Submit Search
Upload
Chapter 1 Introduction to Security
•
Download as PPTX, PDF
•
5 likes
•
4,379 views
Dr. Ahmed Al Zaidy
Follow
CompTIA Security+ Guide to Network Security Fundamentals, Sixth Edition
Read less
Read more
Education
Report
Share
Report
Share
1 of 38
Download now
Recommended
Chapter 2 Malware and Social Engineering Attacks
Chapter 2 Malware and Social Engineering Attacks
Dr. Ahmed Al Zaidy
Chapter 3 Basic Cryptography
Chapter 3 Basic Cryptography
Dr. Ahmed Al Zaidy
System security
System security
sommerville-videos
Chapter 11 Authentication and Account Management
Chapter 11 Authentication and Account Management
Dr. Ahmed Al Zaidy
Chapter 5 Networking and Server Attacks
Chapter 5 Networking and Server Attacks
Dr. Ahmed Al Zaidy
Chapter 7 Administering a Secure Network
Chapter 7 Administering a Secure Network
Dr. Ahmed Al Zaidy
Chapter 2 Presentation
Chapter 2 Presentation
Amy McMullin
Chapter 4
Chapter 4
Amy McMullin
Recommended
Chapter 2 Malware and Social Engineering Attacks
Chapter 2 Malware and Social Engineering Attacks
Dr. Ahmed Al Zaidy
Chapter 3 Basic Cryptography
Chapter 3 Basic Cryptography
Dr. Ahmed Al Zaidy
System security
System security
sommerville-videos
Chapter 11 Authentication and Account Management
Chapter 11 Authentication and Account Management
Dr. Ahmed Al Zaidy
Chapter 5 Networking and Server Attacks
Chapter 5 Networking and Server Attacks
Dr. Ahmed Al Zaidy
Chapter 7 Administering a Secure Network
Chapter 7 Administering a Secure Network
Dr. Ahmed Al Zaidy
Chapter 2 Presentation
Chapter 2 Presentation
Amy McMullin
Chapter 4
Chapter 4
Amy McMullin
Network security and protocols
Network security and protocols
Online
Types of cyber attacks
Types of cyber attacks
krishh sivakrishna
Cia security model
Cia security model
Imran Ahmed
Chapter2 the need to security
Chapter2 the need to security
Dhani Ahmad
Web Application Security
Web Application Security
Abdul Wahid
Chapter 9 Client and application Security
Chapter 9 Client and application Security
Dr. Ahmed Al Zaidy
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
System security
System security
invertis university
Types of attacks
Types of attacks
Vivek Gandhi
Computer Security Presentation
Computer Security Presentation
PraphullaShrestha1
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
The CIA triad.pptx
The CIA triad.pptx
GulnurAzat
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
Bharath Rao
Cyber Security Best Practices
Cyber Security Best Practices
Evolve IP
Threats to information security
Threats to information security
swapneel07
Chapter 1 Presentation
Chapter 1 Presentation
Amy McMullin
Security threats and attacks in cyber security
Security threats and attacks in cyber security
Shri ramswaroop college of engineering and management
Brute force-attack presentation
Brute force-attack presentation
Mahmoud Ibra
Chapter 14 Business Continuity
Chapter 14 Business Continuity
Dr. Ahmed Al Zaidy
Firewalls
Firewalls
Ram Dutt Shukla
Chapter 13 Vulnerability Assessment and Data Security
Chapter 13 Vulnerability Assessment and Data Security
Dr. Ahmed Al Zaidy
Whitman_Ch02.pptx
Whitman_Ch02.pptx
Siphamandla9
More Related Content
What's hot
Network security and protocols
Network security and protocols
Online
Types of cyber attacks
Types of cyber attacks
krishh sivakrishna
Cia security model
Cia security model
Imran Ahmed
Chapter2 the need to security
Chapter2 the need to security
Dhani Ahmad
Web Application Security
Web Application Security
Abdul Wahid
Chapter 9 Client and application Security
Chapter 9 Client and application Security
Dr. Ahmed Al Zaidy
