Module0&1 intro-foundations-b
Upcoming SlideShare
Loading in...5

Module0&1 intro-foundations-b






Total Views
Views on SlideShare
Embed Views



1 Embed 3 3



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment
  • This diagram represents risk as the intersection of the threat-vulnerability pair (a splotch). Where there is a splotch, there is a risk. A threat without a corresponding vulnerability is not a risk. Likewise, a vulnerability without a threat is not a risk. Keep in mind, a threat can exploit more than one vulnerability.
  • Content Notes The actual Maxus website from which he conducted business… Presentation Notes
  • Content Notes The actual Maxus website from which he conducted business… Presentation Notes
  • Our critical infrastructures are illustrated here. As you can see, these infrastructures play a crucial role in our society and daily lives. As such, the destruction or degradation of one or more of these infrastructures could cause serious harm to our economic and national security. The President has recognized this potential threat and has ordered that steps be taken to protect our infrastructures from an attack. In the past, threats to our nation’s infrastructures were mainly physical in nature. We used to be concerned primarily about threats from terrorist groups and hostile nations. Now, criminal groups, terrorists, and hostile nations can interrupt critical infrastructures through cyber attacks on crucial automation systems. As our society becomes more global and utilizes technology to increase the efficiency of our enterprises, our nation’s critical infrastructures are becoming increasingly interdependent — within an enterprise, across several enterprises, even across industries. For example, the financial services industry depends on the availability and reliability of the telecommunications infrastructure, which in turn relies on electric power. Hence, future attacks against one infrastructure could have cascading effects in the operations of others…. within one enterprise, across several enterprises, or industries, and potentially all over the world.
  • Matrix: 3a POINTS OUT HOW EASY IT IS TO GET, AND USE HACKER TOOLS. ALSO POINTS OUT “POINT AND CLICK” HACKER TOOLS ARE UNSOPHISTICATED. Fact: Hackers post 30-40 new tools to Internet hacking sites every month, according to NIST (National Institute of Standards and Technology). Even an unsophisticated hacker can search the Internet, find and download exploitable tools, and then "point and click" to start a hack. REMINDER: Hacking for “fun” or to “see how it’s done” is against the law & Entity Policy. The Entity has no obligation to defend you under such circumstances. REMINDER IS OPTIONAL , DEPENDING ON YOUR POLICY, AND YOU COUNSEL’S OPINION. Legal Decision Box: Consult with legal counsel when developing your network policy to include hacking and use of hacker tools and sanctions that will be applied for not following the policy. Decision Box: Is hacking and use of hacker tools addressed in your network policy?
  • Content Notes This is a site where you can enter the name and address of a computer and have the site itself try to break in to it. URL: html Presentation Notes
  • Content Notes Presentation Notes
  • IT Security Acronyms:

Module0&1 intro-foundations-b Module0&1 intro-foundations-b Presentation Transcript

