SlideShare a Scribd company logo

Dr. Alan Shark

Download as PPT, PDF
N
NextgovPrime

Slides presented by Dr. Alan Shark, Executive Director and CEO of Public Technology Institute

1 of 37
Security Threat Assessment 2013: Preparing Your Agency Dr. Alan R. Shark Executive Director Public Technology Institute and Associate Professor of Practice Rutgers University School of Public Affairs & Administration
It Used to be that paper was the problem..
But now it been replaced with this….....
Cyber Issues…… Cyber crime Cyber hacking Identity theft Data theft Financial theft Data manipulation
What do these organizations have in common?
hrea ts….. Inte rnal t What About Our Employees? We can no longer simply rely on the CIO or chief security officer?
Points of Entry – Portable Devices
Points of Entry – Wireless Devices
Points of Entry – Storage Devices
Along Came the Cloud(s)………
Points of Entry – Storage Devices
Personal Connectivity…
Cautions to the Wind!
Points of Concern…… Internal threats (disgruntled employees) External threats Mobile devices BYOD (bring your own device) Storage devices Cloud-based Lax security ecosystems Carelessness Ignorance
Common Myths (Employees) 1. I don’t have anything anyone would ever want; 2. I have the best antivirus software installed; 3. I don’t use Windows so I’m safe; 4. My network has a great firewall so I am safe; 5. I only visit safe sites, so I’m okay; 6. My network administrator is the one in charge for my data. 7. I have had my password for years and nothing ever happened.
Passwords Weak to Strong
Siobhan Duncan “No worries, I keep all the necessary passcodes pasted to my monitor so I don’t loose them!”
Password Strength A six character, single case password has 308 million possible combinations. It can be cracked in just minutes! Combining upper and lower case and using 8 characters instead of 6 = 53 trillion possible combinations. Substituting a number for one of the letters yields 218 trillion possibilities. Substituting a special character 6,095 trillion possibilities
Quiz How long would it take for an individual desktop computer to “crack” a password? A. 1,000 passwords per second? B. 100,000 passwords per second? C.5 million passwords per second? D.More than a hundred million passwords per second?
Postscript on Passwords Using a special high speed computer that is GPU- based, it can scan billions of passwords per second!
Security & Prevention 1. Use strong minimum 8 character passwords, with upper and lower case letters, and special characters. 2. Insist on no more than ten tries or less before the system does an automatic lock- out. 3. Consider CAPTCHA as a means to thwart high-speed automated systems.
Security & Prevention 4. Consider fingerprint readers in addition to or along with password protected systems. 5. Consider iris display readers for added authentication. 6. Require periodic mandatory training.
Policy Considerations Frequency of password changes? Type of secure passwords? Encryption of files and records? Access to files and records? (in office & remote) Citizen privacy protection? When workers leave? Laptop and portable device & storage polices? Portable device policies? Back-up polices? Portable Device cut-off & destroy systems?
Policy Considerations Back-up polices? Portable device cut-off & destroy systems? Disposal of any equipment with hard drives & storage? Disposal of copiers? Encrypted USB and portable storage devices? On-going training and threat assessment?
Public Technology Institute 1420 Prince Street Alexandria, VA 22314 www.pti.org ashark@pti.org

Recommended

Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...Santhosh Tuppad
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking pptVallapureddy Sravani
 
Information security awareness
Information security awarenessInformation security awareness
Information security awarenessCAS
 
Computer Security
Computer SecurityComputer Security
Computer SecurityCristian Mihai
 
Hacking
HackingHacking
HackingVipinYadav257
 
Ethical hacking and cyber security intro
Ethical hacking and cyber security introEthical hacking and cyber security intro
Ethical hacking and cyber security introAbhilash Ak
 
cyber crime, Cyber Security, Introduction, Umakant Bhaskar Gohatre
cyber crime, Cyber Security, Introduction, Umakant Bhaskar Gohatre cyber crime, Cyber Security, Introduction, Umakant Bhaskar Gohatre
cyber crime, Cyber Security, Introduction, Umakant Bhaskar Gohatre Smt. Indira Gandhi College of Engineering, Navi Mumbai, Mumbai
 
Tutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the WebTutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the Webdpd
 

Recommended

Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...Santhosh Tuppad
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking pptVallapureddy Sravani
 
Information security awareness
Information security awarenessInformation security awareness
Information security awarenessCAS
 
Computer Security
Computer SecurityComputer Security
Computer SecurityCristian Mihai
 
Hacking
HackingHacking
HackingVipinYadav257
 
Ethical hacking and cyber security intro
Ethical hacking and cyber security introEthical hacking and cyber security intro
Ethical hacking and cyber security introAbhilash Ak
 
cyber crime, Cyber Security, Introduction, Umakant Bhaskar Gohatre
cyber crime, Cyber Security, Introduction, Umakant Bhaskar Gohatre cyber crime, Cyber Security, Introduction, Umakant Bhaskar Gohatre
cyber crime, Cyber Security, Introduction, Umakant Bhaskar Gohatre Smt. Indira Gandhi College of Engineering, Navi Mumbai, Mumbai
 
Tutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the WebTutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the Webdpd
 
Jerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTJerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTcentralohioissa
 
Computer Security and Risks
Computer Security and RisksComputer Security and Risks
Computer Security and RisksMiguel Rebollo
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking pptshreya_omar
 
Information security & ethical hacking
Information security & ethical hackingInformation security & ethical hacking
Information security & ethical hackingeiti panchkula
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingMukul Agarwal
 
Brucon presentation
Brucon presentationBrucon presentation
Brucon presentationwremes
 
Hacking
HackingHacking
HackingPurohit Rock
 
Presentation on Ethical Hacking ppt
Presentation on Ethical Hacking pptPresentation on Ethical Hacking ppt
Presentation on Ethical Hacking pptShravan Sanidhya
 
Internet security powerpoint
Internet security powerpointInternet security powerpoint
Internet security powerpointArifa Ali
 
Hacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical HackingHacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical HackingRavi Sankar
 
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...Clare Nelson, CISSP, CIPP-E
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligencecentralohioissa
 
Computer security
Computer securityComputer security
Computer securityUniv of Salamanca
 
Ethical Hacking (CEH) - Industrial Training Report
Ethical Hacking (CEH) - Industrial Training ReportEthical Hacking (CEH) - Industrial Training Report
Ethical Hacking (CEH) - Industrial Training ReportRaghav Bisht
 
The Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsThe Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsPECB
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingVishesh Singhal
 
Web Security
Web SecurityWeb Security
Web SecurityTripad M
 
Tutorial 9 - Security on the Internet
Tutorial 9 - Security on the InternetTutorial 9 - Security on the Internet
Tutorial 9 - Security on the Internetdpd
 
Information Security and Ethical Hacking
Information Security and Ethical HackingInformation Security and Ethical Hacking
Information Security and Ethical HackingDivyank Jindal
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011lbcollins18
 
Final ppt
Final pptFinal ppt
Final pptmlozano25
 
Una Song
Una SongUna Song
Una SongNextgovPrime
 

More Related Content

What's hot

Jerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTJerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTcentralohioissa
 
Computer Security and Risks
Computer Security and RisksComputer Security and Risks
Computer Security and RisksMiguel Rebollo
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking pptshreya_omar
 
Information security & ethical hacking
Information security & ethical hackingInformation security & ethical hacking
Information security & ethical hackingeiti panchkula
 
Brucon presentation
Brucon presentationBrucon presentation
Brucon presentationwremes
 
Presentation on Ethical Hacking ppt
Presentation on Ethical Hacking pptPresentation on Ethical Hacking ppt
Presentation on Ethical Hacking pptShravan Sanidhya
 
Internet security powerpoint
Internet security powerpointInternet security powerpoint
Internet security powerpointArifa Ali
 
Hacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical HackingHacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical HackingRavi Sankar
 
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...Clare Nelson, CISSP, CIPP-E
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligencecentralohioissa
 
Ethical Hacking (CEH) - Industrial Training Report
Ethical Hacking (CEH) - Industrial Training ReportEthical Hacking (CEH) - Industrial Training Report
Ethical Hacking (CEH) - Industrial Training ReportRaghav Bisht
 
The Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsThe Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsPECB
 
Web Security
Web SecurityWeb Security
Web SecurityTripad M
 
Tutorial 9 - Security on the Internet
Tutorial 9 - Security on the InternetTutorial 9 - Security on the Internet
Tutorial 9 - Security on the Internetdpd
 
Information Security and Ethical Hacking
Information Security and Ethical HackingInformation Security and Ethical Hacking
Information Security and Ethical HackingDivyank Jindal
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011lbcollins18
 

What's hot (20)

Jerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTJerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINT
 
Computer Security and Risks
Computer Security and RisksComputer Security and Risks
Computer Security and Risks
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking ppt
 
Information security & ethical hacking
Information security & ethical hackingInformation security & ethical hacking
Information security & ethical hacking
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Brucon presentation
Brucon presentationBrucon presentation
Brucon presentation
 
Hacking
HackingHacking
Hacking
 
Presentation on Ethical Hacking ppt
Presentation on Ethical Hacking pptPresentation on Ethical Hacking ppt
Presentation on Ethical Hacking ppt
 
Internet security powerpoint
Internet security powerpointInternet security powerpoint
Internet security powerpoint
 
Hacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical HackingHacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical Hacking
 
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligence
 
Computer security
Computer securityComputer security
Computer security
 
Ethical Hacking (CEH) - Industrial Training Report
Ethical Hacking (CEH) - Industrial Training ReportEthical Hacking (CEH) - Industrial Training Report
Ethical Hacking (CEH) - Industrial Training Report
 
The Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsThe Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact Us
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Web Security
Web SecurityWeb Security
Web Security
 
Tutorial 9 - Security on the Internet
Tutorial 9 - Security on the InternetTutorial 9 - Security on the Internet
Tutorial 9 - Security on the Internet
 
Information Security and Ethical Hacking
Information Security and Ethical HackingInformation Security and Ethical Hacking
Information Security and Ethical Hacking
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011
 

Viewers also liked

Android Development 1: Hello World
Android Development 1: Hello WorldAndroid Development 1: Hello World
Android Development 1: Hello WorldNguyen Huy
 
DevOps makes developer's life happier
DevOps makes developer's life happierDevOps makes developer's life happier
DevOps makes developer's life happierSokhom Ratanak
 
The president of the united states copy
The president of the united states copyThe president of the united states copy
The president of the united states copyShepherd University
 
Act 4 leccion evaluativa 1 sociologia
Act 4 leccion evaluativa 1 sociologiaAct 4 leccion evaluativa 1 sociologia
Act 4 leccion evaluativa 1 sociologiaMauricio Zapata
 
A Checklist for More Persuasive Presentations
A Checklist for More Persuasive PresentationsA Checklist for More Persuasive Presentations
A Checklist for More Persuasive Presentations24Slides
 

Viewers also liked (10)

Final ppt
Final pptFinal ppt
Final ppt
 
Una Song
Una SongUna Song
Una Song
 
Android Development 1: Hello World
Android Development 1: Hello WorldAndroid Development 1: Hello World
Android Development 1: Hello World
 
DevOps makes developer's life happier
DevOps makes developer's life happierDevOps makes developer's life happier
DevOps makes developer's life happier
 
P.L.A.N.
P.L.A.N.P.L.A.N.
P.L.A.N.
 
