SlideShare a Scribd company logo

IT Security.pdf

M
ManassahIjudigal

IT Security Presentation in for individuals

Technology
1 of 39
Download to read offline
We are here.
IT SECURITY & INTERNET SAFETY
Objectives • IT Security • The CIA Triad • IT Security Terminologies • Types of attack • Security Measures/being safe online • Internet safety
Security Security generally refers to the state of being protected from harm, danger, or threats
IT Security Also known as cybersecurity, is a specialized field focused on protecting computer systems, networks, data, and information from unauthorized access, attacks, damage, and disruptions
The CIA Triad Is a foundational model used in information security to guide the design and implementation of security measures. The triad consists of three core principles that represent the goals and objectives of information security:
The Core CIA Triad 1. Confidentiality: Ensures that information is accessible only to authorized individuals or entities. Confidentiality aims to prevent unauthorized access, disclosure, or exposure of sensitive information. 2. Integrity: Integrity refers to the accuracy, consistency, and reliability of data and information. It involves protecting data from unauthorized modification, alteration, or tampering. Maintaining data integrity ensures that information remains accurate and trustworthy. 3. Availability: Availability concerns the accessibility and usability of data and services when needed. It involves preventing disruptions, downtime, or denial of access to authorized users.
CIA Triad Extended… Authenticity 4.Ensuring that information comes from a reliable and trustworthy source, and that its origin can be verified. Digital signatures and public key infrastructure (PKI) help establish authenticity. Non-Repudiation 5. This principle prevents individuals from denying their involvement in a transaction or action. It ensures that both sender and receiver cannot deny their participation in a communication or transaction. Accountability 6. Holding individuals or entities responsible for their actions within an information system. Logging, auditing, and access controls contribute to establishing accountability. Privacy 7.Safeguarding individuals' personal information and ensuring compliance with privacy laws and regulations.
IT Security Terminologies • Exploit • Risk • Vulnerability • Firewall • Threat • Attack
Risk: refers to the potential for harm, damage, loss, or negative impact that could result from the exploitation of vulnerabilities by threats. In simpler terms, it's the possibility of something going wrong in the digital realm that could lead to adverse consequences. Exploit: refers to a piece of code, software, or technique that takes advantage of a vulnerability or weakness in a computer system, software application, or network to compromise its security. Vulnerability: refers to a weakness, flaw, or gap in the security measures of a system, software application, network, or process that could potentially be exploited by threats to compromise the system's confidentiality, integrity, or availability. Vulnerabilities can arise from various factors, including software bugs, design flaws, misconfigurations, or even human errors during development or maintenance.
Firewall A firewall is a network security device or software application that acts as a barrier between a trusted internal network and untrusted external networks, such as the internet. Its primary function is to monitor and control incoming and outgoing network traffic based on predetermined security rules.
Attack: refers to a deliberate, unauthorized, and malicious attempt to exploit vulnerabilities in a system, network, application, or process with the intention of compromising security, stealing data, causing damage, or disrupting normal operations. Attacks are carried out by individuals or groups known as threat actors, attackers, or hackers. Types of Attack: • Intrusion • Blocking • Malware Threat: refers to any potential danger, risk, or negative event that could exploit vulnerabilities in a system, network, application, or process to cause harm or compromise the security of digital assets. Threats encompass a wide range of malicious activities and events that pose risks to the confidentiality, integrity, and availability of data and systems.
Intrusion Also known as hacking, is gaining unauthorize access to or penetrating into a computer system, network, or application by an individual, group, or software with malicious intent. An intrusion involves bypassing security. Social Engineering Intrusion: Attackers manipulate human behavior to deceive individuals into revealing sensitive information or performing actions that compromise security.
Insider Intrusion: Authorized individuals within an organization misuse their privileges to gain unauthorized access or compromise data.
Insider Intrusion: Authorized individuals within an organization misuse their privileges to gain unauthorized access or compromise data. Password Guessing and Cracking: Attackers attempt to guess or crack passwords to gain unauthorized access to systems or accounts.
Insider Intrusion: Authorized individuals within an organization misuse their privileges to gain unauthorized access or compromise data. Password Guessing and Cracking: Attackers attempt to guess or crack passwords to gain unauthorized access to systems or accounts. shoulder surfing: is a type of social engineering technique used to obtain information such as personal identification numbers (PINs), passwords and other confidential data by looking over the victim's shoulder.
