Cyber Security: What You Need to Know



Similar documents
Cyber Security: Past, Present and Future

The Science, Engineering, and Business of Cyber Security

The Future of Cyber Security

The Science, Engineering, and Business of Cyber Security

Cyber Security Research: A Personal Perspective

The Challenge of Data and Application Security and Privacy (DASPY): Are We Up to It?

Internet threats: steps to security for your small business

The Future of Access Control: Attributes, Automation and Adaptation

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

How To Secure Cloud Computing

It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions

Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions

FERPA: Data & Transport Security Best Practices

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

Cyber Innovation and Research Consortium

Defending Against. Phishing Attacks

ITAR Compliance Best Practices Guide

The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco.

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord

Hot Topics in IT Security PREP#28 May 1, David Woska, Ph.D. OCIO Security

10 Smart Ideas for. Keeping Data Safe. From Hackers

PENETRATION TESTING GUIDE. 1

Fighting Advanced Threats

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015

Network that Know. Rasmus Andersen Lead Security Sales Specialist North & RESE

Cisco & Big Data Security

DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C

Security Models: Past, Present and Future

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Cybercrimes NATIONAL CRIME PREVENTION COUNCIL

2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security

AB 1149 Compliance: Data Security Best Practices

Covert Operations: Kill Chain Actions using Security Analytics

Marble & MobileIron Mobile App Risk Mitigation

THE HUMAN COMPONENT OF CYBER SECURITY

A REPORT BY HARVARD BUSINESS REVIEW ANALYTIC SERVICES Meeting the Cyber Risk Challenge. Sponsored by

Security Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

Protect Yourself. Who is asking? What information are they asking for? Why do they need it?

OVERVIEW. 1. Cyber Crime Unit organization. 2. Legal framework. 3. Identity theft modus operandi. 4. How to avoid online identity theft

Cyber Security Education: My Personal Thoughts. Bharat Doshi

Incident Response Plan for PCI-DSS Compliance

Understanding Cyber Defense A Systems Architecture Approach

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

Cyber Security Solutions:

Institute for Cyber Security

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

Mitigating Server Breaches with Secure Computation. Yehuda Lindell Bar-Ilan University and Dyadic Security

White Paper - Crypto Virus. A guide to protecting your IT

+GAMES. Information Security Advisor. Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains

A Systems Engineering Approach to Developing Cyber Security Professionals

STOP. THINK. CONNECT. Online Safety Quiz

CYBER INFORMATION SECURITY AWARENESS AND PROTECTION PRACTICES. Strengthening Your Community at the Organizational Level

Virginia Government Finance Officers Association Spring Conference May 28, Cloud Security 101

PREP Course #25: Hot Topics in Cyber Security and Database Security. Presented by: Joe Baskin Manager, Information Security, OCIO

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT FIVE. Microsoft Windows Security.

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

GAO DEFENSE DEPARTMENT CYBER EFFORTS. More Detailed Guidance Needed to Ensure Military Services Develop Appropriate Cyberspace Capabilities

Secure Your Home Computer and Router. Windows 7 Abbreviated Version. LeRoy Luginbill, CISSP

Introduction to Computer Security

CYBERSECURITY POLICY

Today s Cybersecurity Technology: Is Your Business Getting Full Protection?

Cyber Security. Maintaining Your Identity on the Net

2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

Security A to Z the most important terms

Practical Steps To Securing Process Control Networks

Security Practices for Online Collaboration and Social Media

CYBER SECURITY, A GROWING CIO PRIORITY

The Benefits of SSL Content Inspection ABSTRACT

Bellevue University Cybersecurity Programs & Courses

Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community

The Human Component of Cyber Security

Data Center security trends

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Opportunities in Indian IT Security Market

The SMB Cyber Security Survival Guide

Transcription:

Cyber Security: What You Need to Know Prof. Ravi Sandhu Executive Director and Chief Scientist Institute for Cyber Security University of Texas at San Antonio October 2009 ravi.sandhu@utsa.edu www.profsandhu.com www.ics.utsa.edu Ravi Sandhu 1

