Securing Information Systems

wispsyndicateSécurité

23 févr. 2014 (il y a 3 années et 7 mois)

120 vue(s)

OUTLINE


Chapter
7



Securing Information Systems




Information Security

1.

Confidentiality

2.

Integrity

3.

Availability


Threats & Vulnerabilities

1.

Unauthorized access


A.

(Electromagnetic) eavesdropping


B.

War driving


C.

Social engineering


D.

Dumps
ter diving = Trashing


E.

Industrial espionage = Corporate espionage

2.

Malware


A.

Trojan horse


B.

Computer virus


C.

Worm


D.

Spyware


E.

Key logger

3.

Hackers/crackers & cybervandalism


A.

Spoofing


B.

Sniffer


C.

Denial of Service (DoS) attack


D.

Dis
tributed Denial of Service (DDoS) attack

4.

Computer crime


A.

Identity theft


B.

Phishing


C.

Pharming


D.

Evil twins


E.

Cyberterrorism


F.

Cyberwarfare

5.

Employees



A.

Human error



B.

Data tampering


Control
s


1.

Laws



A.

Health Insurance Portabilit
y and Accountability Act (HIPAA)



B.

Gramm
-
Leach
-
Bliley Act



C.

Sarbanes
-
Oxley Act


2.

Computer forensics


3.

Risk assessment


4.

Security policy


5.

Business continuity planning (BCP)


6.

Disaster recovery planning (DRP)



A.

Hot site



B.

Cold site = S
hell


7.

Access control



A.

Identification



B.

Authentication



C.

Methods of authentication




-

Something you know




-

Something you have




-

Something you are: Biometric authentication


8.

Firewall


9.

Intrusion detection system (IDS)


10.

Antiv
irus software


11.

Antispyware software


12.

Encryption


13.

Physical security controls