Académique Documents
Professionnel Documents
Culture Documents
1-1
1-2
Chapter Objectives
After reading this chapter, students will be able to: Identify the challenges for information security Define information security Explain the importance of information security List and define information security terminology Describe the CompTIA Security+ certification exam Describe information security careers
Technical Notes
HANDS-ON PROJECTS Project 1-1 Project 1-2 Project 1-3 Project 1-4 HARDWARE DEVICES REQUIRED Computer PC Computer PC Computer PC Computer PC OPERATING SYSTEM REQUIRED Windows XP Windows XP Windows XP Windows XP OTHER RESOURCES Internet connectivity and installation permissions set Microsoft Baseline Security Analyzer and Internet connectivity Internet connectivity and Gibson Researchs ShieldsUp! ShieldsUp! Program
This chapter should not be completed in one class session. It is recommended that you split the chapter into at least two class sessions, if possible. The amount of subject matter to be covered can be covered in anywhere between a 2to 4-hour period, plus any at-home exercises you wish to assign.
1-3
Quick Reference
Discuss the different delays between patches and attacks as illustrated in Table 1-1 on page 4 of the text.
Certain trends have resulted in security attacks growing at an alarming rate. The Computer Emergency Response Team (CERT) security organization compiles statistics regarding the number of reported incidents of attacks. Table 1-2 on pages 4 and 5 of the text shows the explosive growth of these incidences.
Quick Reference
To apply the concepts in this topic, see Hands-On Projects 1-2, 1-3, and 1-4 at the end of this chapter.
Information security involves more than protecting the information itself. The third objective of information security is illustrated in Figure 1-1 on page 7 of the text. The center of the diagram shows what needs to be protected, which is information.
1-4
Quick Quiz
1. 2. 3. 4. 5. One of the looming fears is the increasing number of ____________ attacks. ANSWER: day zero One of the primary defenses against attacks is applying _____________, software that repairs security flaws and other problems in an application or operating system. ANSWER: patches _____________ ensures that only authorized parties can view information. ANSWER: Integrity _____________ is often associated with theft prevention. ANSWER: Security One of the most important objectives of information security is to protect important __________ and __________ data from theft. ANSWER: business; personal
Quick Reference
Discuss the different laws that have been enacted as listed on pages 8 and 9 of the text in more detail.
Maintaining Productivity
After an attack on information security, clean-up efforts divert resources, such as time and money, away from normal activities. According to a Corporate IT Forum survey of major corporations, each attack costs a company an average of $213,000 in lost man-hours and related costs, while one-third of the corporations reported an average of more than 3,000 man-hours lost. Table 1-3 on page 10 of the text provides an estimate of lost salary and productivity during a virus attack and cleanup for businesses with 100, 250, 500, and 1000 employees.
Foiling Cyberterrorism
An area of growing concern among many defense experts is surprise attacks by terrorist groups using computer technology and the Internet. These attacks could cripple a nations electronic and commercial infrastructure. Such an attack is called cyberterrorism. One challenge in combating cyberterrorism is that many prime targets are not owned and managed by the federal government.
1-5
Quick Reference
Discuss the scenario on pages 11 through 13 of the text that helps illustrate information security terms and how they are used. Also, examine Table 1-4 on page 13, which lists information security terminology.
Quick Quiz
1. 2. 3. 4. 5. The ___________ requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information. ANSWER: Gramm-Leach-Bliley Act or GLBA One challenge in combating __________ is that many prime targets are not owned and managed by the federal government. ANSWER: cyberterrorism A(n) ____________ is a person or thing that has the power to carry out a threat. ANSWER: threat agent A(n) ___________ is the likelihood that something will happen. ANSWER: risk ___________ help employers determine who has the skills and knowledge necessary to secure their systems and data. ANSWER: Certifications
1-6
Discussion Questions
1. 2. Discuss the different methods used to steal data. Discuss several different strategies that can be used to pass the CompTIA Security+ exam.
Additional Activities
1. 2. Have students conduct research looking for software and hardware that can prevent data theft. Have students take a CompTIA Security exam and discuss the results.