Cybersecurity 5 improving cybersecurity

  • 97 views
Uploaded on

Discusses steps individuals and organisations can take to improve cybersecurity

Discusses steps individuals and organisations can take to improve cybersecurity

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
97
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
8
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Mystery why some organisations limit length of passwords and do not allow characters apart from letters and numbersSay you live at 15 south street so make up a password you can remember:SO51street Cracked in < 1 daySO_51_street Cracked in 23 years

Transcript

  • 1. Making systems more secure • Strategies that can be used to improve cybersecurity Making systems more secure, 2013 Slide 1
  • 2. Improving cybersecurity • Deterrence – • Increase the costs of making an attack on your systems Awareness – Improve awareness of all system users of security risks and types of attack Making systems more secure, 2013 Slide 2
  • 3. Improving cybersecurity • Procedures – • Design realistic security procedures that can be followed by everyone in an organisation (including the boss) Monitoring and logging – Monitor and log all system operations Making systems more secure, 2013 Slide 3
  • 4. Deterrence • It is impossible to develop a completely secure personal, business and government system. If an attacker has unlimited resources and motivation, it will always be possible to invoke some attacks on a given system. Making systems more secure, 2013 Slide 4
  • 5. Deterrence • However, attackers NEVER have unlimited resources and motivation so, an aim of security is to increase the costs of making a successful attack to such an extent that attackers will (a) be deterred from attacking and (b) will abandon attempted attacks before they are successful Making systems more secure, 2013 Slide 5
  • 6. Diverse authentication systems • Use strong passwords and multiple forms of authentication • Login/password + personal question or biometric • Attacker has to break two levels of authentication to gain access Making systems more secure, 2013 Slide 6
  • 7. Firewalls Making systems more secure, 2013 Slide 7
  • 8. Encryption • Use https protocol to encrypt information whilst in transit across the Internet • Encrypt confidential information stored on your system Making systems more secure, 2013 Slide 8
  • 9. Password security Making systems more secure, 2013 Slide 9
  • 10. Password security • Password strength measurement – https://passfault.appspot.com/password_stre ngth.html#menu • Calculates how long it would take to break a password using a brute force attack, using a standard PC Making systems more secure, 2013 Slide 10
  • 11. Making systems more secure, 2013 Slide 11
  • 12. Making systems more secure, 2013 Slide 12
  • 13. Making systems more secure, 2013 Slide 13
  • 14. Making systems more secure, 2013 Slide 14
  • 15. Encryption • Encryption is the process of encoding information in such a way that it is not directly readable. A key is required to decrypt the information and understand it • A systematic transformation is applied to the information, based on the key, to transform it to a different form. • The original information can only be recovered if the reader has the key that can be used to reverse the transformation Making systems more secure, 2013 Slide 15
  • 16. Example of encryption here Making systems more secure, 2013 Slide 16
  • 17. • Used sensibly, encryption can contribute to cybersecurity improvement but is not an answer in itself – Security of encryption keys – Inconvenience of encryption leads to patchy utilisation and user frustration – Risk of key loss or corruption – information is completely lost (and backups don’t help) – Can make recovery more difficult Making systems more secure, 2013 Slide 17
  • 18. Awareness • Educate users into the importance of cyber security and provide information that supports their secure use of computer systems • Be open about incidents that may have occurred Making systems more secure, 2013 Slide 18
  • 19. Awareness • Take into account how people really are rather than how you might like them to be • People have human failings and inevitably will make mistakes Making systems more secure, 2013 Slide 19
  • 20. • Bad security advice – Many security guidelines and rules are unrealistic and cannot be followed in practice by users – Use a different password for every website you visit Making systems more secure, 2013 Slide 20
  • 21. • Good security advice – If you use the same password for everything, an attacker can get access to your accounts if they find that out – Use a different passwords for all online bank accounts and only reuse passwords when you don’t really care about the accounts Making systems more secure, 2013 Slide 21
  • 22. Procedures • Businesses should design appropriate procedures based around the value of the assets that are being protected • If you simply apply the most secure procedures to all information, this will disrupt work and users are more likely to try to circumvent these procedures Making systems more secure, 2013 Slide 22
  • 23. • If information is not confidential, then it often makes sense to make it public • This reduces the need for users to authenticate to access the information Making systems more secure, 2013 Slide 23
  • 24. • Cybersecurity awareness procedures for all staff including the most senior management • Recognise reality – people will use phones and tablets and derive procedures for their safe use Making systems more secure, 2013 Slide 24
  • 25. Monitoring and logging • Monitoring and logging means that you record all user actions and so keep track of all accesses to the system Making systems more secure, 2013 Slide 25
  • 26. • Use tools to scan log frequently looking for anomalies • Can be an important deterrent to insider attacks if attackers know that they have a chance of being discovered through the logging system Making systems more secure, 2013 Slide 26
  • 27. Summary • Improving cybersecurity depends on – Deterrence – Awareness – Effective procedures – Monitoring and logging Making systems more secure, 2013 Slide 27