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
System security
System security
invertis university
Types of attacks
Types of attacks
Vivek Gandhi
Computer Security Presentation
Computer Security Presentation
PraphullaShrestha1
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
The CIA triad.pptx
The CIA triad.pptx
GulnurAzat
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
Bharath Rao
Cyber Security Best Practices
Cyber Security Best Practices
Evolve IP
Threats to information security
Threats to information security
swapneel07
Chapter 1 Presentation
Chapter 1 Presentation
Amy McMullin
Security threats and attacks in cyber security
Security threats and attacks in cyber security
Shri ramswaroop college of engineering and management
Brute force-attack presentation
Brute force-attack presentation
Mahmoud Ibra
Chapter 14 Business Continuity
Chapter 14 Business Continuity
Dr. Ahmed Al Zaidy
Firewalls
Firewalls
Ram Dutt Shukla
What's hot
(20)
Network security and protocols
Network security and protocols
Types of cyber attacks
Types of cyber attacks
Cia security model
Cia security model
Chapter2 the need to security
Chapter2 the need to security
Web Application Security
Web Application Security
Chapter 9 Client and application Security
Chapter 9 Client and application Security
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
System security
System security
Types of attacks
Types of attacks
Computer Security Presentation
Computer Security Presentation
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
The CIA triad.pptx
The CIA triad.pptx
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
Cyber Security Best Practices
Cyber Security Best Practices
Threats to information security
Threats to information security
Chapter 1 Presentation
Chapter 1 Presentation
Security threats and attacks in cyber security
Security threats and attacks in cyber security
Brute force-attack presentation
Brute force-attack presentation
Chapter 14 Business Continuity
Chapter 14 Business Continuity
Firewalls
Firewalls
Similar to Chapter 1 Introduction to Security
Chapter 13 Vulnerability Assessment and Data Security
Chapter 13 Vulnerability Assessment and Data Security
Dr. Ahmed Al Zaidy
Whitman_Ch02.pptx
Whitman_Ch02.pptx
Siphamandla9
Whitman_Ch11.pptx
Whitman_Ch11.pptx
Siphamandla9
Lecture 8- information technology slides
Lecture 8- information technology slides
Aiman Niazi
Lecture 5.pptx
Lecture 5.pptx
DuncanWachira3
Whitman_Ch05.pptx
Whitman_Ch05.pptx
Siphamandla9
Electronic CommerceSecurityCHAPTER 10© 2017 Cengage Learni.docx
Electronic CommerceSecurityCHAPTER 10© 2017 Cengage Learni.docx
budabrooks46239
BSAD 372 SPRING 2017 CH 10
BSAD 372 SPRING 2017 CH 10
Janice Robinson
Chapter 15 Risk Mitigation
Chapter 15 Risk Mitigation
Dr. Ahmed Al Zaidy
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
wkyra78
Information Technology Security Basics
Information Technology Security Basics
Mohan Jadhav
Whitman_Ch12.pptx
Whitman_Ch12.pptx
Siphamandla9
Chapter 12 Access Management
Chapter 12 Access Management
Dr. Ahmed Al Zaidy
Digital Forensics_Lecture.pptx
Digital Forensics_Lecture.pptx
khalifaAlMarzooqi3
Whitman_Ch04.pptx
Whitman_Ch04.pptx
Siphamandla9
Chapter 4 Advanced Cryptography and P K I
Chapter 4 Advanced Cryptography and P K I
Dr. Ahmed Al Zaidy
Chapter 10 Mobile and Embedded Device Security
Chapter 10 Mobile and Embedded Device Security
Dr. Ahmed Al Zaidy
Security Design Principles.ppt
Security Design Principles.ppt
DrBasemMohamedElomda
Security Fundamentals and Threat Modelling
Security Fundamentals and Threat Modelling
Knoldus Inc.