  • Your Instructor(s): David Amsler IT Security Awareness Training
  • Introductions Module 0
  • Introductions
    • David Amsler, CIO, Foreground Security - CISSP, CISM, CCNA, CCSP, MCSE, MCT, NSA IAM/IEM, Security+, CCSA, CCSE, CEH, ECSA
    Module 0
  • Our Goals
    • Understanding the basics of IT Security
    • Basic IT Security terms, procedures, and policies
    • Security risks, issues and attacker techniques
    • Watermark Policies, Procedures, and Expectations
    Module 0
  • Course Materials
    • Student Course Book
      • Slides, Notes, and Presentations
    • Home Security Guide
      • Detailed guide on steps to secure your home computer
    Module 0
  • Class Rules
    • Ask questions at any time!
    • This is an open and interactive class!
    • If you don’t understand a concept, say so!
    • We can demonstrate, explain, or illustrate in different ways to help you better understand!
    Module 0
  • Course Outline
    • IT Security Training Awareness
    • Modules:
      • Module 0 - Introductions
      • Module 1 - Foundations of IT Security
        • Essential terminology
        • Defining security
        • Need for security
        • Cyber crime
        • Information Security statistics
        • Security myths
    Module 0
  • Course Outline
    • Module 2 - Recognizing Security Threats and attacks
        • Phishing and its countermeasures
        • Virus
        • Trojan Horse
        • Worms
        • Spyware
        • Adware
        • Keylogger
        • Social engineering
        • Denial of Service
        • Spamming
        • Port Scanning
        • Password cracking
        • Countermeasures
    Module 0
    • Module 3 – Social Engineering
      • Social engineering techniques
      • Recognizing social engineering
      • What to do/How to respond
    • Module 4 - Basic Security Policies & Procedures
      • Introduction
      • Watermark Specific Policies & Procedures
    • Module 5 – Desktop/Laptop Security
      • Encryption of Data
      • Loss of Laptop
      • Remote connections (VPN) Issues
    Module 0
    • Module 6 - Secure Internet Access
      • Internet Security Issues
      • Identity Theft
      • File Sharing
      • Downloading Programs
      • Secure Internet Practices
    • Module 7 – Wireless Security
      • Wi-Fi Security Issues
      • Bluetooth
      • Cell Phone Policy and Procedures
    Module 0
    • Module 8 - Incident Response
      • How to spot an incident
      • What to do if you spot an incident
        • Response
        • Contact
        • Document
        • What else
    Module 0
  • Quiz
    • What is a hacker?
    • Describe a typical hacker.
    • What do hackers want?
    • How do they get it?
  • The Real Hackers
    • Brian Kernighan, Dennis Ritchie, Bill Joy and Ken Thompson C Programming Language, Unix
    • Bill Gates Microsoft
    • Richard Stallman GNU Project / Free Software Movement
    • Steve Wozniak, Steve Jobs Apple
    • Linus Torvalds, Alan Cox, Bruce Perens, Eric S. Raymond Linux
  • Well Known Attackers
    • PhiberOptik
    • Robert Morris
    • Kevin Mitnick
    • Mafiaboy
    • Kevin Poulsen
    • Vladimir Levin
    • Today’s attackers are…
    • Students
    • IT Professionals
    • The Office Janitor
    • Your Nextdoor Neighboor!
  • Module 1 Foundations of Security Module 1
  • Module Objectives
    • This module will familiarize you with the following:
        • Essential terminology
        • Defining security
        • Need for security
        • Cyber crime
        • Information Security statistics
        • Security myths
    Module 1
  • Terminology Module 1
  • CIA of Security Module 1
  • Risk
    • A risk is the loss potential that exists as the result of threat-vulnerability pairs
    Key: Threats Vulnerabilities Risks
  • Security Triangle Module 1
  • Countermeasures Module 1
  • Graphics
    • The number of internet attacks has doubled every 6 months for the last two years. The cost of these attacks has cost businesses an estimated $98 billion dollars in the first 8 months of 2007. CERT
    • A computer will be scanned or attacked within 5 seconds of connecting to the internet. Gartner
    • A substantial percentage of attacks (39 percent) appeared to be deliberately targeted at a specific organization . Internetnews
    • Every five seconds another person is a victim of identity theft or fraud.
    • In 2007, identity theft and fraud cost US consumers $64 billion.
    • 85% of all computer users have some form of a virus, trojan horse, or spyware program and don’t even know it.
    • 70% of all corporate attacks come from internal users (employees, contractors, etc.). CSI
    • There were over 4 Million computer intrusions in 2007. (CSI/FBI survey)
    • GENERAL MISUSE of the Internet
      • One-third of time spent online at work is non-work-related. (Websense, IDC)
      • Internet misuse at work is costing American corporations more than $85 billion annually in lost productivity. (Websense)
      • 80 percent of companies reported that employees had abused Internet privileges, such as downloading pornography or pirated software. (CSI/FBI Computer Crime and Security Survey)
      • Forty-five percent of the executable files downloaded through Kazaa contain malicious code. (Trusecure)
      • 73 percent of all movie searches on file-sharing networks were for pornography. (Palisade Systems)
      • A company can be liable for up to $150K per pirated work if it is allowing employees to use the corporate network to download copyrighted material. (RIAA)
      • 1 in 3 companies have detected spyware on their network. (Websense UK Survey)
      • There more than 7,000 spyware programs. (Aberdeen Group)
            • Although 99% of companies use antivirus software, 82% of them were hit by viruses and worms. (CSI/FBI)
          • Blended threats made up 54 percent of the top 10 malicious code submissions over the last six months of 2003. (Symantec Internet Security Threat Report)
          • The number of malicious code attacks with backdoors, which are often used to steal confidential data, rose nearly 50% in the last year. (Symantec)
  • Who are the Attackers?
    • Who are these threat agents?
    • Teenage pranksters
    • Hacker junkies
    • Disgruntled employees
    • Terrorists (disruption of services)
    • Criminals (selling information)
    • Foreign intelligence agents
  • Movie
  • Movie
  • How easy is it to hack?  
    • Fact: Hackers post 30-40 new tools to the Internet every month
    • Anyone can search the Internet, find exploitable tools, "point and click" and start to hack.
    • REMINDER: Any Hacking be it for “fun” or to “see how it’s done” is against the law.
  • Their common target? You!
  • IT Security Acronyms
    • See the Book for a complete list