SlideShare a Scribd company logo

Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE ENTERPRISE SECURITY

Meletis Belsis MPhil/MRes/BSc
Meletis Belsis MPhil/MRes/BSc

THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE ENTERPRISE SECURITY

Technology
1 of 5
Download to read offline
Proc. Of the 2nd Symposium on Research in Computer Science, Coventry, UK, May 2002. THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE ENTERPRISE SECURITY Andreas Oikonomou, Meletis A. Belsis, Saad Amin, Leon Smalov {a.oikonomou, belsis, s.amin, l.smalov}@Coventry.ac.uk ABSTRACT The theme of Internet security has recently became extremely attractive. From big national newspapers to discussions between groups of teenagers - no one has been left neutral. Practically some of technical aspects of defence are completed by system administrators and/or network managers. Outsiders like hackers, insiders like disgruntled employees or simply ignorant employees, all present a serious risk for the corporate data. In case of the latter the firewalls do not give protection at all. Social engineering methods are common and usually successful. To provide effective and comprehensive defence all corporative users need to be educated. However an attempt to convert all corporative users in to security experts or network managers by simple team briefing sounds as not very realistic. Using traditional approaches such as posters, newsletters and e-mails is not so effective. This paper discusses the potential and effectiveness of using multimedia in the process of users’ education on the essential aspects of information security. Multimedia applications have been successfully used in other areas of training and education, with astonishing results both in terms of educational and cost effectiveness. Examples of the use of multimedia will be given; the challenges and benefits of similar approaches to info security training will be discussed. 1. INTRODUCTION. The last decades the world of computing has changed. The TCP/IP protocol suite and the evolution in both hardware and software have changed the way computers are used. The Internet as it is known today provides functionality from e-commerce and on line banking to entertainment and multiplayer gaming environment. These new trends and the shape of the modern computing usage have opened a new market for criminals of any form. Today an adversary does not have to be a computer expert to attack systems connected on the Internet. Automated attacking software may potentially penetrate the secure perimeter to attack the corporative systems in milliseconds. Security incidents that involved the defacement of a corporate Web site are numerous. Organized distributed denial of services attacks can make e-commerce sites unavailable producing millions of dollars in losses. To make things worst the employees may attack the corporate networks to revenge a manager’s action or to sell corporate confidential information to opposing industries. Insider’s attacks are the most difficult to prevent. This is due to fact that employees know the corporative procedures, where the weak links in defence and the locations where sensitive information stored. To understand the size of the problem one has to look at table 1 [CSI/FBI 2000]. This table displays the statistics coming from different types of attacks. Note: According to the CSI/FBI in year 2000, 74% of the survey respondents acknowledge financial losses, but only 42% of respondents could quantify the losses. In this paper authors will justify a real need for users’ education, discuss the advantages of using multimedia technologies and techniques to provide effective security training, consider potential challenges and difficulties. 1. WILL USERS’ EDUCATION COMPLIMENT A STRONG DEFENCE? One of the most effective strategies for defending corporative information is based on the following paradigm: Protect-Detect-React. This encouraging organisations not to rely on defences but to expect breaches of security, concentrate efforts on earlier detection of these breaches and finally to coordinated response and recovery procedures. In most cases the information security is treated as a “step child”, no one responsible for anything: network administrators are busy to keep a corporative network going, system administrators are engaged in endless troubleshooting of users’ day-to-day problems, help desks are trying to sort out the “leftovers” of the first two. Security services have
Proc. Of the 2nd Symposium on Research in Computer Science, Coventry, UK, May 2002. Respondents Total losses Year 1999 2000 1999 2000 Theft Of proprietary Info 23 22 $42,462,000 $66,708,000 Sabotage of data or networks 27 28 $4,421,000 $27,148,000 Telecom eavesdropping 10 15 $765,000 $991,200 System penetration by outsider 28 29 $2,885,000 $7,104,000 Financial Fraud 27 34 $39,706,000 $55,996,000 Denial of Service 28 46 $3,255,000 $8,247,500 Virus 116 162 N/A N/A Telecom Fraud 29 19 $773,000 $4,028,000 Unauthorised insider access 25 20 $3,567,000 $22,554,500 Insider abuse if Net Access 81 91 $7,576,000 $27,984,740 Active wiretapping 1 1 $20,000 $5,000,000 Laptop theft 150 174 $13,038,000 $10,404,300 Table 1: losses from computer crime installed few CCTV cameras, bolted cages on the top of servers, chained PCs to the desks, computing services have installed firewall facilities and e-mail scanner, the administration has detailed corporative security policy, and users are well-protected from the possible intrusion. Or are they? Here it is – the “dark side