Đang chuẩn bị liên kết để tải về tài liệu:
Lecture Accounting information systems (13/e) – Chapter 8: Controls for information security

Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ

After studying this chapter, you should be able to: Explain how information security affects information systems reliability; describe how a combination of preventive, detective, and corrective controls can be employed to provide reasonable assurance about information security. | Controls for Information Security Chapter 8 8-1 Learning Objectives Explain how information security affects information systems reliability. Discuss how a combination of preventive, detective, and corrective controls can be employed to provide reasonable assurance about the security of an organization’s information system. 8-2 Trust Services Framework Security Access to the system and data is controlled and restricted to legitimate users. Confidentiality Sensitive organizational data is protected. Privacy Personal information about trading partners, investors, and employees are protected. Processing integrity Data are processed accurately, completely, in a timely manner, and only with proper authorization. Availability System and information are available. 8-3 8-4 Security Life Cycle Security is a management issue 8-5 Security Approaches Defense-in-depth Multiple layers of control (preventive and detective) to avoid a single point of failure Time-based model, security is effective if: P > D + C where P is time it takes an attacker to break through preventive controls D is time it takes to detect an attack is in progress C is time it takes to respond to the attack and take corrective action 8-6 How to Mitigate Risk of Attack Preventive Controls Detective Controls People Process IT Solutions Physical security Change controls and change management Log analysis Intrusion detection systems Penetration testing Continuous monitoring 8-7 Preventive: People Culture of security Tone set at the top with management Training Follow safe computing practices Never open unsolicited e-mail attachments Use only approved software Do not share passwords Physically protect laptops/cellphones Protect against social engineering 8-8 Preventive: Process Authentication—verifies the person Something person knows Something person has Some biometric characteristic Combination of all three Authorization—determines what a person can access 8-9 Preventive: IT Solutions Antimalware controls Network access controls Device and software hardening controls Encryption 8-10 Preventive: Other Physical security access controls Limit entry to building Restrict access to network and data Change controls and change management Formal processes in place regarding changes made to hardware, software, or processes 8-11 Corrective Computer Incident Response Team (CIRT) Chief Information Security Officer (CISO) Patch management 8-12 Key Terms Defense-in-depth Time-based model of security Social engineering Authentication Biometric identifier Multifactor authentication Multimodal authentication Authorization Access control matrix Compatibility test Border router Firewall Demilitarized zone (DMZ) Routers Access control list (ACL) Packet filtering Deep packet inspection Intrusion prevention system Remote Authentication Dial-in User Service (RADIUS) War dialing Endpoints Vulnerabilities Vulnerability scanners Hardening Change control and change management Log analysis Intrusion detection system (IDS) 8-13 Key Terms (continued) Penetration test Computer incident response team (CIRT) Exploit Patch Patch management Virtualization Cloud computing 8-14

TAILIEUCHUNG - Chia sẻ tài liệu không giới hạn
Địa chỉ : 444 Hoang Hoa Tham, Hanoi, Viet Nam
Website : tailieuchung.com
Email : tailieuchung20@gmail.com
Tailieuchung.com là thư viện tài liệu trực tuyến, nơi chia sẽ trao đổi hàng triệu tài liệu như luận văn đồ án, sách, giáo trình, đề thi.
Chúng tôi không chịu trách nhiệm liên quan đến các vấn đề bản quyền nội dung tài liệu được thành viên tự nguyện đăng tải lên, nếu phát hiện thấy tài liệu xấu hoặc tài liệu có bản quyền xin hãy email cho chúng tôi.
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.