Professional Documents
Culture Documents
Dipresentasikan oleh:
Hernawati Susanti Samosir
21 Februari 2021
Email: hernawati@del.ac.id
6
Security Threats
• Threats from the outside
• Threats from the inside
WSA|DSI|2016 7
4.2 Categories of Threats to
Information Systems
• Unintentional acts
• Natural disasters
• Technical failures
• Management failures
• Deliberate acts
(from Whitman and Mattord, 2003)
Unintentional Acts
• Adware
• Spyware
– Keyloggers
• Spamware
• Cookies
– Tracking cookies
4.4 What Organizations Are Doing to
Protect Information Resources
• Risk
• Risk Analysis
• Risk Mitigation
Risk Mitigation
• Risk Acceptance
• Risk Limitation
• Risk Transference
4.5 Information Security Controls
• Physical Controls
• Access Controls
• Communication Controls
• Business Continuity Planning
• Information Systems Auditing
Physical Controls
• Prevent unauthorized individuals from gaining access to a company’s
facilities.
– Walls
– Doors
– Fencing
– Gates
– Locks
– Badges
– Guards
– Alarm systems
Where Defense Mechanisms are Located
Access Controls
• Authentication
• Authorization
Authentication
26
Basic Guidelines for Passwords
• difficult to guess.
• long rather than short.
• They should have uppercase letters, lowercase letters, numbers, and
special characters.
• not recognizable words.
• not the name of anything or anyone familiar, such as family names or
names of pets.
• not a recognizable string of numbers, such as a Social Security number
or a birthday.
Protecting Information Resources
• Firewalls
• Anti-malware Systems
• Whitelisting and Blacklisting
• Encryption
• Virtual Private Networking
• Secure Socket Layer
• Employee Monitoring Systems
How Public Key
Encryption Works
WSA|DSI|2016 29
Business Continuity Planning, Backup, and
Recovery
• Hot Site
• Warm Site
• Cold Site
• off-site data storage
Information Systems Auditing
Virus
Defenses
Security Biometric
Monitors Security Controls
[ Closing Case Passwords Are No
Longer Enough ]
• The Problem
• A Variety of Attempted Solutions
• The Result
• What We Learned from This Case
Reference
WSA|DSI|2016 36