Insider Intrusion: Authorized individuals within an organization misuse their privileges to gain unauthorized access or compromise data. Password Guessing and Cracking: Attackers attempt to guess or crack passwords to gain unauthorized access to systems or accounts. shoulder surfing: is a type of social engineering technique used to obtain information such as personal identification numbers (PINs), passwords and other confidential data by looking over the victim's shoulder. Phishing Intrusion: Attackers trick individuals into revealing sensitive information or clicking on malicious links through fraudulent emails or messages.
Zero-Day Exploit Intrusion Man-in-the- Middle (MitM) Attacks Brute Force Attacks Attackers exploit vulnerabilities that are unknown to the vendor and unpatched. Attackers intercept and potentially alter communication between two parties, often without either party realizing their communication is compromised. Attackers attempt to gain unauthorized access by systematically trying all possible combinations of passwords until they find the correct one..
Blocking Attacks that are meant to prevent authorized access to information or resources are generally referred to as "Denial of Service" (DoS) attacks. These attacks are designed to disrupt the availability of systems, networks, or services, making them inaccessible to legitimate users.
Traditional DoS Attack: In a traditional DoS attack, the attacker overwhelms a target system or network with an excessive amount of traffic. This flood of traffic consumes the target's resources, such as bandwidth, processing power, or memory, causing the system to become slow or unresponsive. Distributed DoS (DDoS) Attack: In a DDoS attack, the attacker uses a network of compromised computers (botnet) to flood the target with traffic. This distributed approach makes DDoS attacks even more powerful and difficult to mitigate. Flood Attacks: Attackers send a large number of requests or packets to a target, saturating its capacity and causing it to become unresponsive. Forms of Blocking attacks
short for "malicious software," refers to any type of software or code specifically designed to harm, exploit, or compromise computer systems, networks, or devices. Malware is typically created with malicious intent and can take various forms, including viruses, worms, Trojans, spyware, adware, ransomware, and more. Its primary goal is to gain unauthorized access to or control over a system, steal sensitive information, disrupt normal operations, or extort users for financial gain. Malware
Viruses: These are programs that infect legitimate files and spread when those files are executed. They can attach themselves to other software and replicate when that software is run. Worms: Worms are self-replicating malware that can spread independently without attaching themselves to other files. They often exploit security vulnerabilities in networks to propagate quickly. Trojans: Trojans disguise themselves as legitimate software but contain malicious code. They often trick users into running them by appearing as useful or harmless applications. Spyware: This type of malware is designed to secretly collect information about a user's online activities, such as browsing habits, passwords, and personal information. Adware: Adware displays unwanted advertisements to users. While not always inherently harmful, it can be considered malware when it disrupts the user experience or collects data without consent.
Ransomware: Ransomware encrypts a victim's files or locks them out of their own system until a ransom is paid to the attacker. It has become a significant threat in recent years. Keyloggers: Keyloggers record the keystrokes of a user, allowing attackers to capture sensitive information like passwords and credit card details. Botnets: A botnet is a network of infected computers, known as "bots," that are controlled by a central command server. Botnets are often used for distributed denial-of-service (DDoS) attacks or spam distribution. Rootkits: Rootkits are designed to hide their presence and activities on a system, often granting unauthorized access to attackers while remaining undetected by regular security measures. Malvertising: This involves spreading malware through online advertisements. Attackers might inject malicious code into legitimate ads, causing them to deliver malware to users' devices.
Preventive Measures
Against Intrusion 1. Strong Authentication: Implement multi-factor authentication (MFA) to add an extra layer of security to user accounts, making it harder for unauthorized users to gain access. 2. Firewalls: Set up firewalls to monitor and control incoming and outgoing network traffic. Network firewalls can block unauthorized access attempts. 3. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS): Use IDS and IPS to monitor network traffic for suspicious patterns or behavior and take action to prevent unauthorized access. 4. Regular Security Audits: Conduct regular security audits to identify vulnerabilities and weaknesses in systems and applications. 5. Patching and Updates: Keep all software, operating systems, and applications up to date with the latest security patches to minimize known vulnerabilities. 6. Employee Training: Train employees on cybersecurity best practices, such as identifying phishing emails and avoiding clicking on suspicious links.
