IT Security Awareness    January 24, 2011    Madison College       Chapter 1Introduction to Security
Objectives                 After completing this chapter, you should be able to                 do the following:         ...
Challenges of Securing                          Information                  • No single simple solution to               ...
Today’s Security Attacks                                  • Typical monthly security newsletter                           ...
Today’s Security Attacks                 (cont’d.)                 • Security statistics                       – 45 millio...
Course Technology/Cengage Learning                           Table 1-1 Selected security breaches involving               ...
Difficulties in Defending Against Attacks                    • Speed of attacks                    • Greater sophisticatio...
Difficulties in Defending                 Against Attacks (cont’d.)                    Figure 1-1 Increased sophistication...
Difficulties in Defending                 Against Attacks (cont’d.)                    Figure 1-2 Menu of attack tools    ...
Difficulties in Defending                 Against Attacks (cont’d.)              Table 1-2 Difficulties in defending again...
What Is Information Security?            • Understand what information              security is            • Why is inform...
Defining Information Security                 • Security                    – State of freedom from a danger or risk      ...
Defining Information                 Security (cont’d.)                 • Characteristics of information that must be     ...
Defining Information                 Security (cont’d.)                          Figure1-3 Information security components...
Defining Information Security(cont’d.)           Table 1-3 Information security layers           Course Technology/Cengage...
Information Security Terminology              • Asset                 – Something that has a value              • Threat  ...
Information Security Terminology            (cont’d.)                 • Vulnerability                    – Weakness that a...
Information Security                 Terminology (cont’d.)                Table 1-4 Security information                  ...
Understanding the Importance of     Information Security                    • Preventing data theft                       ...
Understanding the Importance of Information Security (cont’d.)                 • Avoiding legal consequences              ...
Understanding the Importance ofInformation Security (cont’d.)                • Maintaining productivity                   ...
Who Are the Attackers?                 • Divided into several categories                       – Hackers                  ...
Hackers                  • Debated definition of hacker                        – Identify anyone who illegally breaks     ...
Script Kiddies                 • Unskilled users                 • Use automated hacking software                 • Do not...
• Person who has been hired to break into aSpies             computer and steal information                • Do not random...
Employees                   • Reasons for attacks by employees                         – Show company weakness in security...
Cybercriminals                    • Loose-knit network of attackers, identity thieves,                      and financial ...
Cybercriminals (cont’d.)  Table 1-6 Eastern European promotion of cybercriminals  Course Technology/Cengage LearningSecuri...
Cyberterrorists                 • Motivated by ideology                 • Sometimes considered attackers                  ...
Attacks and Defenses       • Same basic steps are used in most         attacks       • Protecting computers against these ...
Steps of an Attack         • Probe for information         • Penetrate any defenses         • Modify security settings    ...
Figure 1-5 Steps of an attackSecurity Awareness, 3rd Edition                                   33
Defenses Against Attacks                 • Layering                    – If one layer is penetrated, several more layers  ...
Defenses Against Attacks                 (cont’d.)                 • Diversity                    – Important that securit...
Building a Comprehensive                 Security Strategy                 • Block attacks                       – Strong ...
Building a Comprehensive                 Security Strategy (cont’d.)                 • Minimize losses                    ...
Summary                 • Attacks against information security have grown                   exponentially in recent years ...
Summary (cont’d.)                 • Several types of people are typically                   behind computer attacks       ...
It security awareness overview
Upcoming SlideShare
Loading in...5
×

It security awareness overview

738

Published on

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
738
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
54
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "It security awareness overview"

