1

IntroductiontoInformationSecurity

Dr.RickJerz

© 2016 rjerz.com1

Goals

• Explain the varioustypesofthreats tothesecurity ofinformation

• Discuss the different categorizations ofsecurity technologies andsolutions

• Explain passwords, firewalls, biometrics,encryption, virusprotection, andwirelesssecurity

• Discuss themainpurposes andcontent ofsecurity policies

• Identify riskmanagement options

© 2016 rjerz.com2

IntroductiontoInformationSecurity

• FiveFactorsContributing toVulnerability• Today’s interconnected,interdependent,wirelesslynetworkedbusinessenvironment

• Smaller, faster,cheapercomputers &storagedevices

• Decreasingskillsnecessarytobeacomputerhacker

• Internationalorganizedcrimetakingovercybercrime

• Lackofmanagementsupport

© 2016 rjerz.com3

2

WhyWorryAboutSecurity

• Threatscanrenderasysteminoperative• Threatscanmakedataunavailable• Threatscansteal yourmoney• Threatscanchange data• Threatscanmakeyoulessproductive

• Threatscancost money!

• Balance thecost ofathreat versusthecost ofprotection

© 2016 rjerz.com4

InformationSecurityThreats

• Unauthorized access• Virusesandmalware• Email threats• Accidental lossofdata

• Security threatscaninvolve both people andequipment

© 2016 rjerz.com5

UnauthorizedAccess

• Locked areasorequipment• UserIDsand passwords• Encryption• Security cards• Biometrics

© 2016 rjerz.com6

3

Biometrics

• Fingerprint recognition• Facialrecognition• Iris/retina recognition• DNArecognition• Odorrecognition• Earrecognition• Signature recognition

© 2016 rjerz.com7

Firewalls

• Computer orarouterthat controls, orrestrictsaccess inand out oftheorganization’s networks

• Cannot protect anorganization fromavirus

• Cannot preventhackersfromexploiting anunsecured computer

• Should beimplementedatdifferent locations intheorganization

Af irewallarchitectureforDefenseinDepth

© 2016 rjerz.com8

VirusesandOtherMalware

• Virusesaresent out tofind anyvictim theycan

• Lines ofcode thatmakeupaviruscanbeembedded into other files

• Thesignature ofthevirusisthe particular bitpatterns that canberecognized,which ishowvirusdetection software knowsyourcomputer hascontracted avirus

• Canbeactive orpassive

© 2016 rjerz.com9

4

Rick’sComputers

OlderDell PC• Norton Antivirus• Malwarebytes• Spybot Search&Destroy

VirtualWindows7 PC• Microsoft’s Antivirus

Macintosh• Nothing!

© 2016 rjerz.com10

EmailAttacks

• Email bombing: Sending alargeamount ofemails designed to disrupt normalfunctioning

• Smurfing:When hackerssometimes use aninnocent 3rd partytosend aflood ofmessagestoanintended target

• Spoofing: Forgedsenderaddress• Phishing: Masquerading asatrustworthyentity

© 2016 rjerz.com11

CarefullyWatchYourEmail!

• Theemail is addressed toyouusing your email account info

• Theemail does not haveapersonalized salutation

• When you hover the mouseover the hyperlink, thesitedoes not seemtobe from theproper company

• When you hover the mouseover the hyperlink, thesiteseems tobe located inanother country

• Theemail makes you feelyour response is urgentorsomething bad isgoing tohappen.

© 2016 rjerz.com12

5

AccidentalLossofData

• Haveagoodfiling system• Think about theft and fraud• Password protect orencrypt importantinformation

• Backupyoursystemandfiles

• Becareful about putting dataon:• Cellphone• USBdrives• CDsandDVDs

© 2016 rjerz.com13

WirelessSecurity

• Bestprotection forwireless networks isencryption

• WEP,theWiredEquivalent Privacyisanolderencryption algorithm, which canbeeasilycrackedwithin minutes today

• WPA,theWi-FiProtected Access,isamorerecentand powerful encryption algorithmwidely available inmost routers

• Furtherprotection forhome wirelessnetworks istodisable thebroadcasting ofthenetwork’s ID(SSID)

© 2016 rjerz.com14

YourWebServer

• Firewalls• Antivirus• Whitelists andBlacklists• Encryption• VPN• SSL- SecureSocket Layer• EmployeeMonitoring Systems

• Email Spam:

© 2016 rjerz.com15

6

RiskManagement

• Processofidentifying, assessing andprioritizing thesecurity risksanorganizationmayface

• Analyzeand balance riskswith theresourcesavailable tomitigate them

• Management determines wherethecompany would bemostvulnerable andhowlikelyit isthat ariskwould affect it

© 2016 rjerz.com16

SecurityMeasures

• Educate people about security threatsandsolutions

• Createstrongpasswords• Keeppasswords inasecurelocation• Runappropriate antivirus andmalwaresoftware

• Develop agooddatabackup system

© 2016 rjerz.com17