+ All Categories

Download - Introduction to Information Security · 6 Risk Management • Process of identifying, assessing and prioritizing the security risks an organization may face • Analyze and balance

Transcript
Page 1: Introduction to Information Security · 6 Risk Management • Process of identifying, assessing and prioritizing the security risks an organization may face • Analyze and balance

1

IntroductiontoInformationSecurity

Dr.RickJerz

© 2016 rjerz.com1

Goals

• Explain the varioustypesofthreats tothesecurity ofinformation

• Discuss the different categorizations ofsecurity technologies andsolutions

• Explain passwords, firewalls, biometrics,encryption, virusprotection, andwirelesssecurity

• Discuss themainpurposes andcontent ofsecurity policies

• Identify riskmanagement options

© 2016 rjerz.com2

IntroductiontoInformationSecurity

• FiveFactorsContributing toVulnerability• Today’s interconnected,interdependent,wirelesslynetworkedbusinessenvironment

• Smaller, faster,cheapercomputers &storagedevices

• Decreasingskillsnecessarytobeacomputerhacker

• Internationalorganizedcrimetakingovercybercrime

• Lackofmanagementsupport

© 2016 rjerz.com3

Page 2: Introduction to Information Security · 6 Risk Management • Process of identifying, assessing and prioritizing the security risks an organization may face • Analyze and balance

2

WhyWorryAboutSecurity

• Threatscanrenderasysteminoperative• Threatscanmakedataunavailable• Threatscansteal yourmoney• Threatscanchange data• Threatscanmakeyoulessproductive

• Threatscancost money!

• Balance thecost ofathreat versusthecost ofprotection

© 2016 rjerz.com4

InformationSecurityThreats

• Unauthorized access• Virusesandmalware• Email threats• Accidental lossofdata

• Security threatscaninvolve both people andequipment

© 2016 rjerz.com5

UnauthorizedAccess

• Locked areasorequipment• UserIDsand passwords• Encryption• Security cards• Biometrics

© 2016 rjerz.com6

Page 3: Introduction to Information Security · 6 Risk Management • Process of identifying, assessing and prioritizing the security risks an organization may face • Analyze and balance

3

Biometrics

• Fingerprint recognition• Facialrecognition• Iris/retina recognition• DNArecognition• Odorrecognition• Earrecognition• Signature recognition

© 2016 rjerz.com7

Firewalls

• Computer orarouterthat controls, orrestrictsaccess inand out oftheorganization’s networks

• Cannot protect anorganization fromavirus

• Cannot preventhackersfromexploiting anunsecured computer

• Should beimplementedatdifferent locations intheorganization

Af irewallarchitectureforDefenseinDepth

© 2016 rjerz.com8

VirusesandOtherMalware

• Virusesaresent out tofind anyvictim theycan

• Lines ofcode thatmakeupaviruscanbeembedded into other files

• Thesignature ofthevirusisthe particular bitpatterns that canberecognized,which ishowvirusdetection software knowsyourcomputer hascontracted avirus

• Canbeactive orpassive

© 2016 rjerz.com9

Page 4: Introduction to Information Security · 6 Risk Management • Process of identifying, assessing and prioritizing the security risks an organization may face • Analyze and balance

4

Rick’sComputers

OlderDell PC• Norton Antivirus• Malwarebytes• Spybot Search&Destroy

VirtualWindows7 PC• Microsoft’s Antivirus

Macintosh• Nothing!

© 2016 rjerz.com10

EmailAttacks

• Email bombing: Sending alargeamount ofemails designed to disrupt normalfunctioning

• Smurfing:When hackerssometimes use aninnocent 3rd partytosend aflood ofmessagestoanintended target

• Spoofing: Forgedsenderaddress• Phishing: Masquerading asatrustworthyentity

© 2016 rjerz.com11

CarefullyWatchYourEmail!

• Theemail is addressed toyouusing your email account info

• Theemail does not haveapersonalized salutation

• When you hover the mouseover the hyperlink, thesitedoes not seemtobe from theproper company

• When you hover the mouseover the hyperlink, thesiteseems tobe located inanother country

• Theemail makes you feelyour response is urgentorsomething bad isgoing tohappen.

© 2016 rjerz.com12

Page 5: Introduction to Information Security · 6 Risk Management • Process of identifying, assessing and prioritizing the security risks an organization may face • Analyze and balance

5

AccidentalLossofData

• Haveagoodfiling system• Think about theft and fraud• Password protect orencrypt importantinformation

• Backupyoursystemandfiles

• Becareful about putting dataon:• Cellphone• USBdrives• CDsandDVDs

© 2016 rjerz.com13

WirelessSecurity

• Bestprotection forwireless networks isencryption

• WEP,theWiredEquivalent Privacyisanolderencryption algorithm, which canbeeasilycrackedwithin minutes today

• WPA,theWi-FiProtected Access,isamorerecentand powerful encryption algorithmwidely available inmost routers

• Furtherprotection forhome wirelessnetworks istodisable thebroadcasting ofthenetwork’s ID(SSID)

© 2016 rjerz.com14

YourWebServer

• Firewalls• Antivirus• Whitelists andBlacklists• Encryption• VPN• SSL- SecureSocket Layer• EmployeeMonitoring Systems

• Email Spam:

© 2016 rjerz.com15

Page 6: Introduction to Information Security · 6 Risk Management • Process of identifying, assessing and prioritizing the security risks an organization may face • Analyze and balance

6

RiskManagement

• Processofidentifying, assessing andprioritizing thesecurity risksanorganizationmayface

• Analyzeand balance riskswith theresourcesavailable tomitigate them

• Management determines wherethecompany would bemostvulnerable andhowlikelyit isthat ariskwould affect it

© 2016 rjerz.com16

SecurityMeasures

• Educate people about security threatsandsolutions

• Createstrongpasswords• Keeppasswords inasecurelocation• Runappropriate antivirus andmalwaresoftware

• Develop agooddatabackup system

© 2016 rjerz.com17


Top Related
Agenda Introduce key concepts in information security from the practitioner’s viewpoint. Discuss identifying and prioritizing information assets through.
Agenda Introduce key concepts in information security from the practitioner’s viewpoint. Discuss identifying and prioritizing information assets through.

Documents

Prioritizing Endangered Species Conservation
Prioritizing Endangered Species Conservation

Documents

The Case for Envirocare: Prioritizing Stakeholders for ...cssc.uscannenberg.org/wp-content/uploads/2018/01/v6art1.pdfwas to research stakeholder theory, analyze its weaknesses, and
The Case for Envirocare: Prioritizing Stakeholders for ...cssc.uscannenberg.org/wp-content/uploads/2018/01/v6art1.pdfwas to research stakeholder theory, analyze its weaknesses, and

Documents

PRIORITIZING PRINCIPALS GUIDEBOOK
PRIORITIZING PRINCIPALS GUIDEBOOK

Documents

Prioritizing Succession Planning
Prioritizing Succession Planning

Documents

Case Study: Using PVS to Analyze Security Protocols Kyle Taylor.
Case Study: Using PVS to Analyze Security Protocols Kyle Taylor.

Documents

Prioritizing and Organizing Care
Prioritizing and Organizing Care

Education

Prioritizing Infrastructure Investment
Prioritizing Infrastructure Investment

Documents