1. Strong passwords are based on a descriptive phrase or sentence that's easy for you to remember and hard for someone else to guess—like the first letters in words that make up a favorite title or song, the first letters of words in a sentence about something you did—and include a combination of letters, numbers, and symbols. For example, “I went to Western Elementary School for grade 3” could be used to build a password like: Iw2We$t4g3. 1. Moderate passwords are passwords that are strong and not easy for malicious software to guess, but could be guessed by someone who knows you (for example, IwenttoWestern). 2. Weak passwords commonly use personal information like a pet’s name, are easy to crack, and can be guessed by someone who knows you (for example, “IloveBuddy” or “Ilikechocolate”). Guidelines for creating strong passwords
Dos • Use a different password for each of your important accounts. • Use at least eight characters. The longer the better (as long as you can remember it!). • Use combinations of letters (uppercase and lowercase), numbers, and symbols. • Make your passwords memorable so you don’t need to write them down, which would be risky. • Immediately change your password if you think someone else knows it (besides a parent or guardian). • Change your passwords every now and then. • Always use strong screenlocks on your devices. Set your devices to automatically lock in case they end up in the wrong hands. • Consider using a password manager, such as one built into your browser, to remember your passwords. This way you can use a unique password for each of your accounts and not have to remember them all Don’ts • Donʼt use personal information (name, address, email, phone number, Social Security number, motherʼs maiden name, birth dates or even a pet’s name, etc.) in your password. • Donʼt use a password thatʼs easy to guess, like your nickname, chocolate, just the name of your school, favorite sports team, a string of numbers (like 123456), etc. And definitely don’t use the word ‘password”! • Donʼt share your password with anyone other than your parent or guardian. • Never write passwords down where someone can find them. Guidelines for creating strong passwords
Against Blocking 1. Traffic Filtering: Use traffic filtering mechanisms to identify and block malicious traffic that could be part of a denial of service attack. 2. Rate Limiting: Implement rate limiting to restrict the number of requests coming from a single IP address, preventing a single source from overwhelming the system. 3. Content Delivery Networks (CDNs): Employ CDNs to distribute web traffic across multiple servers, reducing the impact of a single point of failure in a denial of service attack. 4. DDoS Mitigation Services: Subscribe to DDoS mitigation services that can detect and absorb or redirect malicious traffic during an attack. 5. Load Balancing: Use load balancers to evenly distribute incoming traffic across multiple servers, preventing overload on any one server.
Against Malware 1. Antivirus and Antimalware Software: Install reputable antivirus and antimalware software to detect and remove malicious software from your systems. 2. Regular Scans: Schedule regular scans of systems and devices to identify and remove any malware that might be present. 3. Email Filtering: Use email filtering to block or quarantine emails containing known malware attachments or links. 4. Software Whitelisting: Implement software whitelisting to only allow approved applications to run on systems, preventing the execution of unauthorized or malicious software. 5. User Permissions: Assign appropriate user permissions to restrict the execution of files and applications to authorized users only. 6. Backup and Recovery: Regularly back up critical data and systems, so in case of a malware infection, you can restore your systems to a clean state.
INTERNET SAFETY
Google’s Be Internet Awesome
Share with Care Protecting yourself, your information and your privacy online • When not to share • Keeping it private • That’s not what I meant! • Frame it • Who is this person anyway? • How do others see us online?
Don’t Fall for Fake • Popups, catfishing and other scams • Who’s this ‘talking’ to me? • Is that really true? • Spotting untrustworthy information • If we were a search engine • Practicing Internet search
Secure Your Secrets • But that wasn’t me! • How to build a great password • Keep it to yourself Lesson
It’s Cool to Be Kind • Noticing feelings Lesson • Practicing empathy Lesson • Your kindness gram Lesson • Ways to show kindness Lesson • From negative to nice Lesson • About your tone Lesson • How words can change the whole picture
When in Doubt, Talk It Out • What does it mean to be brave? • From bystanders to helpers • Helpers have options! • Seeing upsetting stuff: What do I do? • Upsetting stuff online: What do I do? • What to do about mean stuff on screens • Handling mean behavior online • When to get help • Report it online, too
Thank you for your attention! For more information, visit www.zoa-international.com
We are here for our neighbours in need, who are suffering in this broken world. We are here for victims of conflict and disasters, who are seeking comfort, shelter and food. We are here for those who have lost everything, and are in danger of losing heart. We help people meet their immediate needs, providing food, clothing and access to clean water. We give communities a voice, restoring dignity and promoting choice. We remain faithful communities as they recover, helping them to get back on their feet. We are here. We are ZOA. www.zoa-international.com

