Introduction to Security
|
|
- Marvin Morgan
- 8 years ago
- Views:
Transcription
1 to Security Guest Lecture: CS329E Dr. Bill Young Department of Computer Sciences University of Texas at Austin Last updated: October 14, 2010 at 08:59 Slideset 1: 1
2 What Does Security Mean? We re interested in security. But security is an extremely expansive and widely used term. Personal security Physical security Corporate security National (homeland) security Operations security Personnel security Communication security Computer security Network security System security What s the common thread? What does security really mean? Slideset 1: 2
3 What Does Security Mean? In the most general terms, security seems to mean something like protection of assets against attack. But what assets? What kind of attack? What does protection mean? Doesn t the meaning of protection vary depending on the nature of the threat? What are some threats for computer security? Slideset 1: 3
4 What Does Security Mean? In the most general terms, security seems to mean something like protection of assets against attack. But what assets? What kind of attack? What does protection mean? Doesn t the meaning of protection vary depending on the nature of the threat? What are some threats for computer security? Some examples of threats: Interruption: an asset becomes unusable, unavailable, or lost. Interception: an unauthorized party gains access to an asset. Modification: an unauthorized party tampers with an asset. Fabrication: an asset is counterfeit. Slideset 1: 4
5 Thought Experiment Let s make it personal. Suppose you visit an e-commerce website such as your bank, Amazon.com, your stock broker, etc. Before you type in highly sensitive information, you d like to have some assurance that your information will be protected. Do you? How can you know? What security-relevant things do you want to happen, or not happen when you use such a website? What are the assets you are trying to protect and from what? Slideset 1: 5
6 Thought Experiment You might want: Privacy of your information Integrity of your information Authentication of the other parties Authorization to perform your goals Confidentiality Non-repudiation Availability of necessary resources Protection against phishing What else? Slideset 1: 6
7 What is Security According to security experts these are some of the major aspects of information needing protection: Confidentiality: assurance that information is not disclosed to unauthorized persons; Integrity: protection against unauthorized modification or destruction of information; Availability: timely, reliable access to data and information services for authorized users; Authentication: measures to establish the validity of a transmission, message, or originator. Non-repudiation: assurance that the sender is provided with proof of a data delivery and recipient is provided with proof of the sender s identity, so that neither can later deny having processed the data. So much to protect; so little time! Which of these are the most important? How would you decide? Slideset 1: 7
8 What is the Security Problem Computer and network security is becoming both more important and harder to attain. Why do you think that is? Slideset 1: 8
9 What is the Security Problem Computer and network security is becoming both more important and harder to attain. Why do you think that is? Increased connectivity; Large number of valuable assets online; Low threshhold to access; Sophisticated attack tools and strategies available (script kiddies); Any others? What do each of these mean? Why are they relevant? Slideset 1: 9
10 Why is Security Hard? Why do you suppose that security is a more difficult problem than most things in computer science? Slideset 1: 10
11 Why is Security Hard? Why do you suppose that security is a more difficult problem than most things in computer science? Most areas of computer science are concerned with ensuring that something good happens. In contrast, security is all about ensuring that bad things never happen. Not only do you have to find bugs that make the system behave differently than expected, you have to identify any features of the system that are susceptible to misuse and abuse. You have to defeat an actively malicious adversary. Ross Anderson characterizes this as Programming Satan s Computer. Slideset 1: 11
12 The Difficulty in Security Thus, the hardest thing about security is convincing yourself that you ve thought of all possible attack scenarios, before the attacker thinks of them. A good attack is one that the engineers never thought of. Bruce Schneier Principle of Easiest Penetration: an intruder will use any available means of penetration. Thus, the defender has to find and eliminate all exploitable vulnerabilities; the attacker only needs to find one! Slideset 1: 12
