• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Dr. Alan Shark
 

Dr. Alan Shark

on

  • 154 views

Slides presented by Dr. Alan Shark, Executive Director and CEO of Public Technology Institute

Slides presented by Dr. Alan Shark, Executive Director and CEO of Public Technology Institute

Statistics

Views

Total Views
154
Views on SlideShare
154
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Dr. Alan Shark Dr. Alan Shark Presentation Transcript

    • Security Threat Assessment 2013: Preparing Your Agency Dr. Alan R. Shark Executive Director Public Technology Institute and Associate Professor of Practice Rutgers University School of Public Affairs & Administration
    • It Used to be that paper was the problem..
    • But now it been replaced with this….....
    • Cyber Issues……Cyber crimeCyber hackingIdentity theftData theftFinancial theftData manipulation
    • What do these organizations have in common?
    • hrea ts…..Inte rnal t What About Our Employees? We can no longer simply rely on the CIO or chief security officer?
    • Points of Entry – Portable Devices
    • Points of Entry – Wireless Devices
    • Points of Entry – Storage Devices
    • Along Came the Cloud(s)………
    • Points of Entry – Storage Devices
    • Personal Connectivity…
    • Cautions to the Wind!
    • Points of Concern……Internal threats (disgruntled employees)External threatsMobile devicesBYOD (bring your own device)Storage devicesCloud-basedLax security ecosystemsCarelessnessIgnorance
    • Common Myths (Employees)1. I don’t have anything anyone would ever want;2. I have the best antivirus software installed;3. I don’t use Windows so I’m safe;4. My network has a great firewall so I am safe;5. I only visit safe sites, so I’m okay;6. My network administrator is the one in charge for my data.7. I have had my password for years and nothing ever happened.
    • Passwords Weak to Strong
    • Siobhan Duncan“No worries, I keep all the necessary passcodespasted to my monitor so I don’t loose them!”
    • Password Strength A six character, single case password has 308 million possible combinations.It can be cracked in just minutes! Combining upper and lower case and using 8 characters instead of 6 = 53 trillion possible combinations. Substituting a number for one of the letters yields 218 trillion possibilities. Substituting a special character 6,095 trillion possibilities
    • QuizHow long would it take for an individual desktopcomputer to “crack” a password?A. 1,000 passwords per second?B. 100,000 passwords per second?C.5 million passwords per second?D.More than a hundred million passwords per second?
    • Postscript on PasswordsUsing a special high speed computer that is GPU-based, it can scan billions of passwords persecond!
    • Security & Prevention1. Use strong minimum 8 character passwords, with upper and lower case letters, and special characters.2. Insist on no more than ten tries or less before the system does an automatic lock- out.3. Consider CAPTCHA as a means to thwart high-speed automated systems.
    • Security & Prevention4. Consider fingerprint readers in addition to or along with password protected systems.5. Consider iris display readers for added authentication.6. Require periodic mandatory training.
    • Policy ConsiderationsFrequency of password changes?Type of secure passwords?Encryption of files and records?Access to files and records? (in office & remote)Citizen privacy protection?When workers leave?Laptop and portable device & storage polices?Portable device policies?Back-up polices?Portable Device cut-off & destroy systems?
    • Policy ConsiderationsBack-up polices?Portable device cut-off & destroy systems?Disposal of any equipment with hard drives & storage?Disposal of copiers?Encrypted USB and portable storage devices?On-going training and threat assessment?
    • Public Technology Institute1420 Prince StreetAlexandria, VA 22314www.pti.orgashark@pti.org