BIS Chapter 6 Class
BIS Chapter 6 Class
BIS Chapter 6 Class
Goals
Definition of IS Inadvertent act Strategy
Security Deliberate SW attack Policy
Dimensions of IS Virus, Hacking, Authentication
Security identity theft, Access control
Definition of IS cyber-harassment, Encryption
Security Threats war, crime Backup
Natural Disaster Firewall
Technical Failure IDS
Management failure Physical security
Definition of Information System Security
• Security is defined as ―the quality/state of being
secured – to be secured from danger‖
• Information security – practice of defending digital
information from unauthorized:
Access
Use
Recording
Disruption
Modification
Destruction
Dimensions of Information Security
• Information is:
stored on computer hardware
manipulated by software
transmitted by communication network
used by people, etc.
Communication error
Cont.
2. DELEBERATE SOFTWARE ATTACKS
Deliberate action aimed to violate/ compromise a system’s security
through the use of software:
Use of malware
Password cracking
Spoofing
Sniffing
Man-in-the-Middle
Phishing
Cont.
3. NATURAL DISASTER
dangerous - unexpected and occur without very little warning
4. TECHNICAL FAILURE
Two Types:
Technical Hardware Failure
Equipment distributed with flaws that may be known or
unknown to the manufacturer
Technical Software Failure
Cause the system to perform in an undesirable or
unexpected way may be unrecoverable
Cont.
5. MANAGEMENT FAILURE
Managers:
update themselves about recent developments and
technology.
develop proper plan for good protection of the information.
Committed to upgrade the existing system to the latest
technology (assisted by IT professionals)
Computer Crime
• What is computer crime?
An act using a computer or network to commit an illegal act.
Targeting a computer while committing an offense
Identity
Hacking & Cracking
Theft
Computer
Viruses
Cyber harassment,
Cyberstalking, Piracy
Cyberbullying
Hackers & Crackers
• Hackers
Anyone who can gain unauthorized access to computers
• Crackers
Individuals who break into computer systems with the
intent to commit crime or do damage
Also called black hat hackers
• Hacktivists:
Crackers who are motivated by political or ideological
goals and who use cracking to promote their interests
Computer Viruses
• perverse software which cause malicious activity (spread
destructive program routines)
hindering execution of other programs
Revenge on company/person
act of maniac
Cont.
• Commonly transmitted through:
The Internet and online services:
Hacker creates a virus and attaches it to a real program or file on a
Website
User downloaded file (thinking it is a legitimate file or program).
Once downloaded, it infects other files and programs on the machine
Email and file attachments and files shared
Disks from contaminated computers
• Infects files with extension (.COM, .EXE, .OVR, .OVL, .SYS, .BIN)
Cont.
Web vandalism
• Cyber-terrorism
Attacks by individuals and organized groups (not by the
government)
Goal Political, religious, or ideological
• Integrity
Preventing unauthorized manipulations of data and systems
• Confidentiality
Protecting data from unauthorized access
• Accountability
Ensuring that actions can be traced
Developing IS Security Strategy
• Options for addressing information security risks
Risk Reduction
Risk Acceptance
Risk Transference
Risk Avoidance
• Types of Controls
Preventive:
Detective
Corrective
Access control
Back-ups
Firewalls
Physical Security
IS Security Policy & Procedure
• Policies and procedures include:
Information policy: handling, storage, transmission, and destroying
Security cameras
• Environmental monitoring