Chapter 8
Securing Information Systems
Learning Objectives
Why are information systems vulnerable to destruction, error, and abuse?
What is the business value of security and control?
What are the components of an organizational framework for security and control?
What are the most important tools and technologies for safeguarding information resources?
Chapter Outline
8.1 System Vulnerability and Abuse
Why Systems are Vulnerable
Malicious Software: Viruses, Worms, Trojan Horses, and Spyware
Hackers and Computer Crime
Internal Threats: Employees
Software Vulnerability
8.2 Business Value of Security and Control
Legal and Regulatory Requirements for Electronic Records Management
Electronic Evidence and Computer Forensics
8.3 Establishing a Framework for Security and Control
Information Systems Controls
Risk Assessment
Security Policy
Disaster Recovery Planning and Business Continuity Planning
The Role of Auditing
8.4 Technologies and Tools for Protecting Information Resources
Identity Management and Authentication
Firewalls, Intrusion Detection Systems, and Antivirus Software
Securing Wireless Networks
Encryption and Public Key Infrastructure
Ensuring System Availability
Security Issues for Cloud Computing and the Mobile Digital Platform
Ensuring Software Quality
Key Terms
The following alphabetical list identifies the key terms discussed in this chapter. The page number for each key term is provided.
|
Acceptable use policy (AUP), 312 |
Identify theft, 302 |
|
Antivirus software, 318 |
Intrusion detection systems, 318 |
|
Application controls, 310 |
Key loggers, 300 |
|
Authentication, 316 |
Malware, 298 |
|
Biometric authentication, 316 |
Managed security service providers (MSSPs), 322 |
|
Botnet, 301 |
MIS audit, 314 |
|
Bugs, 305 |
Online transaction processing, 321 |
|
Business continuity planning, 314 |
Password, 316 |
|
Click fraud, 304 |
Patches, 307 |
|
Computer crime, 302 |
Pharming, 303 |
|
Computer forensics, 309 |
Phishing, 303 |
|
Computer virus, 298 |
Public key encryption, 320 |
|
Controls, 295 |
Public key infrastructure (PKI), 320 |
|
Cybervandalism, 300 |
Recovery-oriented computing, 321 |
|
Cyberwarfare, 304 |
Risk assessment, 311 |
|
Deep packet inspection, 322 |
Sarbanes-Oxley Act, 309 |
|
Denial-of-service (DoS) attack, 301 |
Secure Hypertext Transfer Protocol (S-HTTP), 319 |
|
Digital certificates, 320 |
Secure Sockets Layer (SSL), 319 |
|
Disaster recovery planning, 314 |
Security, 295 |
|
Distributed denial-of-service (DDos) attack, 301 |
Security policy, 312 |
|
Downtime, 321 |
Smart card, 316 |
|
Drive-by download, 298 |
Sniffer, 301 |
|
Encryption, 319 |
Social engineering, 305 |
|
Evil twin, 303 |
Spoofing, 301 |
|
Fault tolerant computer systems, 321 |
Spyware, 300 |
|
Firewall, 317 |
SQL injection attack, 300 |
|
General controls, 310 |
Token, 316 |
|
Gramm-Leach-Bliley Act, 309 |
Trojan Horse, 299 |
|
Hacker, 300 |
Unified threat management (UTM), 319 |
|
High-availability computing, 321 |
War driving, 297 |
|
HIPAA, 308 |
Worms, 298 |
|
Identity management, 312 |
|
Teaching Suggestions
The opening case, “Yoursquo;re on LinkedIn? Watch Out!,” describes several different ways information systems become vulnerable to malicious software— individual userrsquo;s computers, their friendsrsquo; computers, and computers of LinkedIn-participating businesses. Because of its huge user base, an easy-to-use Web site, and a community of users easily linked to dozens or hundreds of other users, the popular business networking site has become a huge security risk to individuals and businesses.
This case also shows that no single approach to securing information systems is sufficient. Businesses must continually upgrade their security software and try to stay one step ahead of hackers and computer criminals. Securing information systems from unauthorized access, abuse, destruction, or tampering of assets requires a combination of training, procedures, and technologies. The cost and difficulty of using all of these must be balanced with the net benefits they provide the business in the form of greater customer trust, uninterrupted operations, compliance with government regulations, and protection of financial assets. However, as the text states, developing a secure password system would only have cost the company a minimal amount of money, in the low six figures. After the hacking incident, the company faces a $5 million dollar class-action lawsuit. <!--
全文共56988字,剩余内容已隐藏,支付完成后下载完整资料
Chapter 8 第 8 章
Securing Information Systems 保护信息系统
Learning 学习 Objectives 目标
- Why are information systems vulnerable to destruction, error, and abuse? 为什么信息系统容易受到破坏,错误和滥用?
- What is the business value of security and control? 安全和控制的商业价值是什么?
- What are the components of an organizational framework for security and control? 安全和控制组织框架的组成部分是什么?
- What are the most important tools and technologies for safeguarding information resources? 什么是保护信息资源最重要的工具和技术?
