Lecture Business driven technology (Business plug-in): Chapter 6 - Paige Baltzan, Amy Phillips

Chapter 6 - Information security. In this chapter students will be able to: Describe the relationship between information security policies and an information security plan; summarize the five steps to creating an information security plan; provide an example of each of the three primary security areas: (1) authentication and authorization, (2) prevention and resistance, and (3) detection and response; describe the relationships and differences between hackers and viruses. | BUSINESS PLUG-IN B6 Information Security LEARNING OUTCOMES Describe the relationship between information security policies and an information security plan Summarize the five steps to creating an information security plan Provide an example of each of the three primary security areas: (1) authentication and authorization, (2) prevention and resistance, and (3) detection and response Describe the relationships and differences between hackers and viruses INTRODUCTION Information security – a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization This plug-in discusses how organizations can implement information security lines of defense through people first and technology second The First Line of Defense - People The biggest issue surrounding information security is not a technical issue, but a people issue 38% of security incidents originate within the organization Insiders Social engineering | BUSINESS PLUG-IN B6 Information Security LEARNING OUTCOMES Describe the relationship between information security policies and an information security plan Summarize the five steps to creating an information security plan Provide an example of each of the three primary security areas: (1) authentication and authorization, (2) prevention and resistance, and (3) detection and response Describe the relationships and differences between hackers and viruses INTRODUCTION Information security – a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization This plug-in discusses how organizations can implement information security lines of defense through people first and technology second The First Line of Defense - People The biggest issue surrounding information security is not a technical issue, but a people issue 38% of security incidents originate within the organization Insiders Social engineering The First Line of Defense - People The first line of defense an organization should follow to help combat insider issues is to develop information security policies and an information security plan Information security policies – identify the rules required to maintain information security Information security plan – details how an organization will implement the information security policies The First Line of Defense - People Five steps to creating an information security plan Develop the information security policies Communicate the information security policies Identify critical information assets and risks Test and reevaluate risks Obtain stakeholder support The First Line of Defense - People The Second Line of Defense - Technology Three primary information security areas Authentication and authorization Prevention and resistance Detection and response AUTHENTICATION AND AUTHORIZATION Authentication – a method for confirming users’ identities Authorization – the

Không thể tạo bản xem trước, hãy bấm tải xuống
TÀI LIỆU MỚI ĐĂNG
463    18    1    23-11-2024
12    20    1    23-11-2024
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.