13 Why You Need a Systems Point of View Several fairly recent vulnerabilities: Date Program Effect March 2002 zlib DoS affecting many programs, including those that display PNG files. Nov Internet Explorer Malicious PNG file can be used to execute arbitrary code when displayed in IE. Aug libpng DoS affecting users of Firefox, Opera, Safari, and many others. Sep MS GDI+ JPG-rendering code enables the remote execution of arbitrary code. Affects IE, MS Office, and other MS products. July 2005 zlib Potential for remote code execution. Affects programs that display or manipulate PNG files. Dec Windows Graphics Rendering of WMF files enables remote Rendering Engine execution of arbitrary code. Expoited through IE. Jan Java 2 Platform Rendering of GIF image allows remote execution of arbitrary code through hostile applet. Slideset 1: 13
14 Taking a Systems Point of View Notice that none of the programs (in the table above) were security features of the relevant systems. They were all related to displaying images. Yet each vulnerability caused almost total compromise of the security of the system. What does that mean for the security professional/community? Slideset 1: 14
15 The Difficulty in Security Perfect security is probably impossible in any useful system. Often, this means that a tradeoff is necessary between security and other important software project goals including functionality, usability, efficiency, time-to-market, and simplicity. The three golden rules to ensure computer security are: do not own a computer; do not power it on; and do not use it. Robert T. Morris, Sr. Unfortunately the only way to really protect [your computer] right now is to turn it off, disconnect it from the Internet, encase it in cement and bury it 100 feet below the ground. Prof. Fred Chang (2009) Slideset 1: 15
16 Security is About Risk In Building Secure Software, Viega and McGraw assert that software and system security is all about managing risk. Viega and McGraw suggest a particular risk management procedure: 1 Assess assets 2 Assess threats 3 Assess vulnerabilities 4 Assess risks 5 Prioritize countermeasure options 6 Make risk management decisions Thought experiment: try to follow this procedure to manage risks to the stuff you have stored at your home or apartment. Slideset 1: 16
17 Risk Treatments Once the risk has been identified and assessed, managing the risk can be done through one of four techniques: Risk acceptance: risks not avoided or transferred are retained by the organization. e.g. sometimes the cost of insurance is greater than the potential loss. Sometimes the loss is improbable, though catastrophic. Risk avoidance: not performing an activity that would incur risk. e.g. disallow remote login. Risk mitigation: taking actions to reduce the losses due to a risk; most technical countermeasures fall into this category. Risk transfer: shift the risk to someone else. e.g. most insurance contracts, home security systems. There is generally lots more money in a bank than in a convenience store; but which is more likely to be robbed? Why? Slideset 1: 17
18 Some Sobering Facts A recent study of 32,000 Websites found that nearly 97% of sites carry a severe vulnerability. Web Application Security Consortium, Sept 2008 NSA found that inappropriate or incorrect software security configurations (most often caused by configuration errors at the local base level) were responsible for 80 percent of Air Force vulnerabilities. CSIS report on Securing Cyberspace for the 44th Presidency, Dec. 2008, p. 55. Slideset 1: 18
19 Some Sobering Facts There were over 1 million new unique malware samples discovered in each of the past two quarters. Unlike the worms and mass-mailers of the past, many of these were extremely targeted to particular industries, companies and even users. ( 10/19/2009) Once PCs are infected they tend to stay infected. The median length of infection is 300 days. ( 10/19/2009) Slideset 1: 19
20 Is It Hopeless? What can you do to protect yourself? Properly configure and patch operating systems, browsers, and other software programs. Use and regularly update firewalls, anti-virus, and anti-spyware programs. Be cautious about all communications; think before you click. Use common sense when communicating with users you DO and DO NOT know. Do not open or related attachments from un-trusted sources. Slideset 1: 20
21 Some Questions Security, particularly CyberSecurity at the national level, has become a really hot topic lately. Sure, security is hard. But the news would have you believe we re about to fall off a cliff! 1 What have you heard recently about cybersecurity? Has it been good or bad? 2 Do you think that the current buzz about cybersecurity is overdone? 3 What are the threats to individuals? To companies? To the military? To the country as a whole? Slideset 1: 21
