Securing Information Systems

System vulnerability

control

security

Storing problems

1- software problems

2- Hardware problems

3- Disasters

4-Use of networks and computer outside of firms control

Wireless security challenges

1- war driving

2- the service set identifiers

Larg public networks facing threats because:

1- Email attachment

2- size of the internet

3- Email used for transmitting trade secret

4- Network open to anyone

Malicious software

1- viruses

2-worms

3- Trojan horses

spyware

Hackers and computer crime

Hacker

cracker

sniffer

denial-of-service attacks(DoS)

distributed denial-of-service

Computer crime

identity theft

phishing

evil twins

pharming

click fraud

internal threats: employee

security threats often originate inside an organization

social engineering

software vulnerability

commercial software contains flaws that create security vulnerability

Subtopic

Business Value of Security and Control

Legal and Regulatory Requirements for Electronic Records Management

Gramm-Leach-Bliley Act

HIPPA

Sarbanes-Oxley Act

Electronic Evidence and Computer Forensics

1-Evidence for white collar crimes often found in digital form

3- Computer forensics

2- Proper control of data can save time, money when responding to legal discovery request

4- Ambient data

Establishing a Framework for Security and Control

1- Risk assessment

Expected annual loss

Potential losses, value of threat

Probability of occurrence during year

2- Acceptable use policy (AUP)

3-Identity management

Disaster Recovery Planning and Business Continuity Planning

The rule MIS auditing

Technologies and Tools for Protecting Information
Resources

Subtopic

Encryption and Public Key Infrastructure

Encryption

Two methods for encryption on networks:(SSL) and (TLS)

Two methods of encryption:Symmetric key encryption
and Public key encryption

Intrusion Detection Systems, and Antivirus Software

Intrusion detection systems:

Antivirus and anti-spyware software: 1-Antivirus 2-Anti-spyware software

4-Technologies and Tools for Security

Unified threat management (UTM) systems

Biometric authentication

Smart card

3-Techniques for preventing unauthorized access to a system are listed

Password system

Tokens

2-Authentication

1- Access control