Introduction to Information

Systems Security
SLIDESMANIA.COM
 Topics
Information Systems Security Concepts

succeed! Confidentiality, Integrity, and Availability (CIA)

s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you

The Seven Domains of an IT Infrastructure

IT Security Policy Framework and Data Standard Classification

SLIDESMANIA.COM
 Information Systems Security Concepts

● Information Systems Security (InfoSec) is the practice of

protecting information systems from unauthorized access,
disclosure, disruption, modification, or destruction.
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
succeed!
Example: A financial institution implements multi-factor
authentication (MFA) to prevent unauthorized access to customer
accounts.
SLIDESMANIA.COM
 Importance of Information Systems Security

● Securing information systems is critical for protecting sensitive

data, maintaining operational integrity, and preventing cyber
threats.
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
succeed!
Scenario: A hospital secures patient records using encryption to prevent
unauthorized access and ensure compliance with regulations like HIPAA.
SLIDESMANIA.COM
 Confidentiality, Integrity, and Availability (CIA)

● The CIA Triad is a fundamental model in information security

ensuring data protection:
● Confidentiality: Ensures only authorized users access sensitive
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
data.
succeed!
● Integrity: Ensures data accuracy and reliability.
● Availability: Ensures authorized users can access data when
needed.
Example: A cloud service provider implements backup and redundancy to maintain
availability during server failures.
SLIDESMANIA.COM
 Confidentiality

● Confidentiality protects sensitive information from

unauthorized disclosure through encryption, access
controls, and secure communication.
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
succeed!
Scenario: A company encrypts customer payment data to prevent
exposure during a data breach.
SLIDESMANIA.COM
 Integrity

● Explanation: Integrity ensures that data remains unaltered

during storage, processing, and transmission using hash
functions, checksums, and digital signatures.
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
succeed!
Example: A bank uses cryptographic hash functions to verify the
authenticity of transactions in online banking.
SLIDESMANIA.COM
 Availability

● Explanation: Availability ensures that information is accessible

when needed, employing redundancy, fault tolerance, and security
monitoring.
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
succeed!
Scenario: A web hosting service uses distributed servers and load balancing to
prevent downtime from cyberattacks.
SLIDESMANIA.COM
 The Seven Domains of an IT Infrastructure

● Definition: The seven domains include User, Workstation, LAN,

LAN-to-WAN, WAN, Remote Access, and System/Application
domains, forming an organization's security architecture.
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
succeed!
Example: A company implements firewall protection at the LAN-to-WAN boundary
to prevent external cyber threats.
SLIDESMANIA.COM
 The Seven Domains of an IT Infrastructure

s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
succeed!
SLIDESMANIA.COM
 IT Security Policy Framework

● Explanation: An IT Security Policy Framework

provides structured policies, guidelines, and
standards to protect an organization's information
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
assets.
succeed!

Example: A government agency enforces an acceptable use policy

to regulate employee access to sensitive data.
SLIDESMANIA.COM
 Data Standard Classification

● Definition: Data classification categorizes information

based on sensitivity and impact, including Public,
Internal, Confidential, and Highly Confidential
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
classifications.
succeed!

Scenario: A law firm marks client records as "Highly Confidential" to

restrict access to authorized personnel only.
SLIDESMANIA.COM
 Best Practices in Information Systems Security

● Implement strong access controls (passwords, MFA)Regularly

update software and apply security patches. Conduct employee
security awareness training. Utilize encryption for sensitive data.
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
succeed!
Example: A retail company mandates quarterly security training to educate
employees on phishing attack prevention.
SLIDESMANIA.COM
 Conclusion and Discussion

● Summary: Information Systems Security is essential in

safeguarding data, ensuring confidentiality, integrity, and
availability, and adhering to security frameworks.
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
succeed!
Discussion Questions:
1. How can organizations balance security with usability?
2. What role does employee awareness play in cybersecurity?
SLIDESMANIA.COM
 Malicious Attacks, Threats,
and Impact in IT Infrastructure
SLIDESMANIA.COM
 Introduction

● Cyber threats are increasing with advancements in

technology.
● Attacks can target software, networks, and human
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
behavior.
succeed!
● Understanding attacks and countermeasures is essential
for cybersecurity.
SLIDESMANIA.COM
 Malicious Software (Malware)

● Software designed to harm or exploit systems.

Examples: Viruses, Worms, Trojans, Ransomware, Spyware.
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
Can be delivered via email attachments, malicious downloads, or
succeed!
●

USB drives.
SLIDESMANIA.COM
 Countermeasures for Malware

● Use updated antivirus and anti-malware tools.

● Avoid downloading files from unknown sources.
● Regularly update operating systems and applications.
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
succeed!
SLIDESMANIA.COM
 Common Attacks on IT Infrastructure

● Denial-of-Service (DoS) and Distributed Denial-of-

Service (DDoS) - Overwhelms systems with traffic.
● Phishing - Fraudulent emails to steal sensitive
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
information.
succeed!
● Man-in-the-Middle (MitM) - Intercepts communication
between parties.
SLIDESMANIA.COM
 Countermeasures for Common Attacks

● Implement firewalls and intrusion detection systems.