22 Why Does it Matter? America s failure to protect cyberspace is one of the most urgent national security problems facing the new administration that will take office in January It is a battle we are losing. Losing this struggle will wreak serious damage on the economic health and national security of the United States. CSIS report on Securing Cyberspace for the 44th Presidency, Dec Slideset 1: 22
23 CyberSecurity: An Existential Threat? CYBERATTACKS AN EXISTENTIAL THREAT TO U.S., FBI SAYS (Computerworld, March 24, 2010) A top FBI official warned today that many cyber-adversaries of the U.S. have the ability to access virtually any computer system, posing a risk that s so great it could challenge our country s very existence. According to Steven Chabinsky, deputy assistant director of the FBI s cyber division: The cyber threat can be an existential threat meaning it can challenge our country s very existence, or significantly alter our nation s potential, Chabinsky said. How we rise to the cybersecurity challenge will determine whether our nation s best days are ahead of us or behind us. Slideset 1: 23
24 CyberSecurity CYBER ATTACKS TEST PENTAGON, ALLIES AND FOES (Wall Street Journal, Sept 25, 2010) Cyber espionage has surged against governments and companies around the world in the past year, and cyber attacks have become a staple of conflict among states. U.S. military and civilian networks are probed thousands of times a day, and the systems of the North Atlantic Treaty Organization headquarters are attacked at least 100 times a day, according to Anders Fogh Rasmussen, NATO s secretary-general. It s no exaggeration to say that cyber attacks have become a new form of permanent, low-level warfare, he said. More than 100 countries are currently trying to break into U.S. networks, defense officials say. China and Russia are home to the greatest concentration of attacks. Slideset 1: 24
25 CyberSecurity CYBERWARRIOR SHORTAGE THREATENS U.S. SECURITY (National Public Radio, July 19, 2010) There may be no country on the planet more vulnerable to a massive cyberattack than the United States, where financial, transportation, telecommunications and even military operations are now deeply dependent on data networking. [But there s a] severe shortage of computer security specialists and engineers with the skills and knowledge necessary to do battle against would-be adversaries. Cyber security expert Gosler estimates there are now only 1,000 people in the entire United States with the sophisticated skills needed for the most demanding cyberdefense tasks of the 20,000 to 30,000 skilled specialists needed. Slideset 1: 25
26 StuxNet Worm KASPERSKY LAB PROVIDES ITS INSIGHTS ON STUXNET WORM (Kaspersky.com, Sept. 24, 2010) Stuxnet is a one-of-a-kind, sophisticated malware attack backed by a well-funded, highly skilled attack team with intimate knowledge of SCADA (supervisory control and data acquisition) technology. I think that this is the turning point, this is the time when we got to a really new world, because in the past there were just cyber-criminals, now I am afraid it is the time of cyber-terrorism, cyber-weapons and cyber-wars, said Eugene Kaspersky, co-founder and chief executive officer of Kaspersky Lab. This malicious program was was designed to sabotage plants, to damage industrial systems, he said. The 90s were a decade of cyber-vandals, 2000 s were a decade of cybercriminals, I am afraid now it is a new era of cyber-wars and cyber-terrorism, Kaspersky added. Slideset 1: 26
Foundations of Computer Security
Foundations of Computer Security Lecture 1: Dr. Bill Young Department of Computer Sciences University of Texas at Austin Lecture 1: 1 Course Topics Topics we will cover include: What is computer security?
More informationMeasuring Software Security
Measuring Software Security Defining Security Metrics Dr. Bill Young Department of Computer Science University of Texas at Austin Last updated: July 1, 2014 at 14:53 Dr. Bill Young: 1 Why Is CyberSecurity
More informationWhat is Really Needed to Secure the Internet of Things?
What is Really Needed to Secure the Internet of Things? By Alan Grau, Icon Labs alan.grau@iconlabs.com The Internet of Things (IoT) has become a ubiquitous term to describe the tens of billions of devices
More informationE-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications
Learning objectives E-commerce Security Threats and Protection Mechanisms. This lecture covers internet security issues and discusses their impact on an e-commerce. Nov 19, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html
More informationCommon Cyber Threats. Common cyber threats include:
Common Cyber Threats: and Common Cyber Threats... 2 Phishing and Spear Phishing... 3... 3... 4 Malicious Code... 5... 5... 5 Weak and Default Passwords... 6... 6... 6 Unpatched or Outdated Software Vulnerabilities...