Recommended

Cyber Security.docx
Cyber Security.docxCyber Security.docx
Cyber Security.docxTanushreeChakraborty27
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking pptNitesh Dubey
 
Data protection and security
Data protection and securityData protection and security
Data protection and securitynazar60
 
Computer security
Computer securityComputer security
Computer securitysruthiKrishnaG
 
Implications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdfImplications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdfsrtwgwfwwgw
 
Module 1.pdf
Module 1.pdfModule 1.pdf
Module 1.pdfSitamarhi Institute of Technology
 
module 1 Cyber Security Concepts
module 1 Cyber Security Conceptsmodule 1 Cyber Security Concepts
module 1 Cyber Security ConceptsSitamarhi Institute of Technology
 

Recommended

Cyber Security.docx
Cyber Security.docxCyber Security.docx
Cyber Security.docxTanushreeChakraborty27
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking pptNitesh Dubey
 
Data protection and security
Data protection and securityData protection and security
Data protection and securitynazar60
 
Computer security
Computer securityComputer security
Computer securitysruthiKrishnaG
 
Implications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdfImplications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdfsrtwgwfwwgw
 
Module 1.pdf
Module 1.pdfModule 1.pdf
Module 1.pdfSitamarhi Institute of Technology
 
module 1 Cyber Security Concepts
module 1 Cyber Security Conceptsmodule 1 Cyber Security Concepts
module 1 Cyber Security ConceptsSitamarhi Institute of Technology
 
Insecurity vssut
Insecurity vssutInsecurity vssut
Insecurity vssutRAVIKUMAR Digital Signal Processing
 
COMPUTER APPLICATIONS Module 4.pptx
COMPUTER APPLICATIONS Module 4.pptxCOMPUTER APPLICATIONS Module 4.pptx
COMPUTER APPLICATIONS Module 4.pptxArti Parab Academics
 
Cybersecurity and Risk Management Technology
Cybersecurity and Risk Management TechnologyCybersecurity and Risk Management Technology
Cybersecurity and Risk Management TechnologyMohammad Febri
 
cyber security
cyber security cyber security
cyber security NiharikaVoleti
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 
Cybersecurity from A to Z
Cybersecurity from A to ZCybersecurity from A to Z
Cybersecurity from A to ZTelefónica Business Solutions
 
Cyber security
Cyber security Cyber security
Cyber security ankit yadav
 
Network security presentation
Network security presentationNetwork security presentation
Network security presentationKudzai Rerayi
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hackingchakrekevin
 
Cyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptxCyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptxhimanshuratnama
 
ABP 23.pptx
ABP 23.pptxABP 23.pptx
ABP 23.pptxSidakSingh43
 
Cyber Ethics Notes.pdf
Cyber Ethics Notes.pdfCyber Ethics Notes.pdf
Cyber Ethics Notes.pdfAnupmaMunshi
 
Website security
Website securityWebsite security
Website securityRIPPER95
 
Computer security and
Computer security andComputer security and
Computer security andRana Usman Sattar
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Health information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and riskHealth information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and riskDr. Lasantha Ranwala
 
Cyber Crime and Security Ch 1 .ppt
Cyber Crime and Security Ch 1 .pptCyber Crime and Security Ch 1 .ppt
Cyber Crime and Security Ch 1 .pptwaleejhaider1
 