● Use strong passwords and multi-factor authentication.
● Educate employees on recognizing phishing emails.
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
succeed!
SLIDESMANIA.COM
 Social Engineering Attacks

● Manipulating people to gain unauthorized access.

● Types: Pretexting, Baiting, Phishing, Spear
Phishing.
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
Example: A hacker calls an employee pretending to be
succeed!
IT support.
SLIDESMANIA.COM
 Reducing Social Engineering Attacks

● Conduct security awareness training.

● Verify identities before disclosing sensitive information.
● Use caller ID and email verification techniques.
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
succeed!
SLIDESMANIA.COM
 Classes of Attacks

● Passive Attacks - Eavesdropping on communication (e.g.,

Packet Sniffing).
● Active Attacks - Altering or disrupting communication (e.g.,
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
succeed! DoS, SQL Injection).
● Insider Attacks - Employees misusing access (e.g., Data
Theft).
SLIDESMANIA.COM
 Examples of Passive & Active Attacks

● Passive: Hackers using packet sniffers to capture credentials.

● Active: A hacker injecting malicious code into a web application.
● Insider: A former employee leaks confidential data to competitors.
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
succeed!
SLIDESMANIA.COM
 Types of Attacks on Wireless Networks

● Evil Twin Attack - Fake Wi-Fi networks trick

users into connecting.
● Rogue Access Points - Unauthorized Wi-Fi points
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
intercept data.
succeed!
● WPA2 Cracking - Exploiting weak Wi-Fi
encryption.
SLIDESMANIA.COM
 Countermeasures for Wireless Attacks

● Use WPA3 encryption for wireless networks.

● Disable SSID broadcasting to reduce visibility.
s. We can build these lessons together and I am happy● toRegularly monitor
model, co-teach, for rogue
observe, access
and/or points.
provide feedback to help you
succeed!
SLIDESMANIA.COM
 Threats and Attacks on Web Applications

● SQL Injection - Attackers manipulate database queries.

● Cross-Site Scripting (XSS) - Injects malicious scripts into
web pages.
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
succeed! ● Session Hijacking - Stealing active user sessions.
SLIDESMANIA.COM
 Countermeasures for Web Application Attacks

● Validate and sanitize user inputs.

● Use web application firewalls (WAFs).
● Implement secure session management.
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
succeed!
SLIDESMANIA.COM
 Case Study 1: WannaCry Ransomware

● Affected 200,000+ computers worldwide in 2017.

● Exploited Windows vulnerabilities.
● Solution: Patch systems, back up data, use endpoint protection.
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
succeed!
SLIDESMANIA.COM
 Case Study 2: Equifax Data Breach (2017)

● 147 million customers’ personal data exposed.

● Attackers exploited unpatched Apache Struts vulnerability.
● Solution: Regular security updates, proper access controls.
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
succeed!
SLIDESMANIA.COM
 Impact of Attacks on Organizations

● Financial Loss - Cost of data breaches can reach millions.

● Reputation Damage - Loss of customer trust.
● Legal Consequences - Regulatory penalties and lawsuits.
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
succeed!
SLIDESMANIA.COM
 Cybersecurity Best Practices

● Keep all systems updated and patched.

● Train employees on security awareness.
● Implement a strong incident response plan.
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
succeed!
SLIDESMANIA.COM
 Conclusion

● Cybersecurity threats continue to evolve.

● Organizations must implement preventive measures.
● Staying informed and proactive is key to minimizing risks.
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
succeed!
SLIDESMANIA.COM
 Quiz Assessment

What is a countermeasure for SQL Injection attacks?

a) Ignore user inputs
b) Validate and sanitize inputs
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
succeed!
c) Use weak passwords
SLIDESMANIA.COM
 Quiz Assessment

What type of attack involves intercepting communications between

two parties?
a) Phishing
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
succeed!
b) Man-in-the-Middle
c) DDoS
SLIDESMANIA.COM
 Quiz Assessment

Which attack involves tricking users into connecting to a fake Wi-Fi

network?
a) Evil Twin
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
succeed!
b) XSS
c) SQL Injection
SLIDESMANIA.COM
 Quiz Assessment

What is a key method to prevent social engineering attacks?

a) Regular software updates
b) Security awareness training
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
succeed!
c) Disabling firewalls
SLIDESMANIA.COM
 Quiz Assessment

Which cybersecurity attack affected Equifax in 2017?

a) Ransomware
b) SQL Injection
s. We can build these lessons together and I am happy to model, co-teach, observe, and/or provide feedback to help you
succeed!
c) Apache Struts Vulnerability Exploitation
SLIDESMANIA.COM