More informationCSE331: Introduction to Networks and Security. Lecture 1 Fall 2006
CSE331: Introduction to Networks and Security Lecture 1 Fall 2006 Basic Course Information Steve Zdancewic lecturer Web: http://www.cis.upenn.edu/~stevez E-mail: stevez@cis.upenn.edu Office hours: Tues.
More information資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview. Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系
資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系 Outline Infosec, COMPUSEC, COMSEC, and Network Security Why do we need Infosec and COMSEC? Security
More information10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)
1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction
More informationSECURING YOUR SMALL BUSINESS. Principles of information security and risk management
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
More informationUS Army War College Fellowship
US Army War College Fellowship Dr. Bill Young Department of Computer Science University of Texas at Austin Last updated: February 27, 2013 at 11:16 Dr. Bill Young: 1 Some Sources Jeffrey Carr, Inside Cyber
More informationCybersecurity for the C-Level
Cybersecurity for the C-Level Director Glossary of Defined Cybersecurity Terms A Active Attack An actual assault perpetrated by an intentional threat source that attempts to alter a system, its resources,
More informationDon t Fall Victim to Cybercrime:
Don t Fall Victim to Cybercrime: Best Practices to Safeguard Your Business Agenda Cybercrime Overview Corporate Account Takeover Computer Hacking, Phishing, Malware Breach Statistics Internet Security
More informationUTCS CyberSecurity. Educating Cyber Professionals. Dr. Bill Young Department of Computer Sciences University of Texas at Austin. Spring Semester, 2015
UTCS CyberSecurity Educating Cyber Professionals Dr. Bill Young Department of Computer Sciences University of Texas at Austin Spring Semester, 2015 Slideset 1: 1 From the Headlines U.S. Not Ready for Cyberwar
More informationTHE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY
THE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY CYBER HYGIENE AND ORGANIZATIONAL PLANNING ARE AT LEAST AS INTEGRAL TO SECURING INFORMATION NETWORKS AS FIREWALLS AND ANTIVIRUS SOFTWARE Cybersecurity
More informationSpyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc.
Spyware Michael Glenn Technology Management Michael.Glenn@Qwest.com Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References
More informationINSIDE. Cyberterrorism and the Home User By Sarah Gordon, Senior Research Fellow
Symantec Security Response WHITE PAPER Cyberterrorism and the Home User By Sarah Gordon, Senior Research Fellow Symantec Security Response INSIDE What it is? How does this affect me? What can I do to make
More informationCSE343/443 Lehigh University Fall 2015. Course Overview. Presenter: Yinzhi Cao Lehigh University
CSE343/443 Lehigh University Fall 2015 Course Overview Presenter: Yinzhi Cao Lehigh University Who am I? Yinzhi Cao It is kinda like [yihn jee] [chow] If you feel that it is really difficult, call me Ian.