Whitman_Ch01.pptx
Whitman_Ch01.pptx
Siphamandla9
Similar to Chapter 1 Introduction to Security
(20)
Chapter 13 Vulnerability Assessment and Data Security
Chapter 13 Vulnerability Assessment and Data Security
Whitman_Ch02.pptx
Whitman_Ch02.pptx
Whitman_Ch11.pptx
Whitman_Ch11.pptx
Lecture 8- information technology slides
Lecture 8- information technology slides
Lecture 5.pptx
Lecture 5.pptx
Whitman_Ch05.pptx
Whitman_Ch05.pptx
Electronic CommerceSecurityCHAPTER 10© 2017 Cengage Learni.docx
Electronic CommerceSecurityCHAPTER 10© 2017 Cengage Learni.docx
BSAD 372 SPRING 2017 CH 10
BSAD 372 SPRING 2017 CH 10
Chapter 15 Risk Mitigation
Chapter 15 Risk Mitigation
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
Information Technology Security Basics
Information Technology Security Basics
Whitman_Ch12.pptx
Whitman_Ch12.pptx
Chapter 12 Access Management
Chapter 12 Access Management
Digital Forensics_Lecture.pptx
Digital Forensics_Lecture.pptx
Whitman_Ch04.pptx
Whitman_Ch04.pptx
Chapter 4 Advanced Cryptography and P K I
Chapter 4 Advanced Cryptography and P K I
Chapter 10 Mobile and Embedded Device Security
Chapter 10 Mobile and Embedded Device Security
Security Design Principles.ppt
Security Design Principles.ppt
Security Fundamentals and Threat Modelling
Security Fundamentals and Threat Modelling
Whitman_Ch01.pptx
Whitman_Ch01.pptx
More from Dr. Ahmed Al Zaidy
Chapter 14 Exploring Object-based Programming
Chapter 14 Exploring Object-based Programming
Dr. Ahmed Al Zaidy
Chapter 13 Programming for web forms
Chapter 13 Programming for web forms
Dr. Ahmed Al Zaidy
Chapter 12 Working with Document nodes and style sheets
Chapter 12 Working with Document nodes and style sheets
Dr. Ahmed Al Zaidy
Chapter 11 Working with Events and Styles
Chapter 11 Working with Events and Styles
Dr. Ahmed Al Zaidy
Chapter 10 Exploring arrays, loops, and conditional statements
Chapter 10 Exploring arrays, loops, and conditional statements
Dr. Ahmed Al Zaidy
Chapter 9 Getting Started with JavaScript
Chapter 9 Getting Started with JavaScript
Dr. Ahmed Al Zaidy
Chapter 8 Enhancing a website with multimedia
Chapter 8 Enhancing a website with multimedia
Dr. Ahmed Al Zaidy
Chapter 7 Designing a web form
Chapter 7 Designing a web form
Dr. Ahmed Al Zaidy
Chapter 6 Working with Tables and Columns
Chapter 6 Working with Tables and Columns
Dr. Ahmed Al Zaidy
Chapter 5 Designing for the mobile web
Chapter 5 Designing for the mobile web
Dr. Ahmed Al Zaidy
Chapter 4 Graphic Design with CSS
Chapter 4 Graphic Design with CSS
Dr. Ahmed Al Zaidy
Chapter 3 Designing a Page Layout
Chapter 3 Designing a Page Layout
Dr. Ahmed Al Zaidy
Chapter 2 Getting Started with CSS
Chapter 2 Getting Started with CSS
Dr. Ahmed Al Zaidy
Chapter 1 Getting Started with HTML5
Chapter 1 Getting Started with HTML5
Dr. Ahmed Al Zaidy
Integer overflows
Integer overflows
Dr. Ahmed Al Zaidy
testing throughout-the-software-life-cycle-section-2
testing throughout-the-software-life-cycle-section-2
Dr. Ahmed Al Zaidy
Fundamental of testing
Fundamental of testing
Dr. Ahmed Al Zaidy
Chapter 8 Wireless Network Security
Chapter 8 Wireless Network Security
Dr. Ahmed Al Zaidy
Chapter 6Network Security Devices, Design, and Technology
Chapter 6Network Security Devices, Design, and Technology
Dr. Ahmed Al Zaidy
More from Dr. Ahmed Al Zaidy
(19)
Chapter 14 Exploring Object-based Programming
Chapter 14 Exploring Object-based Programming
Chapter 13 Programming for web forms
Chapter 13 Programming for web forms
Chapter 12 Working with Document nodes and style sheets
Chapter 12 Working with Document nodes and style sheets
Chapter 11 Working with Events and Styles
Chapter 11 Working with Events and Styles
Chapter 10 Exploring arrays, loops, and conditional statements
Chapter 10 Exploring arrays, loops, and conditional statements
Chapter 9 Getting Started with JavaScript
Chapter 9 Getting Started with JavaScript
Chapter 8 Enhancing a website with multimedia
Chapter 8 Enhancing a website with multimedia
Chapter 7 Designing a web form
Chapter 7 Designing a web form
Chapter 6 Working with Tables and Columns
Chapter 6 Working with Tables and Columns
Chapter 5 Designing for the mobile web
Chapter 5 Designing for the mobile web
Chapter 4 Graphic Design with CSS
Chapter 4 Graphic Design with CSS
Chapter 3 Designing a Page Layout
Chapter 3 Designing a Page Layout
Chapter 2 Getting Started with CSS
Chapter 2 Getting Started with CSS
Chapter 1 Getting Started with HTML5
Chapter 1 Getting Started with HTML5
Integer overflows
Integer overflows
testing throughout-the-software-life-cycle-section-2
testing throughout-the-software-life-cycle-section-2
Fundamental of testing
Fundamental of testing
Chapter 8 Wireless Network Security
Chapter 8 Wireless Network Security
Chapter 6Network Security Devices, Design, and Technology
Chapter 6Network Security Devices, Design, and Technology
Recently uploaded
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdf
akmcokerachita
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docx
UnboundStockton
