Class Notes (1,100,000)
CA (650,000)
UW (20,000)
AFM (1,000)
AFM341 (40)
Lecture 6

AFM341 Lecture 6: Information Security

Accounting & Financial Management
Course Code
Alec Cram

This preview shows pages 1-2. to view the full 6 pages of the document.
Class 6: Information Security
Class Take-Aways
Information security is primarily concerned with the confidentiality, integrity, and availability of
IT resources.
A variety of security threats (e.g. malware, DDOS, social engineering) endanger the reputation,
financial stability, and competitiveness of organizations.
Insiders pose a unique and often overlooked security threat to organizations
What is information security?
Information security is defined as protecting information and information systems from
unauthorized access, use, disclosure, disruption, modification, or destruction.
Things to consider:
What are the assets we protecting?
What is the value of the assets?
How much will it cost to protect the assets?
IT Security Decision Framework
Models of information security issues: CIA Triad (important!)

Only pages 1-2 are available for preview. Some parts have been intentionally blurred.

Information security threats
Though not exhaustive, we will focus on three categories of security threats:
Malicious software
Denial of service
Social engineering
Malicious Software (AKA Malware)
Malware refers to any software that is used to do harm. This includes:
Viruses: A fragment of code that attaches itself to other programs in order to be executed,
usually without user knowledge or permission. Viruses require some type of user action to be
activated (e.g. opening an email attachment) and replicated.
Worms: Programs that copy themselves (i.e. without user action) from one computer to another
over networks. Can destroy data, programs, and halt operation of computer networks.
Spyware: Secretly monitors and collects information
Keylogger: Software that records user keystrokes
Trojan Horse: Malicious computer instructions in an authorized and properly functioning
Trap door: Set of instructions that allow the user to bypass normal system controls
Packet sniffer: Captures data as it travels over a network
Ransomware Growth
Ransomware is a type of malicious software that restricts access to a computer system by
locking or encrypting the data until a ransom is paid to the creator, typically in difficult-to-trace
cyber currency, such as Bitcoin.
Historically, ransomware such as CryptoLocker and CryptoWall employ attacks that threaten
only availability, by preventing a user from accessing their files. Generally, if you pay the
ransom, you get your data back (though not always)
Recent reports suggest that ransomware is the biggest security threat to businesses around the
world. According to Dimension Data, ransomware attacks rose by 350% over the previous year.
Attacks on businesses are up to 42% of the total volume (compared to 30% last year).
The average ransom averaged $544 per machine, although examples of higher ransoms remain
common (a recent Dropbox-themed attack sent to 20M inboxes demands 0.5BTC (about $4500).
Some Ransomware Prevention Guidelines
Back up your files every day
Don’t open email attachments
Keep antivirus software up to date (though this won’t catch all instances of ransomware)
Keep vulnerable applications (e.g. Windows, Java, Flash) fully patched
Install ransomware protection tools (e.g. BitDefender, Trend Micro Anti-Ransomware, EasySync
You're Reading a Preview

Unlock to view full version