More informationWRITTEN TESTIMONY OF
WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you
More informationCS361C: Information Assurance and Security
CS361C: Information Assurance and Security to IA Bill Young Department of Computer Science University of Texas at Austin Last updated: February 2, 2015 at 06:38 CS361C Slideset 1: 1 Some Sources Andrew
More informationBuilding The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord
Building The Human Firewall Andy Sawyer, CISM, C CISO Director of Security Locke Lord Confidentiality, Integrity, Availability Benchmarks of Cybersecurity: Confidentiality Information is protected against
More informationInformation Security. CS526 Topic 1
Information Security CS 526 Topic 1 Overview of the Course 1 Today s Security News Today: 220 million records stolen, 16 arrested in massive South Korean data breach A number of online gaming & movie ticket
More informationAnthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa
SECURING THE DIGITAL DIVIDE: COMBATING CYBERCRIME Anthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa INTRODUCTION q Given modern
More informationCOSC 472 Network Security
COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html
More informationProtecting Organizations from Cyber Attack
Protecting Organizations from Cyber Attack Cliff Glantz and Guy Landine Pacific Northwest National Laboratory (PNNL) PO Box 999 Richland, WA 99352 cliff.glantz@pnnl.gov guy.landine@pnnl.gov 1 Key Topics
More informationSecurity Defense Strategy Basics
Security Defense Strategy Basics Joseph E. Cannon, PhD Professor of Computer and Information Sciences Harrisburg University of Science and Technology Only two things in the water after dark. Gators and
More informationCybersecurity. Canisius College
Cybersecurity Introduction In the year 2013, cybersecurity is a relevant issue on both the most personal level and the global level. Never has humanity had access to such a vast array of information. Never
More informationMobile Devices and Malicious Code Attack Prevention
Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com WHITE PAPER Malicious Code and Mobile Devices: Best Practices for Securing Mobile Environments Sponsored
More informationDiscussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 Discussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples The
More informationRecommended Practice Case Study: Cross-Site Scripting. February 2007
Recommended Practice Case Study: Cross-Site Scripting February 2007 iii ACKNOWLEDGEMENT This document was developed for the U.S. Department of Homeland Security to provide guidance for control system cyber
More informationIncident Response Plan for PCI-DSS Compliance
Incident Response Plan for PCI-DSS Compliance City of Monroe, Georgia Information Technology Division Finance Department I. Policy The City of Monroe Information Technology Administrator is responsible
More informationProject 25 Security Services Overview
Project 25 Security Services Overview Bill Janky Director, System Design Harris Corporation 1 Agenda Overview of P25 Security Services What s new; What s coming Other topics 2 If you re in Public Safety...
More informationIntroduction to Computer Security
Introduction to Computer Security (ECE 458) Vijay Ganesh Spring 2014 Online Resources, Books, Notes,... Books Introduction to Computer Security by Matt Bishop Computer Security: Art and Science by Matt
More informationITSC Training Courses Student IT Competence Programme SIIS1 Information Security
ITSC Training Courses Student IT Competence Programme SI1 2012 2013 Prof. Chan Yuen Yan, Rosanna Department of Engineering The Chinese University of Hong Kong SI1-1 Course Outline What you should know
More informationCyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015
Cyber Threats Insights from history and current operations Prepared by Cognitio May 5, 2015 About Cognitio Cognitio is a strategic consulting and engineering firm led by a team of former senior technology
More informationAn Overview of Large US Military Cybersecurity Organizations
An Overview of Large US Military Cybersecurity Organizations Colonel Bruce D. Caulkins, Ph.D. Chief, Cyber Strategy, Plans, Policy, and Exercises Division United States Pacific Command 2 Agenda United
More informationGAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement
GAO For Release on Delivery Expected at time 1:00 p.m. EDT Thursday, April 19, 2007 United States Government Accountability Office Testimony Before the Subcommittee on Emerging Threats, Cybersecurity,
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationNetwork Security Threat Matrix May 2004
May 2004 By Lawrence Allhands BlueMotorcycle Consulting 650/704-4821 2830 Flores #18 San Mateo, CA 94403 http://www.bluemotorcycle.com Abstract Know your enemy If you know the enemy and know yourself,
More informationNATIONAL CYBER SECURITY AWARENESS MONTH
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
More informationNuclear Security Requires Cyber Security
Nuclear Security Requires Cyber Security A. DAVID MCKINNON, PH.D., MARY SUE HOXIE Cyber Physical Security Team, National Security Directorate Project on Nuclear Issues (PONI) Fall 2015 Conference PNNL-SA-113027
More informationAre You A Sitting Duck?
