Top Banner
CHAPTER 4 Information Security
40

CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

Dec 19, 2015

Download

Documents

Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

CHAPTER 4

Information Security

Page 2: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

Announcements

Project 2 – due today before midnight

Tuesday Class Quiz 1 – Access Basics

Questions/Comments

Page 3: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

Security is constantly evolving…

Cyber Security 101

Symantec Threats 2014

Page 4: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

Personal Security

How secure are you?

Do you secure your information?

How hackable is your digital life?

Page 5: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

Key Information Security Terms

Information Security

Vulnerability Threat Exposure/Attack

Page 6: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

Introduction to Information Security

© Sebastian/AgeFotostock America, Inc.

Is it possible to secure the Internet?

Page 7: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

Five Factors Increasing the Vulnerability of Information Resources

1. Today’s interconnected, interdependent, wirelessly-networked business environment

2. Smaller, faster, cheaper computers and storage devices

3. Decreasing skills necessary to be a hacker

4. Organized crime taking over cybercrime

5. Lack of management support

Page 8: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

1. Networked Business Environment

Threat of untrusted networks

Largest is the Internet

Page 9: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

2. Smaller, Faster Devices

© PhotoEdit/Alamy Limited

© laggerbomber-Fotolia.com© Dragonian/iStockphoto

Page 10: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

3. Decreasing Skills Needed to be a Hacker

New & Easier Tools make it very easy to attack the Network

Attacks are becoming increasingly sophisticated

© Sven Taubert/Age Fotostock America, Inc.

Page 11: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

4. Organized Crime Taking Over Cybercrime

© Stockbroker xtra/AgeFotostock America, Inc.

Cost of Cybercrime

Any Guesses?

http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime2.pdf

Page 12: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

5. Lack of Management Support

© Sigrid Olsson/Photo Alto/Age Fotostock

Page 13: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

Categorizing Security Threats

Security Threats:Unintentional and Deliberate

Page 14: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

Unintentional Threats:Most Dangerous Employees

Who are the most dangerous employees?

Why are these the most dangerous?

Page 15: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

Unintentional Threats:Human Errors

Common Human Mistakes:Carelessness

Devices E-mails Internet

Poor password selection and use Ex. Bank Employees 2014 worst passwords

Any guesses on #1?

Page 16: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

Unintentional Threats:Human Errors

Page 17: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

Unintentional Threats:Social Engineering

the art of manipulating people into performing actions or divulging confidential information.

Pretexting

Phishing

Baiting

Vishing (IVR or phone phishing)

Page 18: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

Deliberate Threats to Information Security

Theft of equipment or information Examples

Dumpster diving Laptop stolen from breaking in

Identify theft Stealing info off org. databases Phishing

Page 19: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

Deliberate Threats (continued)

Software attacks Virus Worm (see the rapid spread of the Slammer

worm) Trojan horse Logic Bomb Phishing attacks Distributed denial-of-service attacks

Ex. US Banks

Page 20: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

Deliberate Threats (continued)

Alien SoftwareSpyware

Spamware

Cookies

Targeted Attack Supervisory control and data acquisition (SCADA) attacks

Stuxnet

© Manfred Grafweg/Age Fotostock America, Inc.

Page 21: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

What Organizations Are Doing to Protect Themselves

“The only truly secure system is powered off, cast in a block of concrete, and sealed in a lead room with armed

guards, and even then I have my doubts”

Page 22: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

What Organizations Are Doing to Protect Themselves

How do you protect your own networks?

Page 23: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

Information Security Controls

1. Physical controls

2. Access controls

3. Communications (network) controls

Page 24: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

Information Security Controls

1. Physical controls

2. Access controls

3. Communications (network) controls

Access Controls

Page 25: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

Access Controls: Authentication (proof of identity)

Something the user is

Something the user has

Something the user does

Something the user knows passwords passphrases

Page 26: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

Access Controls: Authorization

Permissions issued based on verified identity

Privilege – operations that users can perform Idea of Least privilege

Page 27: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

Information Security Controls

1. Physical controls

2. Access controls

3. Communications (network) controls

Communication Controls

Page 28: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

Communications Controls

Firewalls

Anti-malware systems

Whitelisting and Blacklisting

Encryption

VPN

Page 29: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

Communications Controls -Firewalls

Home

Corporate

China Firewall

Page 30: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

Controls: Encryption (PKI)How Public Key Encryption Works

Page 31: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

Communication or Network Controls

Virtual private networking

Employee monitoring systems

Page 32: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

Protection of data

Government Regulations HIPPA Sarbanes-Oxley PA74

Page 33: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

Need to understand Risk

Risk Management (identify, control, minimize)

1.Risk analysis

2.Risk mitigation (take action)

1.

2.

3.

3.Controls Evaluationcontrol > cost of asset then the control is not cost effective

© Youri van der Schalk/Age FotostockAmerica, Inc.

Page 34: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

Business Continuity Planning, Backup, and Recovery

Provide guidance to people who keep business operating after a disaster occurs.

Options: Hot Site Warm Site Cold Site

Page 35: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

Personal Risk Assessment

To understand your own risk, get with another person and create an assessment.

List out the following:

1.Assets (e.g. laptop, external drive, etc.)

2.Threats (e.g. natural, virus, etc.)

3.Controls (how do you control threats)

Other ways to minimize personal risk

Page 36: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

Personal Risk Assessment

Internet Explorer

Page 37: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

LEARNING OBJECTIVES

1. Identify the five factors that contribute to the increasing vulnerability of information resources, and provide a specific example of each one.

1.Networked Environment

2.Size and cost of devices

3.Decreasing skills necessary to be a hacker

4.Organized crime taking over cybercrime

5.Lack of management support

Page 38: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

LEARNING OBJECTIVES

2. Compare and contrast human mistakes and social engineering, and provide a specific example of each one.

Page 39: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

LEARNING OBJECTIVES (continued)

3. Define the three risk mitigation strategies, and provide an example of each one in the context of you owning a home.

1.

2.

3.

Page 40: CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

LEARNING OBJECTIVES (continued)

4. Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.