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Celine George
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
Celine George
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
Virag Sontakke
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdf
adityarao40181
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
iammrhaywood
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
RaymartEstabillo3
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
SafetyChain Software
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
sanyamsingh5019
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
GeoBlogs
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
SoniaTolstoy
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
pboyjonauth
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
iammrhaywood
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Krashi Coaching
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
Celine George
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
socialsciencegdgrohi
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
Virag Sontakke
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
Mahmoud M. Sallam
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
thorishapillay1
Recently uploaded
(20)
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdf
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docx
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdf
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
Chapter 1 Introduction to Security
1.
1 CompTIA Security+ Guide
to Network Security Fundamentals, Sixth Edition Chapter 1 Introduction to Security © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
2.
Objectives 1.1 Describe the
challenges of securing information 1.2 Define information security and explain why it is important 1.2 Identify the types of attackers that are common today 1.3 Describe the five basic principles of defense © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
3.
3 Challenges of Securing
Information • Securing information • No simple solution • Many different types of attacks • Defending against attacks is often difficult © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
4.
4 Today’s Security Attacks •
Examples of recent attacks • Remotely controlling a car • Tampering with aircraft systems • Yahoo accounts compromised by attackers • USB flash drive malware/USB Killer • WINVote voting machine tampering • Vtech security breach • Stolen data from the European Space Agency • IRS fraud • Hyatt Hotels Corporation hacked © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
5.
5 Reasons for Successful
Attacks • Widespread vulnerabilities • Configuration issues • Poorly designed software • Hardware limitations • Enterprise-based issues © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
6.
6 Difficulties in Defending
Against Attacks Reason Description Universally connected devices Attackers from anywhere in the world can send attacks Increased speed of attacks Attackers can launch attacks against millions of computer within minutes Greater sophistication of attacks Attack tools vary their behavior so the same attack appears differently each time Availability and simplicity of attack tools Attacks are no longer limited to highly skilled attackers Faster detection of vulnerabilities Attackers can discover security holes in hardware or software more quickly Delays in security updating Vendors are overwhelmed trying to keep pace updating their products against the latest attacks Weak security update distribution Many software products lack a means to distribute security updates in a timely fashion Distributed attacks Attackers use thousands of computers in an attack against a single computer or network Use of personal devices Enterprises are having difficulty providing security for a wide array of personal devices User confusion Users are required to make difficult security decisions with little or no instruction © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
7.
7 What is Information
Security? • Before defense is possible, one must understand: • Exactly what security is • How security relates to information security • The terminology that relates to information security © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
8.
8 Understanding Security • Security
is: • To be free from danger is the goal • The process that achieves that freedom • As security is increased, convenience is often decreased • The more secure something is, the less convenient it may become to use © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
9.
9 Defining Information Security
(1 of 4) • Information security - the tasks of securing information that is in a digital format: • Manipulated by a microprocessor • Preserved on a storage device • Transmitted over a network • Information security goal - to ensure that protective measures are properly implemented to ward off attacks and prevent the total collapse of the system when a successful attack occurs © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
10.
