Professional Documents
Culture Documents
Fourth Edition
CHAPTER 2
Learning Objectives
2
to:
Demonstrate that organizations have a business need for
information security
Explain why a successful information security program is the
responsibility of both an organizations general management
and IT management
Introduction
4
3. Protects data
Organization, without data, loses its record of transactions
and/or ability to deliver value to customers
4. Safeguards technology assets
Infrastructure services based on size and scope of the
organization
Additional security services may be needed as organization
grows
Threats
7
systems
voltage increase
low voltage
loss of power
Threat 3: Espionage
11
http://administracionconfirma.trackglobe.es/documentos/listado_contenidos/135/1/thumbs_web/c_24_401.jpg
Expert hacker
Develops software scripts and program exploits
Usually a master of many skills
Will create attack software and share with others
Unskilled hacker
Many more unskilled hackers than expert hackers
Use expertly written software to exploit a system
Do not usually fully understand the systems they hack
Review ..
15
Example?
Most dangerous threats
Disrupt not only individual lives, but also storage,
Threat 7: Theft
20
intellectual property
Physical theft is controlled relatively easily
Electronic theft is more complex problem; evidence
flaws
Weak devices or systems produce poor service
Attacks
22
Attacks (contd.)
23
Password crack
Attacks (contd.)
24
25
Attacks (contd.)
26
Attacks (contd.)
27
Buffer overruns
Command injection
Failure to handle errors
Failure to protect network traffic
Failure to store and protect data