The 7 Most Cricitcal I.T. Security Protections Every Business Must Have in Place Now to Protect Themselves from Cybercrime, Data Breaches, and Hacker Attacks Cybercrime is at an all-time high, and hackers
More informationSBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics
SBA Cybersecurity for Small Businesses 1.1 Introduction Welcome to SBA s online training course: Cybersecurity for Small Businesses. SBA s Office of Entrepreneurship Education provides this self-paced
More informationGuideline on Auditing and Log Management
CMSGu2012-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Auditing and Log Management National Computer Board Mauritius
More informationSecure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines
Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious programs,
More informationYOUR DATA UNDER SIEGE: GUARD THE GAPS WITH PATCH MANAGEMENT. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next
YOUR DATA UNDER SIEGE: GUARD THE GAPS WITH PATCH MANAGEMENT. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next Your Data Under Siege: Guard the Gaps with Patch Management 1.0
More informationInformation Security in Business: Issues and Solutions
Covenant University Town & Gown Seminar 2015 Information Security in Business: Issues and Solutions A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information
More informationWho Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
More informationThe Weakest Link: Mitigating Web Application Vulnerabilities. webscurity White Paper. webscurity Inc. Minneapolis, Minnesota USA
The Weakest Link: Mitigating Web Application Vulnerabilities webscurity White Paper webscurity Inc. Minneapolis, Minnesota USA January 25, 2007 Contents Executive Summary...3 Introduction...4 Target Audience...4
More informationBridging the gap between COTS tool alerting and raw data analysis
Article Bridging the gap between COTS tool alerting and raw data analysis An article on how the use of metadata in cybersecurity solutions raises the situational awareness of network activity, leading
More informationCybersecurity Awareness. Part 1
Part 1 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat
More informationCourse Title: Penetration Testing: Network & Perimeter Testing
Course Title: Penetration Testing: Network & Perimeter Testing Page 1 of 7 Course Description: The Security Analyst Series from EC-Council Press is comprised of five books covering a broad base of topics
More informationThreats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1
Threats and Attacks Modifications by Prof. Dong Xuan and Adam C. Champion Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to:
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More informationSPEAR PHISHING UNDERSTANDING THE THREAT
SPEAR PHISHING UNDERSTANDING THE THREAT SEPTEMBER 2013 Due to an organisation s reliance on email and internet connectivity, there is no guaranteed way to stop a determined intruder from accessing a business
More informationGaining the upper hand in today s cyber security battle
IBM Global Technology Services Managed Security Services Gaining the upper hand in today s cyber security battle How threat intelligence can help you stop attackers in their tracks 2 Gaining the upper
More informationIT SECURITY RISKS SURVEY 2014: A BUSINESS APPROACH TO MANAGING DATA SECURITY THREATS
IT SECURITY RISKS SURVEY 2014: A BUSINESS APPROACH TO MANAGING DATA SECURITY THREATS Contents Introduction... 2 Key figures... 3 Methodology... 4 Concerns and priorities of IT managers: data comes first...
More informationHow Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER
WHITE PAPER CHALLENGES Protecting company systems and data from costly hacker intrusions Finding tools and training to affordably and effectively enhance IT security Building More Secure Companies (and
More information2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security
2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security For 10 years, Microsoft has been studying and analyzing the threat landscape of exploits, vulnerabilities, and malware.
More informationThe Four-Step Guide to Understanding Cyber Risk
Lifecycle Solutions & Services The Four-Step Guide to Understanding Cyber Risk Identifying Cyber Risks and Addressing the Cyber Security Gap TABLE OF CONTENTS Introduction: A Real Danger It is estimated
More informationCyber Threats: Exposures and Breach Costs
Issue No. 2 THREAT LANDSCAPE Technological developments do not only enhance capabilities for legitimate business they are also tools that may be utilized by those with malicious intent. Cyber-criminals
More informationCyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services
Cyber Risk Mitigation via Security Monitoring Enhanced by Managed Services Focus: Up to But Not Including Corporate and 3 rd Party Networks Level 4 Corporate and 3 rd Party/Vendor/Contractor/Maintenance
More informationOPC & Security Agenda
OPC & Security Agenda Cyber Security Today Cyber Security for SCADA/IS OPC Security Overview OPC Security Products Questions & Answers 1 Introduction CYBER SECURITY TODAY The Need for Reliable Information
More informationHigh Speed Internet - User Guide. Welcome to. your world.