  1. 1. IT Security Awareness January 24, 2011 Madison College Chapter 1Introduction to Security
  2. 2. Objectives After completing this chapter, you should be able to do the following: •Describe the challenges of securing information •Define information security and explain why it is important •Identify the types of attackers that are common today •List the basic steps of an attack •Describe the steps in a defense and a comprehensive defense strategySecurity Awareness, 3rd Edition 2
  3. 3. Challenges of Securing Information • No single simple solution to protecting computers and securing information • Different types of attacks • Difficulties in defending against these attacks (Speed, Greater Sophistication, Simplicity, Delays in Patching, User Confusion)Security Awareness, 3rd Edition 3
  4. 4. Today’s Security Attacks • Typical monthly security newsletter – Malicious program was introduced in the manufacturing process of a popular brand of digital photo frames – E-mail claiming to be from the United Nations (U.N.) ‘‘Nigerian Government Reimbursement Committee’’ is sent to unsuspecting users – ‘‘Booby-trapped’’ Web pages are growing at an increasing rate – Mac computers can be theSecurity Awareness, 3rd Edition victim of attackers 4
  5. 5. Today’s Security Attacks (cont’d.) • Security statistics – 45 million credit and debit card numbers stolen – Number of security breaches continues to rise – Recent report revealed that of 24 federal government agencies overall grade was only ‘‘C-’’Security Awareness, 3rd Edition 5
  6. 6. Course Technology/Cengage Learning Table 1-1 Selected security breaches involving personal information in a three-month periodSecurity Awareness, 3rd Edition 6
  7. 7. Difficulties in Defending Against Attacks • Speed of attacks • Greater sophistication of attacks • Simplicity of attack tools • Quicker detection of vulnerabilities – Zero day attack • Delays in patching products • Distributed attacks • User confusion Security Awareness, 3rd Edition 7
  8. 8. Difficulties in Defending Against Attacks (cont’d.) Figure 1-1 Increased sophistication of attack tools Course Technology/Cengage LearningSecurity Awareness, 3rd Edition 8
  9. 9. Difficulties in Defending Against Attacks (cont’d.) Figure 1-2 Menu of attack tools Course Technology/Cengage LearningSecurity Awareness, 3rd Edition 9
  10. 10. Difficulties in Defending Against Attacks (cont’d.) Table 1-2 Difficulties in defending against attacksSecurity Awareness, 3rd Edition 10
  11. 11. What Is Information Security? • Understand what information security is • Why is information security important today? • Who are the attackers?Security Awareness, 3rd Edition 11
  12. 12. Defining Information Security • Security – State of freedom from a danger or risk • Information security – Tasks of guarding information that is in a digital format – Ensures that protective measures are properly implemented – Protect information that has value to people and organizations • Value comes from the characteristics of the informationSecurity Awareness, 3rd Edition 12
  13. 13. Defining Information Security (cont’d.) • Characteristics of information that must be protected by information security – Confidentiality – Integrity – Availability • Achieved through a combination of three entities – Products – People – ProceduresSecurity Awareness, 3rd Edition 13
  14. 14. Defining Information Security (cont’d.) Figure1-3 Information security components Course Technology/Cengage LearningSecurity Awareness, 3rd Edition 14
  15. 15. Defining Information Security(cont’d.) Table 1-3 Information security layers Course Technology/Cengage Learning Security Awareness, 3rd Edition 15
  16. 16. Information Security Terminology • Asset – Something that has a value • Threat – Event or object that may defeat the security measures in place and result in a loss – By itself does not mean that security has been compromised • Threat agent – Person or thing that has the power to carry out a threat Security Awareness, 3rd Edition 16
  17. 17. Information Security Terminology (cont’d.) • Vulnerability – Weakness that allows a threat agent to bypass security • Exploiting the security weakness – Taking advantage of the vulnerability • Risk – Likelihood that a threat agent will exploit a vulnerability – Some degree of risk must always be assumed – Three options for dealing with riskSecurity Awareness, 3rd Edition 17
  18. 18. Information Security Terminology (cont’d.) Table 1-4 Security information terminologyCourse Technology/Cengage LearningSecurity Awareness, 3rd Edition 18
  19. 19. Understanding the Importance of Information Security • Preventing data theft – Theft of data is one of the largest causes of financial loss due to an attack – Affects businesses and individuals • Thwarting identity theft – Identity theft • Using someone’s personal information to establish bank or credit card accounts that are then left unpaid • Leaves the victim with debts and ruins their credit rating rd – Legislation continues to be enactedSecurity Awareness, 3 Edition 19