99-1 Principle (Roughly) 99% of the attacks are thwarted by basic hygiene and some luck DO Think before you click etcetera Up-to-date anti-virus, firewall and site advisor BUT Some new attacks may get through. However, attacker may only use your machine to attack others and not attack you per se. Will not prevent data loss by merchants and other servers. However, still have safety in numbers. Attackers can steal a lot of account numbers but can exploit much fewer. 1% of the attacks are difficult and expensive to defend or detect For most individuals We are simply not an attractive enough target. For the US Department of Defense and its contractors A huge target. Current score: 50-1 in favor of attackers (roughly) For companies in less sensitive businesses A serious threat to be taken seriously Ravi Sandhu 2

Weakest Link: Password Reset Typically done via secret questions and email to preferred email account Mother s maiden name? Father s middle name? Favorite pet s name? etcetera As detailed in the postings, the Palin hack didn t require any real skill. Instead, the hacker simply reset Palin s password using her birthdate, ZIP code and information about where she met her spouse the security question on her Yahoo account, which was answered (Wasilla High) by a simple Google search. Password reset on preferred email account itself done via secret questions Conundrum Real answers easy to remember but discoverable via Google False answers hard to remember but safe from Google Ravi Sandhu 3

Crystal Ball: In the Year 2025 PRIVACY Expectation (and delivery) of privacy is close to zero E-COMMERCE SECURITY Close to perfect NATIONAL AND CORPORATE SECURITY The nation-state threat should be better contained The asymmetric non-nation-state threat will remain Ravi Sandhu 4

Crystal Ball: In the Year 2025 PAST, PRESENT Cyber security is a young and immature field The attackers are more innovative than defenders Defenders are mired in FUD (fear, uncertainty and doubt) and fairy tales Attack back is illegal or classified FUTURE Cyber security will become a scientific discipline Cyber security will be application and technology centric Cyber security will never be solved but will be managed Attack back will be a integral part of cyber security Ravi Sandhu 5

Cyber Security: Major Trends Security Objectives: Black-and-white to shades of grey Attackers: Innovative beyond belief Defenders: Need new doctrine Ravi Sandhu 6

Cyber Security: Major Trends Security Objectives: Black-and-white to shades of grey Attackers: Innovative beyond belief Defenders: Need new doctrine Ravi Sandhu 7

Cyber Security Objectives INTEGRITY authenticity AVAILABILITY access CONFIDENTIALITY disclosure Ravi Sandhu 8

Cyber Security Objectives USAGE purpose INTEGRITY authenticity AVAILABILITY access CONFIDENTIALITY disclosure Ravi Sandhu 9

Cyber Security Objectives USAGE purpose INTEGRITY authenticity USAGE AVAILABILITY access CONFIDENTIALITY disclosure Ravi Sandhu 10

Cyber Security: Major Trends Security Objectives: Black-and-white to shades of grey Attackers: Innovative beyond belief Defenders: Need new doctrine Ravi Sandhu 11

Attackers: Innovative Beyond Belief Major Innovations Botnets Robust underground economy and supply chain Targeted attacks Stealthy attacks Some Examples Drive by downloads Scareware Doctored online statements Long-lived stealth attacks Status Attackers have sizable inventory of known but unused or rarely used tricks Innovation will continue Ravi Sandhu 12

Cyber Security: Major Trends Security Objectives: Black-and-white to shades of grey Attackers: Innovative beyond belief Defenders: Need new doctrine Ravi Sandhu 13

Defenders: Need New Doctrine OLD: Cyberspace is a supporting infrastructure NEW: Cyberspace is a war-fighting domain on par with land, sea, air and space OLD: It s all defense, no attack back or preemptive attack NEW: All s fair in war OLD: Defend the entire network to the same degree NEW: Defend selectively and dynamically OLD: Blame and harass the end user NEW: The user is part of the solution OLD: Defend against yesterday s attacks NEW: Be proactive, get ahead of the curve, future-proof Ravi Sandhu 14

Research Excellence Secure Information Sharing Social Computing Security Cloud Computing Security Malware Mitigation Military Grade Security Infrastructure Assurance and Security Institute for Cyber Security (ICS) Founded 2001 50+ people and growing A jewel in UTSA s drive to tier I status Research Laboratories FlexCloud: cloud platform FlexFarm: malware honeyfarm Community exercises: the real real-world Core Differentiators We are the flagship for cyber security research at UTSA We are unique amongst the myriad academic cyber security centers in the country due to our demonstrable emphasis on real-world impact Ravi Sandhu 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information