Security Awareness: Applying Practical Security in Your World - PowerPoint PPT Presentation

About This Presentation
Title:

Security Awareness: Applying Practical Security in Your World

Description:

Electronic formats easy and cheap to copy. Digital rights management (DRM) technologies ... Worms can travel alone. Self-executing. Logic Bombs ... – PowerPoint PPT presentation

Number of Views:128
Avg rating:3.0/5.0
Slides: 34
Provided by: Wea67
Learn more at: http://csis.pace.edu
Category:

less

Transcript and Presenter's Notes

Title: Security Awareness: Applying Practical Security in Your World


1
Security Awareness Applying Practical Security
in Your World
  • Chapter 1 Introduction to Security

2
Objectives
  • Define security and list the three basic goals of
    security
  • Explain why information security is important
  • List the six categories of individuals who break
    into computers

3
Objectives (continued)
  • Describe the types of attacks on computers that
    can occur
  • Explain how to safeguard a system
  • Explain the big picture in information security

4
Introduction to Security
  • Security ? A state of freedom from a danger or
    risk
  • Information security ? Process of protecting a
    computer (or network of computers) from harmful
    attacks
  • Three basic goals of information
    securityIntegrity Confidentiality
    Availability

5
Three Goals of Information Security
  • Integrity
  • Data correct and unaltered
  • Confidentiality
  • Data only accessible to authorized parties
  • Availability
  • Authorized users allowed immediate access to the
    data
  • Main goal MINIMIZE RISKS

6
Why Information Security Is Important
  • Prevent Data Theft
  • Single largest cause of financial loss due to a
    security breach
  • Thefts most commonly include proprietary business
    information
  • Industrial espionage
  • Individuals can also suffer from data theft

7
Why Information Security Is Important (continued)
  • Protect Intellectual Property
  • Illegal copying or distribution deprives creator
    or owner of compensation for their work (See
    Figure 1-1 and 1-2)
  • Electronic formats easy and cheap to copy
  • Digital rights management (DRM)
    technologiesDigital watermarks Physical copy
    protectionSoftware keys Activation code

8
Protect Intellectual Property
Figure 1-1
9
Protect Intellectual Property (continued)
Figure 1-2
10
Why Information Security Is Important (continued)
  • Thwart Identity Theft
  • About 3.4 of Americans have been victims of
    identity theft
  • Average 609 hours and 1500 out-of-pocket
    expenses to repair damage

11
Why Information Security Is Important (continued)
  • Avoid Legal Consequencesfederal and state laws
    include
  • HIPAA
  • Sarbox
  • GLBA
  • USA Patriot Act
  • COPPA
  • California Database Security Breach Act

12
Why Information Security Is Important (continued)
  • Foil Cyberterrorism
  • Cyberterrorism ? Attacks by terrorist group(s)
    using computer technology
  • Can damage or disable electronic and commercial
    infrastructure
  • Most targets are not government-owned or
    operated security procedures difficult to
    prescribe and enforce

13
Why Information Security Is Important (continued)
  • Maintain Productivity
  • Resources diverted for clean-up activities
    (See Table 1-1)
  • Spam unsolicited e-mail messages cost time
  • Viruses and worms can be attached

14
Attacker Profiles
  • Hackers
  • Crackers
  • Script kiddies
  • Spies
  • Employees
  • Cyberterrorists

15
How Attackers Attack
  • Social Engineering
  • Trickery and deceit used rather than technical
    skill
  • Difficult to defend against because it relies on
    human nature and not on computer systems
  • Strongest defense
  • Strict company policies

16
How Attackers Attack (continued)
  • Scanning ? Locating a vulnerable computer to
    break into
  • Port scanning
  • War driving (See Figure 1-3)

17
How Attackers Attack (continued)
  • Sniffing ? Listening to and analyzing traffic on
    a network
  • Requires access to the wired network (or
    information about the wireless network) and
    special software
  • Sniffing output can reveal passwords and usernames

18
How Attackers Attack (continued)
19
How Attackers Attack (continued)
  • Software Vulnerabilities ? Bugs are errors in
    the programming code or logic of a computer
    program
  • Buffer overflow (See Figures 1-5 and 1-6) is one
    of the preferred attack methods for virus authors

20
How Attackers Attack (continued)
21
How Attackers Attack (continued)
  • Malicious Code
  • Virus
  • Attaches to other programs
  • Spreads by exchanging files or e-mail (See Table
    1-3)

22
How Attackers Attack (continued)
  • Malicious Code (continued)
  • Worm
  • Similar in nature, but different from viruses
  • Worms can travel alone
  • Self-executing
  • Logic Bombs
  • Computer programs triggered by specific events

23
How Attackers Attack (continued)
  • Spyware ? Hardware or software that spies on what
    the user is doing without their knowledge
  • Keystroke logger (See Figure 1-7)
  • Software that records and reports user activities

24
How Attackers Attack (continued)
25
Safeguarding a System
  • Identifying, Analyzing and Controlling Risks
  • Risk management ? Systematic process of
    identifying, analyzing and controlling risks
  • Risk assessment ? Process of evaluating risks

26
Safeguarding a System (continued)
  • Authentication, Access Control, and Accounting
  • Restricting who can use the resource
    and what they are allowed to do
  • Authentication ? Verifies, confirms and validates
    the person requesting access to a resource
  • Access Control ? Limits what an authorized user
    can do
  • Accounting ? Provides a historical record (audit
    trail)

27
Safeguarding a System (continued)
  • Formalized Security Policy ? Tying it all
    together
  • Outlines the importance of security to the
    organization
  • Establishes
  • Policys goals
  • How the security program is organized
  • Who is responsible at various levels
  • Sketches out details

28
Information Security The Big Picture
  • Data at the centerLayeredprotection around
    itPRODUCTSPEOPLEPROCEDURES

29
Summary
  • Security is a state of freedom from a danger or a
    risk.
  • Information security protects the equipment and
    information stored on it.
  • There are three basic goals of information
    security
  • Integrity
  • Confidentiality
  • Availability of data

30
Summary (continued)
  • Reasons why information security is important
  • Protect data from theft
  • Prevent loss of productivity
  • Curb theft of intellectual property
  • Ensure compliance with law and avoid legal
    consequences
  • Thwart personal identity theft
  • Counter cyberterrorism

31
Summary (continued)
  • Six categories of attackersall have different
    motives
  • Hackers
  • Crackers
  • Script kiddies
  • Spies
  • Employees
  • Cyberterrorists

32
Summary (continued)
  • Five categories of attacks
  • Social engineering
  • Scanning and sniffing
  • Software vulnerabilities
  • Malicious code
  • Spyware

33
Summary (continued)
  • Three steps to securing a system
  • Risk management
  • Identify bad things that can happen to it
  • Authentication, access control and accounting
  • Restrict who can legitimately use it
  • Security policy
  • Plan of action tying it all together
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Security Awareness: Applying Practical Security in Your World" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!