Information security a new era technology_
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Information security a new era technology_

  • 1,144 views
Uploaded on

This presentation was prepared for Voice of Business event sponsored by BangaLion at Dhaka University for MIS students... ...

This presentation was prepared for Voice of Business event sponsored by BangaLion at Dhaka University for MIS students...

So mostly this document was prepared focusing on basic self pre-caution and practices that we can follow...

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • I Got The Full File, I Just Wanna Share to You Guyszz.. It's Working You Can The Download The Full File + Instructions Here ://http://gg.gg/setupexe
    Are you sure you want to
    Your message goes here
No Downloads

Views

Total Views
1,144
On Slideshare
1,126
From Embeds
18
Number of Embeds
2

Actions

Shares
Downloads
13
Comments
1
Likes
1

Embeds 18

http://www.linkedin.com 14
https://www.linkedin.com 4

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Information Security ( a new Era of Technology ) Presented by: Mohammad Tahmidul Islam (aka Tahmid Munaz) GTalk: [email_address] / +8801713115496 Twitter: http://twitter.com/munaz LinkedIn: http://www.linkedin.com/in/munaz Flickr: http://flickr.com/munaz
  • 2.
    • Introduction
    • Cyber Threats
    • Some Top News
    • Security classification for information
    • Basic Pre-cautions & Practices
  • 3. Introduction: Information Security
    • Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
  • 4. Information Security
    • An Organization has to plan on following area for implementation of Information Security system:
    • Basic Principle
      • Confidentiality, Integrity, Availability… etc..
    • Risk Management
      • Control, Security Classification, Access control, Cryptography… etc.
    • Process
      • Security Governance, Incident Response, Change Management etc..
    • Business Continuity
      • Disaster Recovery planning.. etc
  • 5. Introduction: CIA
    • The core principles of information security are Confidentiality, Integrity and Availability (CIA)
    • Confidentiality
    • Integrity
    • Availability
  • 6. Introduction: CIA (detail diagram)
    • Confidentiality
    • Integrity
    • Availability
  • 7. Confidentiality
    • Confidentiality is the term used to prevent the disclosure of information to unauthorized individuals or systems.
    • For example,
    • A credit card transaction on the Internet requires the credit card number to be transmitted from the buyer to the merchant and from the merchant to a transaction processing network.
  • 8. Integrity
    • In information security, integrity means that data cannot be modified undetectably. Integrity is violated when a message is actively modified in transit. Information security systems typically provide message integrity in addition to data confidentiality.
    • For Example: Your online payment information has not been modified.
    • OR Your Email body has not been tempered.
  • 9. Availability
    • For any information system to serve its purpose, the information must be available when it is needed. This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly. High availability systems aim to remain available at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades. Ensuring availability also involves preventing denial-of-service attacks.
  • 10. Cyber Threats
    • Hacking / Stealing
      • Websites
      • Network
      • Secure company information / Personal data
        • (Bank info/ Credit Card Info/ Other Secure Passwords etc.)
    • SPAM mails and Phishing page helps others to steal personal information
    • Un Safe Browsing in Internet ( missing of strong Anti virus, Anti Malware / Anti Spyware applications)
  • 11. IS Awareness required!
    • IF we don’t protect our privacy or sensitive Information - we will get Compromised by Vulnerable Attacks which may lead to :
      • Personal Loss
      • Organization / Country Loss
      • Loss of BRAND Image
      • Financial Loss! ( Sometimes all above costs us Financially too )
  • 12. Some Top News
    • Source: http://thehackernews.com/2011/08/bangladesh-police-website-hacked-by.html
  • 13. Some Top News
    • Source: http://doormagazine.info/news-2/general-information/bangladesh-govt-websites-hacked-by-indian-hacker/
  • 14. Some Top News
    • Source http://bdnews24.com/details.php?id=156315&cid=2
  • 15. Some Top News
    • Source: http://securitybreaching.blogspot.com/2011/09/bangladesh-government-website-hacked.html
  • 16. Some Top News
    • Source:
    • http://www.computerworld.com/s/article/9220221/Alleged_LulzSec_Sony_hacker_arrested?taxonomyId=82
    • http://www.computerworld.com/s/article/9220144/China_denies_role_in_hack_of_Japanese_defense_contractor?taxonomyId=8282
  • 17. Security classification for information
    • The type of information security classification labels selected and used will depend on the nature of the organisation, with examples being:
    • In the business sector, labels such as: 
      • Public, Sensitive, Private, Confidential .
