Date post: | 28-Dec-2015 |
Category: |
Documents |
Upload: | verity-blankenship |
View: | 224 times |
Download: | 1 times |
Security Awareness: Applying Security Awareness: Applying Practical Security in Your Practical Security in Your
WorldWorld
Chapter 1: Introduction to SecurityChapter 1: Introduction to Security
ObjectivesObjectives
Define security and list the three basic goals of security
Explain why information security is important
List the six categories of individuals who break into computers
Security Awareness: Applying Practical Security in Your World 3
Objectives (continued)Objectives (continued) Describe the types of attacks on computers that
can occur
Explain how to safeguard a system
Explain the big picture in information security
Security Awareness: Applying Practical Security in Your World 4
Introduction to SecurityIntroduction to Security Security A state of freedom from a danger or
risk
Information security Process of protecting a computer (or network of computers) from harmful attacks
Three basic goals of information security:
Integrity Confidentiality Availability
Security Awareness: Applying Practical Security in Your World 5
Three Goals of Information Three Goals of Information SecuritySecurity
Integrity Data correct and unaltered
Confidentiality Data only accessible to authorized parties
Availability Authorized users allowed immediate access to the
data
Main goal: MINIMIZE RISKS
Security Awareness: Applying Practical Security in Your World 6
Why Information Security Is Why Information Security Is ImportantImportant
Prevent Data Theft Single largest cause of financial loss due to a
security breach
Thefts most commonly include proprietary business information Industrial espionage
Individuals can also suffer from data theft
Security Awareness: Applying Practical Security in Your World 7
Why Information Security Is Why Information Security Is Important (continued)Important (continued)
Protect Intellectual Property Illegal copying or distribution deprives creator or
owner of compensation for their work (See Figure 1-1 and 1-2) Electronic formats easy and cheap to copy
Digital rights management (DRM) technologies
Digital watermarks Physical copy protectionSoftware keys Activation code
Security Awareness: Applying Practical Security in Your World 8
Protect Intellectual PropertyProtect Intellectual Property
Figure 1-1
Security Awareness: Applying Practical Security in Your World 9
Protect Intellectual Property Protect Intellectual Property (continued)(continued)
Figure 1-2
Security Awareness: Applying Practical Security in Your World 10
Why Information Security Is Why Information Security Is Important (continued)Important (continued)
Thwart Identity Theft About 3.4% of Americans have been victims of
identity theft Average 609 hours and $1500 out-of-pocket expenses
to repair damage
Security Awareness: Applying Practical Security in Your World 11
Why Information Security Is Why Information Security Is Important (continued)Important (continued)
Avoid Legal Consequences—federal and state laws include: HIPAA
Sarbox
GLBA
USA Patriot Act
COPPA
California Database Security Breach Act
Security Awareness: Applying Practical Security in Your World 12
Why Information Security Is Why Information Security Is Important (continued)Important (continued)
Foil Cyberterrorism Cyberterrorism Attacks by terrorist group(s)
using computer technology Can damage or disable electronic and commercial
infrastructure
Most targets are not government-owned or operated: security procedures difficult to prescribe and enforce
Security Awareness: Applying Practical Security in Your World 13
Why Information Security Is Why Information Security Is Important (continued)Important (continued)
Maintain Productivity Resources diverted for “clean-up” activities
(See Table 1-1)
Spam: unsolicited e-mail messages cost time Viruses and worms can be attached
Security Awareness: Applying Practical Security in Your World 14
Attacker ProfilesAttacker Profiles Hackers
Crackers
Script kiddies
Spies
Employees
Cyberterrorists
Security Awareness: Applying Practical Security in Your World 15
How Attackers AttackHow Attackers Attack Social Engineering
Trickery and deceit used rather than technical skill
Difficult to defend against because it relies on human nature and not on computer systems
Strongest defense: Strict company policies
Security Awareness: Applying Practical Security in Your World 16
How Attackers Attack How Attackers Attack (continued)(continued)
Scanning Locating a vulnerable computer to break into Port scanning
War driving (See Figure 1-3)