Network srcurity
Network srcurityNetwork srcurity
Network srcuritysheikhparvez4
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securityAliyuMuhammadButu
 
Introduction to cyber security i
Introduction to cyber security iIntroduction to cyber security i
Introduction to cyber security iEmmanuel Gbenga Dada (BSc, MSc, PhD)
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 

More Related Content

Similar to IT Security.pdf

Cybersecurity and Risk Management Technology
Cybersecurity and Risk Management TechnologyCybersecurity and Risk Management Technology
Cybersecurity and Risk Management TechnologyMohammad Febri
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 
Network security presentation
Network security presentationNetwork security presentation
Network security presentationKudzai Rerayi
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hackingchakrekevin
 
Cyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptxCyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptxhimanshuratnama
 
Cyber Ethics Notes.pdf
Cyber Ethics Notes.pdfCyber Ethics Notes.pdf
Cyber Ethics Notes.pdfAnupmaMunshi
 
Website security
Website securityWebsite security
Website securityRIPPER95
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Health information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and riskHealth information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and riskDr. Lasantha Ranwala
 
Cyber Crime and Security Ch 1 .ppt
Cyber Crime and Security Ch 1 .pptCyber Crime and Security Ch 1 .ppt
Cyber Crime and Security Ch 1 .pptwaleejhaider1
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securityAliyuMuhammadButu
 

Similar to IT Security.pdf (20)

Insecurity vssut
Insecurity vssutInsecurity vssut
Insecurity vssut
 
COMPUTER APPLICATIONS Module 4.pptx
COMPUTER APPLICATIONS Module 4.pptxCOMPUTER APPLICATIONS Module 4.pptx
COMPUTER APPLICATIONS Module 4.pptx
 
Cybersecurity and Risk Management Technology
Cybersecurity and Risk Management TechnologyCybersecurity and Risk Management Technology
Cybersecurity and Risk Management Technology
 
cyber security
cyber security cyber security
cyber security
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
 
Cybersecurity from A to Z
Cybersecurity from A to ZCybersecurity from A to Z
Cybersecurity from A to Z
 
Cyber security
Cyber security Cyber security
Cyber security
 
Network security presentation
Network security presentationNetwork security presentation
Network security presentation
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Cyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptxCyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptx
 
ABP 23.pptx
ABP 23.pptxABP 23.pptx
ABP 23.pptx
 
Cyber Ethics Notes.pdf
Cyber Ethics Notes.pdfCyber Ethics Notes.pdf
Cyber Ethics Notes.pdf
 
Website security
Website securityWebsite security
Website security
 
Computer security and
Computer security andComputer security and
Computer security and
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
Health information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and riskHealth information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and risk
 
Cyber Crime and Security Ch 1 .ppt
Cyber Crime and Security Ch 1 .pptCyber Crime and Security Ch 1 .ppt
Cyber Crime and Security Ch 1 .ppt
 
Network srcurity
Network srcurityNetwork srcurity
Network srcurity
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
 
Introduction to cyber security i
Introduction to cyber security iIntroduction to cyber security i
Introduction to cyber security i
 

Recently uploaded

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Recently uploaded (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