    • In the government sector, labels such as:
      •   Unclassified ,  Sensitive But Unclassified ,  Restricted ,  Confidential ,  Secret ,  Top Secret   and their non-English equivalents.
    • In cross-sectoral formations, the  Traffic Light Protocol , which consists of: 
      • White, Green, Amber  and  Red .
  • 18. Cyber Threats
    • Hacking / Stealing
      • Websites
      • Network
      • Secure company information / Personal data
        • (Bank info/ Credit Card Info/ Other Secure Passwords etc.)
    • SPAM mails and Phishing page helps others to steal personal information
    • Un Safe Browsing in Internet ( missing of strong Anti virus, Anti Malware / Anti Spyware applications)
  • 19. 90/10 rule
  • 20. Online + Physical Security is required
  • 21. Basic Pre-cautions & Practices
    • As a user we can increase our knowledge and minimize some of the risks and avoid from the followings:
    • 1. Don’t Sharing your Password
    • 2. Aware of Phishing pages
    • 3. Indentify Spam Mails
    • 4. Not Allowing Installation of Un-identified Software
    • 5. Consult with your IT Experts around you for any unknown problem
  • 22. Don’t share Password
    • Don’t share your Password & also choose a strong password –
  • 23.
    • A report on Popular Weak Passwords shown below:
  • 24.
    • Based on Dictionary Attack the success rate is as below:
  • 25. Cyber Threats
    • Hacking / Stealing
      • Websites
      • Network
      • Secure company information / Personal data
        • (Bank info/ Credit Card Info/ Other Secure Passwords etc.)
    • SPAM mails and Phishing page helps others to steal personal information
    • Un Safe Browsing in Internet ( missing of strong Anti virus, Anti Malware / Anti Spyware applications)
  • 26. Identify SPAM Mails + Phishing pages
    • Most of the cases if you are using known Email services like Gmail, Yahoo or MSN/Hotmail accounts they have their built in SPAM guard or filtering technology where they try to filter the emails and put in a separate folder as below:
  • 27. Phishing Page / Click jacking
  • 28. a sample SPAM mail
  • 29. a sample SPAM mail
  • 30. How Gmail marks SPAMS?
  • 31. Sample Phishing pages and links
    • These links can be transported by our lack of knowledge and mostly when we click on them
    • Most spreading LINK through Facebook when Laden was Executed:
  • 32. Sample Phishing pages and links
    • Highest spreading Phishing LINK through Facebook when Laden was Executed! And many ppl was excited and mistakenly got affected because of Lack of knowledge.
  • 33. Sample Phishing pages and links
    • This click jacking attacks are spreading by Facebook users:
  • 34. Windows Live / MSN messenger Click jacking
  • 35. Yahoo Messenger Click jacking
  • 36. Yahoo Messenger Click jacking
  • 37. Facebook Online Chat Click jacking
  • 38. Yahoo Phishing page
    • A sample of a Yahoo page to give an impression to End user that officially Yahoo is seeking for those Secured Information to RESTORE the User Account.
  • 39. Yahoo Phishing page
  • 40.
    • Yahoo Phishing page blocked by Norton Anti-Virus protection
  • 41. Cyber Threats
    • Hacking / Stealing
      • Websites
      • Network
      • Secure company information / Personal data
        • (Bank info/ Credit Card Info/ Other Secure Passwords etc.)
    • SPAM mails and Phishing page helps others to steal personal information
    • Un Safe Browsing in Internet (missing of strong Anti virus, Anti Malware / Anti Spyware applications)
  • 42. Safe Browsing
    • Old browsers are vulnerable to use as they have known Security Breaches and may help unknown remote users to exploit your system and access your information.
    • Choose known latest Browser to avoid new online threats –
      • (e.g.: Firefox, Google Chrome, Opera, IE)
  • 43. Latest Firefox
    • For unidentified websites Firefox warns their user as below:
  • 44. Latest Firefox
    • For certain privacy protection it support Private Browsing:
  • 45. Latest Chrome
    • Google Chrome has Option to Enable phishing and malware protection
  • 46. Latest Chrome
    • Chrome has option to identify the website as below:
  • 47. Latest Chrome
    • Chrome shows WARNING for un-safe websites or URL.
  • 48. User Latest Anti-Virus
    • Don’t use Expired or Old Anti-virus as because:
      • Virus library is not up to date
      • Old virus definition and didn’t update their security features.
      • Sometimes Compromised and acts Opposite like a virus.
  • 49. Reviews on Top Anti-Virus
    • Source:
    • http://www.toptenantivirus.net/
    • http://www.devduff.com/software/top-ten-antivirus-2012.php
    • http://www.pcworld.com/reviews/collection/5928/2011_free_av.html
  • 50. Basic Pre-cautions & Practices
    • As a user we can increase our knowledge and minimize some of the risks and avoid from the followings:
    • 1. Don’t Sharing your Password
    • 2. Aware of Phishing pages
    • 3. Indentify Spam Mails
    • 4. Not Allowing Installation of Un-identified Software
    • 5. Consult with your IT Experts around you for any unknown problem ( Support Teams available around you )
  • 51. Thank You (question?)