of the moon”: CCTV cameras could be easily jammed with “laser” pointers, bolted servers could be access with CDs or floppies, email could be read from “hotmail” or “yahoo” accounts, viruses could be brought in from a home PC, employees or contractors may have escalated their access rights, temporary accounts are “forgotten”, the vendors patches get ignored by system administrators, fake questionnaire “win a free trip to Paris – just answer five questions about your network”, corporative security policy was unchanged since “the Romans were here”. Needles to say a properly scaled and combined attempt will certainly be a successful one! Our respectable opponents may say, “This is paranoia”. To justify our point we will produce two cases: 1. Very “famous” Code Red worm has exploited vulnerability in Microsoft’s IIS web server software. The Code Red worm freely ran on the Internet starting July 19, 2001 despite the fact that Microsoft had released a patch for the vulnerability on June 18, 2001. And all system administrators and network managers have had more than a month – perhaps it was a holiday period! Next one and not less “famous” W32.Nimda worm has enjoyed not one but two different vulnerabilities. The worm introduced itself September 18, 2001 but Microsoft had released fixes for both vulnerabilities on August 10, 2000 [Microsoft 2000] and March 29, 2001 [Microsoft 2001]. On this occasion one can see that system administrators along with network managers have been given enough time to cover the gaps. Why did they fail?! 2. Kevin Mitnick, who claimed he has penetrated into all targeted sites but one, openly declared in his Senate testimony [Mitnik 1997] that: “Enacting policies and procedures simply won't suffice. Even with oversight the policies and procedures may not be effective: my access to Motorola, Nokia, ATT, Sun depended upon the willingness of people to bypass policies and procedures that were in place for years before I compromised them successfully”. Please note this “..willingness.. to bypass..” and “..in place for years..”. No single security measure can guarantee the strong defence and the complicated and well- protected system may get compromised. Users’ reaction - this last element of the triad is as important as the first two. Simple yet effective backup procedure will reduce loses as
Proc. Of the 2nd Symposium on Research in Computer Science, Coventry, UK, May 2002. well as the recovery time, without the backup strategy the corporative data may be lost forever. So let us summarise: all complicated and expensive technological approaches will not work without appropriate education and training all corporative users. The famous hacker has openly “shared” [Mitnik 1997] his opinion: “The methods that will most effectively minimize the ability of intruders to compromise information security are comprehensive user training and education”. Such education is expensive and continuous process and on authors’ opinion the Multimedia approach will play an ultimate role here. 2. WHAT IS MULTIMEDIA? Multimedia is defined as “computer mediated interactive presentations that utilize more than one medium” [Elsom-Cook 1997]. This definition tells us that multimedia is primarily used to for the presentation of information. Computers have been used as tools for processing information for years. It was only lately during the 80s and the appearance of the first home computers that computers have been used for presenting information as well as processing it. Multimedia is a relatively new field of Information Technology. Advances in computer technology has allowed for computer presentation to include images and other media in addition to the text only presentations of older computer systems. This has been achieved in widely and multimedia ready computer systems are available in most houses and even more businesses in the Europe and the United States. 3. WHY MULTIMEDIA IS MORE EFFECTIVE THAN OTHER TRAINING APPROACHES? To enhance the user learning process and to reduce the training time a number of mechanisms exists [Seymour 2001]: • Magazine articles discussing security procedures. • Wall sings explaining different parts of the security policies. • Network messages that inform users on new vulnerabilities and viruses. • E-mail newsletters describing different areas of the system’s security. • Training classes where security experts explain hacking techniques along with the countermeasures for them. Although all of the above aids are successful up to a degree, they are less successful than what is required in terms of security by business organisations. In an attempt to provide better quality more effective, more efficient and more cost–effective training, multimedia technology needs to be utilised for the specific needs of security training and awareness among organisations that rely primarily on IT for their everyday organisational needs. Comprehension and memory recall could be improved as realistic simulation of action descriptions can be achieved [Faraday 1997]. Multimedia technology enhances computer presentations by introducing all or some (but at least two) of the following elements [Elsom- Cook 2001]: • Audio • Video • Animation • Text • Still images All of the above elements are used to improve communication between the presenter and the presentation receiver. It is proven [Scarlatos 1997] that the use of multiple channels of communication correctly utilized can be more effective than a single channel of communication. For example, it would be a far more effective educational method to use an image or an animation along with the textual description of an action. Multimedia enhances a software presentation in such a way that communication of knowledge is more effective and efficient 4. EXAMPLES OF USER TRAINING WITH MULTIMEDIA Multimedia presentations have been used extensively in user training along wide and diverse areas of application. A few examples of training with the use of multimedia would be the following: • Military training • Biomedical training • Scientific training • Industrial training • Educational tra ining
