I S 300: INTRODUCTION TO

INFORMATION SYSTEMS
- Winter 2017
- Shaosong Ou, Ph.D.

Session 17 March 1st, 2017

Information Security
Concluding Thoughts of IS 300
 Agenda

Final Exam Reminder

Time: Saturday, 3/11/2017, 10:30 AM 12:20 PM
Location: PCAR 192
Accommodation policy
AoL Survey (Opens on Monday 3/6):
https://catalyst.uw.edu/webq/survey/k8lynch/322705
Team presentations: 3/6 (Mon.) and 3/8 (Wed.)
Information Security
The System Triangle
Common attacks to information security
Password and encryption
Case Discussion: Privacy vs. Security
 Team Presentation FAQ

Learning objectives
1) Subject matter; 2) Team work; 3) Presentation skills
Requirements
All members need to participate
9-minute limit + 3-minute Q/A
Submit .ppt and report on Canvas the night before on Canvas and print hard
copies (NO email submissions!)
Team evaluation emails
Order of presentations
1. Pitches be Crazy 5. Ou-mazing!
2. Team A 6. Sales Xpress
3. Shaostrong 7. IS (Impeccably Smart)
4. Ou No
 Final Exam Preparation

Grading and Policy

Formula
Lab bonus points and participation

Final Exam Key Points

Binary and Decimal Conversion
ASCII code application
Bits, bytes, and the progression of units
Transmission speed and time estimate
Computer processing power vs. amount of data
HTML coding and tags
Excel functions: VLOOKUP, COUNTIF, MAX, MIN, RAND
Information Security Challenges
 The System Triangle
SECURITY

FUNCTIONALITY EASE OF USE

 The CIA Framework

Confidentiality
The improper disclosure of information

Integrity
The improper modification of data

Availability
The unauthorized denial of service to data
 What is a DOS Attack?

DOS Definition
Denial of Service
Attacking the availability aspect of the system

Types of DOS Attacks

Technical attacks
Non-technical attacks
 Attacker sends command for his
bots to attack the victim machine

Thousands of requests are sent to target

simultaneously to overload the server

Wikileaks
Firewall & Packet Filtering
Identity Theft: Phishing
Identity Theft: Spoofing
 Managing Passwords

Main Use of Password: Authentication/Identification

Security threats: All passwords are crackable
Objective: make it not worthwhile for the hackers
Ideal Passwords
Combination of letters/numbers/characters, hard to guess, changes regularly, even
one-time use
Biometric passwords: fingerprints, retinal scan, voice / facial recognition, etc.
Securing Passwords: hashing
No one except the user can ever see the password

Hashing is a non-reversible process

Wi-Fi Security
 Encryption & Decryption

Scrambling & Unscrambling

Advantage of Digital vs. Analog Signals
More secure
More flexible
Encryption Key vs. Decryption Key
Public/Private Key structure
Public key (shared) Encrypting information
Private key (kept secret) Decrypting information

15 Prentice Hall 2011

 Public and Private Keys

A public key encryption system can be viewed as a series of public and private keys that lock data when they
are transmitted and unlock the data when they are received. The sender locates the recipients public key in a
directory and uses it to encrypt a message. The message is sent in encrypted form over the Internet or a private
network. When the encrypted message arrives, the recipient uses his or her private key to decrypt the data and
read the message.
Basic Text Encryption ROT 13