IT Security.pdf

  • 3. Objectives • IT Security • The CIA Triad • IT Security Terminologies • Types of attack • Security Measures/being safe online • Internet safety
  • 4. Security Security generally refers to the state of being protected from harm, danger, or threats
  • 5. IT Security Also known as cybersecurity, is a specialized field focused on protecting computer systems, networks, data, and information from unauthorized access, attacks, damage, and disruptions
  • 6. The CIA Triad Is a foundational model used in information security to guide the design and implementation of security measures. The triad consists of three core principles that represent the goals and objectives of information security:
  • 7. The Core CIA Triad 1. Confidentiality: Ensures that information is accessible only to authorized individuals or entities. Confidentiality aims to prevent unauthorized access, disclosure, or exposure of sensitive information. 2. Integrity: Integrity refers to the accuracy, consistency, and reliability of data and information. It involves protecting data from unauthorized modification, alteration, or tampering. Maintaining data integrity ensures that information remains accurate and trustworthy. 3. Availability: Availability concerns the accessibility and usability of data and services when needed. It involves preventing disruptions, downtime, or denial of access to authorized users.
  • 8. CIA Triad Extended… Authenticity 4.Ensuring that information comes from a reliable and trustworthy source, and that its origin can be verified. Digital signatures and public key infrastructure (PKI) help establish authenticity. Non-Repudiation 5. This principle prevents individuals from denying their involvement in a transaction or action. It ensures that both sender and receiver cannot deny their participation in a communication or transaction. Accountability 6. Holding individuals or entities responsible for their actions within an information system. Logging, auditing, and access controls contribute to establishing accountability. Privacy 7.Safeguarding individuals' personal information and ensuring compliance with privacy laws and regulations.
  • 9. IT Security Terminologies • Exploit • Risk • Vulnerability • Firewall • Threat • Attack
  • 10. Risk: refers to the potential for harm, damage, loss, or negative impact that could result from the exploitation of vulnerabilities by threats. In simpler terms, it's the possibility of something going wrong in the digital realm that could lead to adverse consequences. Exploit: refers to a piece of code, software, or technique that takes advantage of a vulnerability or weakness in a computer system, software application, or network to compromise its security. Vulnerability: refers to a weakness, flaw, or gap in the security measures of a system, software application, network, or process that could potentially be exploited by threats to compromise the system's confidentiality, integrity, or availability. Vulnerabilities can arise from various factors, including software bugs, design flaws, misconfigurations, or even human errors during development or maintenance.
  • 11. Firewall A firewall is a network security device or software application that acts as a barrier between a trusted internal network and untrusted external networks, such as the internet. Its primary function is to monitor and control incoming and outgoing network traffic based on predetermined security rules.
  • 12. Attack: refers to a deliberate, unauthorized, and malicious attempt to exploit vulnerabilities in a system, network, application, or process with the intention of compromising security, stealing data, causing damage, or disrupting normal operations. Attacks are carried out by individuals or groups known as threat actors, attackers, or hackers. Types of Attack: • Intrusion • Blocking • Malware Threat: refers to any potential danger, risk, or negative event that could exploit vulnerabilities in a system, network, application, or process to cause harm or compromise the security of digital assets. Threats encompass a wide range of malicious activities and events that pose risks to the confidentiality, integrity, and availability of data and systems.
  • 13. Intrusion Also known as hacking, is gaining unauthorize access to or penetrating into a computer system, network, or application by an individual, group, or software with malicious intent. An intrusion involves bypassing security. Social Engineering Intrusion: Attackers manipulate human behavior to deceive individuals into revealing sensitive information or performing actions that compromise security.
  • 14. Insider Intrusion: Authorized individuals within an organization misuse their privileges to gain unauthorized access or compromise data.
  • 15. Insider Intrusion: Authorized individuals within an organization misuse their privileges to gain unauthorized access or compromise data. Password Guessing and Cracking: Attackers attempt to guess or crack passwords to gain unauthorized access to systems or accounts.
  • 16. Insider Intrusion: Authorized individuals within an organization misuse their privileges to gain unauthorized access or compromise data. Password Guessing and Cracking: Attackers attempt to guess or crack passwords to gain unauthorized access to systems or accounts. shoulder surfing: is a type of social engineering technique used to obtain information such as personal identification numbers (PINs), passwords and other confidential data by looking over the victim's shoulder.