High Speed Internet - User Guide Welcome to your world. 1 Welcome to your world :) Thank you for choosing Cogeco High Speed Internet. Welcome to your new High Speed Internet service. When it comes to a
More informationFINANCIAL FRAUD: THE IMPACT ON CORPORATE SPEND IT SECURITY RISKS SPECIAL REPORT SERIES
FINANCIAL FRAUD: THE IMPACT ON CORPORATE SPEND IT SECURITY RISKS SPECIAL REPORT SERIES Kaspersky Lab 2 Corporate IT Security Risks Survey details: More than 5,500 companies in 26 countries around the world
More informationCYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility
CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to
More informationWHY DOES MY SPEED MONITORING GRAPH SHOW -1 IN THE TOOLTIP? 2 HOW CAN I CHANGE MY PREFERENCES FOR UPTIME AND SPEED MONITORING 2
FAQ WHY DOES MY SPEED MONITORING GRAPH SHOW -1 IN THE TOOLTIP? 2 HOW CAN I CHANGE MY PREFERENCES FOR UPTIME AND SPEED MONITORING 2 WHAT IS UPTIME AND SPEED MONITORING 2 WHEN I TRY TO SELECT A SERVICE FROM
More informationTechnical Testing. Application, Network and Red Team Testing DATA SHEET. Test your security defenses. Expert Testing, Analysis and Assessments
DATA SHEET Technical Testing Application, Network and Red Team Testing The Dell SecureWorks Technical Testing services deliver the independent expertise, experience and perspective you need to enhance
More informationOctober Is National Cyber Security Awareness Month!
(0 West Virginia Executive Branch Privacy Tip October Is National Cyber Security Awareness Month! In recognition of National Cyber Security Month, we are supplying tips to keep you safe in your work life
More informationManaging the Unpredictable Human Element of Cybersecurity
CONTINUOUS MONITORING Managing the Unpredictable Human Element of Cybersecurity A WHITE PAPER PRESENTED BY: May 2014 PREPARED BY MARKET CONNECTIONS, INC. 14555 AVION PARKWAY, SUITE 125 CHANTILLY, VA 20151
More informationSecurity Issues with Integrated Smart Buildings
Security Issues with Integrated Smart Buildings Jim Sinopoli, Managing Principal Smart Buildings, LLC The building automation industry is now at a point where we have legitimate and reasonable concern
More informationDefense in Cyber Space Beating Cyber Threats that Target Mesh Networks
Beating Cyber Threats that Target Mesh Networks Trent Nelson, Cyber Security Assessment Lead, Idaho National Laboratory Jeff Becker, Global Wireless Business Director, Honeywell Process Solutions Table
More informationSecuring Industrial Control Systems in the Chemical Sector. Roadmap Awareness Initiative Making the Business Case
Securing Industrial Control Systems in the Chemical Sector Roadmap Awareness Initiative Making the Business Case Developed by the Chemical Sector Coordinating Council in partnership with The U.S. Department
More informationN-Dimension Solutions Cyber Security for Utilities
AGENDA ITEM NO.: 3.A. MEETING DATE; 08/18/2014 N-Dimension Solutions Cyber Security for Utilities Cyber Security Protection for Critical Infrastructure Assets The cyber threat is escalating - Confidential
More informationCritical Security Controls
Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security
More informationInformation Technology Security Review April 16, 2012
Information Technology Security Review April 16, 2012 The Office of the City Auditor conducted this project in accordance with the International Standards for the Professional Practice of Internal Auditing
More informationTOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY. Mark Villinski @markvillinski
TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY Mark Villinski @markvillinski Why do we have to educate employees about cybersecurity? 2014 Corporate Threats Survey 94% of business s suffered one
More informationDefense Media Activity Guide To Keeping Your Social Media Accounts Secure
Guide To Keeping Your Social Media Accounts Secure Social media is an integral part of the strategic communications and public affairs missions of the Department of Defense. Like any asset, it is something
More informationwww.pandasecurity.com 100% Malware-Free E-mail: A Guaranteed Approach
100% Malware-Free E-mail: A Guaranteed Approach 2 100% Malware-Free E-mail: A Guaranteed Approach Panda Security's Mail Filtering Managed Service Guarantees Clean E-mail Table of Contents Table of Contents...
