TAILIEUCHUNG - Lecture Management information systems (3rd Edition): Chapter 7 - Rainer, Prince, Watson

Chapter 7: Information security. In this chapter, the learning objectives are: Introduction to information security, unintentional threats to information systems, deliberate threats to information systems, what organizations are doing to protect information resources, information security controls. | CHAPTER 7 Information Security CHAPTER OUTLINE Introduction to Information Security Unintentional Threats to Information Systems Deliberate Threats to Information Systems What Organizations Are Doing to Protect Information Resources Information Security Controls LEARNING OBJECTIVES Identify the five factors that contribute to the increasing vulnerability of information resources, and provide a specific example of each one. Compare and contrast human mistakes and social engineering, and provide a specific example of each one. Discuss the 10 types of deliberate attacks. Define the three risk mitigation strategies, and provide an example of each one in the context of owning a home. Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one. Introduction to Information Security Key Information Security Terms Information Security Threat Exposure Vulnerability Five Factors Increasing the Vulnerability of Information Resources Today’s interconnected, interdependent, wirelessly-networked business environment Smaller, faster, cheaper computers and storage devices Decreasing skills necessary to be a hacker Five Factors Increasing the Vulnerability of Information Resources continued Organized crime taking over cybercrime Lack of management support Unintentional Threats to Information Security Categories of Unintentional Threats Human Errors Social Engineering Human Errors Carelessness with laptops and portable computing devices Opening questionable e-mails Careless Internet surfing Poor password selection and use Social Engineering Tailgating Shoulder Surfing Deliberate Threats to Information Security Deliberate Threats Espionage or trespass Information extortion Sabotage or vandalism Theft of equipment or information Deliberate Threats (continued) Identity Theft Compromised to Intellectual Property Software Attacks SCADA Attacks Cyberterrorism and Cyberwarfare Virus Worm Trojan Horse Logic Bomb Phishing attacks Distributed denial-of-service attacks Software Attacks What Organizations Are Doing to Protect Information Resources Risk Management Risk Risk management Risk analysis Risk mitigation Risk Mitigation Strategies Risk Acceptance Risk limitation Risk transference Information Security Controls Information Security Controls Physical controls Access controls Communications (network) controls Access Controls Authentication Authorization Communication or Network Controls Firewalls Anti-malware systems Whitelisting and Blacklisting Encryption Communication or Network Controls (continued) Virtual private networking Secure Socket Layer Employee monitoring systems Business Continuity Planning, Backup, and Recovery Hot Site Warm Site Cold Site Information Systems Auditing Types of Auditors and Audits Internal External IS Auditing Procedure Auditing around the computer Auditing through the computer Auditing with the computer Closing Case #1 The Problem The Solution The Results Closing Case #2 The Problem The Solution The Results

• Cơ sở dữ liệu
• Information security
• Information systems
• Management information systems
• Lecture Management information systems
• Social computing
• Business process management
• Lecture On safety and security of information systems
• On safety and security of information systems
• Introduction to information systems security
• History of information security
• Information systems security
• Bài giảng Bảo mật hệ thống thông tin
• Lecture Information systems security
• Goals of information security
• Security process
• Security topologies
• Network Security Fundamentals
• Guide to Network Security Fundamentals
• Define information security
• Information security careers
• Ebook Information security management
• Information security management
• Information security principles
• Information risk
• Information security framework
• People security controls
• Wireless network security
• Wireless security protections
• IEEE 802
• 11 security
• Information security fundamentals
• Ebook Information security fundamentals
• Information security program
• Information security policies
• Asset classification
• Attacks to information security
• Threats to information security
• Authentication to information security
• Authentication Protocols
• Kerberos An security protocols
• security
• technical security
• safety information tinbao confidentiality
• google hacking
• Research on information security
• Information warfare
• Information security assurance
• Information security management research
• Principles of Information Security
• Information Security Maintenance
• Implementing Information Security
• The need for security
• Conducting security audits
• Privilege audits
• Privilege management
• Academy of ICT
• Government Leaders
• Information security trends
• Information security methodology
• Information security activities
• Information security management handbook
• Access control access control administration
• Network security internet
• Risk management
• Security Service
• Security Mechanism
• Security Attack
• network security
• security mechanisms
• security services
• security architecture
• encryption system
• IP Security
• IP Security Overview
• IP Security Architecture
• Authentication Header
• Security Policies
• Access Control
• Computer Security
• Integrated threat managemen
• Hysical security
• Controls for information security
• Accounting information systems
• Lecture Accounting information systems
• Hệ thống thông tin kế toán
• Trust services framework
• Technical security controls
• Software development
• Environmental security
• Business continuity management
• Electronic mail security
• mail security
• Network Management Security
• Management Security
• Operational security
• Harden physical security
• Secure the physical environment
• CompTIA® Security+
• Security+ Guide to Network Security Fundamentals
• Information security terminology
• Fundamental security principles
• Symmetric cryptographic algorithms
• Asymmetric cryptographic algorithms
• Potential risks
• Privilege escalation
• Các phần mềm có hại
• Protecting systems
• Harden operating systems
• Communications based attack