  • 17. Insider Intrusion: Authorized individuals within an organization misuse their privileges to gain unauthorized access or compromise data. Password Guessing and Cracking: Attackers attempt to guess or crack passwords to gain unauthorized access to systems or accounts. shoulder surfing: is a type of social engineering technique used to obtain information such as personal identification numbers (PINs), passwords and other confidential data by looking over the victim's shoulder. Phishing Intrusion: Attackers trick individuals into revealing sensitive information or clicking on malicious links through fraudulent emails or messages.
  • 18. Zero-Day Exploit Intrusion Man-in-the- Middle (MitM) Attacks Brute Force Attacks Attackers exploit vulnerabilities that are unknown to the vendor and unpatched. Attackers intercept and potentially alter communication between two parties, often without either party realizing their communication is compromised. Attackers attempt to gain unauthorized access by systematically trying all possible combinations of passwords until they find the correct one..
  • 19. Blocking Attacks that are meant to prevent authorized access to information or resources are generally referred to as "Denial of Service" (DoS) attacks. These attacks are designed to disrupt the availability of systems, networks, or services, making them inaccessible to legitimate users.
  • 20. Traditional DoS Attack: In a traditional DoS attack, the attacker overwhelms a target system or network with an excessive amount of traffic. This flood of traffic consumes the target's resources, such as bandwidth, processing power, or memory, causing the system to become slow or unresponsive. Distributed DoS (DDoS) Attack: In a DDoS attack, the attacker uses a network of compromised computers (botnet) to flood the target with traffic. This distributed approach makes DDoS attacks even more powerful and difficult to mitigate. Flood Attacks: Attackers send a large number of requests or packets to a target, saturating its capacity and causing it to become unresponsive. Forms of Blocking attacks
  • 21. short for "malicious software," refers to any type of software or code specifically designed to harm, exploit, or compromise computer systems, networks, or devices. Malware is typically created with malicious intent and can take various forms, including viruses, worms, Trojans, spyware, adware, ransomware, and more. Its primary goal is to gain unauthorized access to or control over a system, steal sensitive information, disrupt normal operations, or extort users for financial gain. Malware
  • 22. Viruses: These are programs that infect legitimate files and spread when those files are executed. They can attach themselves to other software and replicate when that software is run. Worms: Worms are self-replicating malware that can spread independently without attaching themselves to other files. They often exploit security vulnerabilities in networks to propagate quickly. Trojans: Trojans disguise themselves as legitimate software but contain malicious code. They often trick users into running them by appearing as useful or harmless applications. Spyware: This type of malware is designed to secretly collect information about a user's online activities, such as browsing habits, passwords, and personal information. Adware: Adware displays unwanted advertisements to users. While not always inherently harmful, it can be considered malware when it disrupts the user experience or collects data without consent.
  • 23. Ransomware: Ransomware encrypts a victim's files or locks them out of their own system until a ransom is paid to the attacker. It has become a significant threat in recent years. Keyloggers: Keyloggers record the keystrokes of a user, allowing attackers to capture sensitive information like passwords and credit card details. Botnets: A botnet is a network of infected computers, known as "bots," that are controlled by a central command server. Botnets are often used for distributed denial-of-service (DDoS) attacks or spam distribution. Rootkits: Rootkits are designed to hide their presence and activities on a system, often granting unauthorized access to attackers while remaining undetected by regular security measures. Malvertising: This involves spreading malware through online advertisements. Attackers might inject malicious code into legitimate ads, causing them to deliver malware to users' devices.
  • 25. Against Intrusion 1. Strong Authentication: Implement multi-factor authentication (MFA) to add an extra layer of security to user accounts, making it harder for unauthorized users to gain access. 2. Firewalls: Set up firewalls to monitor and control incoming and outgoing network traffic. Network firewalls can block unauthorized access attempts. 3. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS): Use IDS and IPS to monitor network traffic for suspicious patterns or behavior and take action to prevent unauthorized access. 4. Regular Security Audits: Conduct regular security audits to identify vulnerabilities and weaknesses in systems and applications. 5. Patching and Updates: Keep all software, operating systems, and applications up to date with the latest security patches to minimize known vulnerabilities. 6. Employee Training: Train employees on cybersecurity best practices, such as identifying phishing emails and avoiding clicking on suspicious links.