10 Defining Information Security
(2 of 4) • Three types of information protection (often called CIA) : • Confidentiality -Only approved individuals may access information • Integrity -Information is correct and unaltered • Availability -Information is accessible to authorized users © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
11.
11 Defining Information Security
(3 of 4) © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
12.
12 Defining Information Security
(4 of 4) Layer Description Products Form the security around the data. May be as basic as door locks or as complicated as network security equipment. People Those who implement and properly use security products to protect data. Policies and procedures Plans and policies established by an enterprise to ensure that people correctly use the products. © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
13.
13 Information Security Terminology
(1 of 4) • Asset • Item that has value • Threat • Type of action that has the potential to cause harm • Threat actor • A person or element with power to carry out a threat © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
14.
14 Information Security Terminology
(2 of 4) © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
15.
15 Information Security Terminology
(3 of 4) • Vulnerability • Flaw or weakness that allows a threat agent to bypass security • Threat vector • The means by which an attack can occur • Risk • A situation that involves exposure to some type of danger • Risk response techniques: • Accept – risk is acknowledged but no steps are taken to address it • Transfer – transfer risk to a third party • Avoid – identifying risk but making the decision to not engage in the activity • Mitigate – attempt to address risk by making the risk less serious © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
16.
16 Information Security Terminology
(4 of 4) Term Example in Scooter scenario Example in information security Asset Scooter Employee database Threat Steal scooter Steal data Threat actor Thief Attacker, hurricane Vulnerability Hole in fence Software defect Attack vector Climb through hole in fence Access web server passwords through flaw in operating system Likelihood Probability of scooter stolen Likelihood of virus infection Risk Stolen scooter Virus infection or stolen data © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
17.
17 Understanding the Importance
of Information Security • Information security can be helpful in: • Preventing data theft • Thwarting identity theft • Avoiding the legal consequences of not securing information • Maintaining productivity • Foiling cyberterrorism © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
18.
18 Preventing Data Theft •
Preventing data from being stolen is often the primary objective of an organization’s information security • Enterprise data theft involves stealing proprietary business information • Personal data theft involves stealing credit card numbers © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
19.
19 Thwarting Identity Theft •
Identity theft • Stealing another person’s personal information • Usually using it for financial gain • Example: • Steal person’s SSN • Create new credit card account to charge purchases and leave them unpaid • File fraudulent tax returns © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
20.
20 Avoiding Legal Consequences •
Laws protecting electronic data privacy: • The Health Insurance Portability and Accountability Act of 1996 (HIPAA) • The Sarbanes-Oxley Act of 2002 (Sarbox) • The Gramm-Leach-Bliley Act (GLBA) • Payment Card Industry Data Security Standard (PCI DSS) • State notification and security laws -California’s Database Security Breach Notification Act (2003) © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
21.
21 Maintaining Productivity • Post-attack
clean up diverts resources away from normal activities • Time, money, and other resources • Table 1-6 shows the cost of attacks Number of total employees Average hourly salary Number of employees to combat attack Hours required to stop attack and clean up Total lost salaries Total lost hours of productivity 100 $25 1 48 $4066 81 250 $25 3 72 $17,050 300 500 $30 5 80 $28,333 483 1000 $30 10 96 $220,000 1293 © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
22.
22 Foiling Cyberterrorism • Cyberterrorism •
Any premeditated, politically motivated attack against information, computer systems, computer programs, and data • Designed to: • Cause panic • Provoke violence • Result in financial catastrophe • May be directed at targets such as the banking industry, military installations, power plants, air traffic control centers, and water systems © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
23.
23 Who Are the
Threat Actors? • Threat actor – a generic term used to describe individuals who launch attacks against other users and their computers • Most have a goal of financial gain • Financial cybercrime is often divided into two categories: • First category focuses on individuals as the victims • Second category focuses on enterprises and government • Different groups of threat actors can vary widely, based on: • Attributes • Funding and resources • Whether internal or external to the enterprise or organization • Intent and motivation © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
24.
24 Script Kiddies (1
of 2) • Script kiddies - individuals who want to attack computers yet they lack the knowledge of computers and network needed to do so • They download automated hacking software (scripts) from websites • Over 40 percent of attacks require low or no skills © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
25.
25 Script Kiddies (2
of 2) © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
26.
