IT Security Threats. Lecture 7: IT Security

Similar documents
10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

The Information Security Problem

E-commerce. business. technology. society. Kenneth C. Laudon Carol Guercio Traver. Second Edition. Copyright 2007 Pearson Education, Inc.

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

A Systems Engineering Approach to Developing Cyber Security Professionals

Desktop and Laptop Security Policy

Best Practices Guide to Electronic Banking

Introduction to Cyber Security / Information Security

Executive Overview...4. Importance to Citizens, Businesses and Government...5. Emergency Management and Preparedness...6

CPSC 467: Cryptography and Computer Security

Corporate Account Take Over (CATO) Guide

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

Common Cyber Threats. Common cyber threats include:

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Best Practices For Department Server and Enterprise System Checklist

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Passing PCI Compliance How to Address the Application Security Mandates

Security aspects of e-tailing. Chapter 7

Chapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers Your Interactive Guide to the Digital World

FBLA Cyber Security aligned with Common Core FBLA: Cyber Security RST RST RST RST WHST WHST

How are we keeping Hackers away from our UCD networks and computer systems?

Network Security and the Small Business

TELE 301 Network Management. Lecture 18: Network Security

6. ecommerce Security and Payment Systems. Alexander Nikov. Teaching Objectives. Video: Online Banking, Is It Secure?

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

Franchise Data Compromise Trends and Cardholder. December, 2010

COSC 472 Network Security

Alexander Nikov. 9. Information Assurance and Security, Protecting Information Resources. Learning Objectives. You re on Facebook? Watch Out!

Cyber Security Awareness

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Content Teaching Academy at James Madison University

INFORMATION SECURITY FOR YOUR AGENCY

SecurityMetrics Vision whitepaper

Security Best Practices for Mobile Devices

Detailed Description about course module wise:

Information Security

TMCEC CYBER SECURITY TRAINING

Cyber Security Awareness

Cybersecurity for the C-Level

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

Whitepaper on AuthShield Two Factor Authentication and Access integration with Microsoft outlook using any Mail Exchange Servers

Chapter 9: Network and Internet Security

Promoting Network Security (A Service Provider Perspective)

Digital War in e-business

Network Security. Introduction. Security services. Players. Conclusions. Distributed information Distributed processing Remote smart systems access

How To Protect Your Information From Being Hacked By A Hacker

CNA NetProtect Essential SM. 1. Do you implement virus controls and filtering on all systems? Background:

IIABSC Spring Conference

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Business ebanking Fraud Prevention Best Practices

Information Security Basic Concepts

Vendor Risk Assessment Questionnaire

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014

LIGC-ACC Presentation November 9, 2015

& INTERNET FRAUD

Online Banking Fraud Prevention Recommendations and Best Practices

Data Security Incident Response Plan. [Insert Organization Name]

CYBERTRON NETWORK SOLUTIONS

Network Security: Introduction

PCI Compliance in Multi-Site Retail Environments

4 Ways an Information Security Analyst Improves Business Productivity

Remote Deposit Quick Start Guide

Boston University Security Awareness. What you need to know to keep information safe and secure

BM482E Introduction to Computer Security

FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

CSCI 454/554 Computer and Network Security. Instructor: Dr. Kun Sun

Comprehensive Approach to Database Security

Jort Kollerie SonicWALL

Computer Security: Principles and Practice

The Ministry of Information & Communication Technology MICT

Guidelines for Website Security and Security Counter Measures for e-e Governance Project

ICANWK406A Install, configure and test network security

Managed Security Services

Hengtian Information Security White Paper

Policy Of Government of India

Infocomm Sec rity is incomplete without U Be aware,

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

Malware & Botnets. Botnets

Why is a strong password important?

E-COMMERCE and SECURITY - 1DL018

2012 Data Breach Investigations Report

COB 302 Management Information System (Lesson 8)

Achieving PCI-Compliance through Cyberoam

BE SAFE ONLINE: Lesson Plan

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

Business Internet Banking / Cash Management Fraud Prevention Best Practices

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Course Outline Computing Science Department Faculty of Science. COMP Credits Computer Network Security (3,1,0) Fall 2015

Networked Systems Security

Network and Security Controls

Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually.