Proc. Of the 2nd Symposium on Research in Computer Science, Coventry, UK, May 2002. In particular educational training has been one of the most common forms of multimedia. The benefits of utilising more channels of communication and interacting with the viewer has been measured and documented well. The saying “one picture equals a thousand words” has been proven right over and over again. Multimedia training is an accepted and endorsed practice by the biggest and most prestigious organisations including Microsoft, IBM and Hewlett Packard to mention just a few. Examples of multimedia training can also be found in schools of all levels and for numerous subjects and in a lot of Internet websites. Atypical multimedia application will use at least two channels of communication. Today’s standards go far beyond that statement to utilise even interactive 3D environments for the purpose of accelerated learning. In figure 1 a typical multimedia application user interface is shown [Digevent 2002]. Figure 1: Multimedia music instruction In that particular example multimedia has been used for musical training online. The application utilises text, audio, images, and video to present information of musical nature to a worldwide audience. It must be mentioned here that the application is interactive providing viewers with the option to “ask” questions and get answers in real time. Training of that type would be impossible with any other approach because of the following reasons: • Distance • Availability of trainer • Space related issues (how can one accommodate for a world wide audience?) Al these issues are addressed successfully by the multimedia application. In figure 2 we can see another example of an educational multimedia application [Oikonomou 2002]. Figure 2: BSE application Interface This is an offline application used for biomedical training and education specifically on how to perform the breast self-examination procedures (BSE), which is an aid to early breast cancer detection. Breast cancer statistics show that 1 in 10 women [Oikonomou 2001] will develop breast cancer at some point in their life. Making Breast cancer a common disease. Multimedia has been considered as a valid and effective method for such a highly critical training need. 5. CONCLUSIONS AND FURTHER WORK The examples previously presented clearly show that the use of multimedia for training purposes is widely trusted and used in applications where user training is important and in some cases critical. Information systems security is both important and critical for businesses. The authors propose the development of multimedia user training material for the purpose of security training. Providing such a training tool will assist in providing better systems security. Although effective a multimedia-training tool could work as ma jor security flaw if fallen into the wrong hands. Adversaries that can get a copy of it will be able to understand the security policy the business follows. In cases where the tool includes training sessions for security administrators, adversaries will be able to understand the security methods and tools that are used by the organisation. Any further work in the investigation of the application of multimedia for security awareness, should take into account the previous discussed challenge. 6. References [Oikonomou 2002] A. Oikonomou, S.A. Amin, R.N.G. Naguib, A. Todman, H. Al- Omishy, “Breast Self Examination Training Through the Use of Multimedia: Developing a BSE CHAPTERS MENU OPTIONS MENU INTERACTIVE 3D ANIMATION, IMAGES AND TEXT VIDEO
Proc. Of the 2nd Symposium on Research in Computer Science, Coventry, UK, May 2002. prototype multimedia application”, submitted to IEEE ICME 2002, Lausanne, Switcherland, 2002. [Oikonomou 2001] A. Oikonomou, S.A. Amin, R.N.G. Naguib, A. Todman, “Breast Self Examination Training Through the Use of Multimedia: A Benchmark Multimedia Development Methodology for Biomedical Applications”, IEEE-EMBS, 2001 [Microsoft 2001] Security Bulletin (MS00- 057), Microsoft Corporation. August 10, 2000 [Microsoft 1997] Security Bulletin (MS01- 020), Microsoft Corporation. March 29, 2001 [Mitnik 1997] Kevin Mitnick. Testimony. Committee on Governmental Affairs, The United States Senate, 1997. [Elsom-Cook 2001] M. Elsom-Cook, Principles of interactive multimedia, McGraw- Hill, 2001. [Scarlatos 1997] L.L. Scarlatos, R. Darken, K. Harada, C. Heeter, R. Muller, B. Shneiderman, Designing Interactive Multimedia, Fifth ACM International Multimedia Conference, 1997. [Faraday 1997] P. Faraday, A. Sutcliffe, Designing effective multimedia presentations, Computer Human Interaction conference, Atlanta, 1997 [Digevent 2002], http://www.digevent.com/events/consumer/mu sic/guitar_mania/, accessed March 2002. [CSI/FBI 2000] Computer Crime and Security Survey, Computer Security Issues and Trends, 2000. Vol. VI, No1. [Seymour 2001] Bosworth Seymour and M.E. Kabay Kabay. Computer Security Handbook: Fourth Edition. 2001.