26 Hactivists • Hactivists -
attackers who attack for ideological reasons that are generally not as well-defined as a cyberterrorist’s motivation • Examples of hactivist attacks: • Breaking into a website and changing the contents on the site to make a political statement • Disabling a website belonging to a bank because the bank stopped accepting payments that were deposited into accounts belonging to the hactivists © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
27.
27 Nation State Actors •
Nation state actor - an attacker commissioned by the governments to attack enemies’ information systems • May target foreign governments or even citizens of the government who are considered hostile or threatening • Known for being well-resourced and highly trained • Advanced Persistent Threat (APT) - multiyear intrusion campaign that targets highly sensitive economic, proprietary, or national security information © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
28.
28 Insiders • Employees, contractors,
and business partners • Over 58 percent of breaches attributed to insiders • Examples of insider attacks: • Health care worker may publicize celebrities’ health records -Disgruntled over upcoming job termination • Stock trader might conceal losses through fake transactions • Employees may be bribed or coerced into stealing data before moving to a new job © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
29.
29 Other Threat Actors Threat
Actor Description Explanation Competitors Launch attack against an opponent’s system to steal classified information Competitors may steal new product research or list of current customers to gain a competitive advantage Organized crime Moving from traditional criminal activities to more rewarding and less risky online attacks Criminal networks are usually run by a small number of experienced online criminal networks who do not commit crimes themselves but act as entrepreneurs Brokers Sell their knowledge of a vulnerability to other attackers or governments Individuals who uncover vulnerabilities do not report it to the software vendor but instead sell them to the highest bidder Cyberterrorists Attack a nation’s network and computer infrastructure to cause disruption and panic among citizens Targets may include a small group of computers or networks that can affect the largest number of users, such as the computers that control the electrical power grid of a state or region © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
30.
30 Defending Against Attacks •
Five fundamental security principles for defenses: • Layering • Limiting • Diversity • Obscurity • Simplicity © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
31.
31 Layering • Information security
must be created in layers • A single defense mechanism may be easy to circumvent • Making it unlikely that an attacker can break through all defense layers • Layered security approach (also called defense-in-depth) • Can be useful in resisting a variety of attacks • Provides the most comprehensive protection © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
32.
32 Limiting • Limiting access
to information: • Reduces the threat against it • Only those who must use data should be granted access • Should be limited to only what they need to do their job • Methods of limiting access • Technology-based - such as file permissions • Procedural - such as prohibiting document removal from premises © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
33.
33 Diversity • Closely related
to layering • Layers must be different (diverse) • If attackers penetrate one layer: • Same techniques will be unsuccessful in breaking through other layers • Breaching one security layer does not compromise the whole system • Example of diversity • Using security products from different manufacturers • Groups who are responsible for regulating access (control diversity) are different © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
34.
34 Obscurity • Obscuring inside
details to outsiders • Example: not revealing details • Type of computer • Operating system version • Brand of software used • Difficult for attacker to devise attack if system details are unknown © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
35.
35 Simplicity • Nature of
information security is complex • Complex security systems: • Can be difficult to understand and troubleshoot • Are often compromised for ease of use by trusted users • A secure system should be simple from the inside • But complex from the outside © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
36.
36 Frameworks and Reference
Architectures • Industry-standard frameworks and reference architectures • Provide a resource of how to create a secure IT environment • Give an overall program structure and security management guidance to implement and maintain an effective security program • Various frameworks/architectures are specific to a particular sector (industry-specific frameworks) • Such as the financial industry • Some frameworks/architectures are domestic • While other s are world wide © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
37.
37 Chapter Summary (1
of 2) • Information security attacks have grown exponentially in recent years • There are many reasons for the high number of successful attacks • It is difficult to defend against today’s attacks • Information security protects information’s integrity, confidentiality, and availability: • On devices that store, manipulate, and transmit information • Using products, people, and procedures © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
38.
38 Chapter Summary (2
of 2) • Main goals of information security • Prevent data theft • Thwart identity theft • Avoid legal consequences of not securing information • Maintain productivity • Foil cyberterrorism • Threat actors fall into several categories and exhibit different attributes • Although multiple defenses may be necessary to withstand the steps of an attack, these defenses should be based on five security principles: • Layering, limiting, diversity, obscurity, and simplicity © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
Download now