Cybersecurity Governance Update on New FFIEC Requirements

Principles of ICT Systems and Data Security

National Cyber Security Month 2015: Daily Security Awareness Tips

Transcription:

IT Security Threats Lecture 7: IT Security PAD 6710 Security Threats External- Intrusion Threats Network- Technological Threats Internal- Organizational Threats Intrusion threats Hacking: Unauthorized access and use of sensitive information Compromising National security data Compromising Personnel data, e.g SSN, Credit cards Compromising Personal data Cyber crimes ID thefts: on the rise Carding Forums: Criminal websites dedicated to the sale of stolen personal and financial information 1

IT Security Threats Network threats System vulnerabilities/ compromises Malicious software Viruses: Programs that attach to files, enabling them to spread from one computer to another; can damage hardware, software or files. Worms: Self-propagating viruses Spyware: Programs that are installed without user s knowledge, and can potentially monitor activities or steal sensitive information Phishing: Legitimate looking emails that tricks user into providing sensitive information Pharming: Redirecting to a bogus website Wireless insecurities Wireless is more prone to security threats than wired connections Open wireless communities (e.g. Wi-FI hotspots in public places that do not require a password) are particularly vulnerable IT Security Threats Internal organizational threats Employee security who is to guard the guard? Lax management governments are extensive data repositories; lax management could compromise the data Problems of security threats Corruption of Information Disclosure of Information to unauthorized parties Theft of Service Denial-of-service to legitimate users 2

Need for IT security Processes of Network Attacks Authentication Provides the assurance that the person affixing a signature to an electronic document is who he or she claims to be Confidentiality Access to the content of the document is limited to authorized persons Integrity Assurance that the message is whole, complete, and not changed in transmission Nonrepudiation Neither party to a transaction can later claim that the transaction did not take place, or that the signature is not valid 3

Containing Security Threats Legislation and Executive Branch Actions Covers legal action against security threats Computer Security Act (1987) security guidelines and standards for government computers Government Information Security Reform Act (GISRA 2000) complemented CSA Homeland Security Act (HSA 2002): CIO authority for overseeing coordination and consolidation of data Fair and Accurate Credit Transactions Act (FACTA 2003) Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act of 2003) Containing Security Threats SECURITY AUDIT AND VULNERABILITY ASSESSMENT Update software Install the latest software patches Install antivirus software with frequent updates Attack halting Stops the attack, whether it is a program or a hacker Attack blocking Closes the loop-hole through which the attacker gained access Attack alerting Either pop-up to an online admin, or email or SMS to a remote admin Information collecting On what is done by the attack to the network, and from where the attack came - helps gather forensic evidence should a prosecution become necessary or possible Full reporting Learn from mistakes; prevent future problems 4

Containing Security Threats Intrusion Detection Systems Firewalls Access limitations CAPTCHAs (Completely Automated Turing Test To Tell Computers and Humans Apart) Multi level access control Discretionary access control (DAC) Mandatory access control (MAC) Role based access control Task based access control Containing Security Threats Fail-safe features Encryption of data to authenticate identity of individuals attempting to access the governmental computer systems Federal ID Cards for federal employees and contractors (Smartcards) Virtual Private Network (VPN) tunneling through secure channels 5

Containing security threats Containing Security Threats Public Key Infrastructure (PKI) PKI is based upon Public Key Cryptography (PKC), an internationally accepted method for securing electronic communications PKC involves a pair of mathematically related keys (large prime numbers of 1024 characters in length) Public key: Distributed freely to anyone whom the public key owner wishes to communicate securely Private Key: Known only by the signer; used to sign a message that only the public key can verify PKI Process User gets certificate of authority Certificate creates a public key for the user Certificate also issues matching private key User can employ the private key to send messages Another user can decrypt messages by using the public key PENETRATION TESTS Agency-Level Security Policies Security governance and reporting Physical Security Systems Security Checks and Clearances Biometrics Configuration Management Secure System Design Red Teams teams of experts Honey Pots proactive security strategies 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information