Recommended

IRJET- Cybersecurity: The Agenda for the Decade
IRJET- Cybersecurity: The Agenda for the DecadeIRJET- Cybersecurity: The Agenda for the Decade
IRJET- Cybersecurity: The Agenda for the DecadeIRJET Journal
 
D372326.pdf
D372326.pdfD372326.pdf
D372326.pdfajmrdjournals
 
Forensics
ForensicsForensics
ForensicsLaura Aviles
 
Considerazioni su ITC Security e sui Cyber Attacks
Considerazioni su ITC Security e sui Cyber Attacks Considerazioni su ITC Security e sui Cyber Attacks
Considerazioni su ITC Security e sui Cyber Attacks seeweb
 
Securing Systems of Engagement
Securing Systems of EngagementSecuring Systems of Engagement
Securing Systems of EngagementJohn Palfreyman
 
Ict security essay
Ict security essay Ict security essay
Ict security essay rubtumproject.com
 
Cyber Security Conference - Trustworthy computing cybersecurity white paper
Cyber Security Conference - Trustworthy computing cybersecurity white paperCyber Security Conference - Trustworthy computing cybersecurity white paper
Cyber Security Conference - Trustworthy computing cybersecurity white paperMicrosoft
 
Security Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public SectorSecurity Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public SectorIBMGovernmentCA
 

Recommended

IRJET- Cybersecurity: The Agenda for the Decade
IRJET- Cybersecurity: The Agenda for the DecadeIRJET- Cybersecurity: The Agenda for the Decade
IRJET- Cybersecurity: The Agenda for the DecadeIRJET Journal
 
D372326.pdf
D372326.pdfD372326.pdf
D372326.pdfajmrdjournals
 
Forensics
ForensicsForensics
ForensicsLaura Aviles
 
Considerazioni su ITC Security e sui Cyber Attacks
Considerazioni su ITC Security e sui Cyber Attacks Considerazioni su ITC Security e sui Cyber Attacks
Considerazioni su ITC Security e sui Cyber Attacks seeweb
 
Securing Systems of Engagement
Securing Systems of EngagementSecuring Systems of Engagement
Securing Systems of EngagementJohn Palfreyman
 
Ict security essay
Ict security essay Ict security essay
Ict security essay rubtumproject.com
 
Cyber Security Conference - Trustworthy computing cybersecurity white paper
Cyber Security Conference - Trustworthy computing cybersecurity white paperCyber Security Conference - Trustworthy computing cybersecurity white paper
Cyber Security Conference - Trustworthy computing cybersecurity white paperMicrosoft
 