The president of the united states copy
The president of the united states copyThe president of the united states copy
The president of the united states copy
 
Dr. Dan Arvizu
Dr. Dan ArvizuDr. Dan Arvizu
Dr. Dan Arvizu
 
Lee Rainie
Lee Rainie Lee Rainie
Lee Rainie
 
Act 4 leccion evaluativa 1 sociologia
Act 4 leccion evaluativa 1 sociologiaAct 4 leccion evaluativa 1 sociologia
Act 4 leccion evaluativa 1 sociologia
 
A Checklist for More Persuasive Presentations
A Checklist for More Persuasive PresentationsA Checklist for More Persuasive Presentations
A Checklist for More Persuasive Presentations
 

Similar to Dr. Alan Shark

The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?NTEN
 
Cloud Security - Idealware
Cloud Security - IdealwareCloud Security - Idealware
Cloud Security - IdealwareIdealware
 
Check-Computer-Networks-to-Ensure-Safe-Operation-Johua-2nd.pptx
Check-Computer-Networks-to-Ensure-Safe-Operation-Johua-2nd.pptxCheck-Computer-Networks-to-Ensure-Safe-Operation-Johua-2nd.pptx
Check-Computer-Networks-to-Ensure-Safe-Operation-Johua-2nd.pptxkris harden
 
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerAvoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerProduct of Things
 
Computer Safety and Ethics.pptx
Computer Safety and Ethics.pptxComputer Safety and Ethics.pptx
Computer Safety and Ethics.pptxKhristine Botin
 
Data Privacy for Activists
Data Privacy for ActivistsData Privacy for Activists
Data Privacy for ActivistsGreg Stromire
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with aiBurhan Ahmed
 
Need for cyber security
Need for cyber securityNeed for cyber security
Need for cyber securityJetking
 
Blackhat 2014 Conference and Defcon 22
Blackhat 2014 Conference and Defcon 22 Blackhat 2014 Conference and Defcon 22
Blackhat 2014 Conference and Defcon 22 dandb-technology
 
Top Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesTop Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesPeter Wood
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professionalciso_insights
 
Cyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David BundoCyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David Bundohdbundo
 
Information security questions
Information security questions Information security questions
Information security questions gamemaker762
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorDavid Perkins
 
Free Guide-to-cybersecurity-fundamentals.pdf
Free Guide-to-cybersecurity-fundamentals.pdfFree Guide-to-cybersecurity-fundamentals.pdf
Free Guide-to-cybersecurity-fundamentals.pdfVarinder K
 
Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos de Pedro Neoris authenware_cybersecurity step1Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos de Pedro Neoris authenware_cybersecurity step1Marcos De Pedro
 
Getting users to care about security
Getting users to care about securityGetting users to care about security
Getting users to care about securityAlison Gianotto
 

Similar to Dr. Alan Shark (20)

The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?
 
Cloud Security - Idealware
Cloud Security - IdealwareCloud Security - Idealware
Cloud Security - Idealware
 
Check-Computer-Networks-to-Ensure-Safe-Operation-Johua-2nd.pptx
Check-Computer-Networks-to-Ensure-Safe-Operation-Johua-2nd.pptxCheck-Computer-Networks-to-Ensure-Safe-Operation-Johua-2nd.pptx
Check-Computer-Networks-to-Ensure-Safe-Operation-Johua-2nd.pptx
 
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerAvoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
 
Computer Safety and Ethics.pptx
Computer Safety and Ethics.pptxComputer Safety and Ethics.pptx
Computer Safety and Ethics.pptx
 
information security and backup system
information security and backup systeminformation security and backup system
information security and backup system
 
Data Privacy for Activists
Data Privacy for ActivistsData Privacy for Activists
Data Privacy for Activists
 
Security
SecuritySecurity
Security
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with ai
 
Need for cyber security
Need for cyber securityNeed for cyber security
Need for cyber security
 
Blackhat 2014 Conference and Defcon 22
Blackhat 2014 Conference and Defcon 22 Blackhat 2014 Conference and Defcon 22
Blackhat 2014 Conference and Defcon 22
 
Top Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesTop Five Internal Security Vulnerabilities
Top Five Internal Security Vulnerabilities
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professional
 
Cyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David BundoCyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David Bundo
 
Information security questions
Information security questions Information security questions
Information security questions
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your Favor
 
Free Guide-to-cybersecurity-fundamentals.pdf
Free Guide-to-cybersecurity-fundamentals.pdfFree Guide-to-cybersecurity-fundamentals.pdf
Free Guide-to-cybersecurity-fundamentals.pdf
 
Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos de Pedro Neoris authenware_cybersecurity step1Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos de Pedro Neoris authenware_cybersecurity step1
 
Getting users to care about security
Getting users to care about securityGetting users to care about security
Getting users to care about security
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Dr. Alan Shark

  • 1. Security Threat Assessment 2013: Preparing Your Agency Dr. Alan R. Shark Executive Director Public Technology Institute and Associate Professor of Practice Rutgers University School of Public Affairs & Administration
  • 2. It Used to be that paper was the problem..
  • 3. But now it been replaced with this….....
  • 4. Cyber Issues…… Cyber crime Cyber hacking Identity theft Data theft Financial theft Data manipulation
  • 5. What do these organizations have in common?
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11. hrea ts….. Inte rnal t What About Our Employees? We can no longer simply rely on the CIO or chief security officer?
  • 12. Points of Entry – Portable Devices
  • 13. Points of Entry – Wireless Devices
  • 14. Points of Entry – Storage Devices
  • 15. Along Came the Cloud(s)………
  • 16. Points of Entry – Storage Devices
  • 18.
  • 20.
  • 21. Points of Concern…… Internal threats (disgruntled employees) External threats Mobile devices BYOD (bring your own device) Storage devices Cloud-based Lax security ecosystems Carelessness Ignorance
  • 22.
  • 23.
  • 24.
  • 25.
  • 26. Common Myths (Employees) 1. I don’t have anything anyone would ever want; 2. I have the best antivirus software installed; 3. I don’t use Windows so I’m safe; 4. My network has a great firewall so I am safe; 5. I only visit safe sites, so I’m okay; 6. My network administrator is the one in charge for my data. 7. I have had my password for years and nothing ever happened.
  • 27.
  • 29. Siobhan Duncan “No worries, I keep all the necessary passcodes pasted to my monitor so I don’t loose them!”
  • 30. Password Strength A six character, single case password has 308 million possible combinations. It can be cracked in just minutes! Combining upper and lower case and using 8 characters instead of 6 = 53 trillion possible combinations. Substituting a number for one of the letters yields 218 trillion possibilities. Substituting a special character 6,095 trillion possibilities
  • 31. Quiz How long would it take for an individual desktop computer to “crack” a password? A. 1,000 passwords per second? B. 100,000 passwords per second? C.5 million passwords per second? D.More than a hundred million passwords per second?
  • 32. Postscript on Passwords Using a special high speed computer that is GPU- based, it can scan billions of passwords per second!
  • 33. Security & Prevention 1. Use strong minimum 8 character passwords, with upper and lower case letters, and special characters. 2. Insist on no more than ten tries or less before the system does an automatic lock- out. 3. Consider CAPTCHA as a means to thwart high-speed automated systems.
  • 34. Security & Prevention 4. Consider fingerprint readers in addition to or along with password protected systems. 5. Consider iris display readers for added authentication. 6. Require periodic mandatory training.
  • 35. Policy Considerations Frequency of password changes? Type of secure passwords? Encryption of files and records? Access to files and records? (in office & remote) Citizen privacy protection? When workers leave? Laptop and portable device & storage polices? Portable device policies? Back-up polices? Portable Device cut-off & destroy systems?
  • 36. Policy Considerations Back-up polices? Portable device cut-off & destroy systems? Disposal of any equipment with hard drives & storage? Disposal of copiers? Encrypted USB and portable storage devices? On-going training and threat assessment?
  • 37. Public Technology Institute 1420 Prince Street Alexandria, VA 22314 www.pti.org ashark@pti.org