《克伦克《管理信息系统(第7版)》英文版教学课件kroenke_emis7e_inppt10》由会员分享,可在线阅读,更多相关《克伦克《管理信息系统(第7版)》英文版教学课件kroenke_emis7e_inppt10(50页珍藏版)》请在金锄头文库上搜索。
1、Information Security ManagementChapter 1010-2“But How Do You Implement That Security?”C o p y r ig h t 2 0 1 7 P e a r s o n E du c at i o n, In c .Video conference with potential PRIDE promoter and advertiser PRIDE originally designed to store medical dataSDS wants to know if PRIDE systems has acce
2、ptable level of securityDoesnt want to affiliate with company with major security problemCriminals now focus attacks on inter-organizational systems10-3PRIDE Design for SecurityC o p y r ig h t 2 0 1 7 P e a r s o n E du c at i o n, In c .10-4Study QuestionsC o p y r ig h t 2 0 1 7 P e a r s o n E d
3、u c at i o n, In c .Q1: What is the goal of information systems security?Q2: How big is the computer security problem?Q3: How should you respond to security threats?Q4: How should organizations respond to security threats?Q5: How can technical safeguards protect against security threats?Q6: How can
4、data safeguards protect against security threats?Q7: How can human safeguards protect against security threats?Q8: How should organizations respond to security incidents? How does the knowledge in this chapter help you?10-5Q1: What Is the Goal of Information Systems Security?C o p y r ig h t 2 0 1 7
5、 P e a r s o n E du c at i o n, In c .10-6Examples of Threat/LossC o p y r ig h t 2 0 1 7 P e a r s o n E du c at i o n, In c .10-7What Are the Sources of Threats?C o p y r ig h t 2 0 1 7 P e a r s o n E du c at i o n, In c .10-8What Types of Security Loss Exists?C o p y r ig h t 2 0 1 7 P e a r s o
6、 n E du c at i o n, In c .Unauthorized Data DisclosurePretextingPhishingSpoofingIP spoofingEmail spoofingDrive-by sniffersWardriversHacking & Natural disasters 10-9Incorrect Data ModificationC o p y r ig h t 2 0 1 7 P e a r s o n E du c at i o n, In c .Procedures incorrectly designed or not followed
7、Increasing a customers discount or incorrectly modifying employees salaryPlacing incorrect data on company Web siteImproper internal controls on systemsSystem errorsFaulty recovery actions after a disaster10-10Faulty ServiceC o p y r ig h t 2 0 1 7 P e a r s o n E du c at i o n, In c .Incorrect data
8、 modification Systems working incorrectlyProcedural mistakes Programming errorsIT installation errorsUsurpationDenial of service (unintentional)Denial-of-service attacks (intentional)10-11Loss of InfrastructureC o p y r ig h t 2 0 1 7 P e a r s o n E du c at i o n, In c .Human accidentsTheft and ter
9、rorist eventsDisgruntled or terminated employeeNatural disastersAdvanced Persistent Threat (APT1)Theft of intellectual property from U.S. firms10-12Goal of Information Systems SecurityC o p y r ig h t 2 0 1 7 P e a r s o n E du c at i o n, In c .Appropriate trade-off between risk of loss and cost of
10、 implementing safeguardsUse antivirus softwareDeleting browser cookies (Worth it?)Get in front of security problems by making appropriate trade-offs10-13Q2: How Big Is the Computer Security Problem?C o p y r ig h t 2 0 1 7 P e a r s o n E du c at i o n, In c .10-14Computer Crime Costs by Attack Type
11、C o p y r ig h t 2 0 1 7 P e a r s o n E du c at i o n, In c .10-15Ponemon Study Findings (2014)C o p y r ig h t 2 0 1 7 P e a r s o n E du c at i o n, In c .Malicious insiders increasingly serious threatBusiness disruption and data loss principal costs of computer crimeNegligent employees, personal
12、 devices connecting to corporate network, use of commercial cloud-based applications pose significant security threatsSecurity safeguards workPonemon Study 201410-16Q3: How Should You Respond to Security Threats?C o p y r ig h t 2 0 1 7 P e a r s o n E du c at i o n, In c .Personal Security Safeguar
13、dsIntrusion detection system (IDS)10-17Security Safeguards and the Five ComponentsC o p y r ig h t 2 0 1 7 P e a r s o n E du c at i o n, In c .10-18So What? New from Black Hat 2014C o p y r ig h t 2 0 1 7 P e a r s o n E du c at i o n, In c .Educational forum for hackers, developers, manufacturers,
14、 and government agenciesBriefings on how things can be hackedShow how to exploit weaknesses in hardware, software, protocols, or systems from smartphones to ATMs10-19Keynote Speaker RecommendationsC o p y r ig h t 2 0 1 7 P e a r s o n E du c at i o n, In c .1.Mandatory reporting of security vulnera
15、bilities2.Software makers liable for damage their code causes after abandoned or users allowed to see it3.ISP liable for harmful, inspected content4.“Right to be forgotten” - appropriate and advantageous5.End-to-End Encrypted Email10-20Hacking Smart ThingsC o p y r ig h t 2 0 1 7 P e a r s o n E du
16、c at i o n, In c .Automobile wireless features and poor internal systems architecture allow hackers to access automated driving functions through features like cars radioControl hotel lights, thermostats, televisions, and blinds in 200+ rooms by reverse-engineering home automation protocol called KNX/IP70% smart devices use unencrypted network services, 60% vulnerable to persistent XSS (cross-site scripting), and weak credentials10-21Q4: How Should Organizations Respond to Security Threats?C o p