Security Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public SectorSecurity Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public SectorIBMGovernmentCA
 
2010: Mobile Security - Intense overview
2010: Mobile Security - Intense overview2010: Mobile Security - Intense overview
2010: Mobile Security - Intense overviewFabio Pietrosanti
 
Mobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsMobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsVince Verbeke
 
Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) ClubHack
 
John Yessis - Telecom and Security
John Yessis - Telecom and Security John Yessis - Telecom and Security
John Yessis - Telecom and Security John Yessis
 
IDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber SecurityIDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber Securityinside-BigData.com
 
The National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through CooperationThe National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through CooperationMark Johnson
 
DESIGNING A CYBER-SECURITY CULTURE ASSESSMENT SURVEY TARGETING CRITICAL INFRA...
DESIGNING A CYBER-SECURITY CULTURE ASSESSMENT SURVEY TARGETING CRITICAL INFRA...DESIGNING A CYBER-SECURITY CULTURE ASSESSMENT SURVEY TARGETING CRITICAL INFRA...
DESIGNING A CYBER-SECURITY CULTURE ASSESSMENT SURVEY TARGETING CRITICAL INFRA...IJNSA Journal
 
Computers as weapons of war
Computers as weapons of warComputers as weapons of war
Computers as weapons of warMark Johnson
 
2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper Final2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper FinalLarry Taylor Ph.D.
 
Trends Affecting the Future of Cybersecurity
Trends Affecting the Future of CybersecurityTrends Affecting the Future of Cybersecurity
Trends Affecting the Future of CybersecurityMason Bird
 
CSU - ITC571 Capstone Project Seminar - Security Issues and challenges with W...
CSU - ITC571 Capstone Project Seminar - Security Issues and challenges with W...CSU - ITC571 Capstone Project Seminar - Security Issues and challenges with W...
CSU - ITC571 Capstone Project Seminar - Security Issues and challenges with W...Stuart Bennett
 
Exploring Secure Computing for the Internet of Things, Internet of Everything...
Exploring Secure Computing for the Internet of Things, Internet of Everything...Exploring Secure Computing for the Internet of Things, Internet of Everything...
Exploring Secure Computing for the Internet of Things, Internet of Everything...Maurice Dawson
 
MOBILE DEVICES: THE CASE FOR CYBER SECURITY HARDENED SYSTEMS AND METHODS TO ...
MOBILE DEVICES: THE CASE FOR CYBER SECURITY HARDENED SYSTEMS AND METHODS TO ...MOBILE DEVICES: THE CASE FOR CYBER SECURITY HARDENED SYSTEMS AND METHODS TO ...
MOBILE DEVICES: THE CASE FOR CYBER SECURITY HARDENED SYSTEMS AND METHODS TO ...Maurice Dawson
 
Symantec Government Technology Summit
Symantec Government Technology SummitSymantec Government Technology Summit
Symantec Government Technology SummitCarahsoft
 
Cyber security rule of use internet safely
Cyber security rule of use internet safelyCyber security rule of use internet safely
Cyber security rule of use internet safelyAlexander Decker
 
Battlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of Things
Battlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of ThingsBattlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of Things
Battlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of ThingsMaurice Dawson
 
40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazine40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazineBradford Sims
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet accenture
 
Cyber Security at CTX15, London
Cyber Security at CTX15, LondonCyber Security at CTX15, London
Cyber Security at CTX15, LondonJohn Palfreyman
 
Processing: An information process in a multimedia system
Processing: An information process in a multimedia systemProcessing: An information process in a multimedia system
Processing: An information process in a multimedia systemJess Matikainen
 
Centralised and distributed databases
Centralised and distributed databasesCentralised and distributed databases
Centralised and distributed databasesForrester High School
 
Profits and Gains of Business
Profits and Gains of BusinessProfits and Gains of Business
Profits and Gains of Businessskillfulyards
 

