Security and Control of Information Systems

1. Value

1.1. Loss revenue

1.2. Lowered market value

1.3. Lowered employee productivity

1.4. Higher operational cost

1.5. Legal responsability

1.6. Electronic evidence

1.7. Computers forensics

2. Technology and tools

2.1. Access control

2.2. Firewall

2.3. Antivirus

2.4. Antispyware

2.5. Encryption

2.6. Digital certificate

2.7. Ensuring system availability

2.8. Digital certificates

2.9. Recovery-orintated computing

3. Vulnerability

3.1. hardware

3.1.1. configuration errors

3.1.2. damage

3.1.3. brakedowns

3.2. sofware

3.2.1. pragramming errors

3.2.2. instalation errors

3.2.3. unauthorize changes

3.3. Disasters

3.3.1. power failures

3.3.2. flods

3.3.3. fire

3.4. Violation of information

4. Framework

4.1. Risk assesment

4.1.1. types of threats

4.1.2. probability of occurrence

4.1.3. potencial loss

4.2. Controls

4.2.1. general

4.2.1.1. software

4.2.1.2. hardware

4.2.1.3. operations

4.2.1.4. administrative

4.2.2. applicants

4.2.2.1. input controls

4.2.2.2. processing controls

4.2.2.3. output controls

4.3. Security policy

4.4. Audit

5. Abuse

5.1. Internet

5.1.1. open to anyone

5.1.2. hackers

5.1.3. trade secrets

5.1.4. IM messages

5.2. Employees

5.2.1. knowledge

5.2.2. procedures

5.2.3. social engineering