  20. 20. Understanding the Importance of Information Security (cont’d.) • Avoiding legal consequences – Federal and state laws that protect the privacy of electronic data • The Health Insurance Portability and Accountability Act of 1996 (HIPAA) • The Sarbanes-Oxley Act of 2002 (Sarbox) • The Gramm-Leach-Bliley Act (GLBA) • USA Patriot Act (2001) • The California Database Security Breach Act (2003) rd •Security Awareness, 3 Edition Children’s Online Privacy Protection 20 Act of 1998 (COPPA)
  21. 21. Understanding the Importance ofInformation Security (cont’d.) • Maintaining productivity – Lost wages and productivity during an attack and cleanup – Unsolicited e-mail message security risk • U.S. businesses forfeit $9 billion each year restricting spam • Foiling cyberterrorism – Could cripple a nation’s electronic and commercial infrastructure – ‘‘Information Security Problem’’ Security Awareness, 3rd Edition 21
  22. 22. Who Are the Attackers? • Divided into several categories – Hackers – Script kiddies – Spies – Employees – Cybercriminals – CyberterroristsSecurity Awareness, 3rd Edition 22
  23. 23. Hackers • Debated definition of hacker – Identify anyone who illegally breaks into or attempts to break into a computer system – Person who uses advanced computer skills to attack computers only to expose security flaws • ‘‘White Hats’Security Awareness, 3rd Edition 23
  24. 24. Script Kiddies • Unskilled users • Use automated hacking software • Do not understand the technology behind what they are doing • Often indiscriminately target a wide range of computersSecurity Awareness, 3rd Edition 24
  25. 25. • Person who has been hired to break into aSpies computer and steal information • Do not randomly search for unsecured computers • Hired to attack a specific computer or system • Goal – Break into computer or system – Take the information without drawing any attention to their actions Security Awareness, 3rd Edition 26
  26. 26. Employees • Reasons for attacks by employees – Show company weakness in security – Retaliation – Money – Blackmail – Carelessness Security Awareness, 3rd Edition 27
  27. 27. Cybercriminals • Loose-knit network of attackers, identity thieves, and financial fraudsters • Motivated by money • Financial cybercrime categories – Stolen financial data – Spam email to sell counterfeits and pornography Security Awareness, 3rd Edition 28
  28. 28. Cybercriminals (cont’d.) Table 1-6 Eastern European promotion of cybercriminals Course Technology/Cengage LearningSecurity Awareness, 3rd Edition 29
  29. 29. Cyberterrorists • Motivated by ideology • Sometimes considered attackers that should be feared mostSecurity Awareness, 3rd Edition 30
  30. 30. Attacks and Defenses • Same basic steps are used in most attacks • Protecting computers against these steps – Calls for five fundamental security principlesSecurity Awareness, 3rd Edition 31
  31. 31. Steps of an Attack • Probe for information • Penetrate any defenses • Modify security settings • Circulate to other systems • Paralyze networks and devicesSecurity Awareness, 3rd Edition 32
  32. 32. Figure 1-5 Steps of an attackSecurity Awareness, 3rd Edition 33
  33. 33. Defenses Against Attacks • Layering – If one layer is penetrated, several more layers must still be breached – Each layer is often more difficult or complicated than the previous – Useful in resisting a variety of attacks • Limiting – Limiting access to information reduces the threat against it – Technology-based and procedural methodsSecurity Awareness, 3rd Edition 34
  34. 34. Defenses Against Attacks (cont’d.) • Diversity – Important that security layers are diverse – Breaching one security layer does not compromise the whole system • Obscurity – Avoiding clear patterns of behavior make attacks from the outside much more difficult • Simplicity – Complex security systems can be hard to understand, troubleshoot, and feel secure aboutSecurity Awareness, 3rd Edition 35
  35. 35. Building a Comprehensive Security Strategy • Block attacks – Strong security perimeter • Part of the computer network to which a personal computer is attached – Local security important too • Update defenses – Continually update defenses to protect information against new types of attacksSecurity Awareness, 3rd Edition 36
  36. 36. Building a Comprehensive Security Strategy (cont’d.) • Minimize losses – Realize that some attacks will get through security perimeters and local defenses – Make backup copies of important data – Business recovery policy • Send secure information – ‘‘Scramble’’ data so that unauthorized eyes cannot read it – Establish a secure electronic link between the sender and receiverSecurity Awareness, 3rd Edition 37
  37. 37. Summary • Attacks against information security have grown exponentially in recent years • Difficult to defend against today’s attacks • Information security definition – That which protects the integrity, confidentiality, and availability of information • Main goals of information security – Prevent data theft, thwart identity theft, avoid the legal consequences of not securing information, maintain productivity, and foil cyberterrorismSecurity Awareness, 3rd Edition 38
  38. 38. Summary (cont’d.) • Several types of people are typically behind computer attacks • Five general steps that make up an attack • Practical, comprehensive security strategy involves four key elementsSecurity Awareness, 3rd Edition 39
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×