More Related Content

What's hot

2010: Mobile Security - Intense overview
2010: Mobile Security - Intense overview2010: Mobile Security - Intense overview
2010: Mobile Security - Intense overviewFabio Pietrosanti
 
Mobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsMobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsVince Verbeke
 
Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) ClubHack
 
John Yessis - Telecom and Security
John Yessis - Telecom and Security John Yessis - Telecom and Security
John Yessis - Telecom and Security John Yessis
 
IDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber SecurityIDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber Securityinside-BigData.com
 
The National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through CooperationThe National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through CooperationMark Johnson
 
DESIGNING A CYBER-SECURITY CULTURE ASSESSMENT SURVEY TARGETING CRITICAL INFRA...
DESIGNING A CYBER-SECURITY CULTURE ASSESSMENT SURVEY TARGETING CRITICAL INFRA...DESIGNING A CYBER-SECURITY CULTURE ASSESSMENT SURVEY TARGETING CRITICAL INFRA...
DESIGNING A CYBER-SECURITY CULTURE ASSESSMENT SURVEY TARGETING CRITICAL INFRA...IJNSA Journal
 
Computers as weapons of war
Computers as weapons of warComputers as weapons of war
Computers as weapons of warMark Johnson
 
2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper Final2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper FinalLarry Taylor Ph.D.
 
Trends Affecting the Future of Cybersecurity
Trends Affecting the Future of CybersecurityTrends Affecting the Future of Cybersecurity
Trends Affecting the Future of CybersecurityMason Bird
 
CSU - ITC571 Capstone Project Seminar - Security Issues and challenges with W...
CSU - ITC571 Capstone Project Seminar - Security Issues and challenges with W...CSU - ITC571 Capstone Project Seminar - Security Issues and challenges with W...
CSU - ITC571 Capstone Project Seminar - Security Issues and challenges with W...Stuart Bennett
 
Exploring Secure Computing for the Internet of Things, Internet of Everything...
Exploring Secure Computing for the Internet of Things, Internet of Everything...Exploring Secure Computing for the Internet of Things, Internet of Everything...
Exploring Secure Computing for the Internet of Things, Internet of Everything...Maurice Dawson
 
MOBILE DEVICES: THE CASE FOR CYBER SECURITY HARDENED SYSTEMS AND METHODS TO ...
MOBILE DEVICES: THE CASE FOR CYBER SECURITY HARDENED SYSTEMS AND METHODS TO ...MOBILE DEVICES: THE CASE FOR CYBER SECURITY HARDENED SYSTEMS AND METHODS TO ...
MOBILE DEVICES: THE CASE FOR CYBER SECURITY HARDENED SYSTEMS AND METHODS TO ...Maurice Dawson
 
Symantec Government Technology Summit
Symantec Government Technology SummitSymantec Government Technology Summit
Symantec Government Technology SummitCarahsoft
 
Cyber security rule of use internet safely
Cyber security rule of use internet safelyCyber security rule of use internet safely
Cyber security rule of use internet safelyAlexander Decker
 
Battlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of Things
Battlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of ThingsBattlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of Things
Battlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of ThingsMaurice Dawson
 
40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazine40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazineBradford Sims
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet accenture
 
Cyber Security at CTX15, London
Cyber Security at CTX15, LondonCyber Security at CTX15, London
Cyber Security at CTX15, LondonJohn Palfreyman
 

What's hot (19)

2010: Mobile Security - Intense overview
2010: Mobile Security - Intense overview2010: Mobile Security - Intense overview
2010: Mobile Security - Intense overview
 
Mobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsMobile Security for Smartphones and Tablets
Mobile Security for Smartphones and Tablets
 
Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 )
 
John Yessis - Telecom and Security
John Yessis - Telecom and Security John Yessis - Telecom and Security
John Yessis - Telecom and Security
 
IDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber SecurityIDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber Security
 
The National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through CooperationThe National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through Cooperation
 
DESIGNING A CYBER-SECURITY CULTURE ASSESSMENT SURVEY TARGETING CRITICAL INFRA...
DESIGNING A CYBER-SECURITY CULTURE ASSESSMENT SURVEY TARGETING CRITICAL INFRA...DESIGNING A CYBER-SECURITY CULTURE ASSESSMENT SURVEY TARGETING CRITICAL INFRA...
DESIGNING A CYBER-SECURITY CULTURE ASSESSMENT SURVEY TARGETING CRITICAL INFRA...
 