Chapter Outline 本章大纲
8 .1 8.1 System Vulnerability and Abuse系统漏洞和滥用
Why Systems are Vulnerable 为什么系统是脆弱的
Malicious Software: 恶意软件: Viruses, Worms, Trojan Horses, and Spyware 病毒,蠕虫,特洛伊木马和间谍软件
Hackers and Computer Crime 黑客和 计算机犯罪
Internal Threats: Employees 内部 威胁:员工
Software Vulnerability 软件漏洞
8 . 8.22 Business Value of Security and Control 安全和控制的商业价值
Legal and Regulatory Requirements for Electronic Records Management 电子记录管理的法律和法规要求
Electronic Evidence and Computer Forensics 电子证据和计算机取证
8 .3 8.3 Establishing a Framework for Security and Control 建立安全和控制框架
Information Systems Controls 信息系统控制
Risk Assessment 风险评估
Security Policy 安全策略
Disaster Recovery Planning and Business Continuity Planning 灾难恢复计划和 业务连续性 计划
The Role of Auditing 审计的作用
8 .4 8 .4 Technologies and Tools for Protecting Information Resources 保护信息资源的 技术和工具
Identity Management and Authentication 身份管理和身份验证
Firewalls, Intrusion Detection Systems, and Antivirus Software 防火墙,入侵检测系统和防病毒软件
Securing Wireless Networks 确保无线网络安全
Encryption and Public Key Infrastructure 加密和公钥基础设施
Ensuring System Availability 确保系统可用性
Security Issues for Cloud Computing and the Mobile Digital Platform 云计算和移动数字平台的安全问题
Ensuring Software Quality 确保软件质量
Key Terms 关键术语
The following alphabetical list identifies the key terms discussed in this chapter. 以下按字母顺序排列的列表标识了本章中讨论的关键术语。 The page number for each key term is provided. 提供了每个关键术语的页码。
|
Acceptable use policy (AUP), 312 可接受使用政策(AUP),312 |
Identify theft, 302 识别盗窃302 |
|
Antivirus software, 318 防病毒软件,318 |
Intrusion detection systems, 318 入侵检测系统,318 |
|
Application controls, 310 应用程序控制,310 |
Key loggers, 300 键盘记录器,300 |
|
Authentication, 316 认证,316 |
Malware, 298 恶意软件,298 |
|
Biometric authentication, 316 生物认证,316 |
Managed security service providers (MSSPs), 322 托管安全服务提供商(MSSP),322 |
|
Botnet, 301 僵尸网络,301 |
MIS audit, 314 MIS审计,314 |
|
Bugs, 305 错误,305 |
Online transaction processing, 321 在线交易处理,321 |
|
Business continuity planning, 314 业务连续性计划,314 |
Password, 316 密码,316 |
|
Click fraud, 304 点击欺诈,304 |
Patches, 307 补丁,307 |
|
Computer crime, 302 计算机犯罪,302 |
Pharming, 303 法尔明,303 |
|
Computer forensics, 309 计算机取证,309 |
Phishing, 303 网络钓鱼,303 |
|
Computer virus, 298 计算机病毒,298 |
Public key encryption, 320 公钥加密,320 |
|
Controls, 295 控件,295 |
Public key infrastructure (PKI), 320 公钥基础设施(PKI),320 |
|
Cybervandalism, 300 Cybervandalism,300 |
Recovery-oriented computing, 321 面向恢复的计算,321 |
|
Cyberwarfare, 304 网络战争,304 |
Risk assessment, 311 风险评估311 |
|
Deep packet inspection, 322 深度数据包检测,322 |
Sarbanes-Oxley Act, 309 萨班斯 - 奥克斯利法案,309 |
|
Denial-of-service (DoS) attack, 301 拒绝服务(DoS)攻击,301 |
Secure Hypertext Transfer Protocol (S-HTTP), 319 安全超文本传输协议(S-HTTP),319 |
|
Digital certificates, 320 数字证书,320 |
Secure Sockets Layer (SSL), 319 安全套接字层(SSL),319 |
|
Disaster recovery planning, 314 灾难恢复计划,314 |
Security, 295 安全,295 |
|
Distributed denial-of-service (DDos) attack, 301 分布式拒绝服务(DDos)攻击,301 |
Security policy, 312 安全政策,312 |
|
Downtime, 321 停机时间,321 |
Smart card, 316 智能卡,316 |
|
Drive-by download, 298 开车下载,298 |
Sniffer, 301 嗅探器,301 |
|
Encryption, 319 加密,319 |
Social engineering, 305 社会工程,305 |
|
Evil twin, 303 邪恶的双胞胎,303 |
Spoofing, 301 欺骗,301 |
|
Fault tolerant computer systems, 321 容错计算机系统,321 |
Spyware, 300 间谍软件,300 |
|
Firewall, 317 防火墙,317 |
SQL i 全文共19713字,剩余内容已隐藏,支付完成后下载完整资料 资料编号:[10951],资料为PDF文档或Word文档,PDF文档可免费转换为Word |
以上是毕业论文外文翻译,课题毕业论文、任务书、文献综述、开题报告、程序设计、图纸设计等资料可联系客服协助查找。