  • 26. 1. Strong passwords are based on a descriptive phrase or sentence that's easy for you to remember and hard for someone else to guess—like the first letters in words that make up a favorite title or song, the first letters of words in a sentence about something you did—and include a combination of letters, numbers, and symbols. For example, “I went to Western Elementary School for grade 3” could be used to build a password like: Iw2We$t4g3. 1. Moderate passwords are passwords that are strong and not easy for malicious software to guess, but could be guessed by someone who knows you (for example, IwenttoWestern). 2. Weak passwords commonly use personal information like a pet’s name, are easy to crack, and can be guessed by someone who knows you (for example, “IloveBuddy” or “Ilikechocolate”). Guidelines for creating strong passwords
  • 27. Dos • Use a different password for each of your important accounts. • Use at least eight characters. The longer the better (as long as you can remember it!). • Use combinations of letters (uppercase and lowercase), numbers, and symbols. • Make your passwords memorable so you don’t need to write them down, which would be risky. • Immediately change your password if you think someone else knows it (besides a parent or guardian). • Change your passwords every now and then. • Always use strong screenlocks on your devices. Set your devices to automatically lock in case they end up in the wrong hands. • Consider using a password manager, such as one built into your browser, to remember your passwords. This way you can use a unique password for each of your accounts and not have to remember them all Don’ts • Donʼt use personal information (name, address, email, phone number, Social Security number, motherʼs maiden name, birth dates or even a pet’s name, etc.) in your password. • Donʼt use a password thatʼs easy to guess, like your nickname, chocolate, just the name of your school, favorite sports team, a string of numbers (like 123456), etc. And definitely don’t use the word ‘password”! • Donʼt share your password with anyone other than your parent or guardian. • Never write passwords down where someone can find them. Guidelines for creating strong passwords
  • 28. Against Blocking 1. Traffic Filtering: Use traffic filtering mechanisms to identify and block malicious traffic that could be part of a denial of service attack. 2. Rate Limiting: Implement rate limiting to restrict the number of requests coming from a single IP address, preventing a single source from overwhelming the system. 3. Content Delivery Networks (CDNs): Employ CDNs to distribute web traffic across multiple servers, reducing the impact of a single point of failure in a denial of service attack. 4. DDoS Mitigation Services: Subscribe to DDoS mitigation services that can detect and absorb or redirect malicious traffic during an attack. 5. Load Balancing: Use load balancers to evenly distribute incoming traffic across multiple servers, preventing overload on any one server.
  • 29. Against Malware 1. Antivirus and Antimalware Software: Install reputable antivirus and antimalware software to detect and remove malicious software from your systems. 2. Regular Scans: Schedule regular scans of systems and devices to identify and remove any malware that might be present. 3. Email Filtering: Use email filtering to block or quarantine emails containing known malware attachments or links. 4. Software Whitelisting: Implement software whitelisting to only allow approved applications to run on systems, preventing the execution of unauthorized or malicious software. 5. User Permissions: Assign appropriate user permissions to restrict the execution of files and applications to authorized users only. 6. Backup and Recovery: Regularly back up critical data and systems, so in case of a malware infection, you can restore your systems to a clean state.
  • 32. Share with Care Protecting yourself, your information and your privacy online • When not to share • Keeping it private • That’s not what I meant! • Frame it • Who is this person anyway? • How do others see us online?
  • 33. Don’t Fall for Fake • Popups, catfishing and other scams • Who’s this ‘talking’ to me? • Is that really true? • Spotting untrustworthy information • If we were a search engine • Practicing Internet search
  • 34. Secure Your Secrets • But that wasn’t me! • How to build a great password • Keep it to yourself Lesson
  • 35. It’s Cool to Be Kind • Noticing feelings Lesson • Practicing empathy Lesson • Your kindness gram Lesson • Ways to show kindness Lesson • From negative to nice Lesson • About your tone Lesson • How words can change the whole picture
  • 36. When in Doubt, Talk It Out • What does it mean to be brave? • From bystanders to helpers • Helpers have options! • Seeing upsetting stuff: What do I do? • Upsetting stuff online: What do I do? • What to do about mean stuff on screens • Handling mean behavior online • When to get help • Report it online, too
  • 37. Thank you for your attention! For more information, visit www.zoa-international.com
  • 38.
  • 39. We are here for our neighbours in need, who are suffering in this broken world. We are here for victims of conflict and disasters, who are seeking comfort, shelter and food. We are here for those who have lost everything, and are in danger of losing heart. We help people meet their immediate needs, providing food, clothing and access to clean water. We give communities a voice, restoring dignity and promoting choice. We remain faithful communities as they recover, helping them to get back on their feet. We are here. We are ZOA. www.zoa-international.com