Security Awareness: Applying Practical Security in Your World 17
How Attackers Attack How Attackers Attack (continued)(continued)
Sniffing Listening to and analyzing traffic on a network Requires access to the wired network (or
information about the wireless network) and special software
Sniffing output can reveal passwords and usernames
Security Awareness: Applying Practical Security in Your World 18
How Attackers Attack (continued)How Attackers Attack (continued)
Security Awareness: Applying Practical Security in Your World 19
How Attackers Attack How Attackers Attack (continued)(continued)
Software Vulnerabilities “Bugs” are errors in the programming code or logic of a computer program Buffer overflow (See Figures 1-5 and 1-6) is one of
the preferred attack methods for virus authors
Security Awareness: Applying Practical Security in Your World 20
How Attackers Attack (continued)How Attackers Attack (continued)
Security Awareness: Applying Practical Security in Your World 21
How Attackers Attack How Attackers Attack (continued)(continued)
Malicious Code Virus
Attaches to other programs
Spreads by exchanging files or e-mail (See Table 1-3)
Security Awareness: Applying Practical Security in Your World 22
How Attackers Attack How Attackers Attack (continued)(continued)
Malicious Code (continued) Worm
Similar in nature, but different from viruses:
Worms can travel alone
Self-executing
Logic Bombs Computer programs triggered by specific events
Security Awareness: Applying Practical Security in Your World 23
How Attackers Attack How Attackers Attack (continued)(continued)
Spyware Hardware or software that spies on what the user is doing without their knowledge Keystroke logger
(See Figure 1-7)
Software that records and reports user activities
Security Awareness: Applying Practical Security in Your World 24
How Attackers Attack How Attackers Attack (continued)(continued)
Security Awareness: Applying Practical Security in Your World 25
Safeguarding a System Safeguarding a System
Identifying, Analyzing and Controlling Risks
Risk management Systematic process of identifying, analyzing and controlling risks
Risk assessment Process of evaluating risks
Security Awareness: Applying Practical Security in Your World 26
Safeguarding a System (continued)Safeguarding a System (continued)
Authentication, Access Control, and Accounting Restricting who can use the resource
and what they are allowed to do
Authentication Verifies, confirms and validates the person requesting access to a resource
Access Control Limits what an authorized user can do
Accounting Provides a historical record (audit trail)
Security Awareness: Applying Practical Security in Your World 27
Safeguarding a System Safeguarding a System (continued)(continued)
Formalized Security Policy Tying it all together Outlines the importance of security to the
organization
Establishes Policy’s goals
How the security program is organized
Who is responsible at various levels
Sketches out details
Security Awareness: Applying Practical Security in Your World 28
Information Security: The Big Information Security: The Big PicturePicture
Data at the center
Layeredprotection around it:
PRODUCTSPEOPLEPROCEDURES
Security Awareness: Applying Practical Security in Your World 29
SummarySummary
Security is a state of freedom from a danger or a risk. Information security protects the equipment and
information stored on it.
There are three basic goals of information security: Integrity
Confidentiality
Availability of data
Security Awareness: Applying Practical Security in Your World 30
Summary (continued)Summary (continued)
Reasons why information security is important: Protect data from theft
Prevent loss of productivity
Curb theft of intellectual property
Ensure compliance with law and avoid legal consequences
Thwart personal identity theft
Counter cyberterrorism
Security Awareness: Applying Practical Security in Your World 31
Summary (continued)Summary (continued)
Six categories of attackers—all have different motives: Hackers
Crackers
Script kiddies
Spies
Employees
Cyberterrorists
Security Awareness: Applying Practical Security in Your World 32
Summary (continued)Summary (continued) Five categories of attacks:
Social engineering
Scanning and sniffing
Software vulnerabilities
Malicious code
Spyware
Security Awareness: Applying Practical Security in Your World 33
Summary (continued)Summary (continued) Three steps to securing a system:
Risk management—
Identify bad things that can happen to it
Authentication, access control and accounting—
Restrict who can legitimately use it
Security policy—
Plan of action tying it all together