More information9. Information Assurance and Security, Protecting Information Resources. Janeela Maraj. Tutorial 9 21/11/2014 INFO 1500
INFO 1500 9. Information Assurance and Security, Protecting Information Resources 11. ecommerce and ebusiness Janeela Maraj Tutorial 9 21/11/2014 9. Information Assurance and Security, Protecting Information
More informationNetwork Security. Introduction. Security services. Players. Conclusions. Distributed information Distributed processing Remote smart systems access
Roadmap Introduction Network services X.800 RFC 2828 Players Marco Carli Conclusions 2 Once.. now: Centralized information Centralized processing Remote terminal access Distributed information Distributed
More informationEd McMurray, CISA, CISSP, CTGA CoNetrix
Ed McMurray, CISA, CISSP, CTGA CoNetrix AGENDA Introduction Cybersecurity Recent News Regulatory Statements NIST Cybersecurity Framework FFIEC Cybersecurity Assessment Questions Information Security Stats
More informationMicrosoft s cybersecurity commitment
Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade
More informationSecurity & SMEs. An Introduction by Jan Gessin. Introduction to the problem
Security & SMEs An Introduction by Jan Gessin Introduction to the problem SMEs convinced it will never happen to them. In many ways SMEs are more of a target than big business. Harsh realities of the online
More informationNetwork Security Engineering: Introduction
Network Security Engineering: Introduction Carlo U. Nicola, SGI FHNW With extracts from publications of : Ross J. Anderson, University of Cambridge William Stallings, David A. Wheeler. and from the book
More informationUTCS Scholarships for Service
Preparing for a Career in Security Dr. Bill Young Department of Computer Sciences University of Texas at Austin Spring, 2015 Slideset 1: 1 How Bad Is It? Cyberwarfare greater threat to US than terrorism,
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationI N T E L L I G E N C E A S S E S S M E N T
I N T E L L I G E N C E A S S E S S M E N T (U//FOUO) Malicious Cyber Actors Target US Universities and Colleges 16 January 2015 Office of Intelligence and Analysis IA-0090-15 (U) Warning: This document
More informationCYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES
CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES The information provided in this document is presented as a courtesy to be used for informational purposes only. This information
More informationCyberterror. Cyberspace computer-mediated communication systems has become a battleground between states and terrorists, and among nation states.
Cyberterror Cyberspace computer-mediated communication systems has become a battleground between states and terrorists, and among nation states. What are terrorists main uses of cyberspace? How does cyberterror
More informationApplication Security in the Software Development Lifecycle
Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO
More informationPROTECT YOUR COMPUTER AND YOUR PRIVACY!
PROTECT YOUR COMPUTER AND YOUR PRIVACY! Fraud comes in many shapes simple: the loss of both money protecting your computer and Take action and get peace of and sizes, but the outcome is and time. That
More informationSMALL BUSINESS IT SECURITY PRACTICAL GUIDE
SMALL BUSINESS IT SECURITY PRACTICAL GUIDE How to make sure your business has comprehensive IT security protection #protectmybiz Small businesses come in all shapes and sizes. But in today s world, no
More informationEnergy Cybersecurity Regulatory Brief
Energy Understand the regulations that impact the energy industry and accelerate information security initiatives. Contents Overview 3 A Highly Vulnerable Energy Industry 4 Key Regulations to Consider
More informationSCADA/ICS Security in an. RobertMichael.Lee@Gmail.com Twitter: @RobertMLee
SCADA/ICS Security in an Insecure Domain RobertMichael.Lee@Gmail.com Twitter: @RobertMLee Introduction CYA The opinions held and expressed by Robert M. Lee do not constitute or represent an opinion or
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More informationNetwork Security Landscape
Cole p01.tex V3-07/28/2009 3:46pm Page 1 Network Security Landscape COPYRIGHTED MATERIAL IN THIS PART Chapter 1 State of Network Security Chapter 2 New Approaches to Cyber Security Chapter 3 Interfacing
More informationU.S. National Cybersecurity
U.S. National Cybersecurity Why are we talking about cybersecurity? William J. Perry Martin Casado Keith Coleman Dan Wendlandt MS&E 91SI Spring 2004 Stanford University Case 1: Internet Under Siege February
More information