spamware
    • Cookies
    – Tracking cookies
    4.4 What Organizations Are Doing to
    Protect Information Resources

    • Risk
    • Risk Analysis
    • Risk Mitigation
    Risk Mitigation

    • Risk Acceptance
    • Risk Limitation
    • Risk Transference
    4.5 Information Security Controls

    • Physical Controls
    • Access Controls
    • Communication Controls
    • Business Continuity Planning
    • Information Systems Auditing
    Physical Controls
    • Prevent unauthorized individuals from gaining access to a company’s
    facilities.
    – Walls
    – Doors
    – Fencing
    – Gates
    – Locks
    – Badges
    – Guards
    – Alarm systems
    Where Defense Mechanisms are Located
    Access Controls

    • Authentication
    • Authorization
    Authentication

    • Something the user is: Biometrics


    • Something the user has: smart ID card
    • Something the user does: voice recognition
    • Something the user knows: passwords
    Authorization

    • Once users have been properly authenticated, the rights,


    and privileges that they have on the organization’s
    system are established.
    • Companies use the principle of least privilege for
    authorization purposes.
    • A privilege is a collection of related computer system
    operations that can be performed by users of the system.

    26
    Basic Guidelines for Passwords

    • difficult to guess.
    • long rather than short.
    • They should have uppercase letters, lowercase letters, numbers, and
    special characters.
    • not recognizable words.
    • not the name of anything or anyone familiar, such as family names or
    names of pets.
    • not a recognizable string of numbers, such as a Social Security number
    or a birthday.
    Protecting Information Resources

    • Firewalls
    • Anti-malware Systems
    • Whitelisting and Blacklisting
    • Encryption
    • Virtual Private Networking
    • Secure Socket Layer
    • Employee Monitoring Systems
    How Public Key
    Encryption Works

    WSA|DSI|2016 29
    Business Continuity Planning, Backup, and
    Recovery
    • Hot Site
    • Warm Site
    • Cold Site
    • off-site data storage
    Information Systems Auditing

    • Audit is an examination of information systems, their


    inputs, outputs, and processing.
    • Types of Auditors and Audits
    • How is Auditing Executed?
    Information Systems Auditing

    • Types of Auditors and Audits


    • Internal
    • External
    • How is Auditing Executed?
    • Auditing around the computer: specific input
    • Auditing through the computer: program logic and test data
    • Auditing with the computer: simulation of payroll using live
    data.
    Security Management of e-Business
    Encryption Fire Walls

    Virus
    Defenses

    Denial of Service Monitor


    Defenses E-mail
    Other e-Business Security Measures
    Security Backup
    Codes Files

    Security Biometric
    Monitors Security Controls
    [ Closing Case Passwords Are No
    Longer Enough ]
    • The Problem
    • A Variety of Attempted Solutions
    • The Result
    • What We Learned from This Case
    Reference

    James A O’Brien “Introduction to Information


    System”. McGRAW-HILL, 15th Edition, 2010

    WSA|DSI|2016 36

    You might also like