CCT225H5 Chapter Notes - Chapter 10: Information Security, Dumpster Diving, Phishing
Document Summary
Learning outcomes: describe relationship between information security policies and an information security plan, provide an example of each of the three primary security areas, 1) authentication and authorization, 2) prevention and resistance, and, 3) detection and response. The first line of defense people: organizations must enable employees, customers, and partners to access information electronically, the biggest issue surrounding information security is not a technical issue, but a people issue. Insiders: social engineering, dumpster diving, pretexting (form of social engineering, the first line of defence an organization should follow to help combat insider issues is to develop information security policies and an information security plan. The second line of defense technology: there are three primary information technology security areas, people (authentication and authorization) data (prevention and resistance) attacks (detection and response, goal, prevent personal/business info hacks. In between the internet and their respective servers: detection and response, cyberterrorism: detection and response technologies are needed to mitigate professional attacks.