Computers as weapons of war
Computers as weapons of warComputers as weapons of war
Computers as weapons of war
 
2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper Final2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper Final
 
Trends Affecting the Future of Cybersecurity
Trends Affecting the Future of CybersecurityTrends Affecting the Future of Cybersecurity
Trends Affecting the Future of Cybersecurity
 
CSU - ITC571 Capstone Project Seminar - Security Issues and challenges with W...
CSU - ITC571 Capstone Project Seminar - Security Issues and challenges with W...CSU - ITC571 Capstone Project Seminar - Security Issues and challenges with W...
CSU - ITC571 Capstone Project Seminar - Security Issues and challenges with W...
 
Exploring Secure Computing for the Internet of Things, Internet of Everything...
Exploring Secure Computing for the Internet of Things, Internet of Everything...Exploring Secure Computing for the Internet of Things, Internet of Everything...
Exploring Secure Computing for the Internet of Things, Internet of Everything...
 
MOBILE DEVICES: THE CASE FOR CYBER SECURITY HARDENED SYSTEMS AND METHODS TO ...
MOBILE DEVICES: THE CASE FOR CYBER SECURITY HARDENED SYSTEMS AND METHODS TO ...MOBILE DEVICES: THE CASE FOR CYBER SECURITY HARDENED SYSTEMS AND METHODS TO ...
MOBILE DEVICES: THE CASE FOR CYBER SECURITY HARDENED SYSTEMS AND METHODS TO ...
 
Symantec Government Technology Summit
Symantec Government Technology SummitSymantec Government Technology Summit
Symantec Government Technology Summit
 
Cyber security rule of use internet safely
Cyber security rule of use internet safelyCyber security rule of use internet safely
Cyber security rule of use internet safely
 
Battlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of Things
Battlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of ThingsBattlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of Things
Battlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of Things
 
40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazine40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazine
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
 
Cyber Security at CTX15, London
Cyber Security at CTX15, LondonCyber Security at CTX15, London
Cyber Security at CTX15, London
 

Viewers also liked

Processing: An information process in a multimedia system
Processing: An information process in a multimedia systemProcessing: An information process in a multimedia system
Processing: An information process in a multimedia systemJess Matikainen
 
Centralised and distributed databases
Centralised and distributed databasesCentralised and distributed databases
Centralised and distributed databasesForrester High School
 
Profits and Gains of Business
Profits and Gains of BusinessProfits and Gains of Business
Profits and Gains of Businessskillfulyards
 
Information processing approach
Information processing approachInformation processing approach
Information processing approachaj9ajeet
 
Multimedia approach
Multimedia approachMultimedia approach
Multimedia approachRahul Reghu
 

Viewers also liked (6)

Processing: An information process in a multimedia system
Processing: An information process in a multimedia systemProcessing: An information process in a multimedia system
Processing: An information process in a multimedia system
 
Centralised and distributed databases
Centralised and distributed databasesCentralised and distributed databases
Centralised and distributed databases
 
Profits and Gains of Business
Profits and Gains of BusinessProfits and Gains of Business
Profits and Gains of Business
 
Information processing approach
Information processing approachInformation processing approach
Information processing approach
 
DATA WAREHOUSING AND DATA MINING
DATA WAREHOUSING AND DATA MININGDATA WAREHOUSING AND DATA MINING
DATA WAREHOUSING AND DATA MINING
 
Multimedia approach
Multimedia approachMultimedia approach
Multimedia approach
 

Similar to Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE ENTERPRISE SECURITY

Emerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive AnalysisEmerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive AnalysisIRJET Journal
 
CYBER SECURITY (R18A0521).pdf
CYBER SECURITY (R18A0521).pdfCYBER SECURITY (R18A0521).pdf
CYBER SECURITY (R18A0521).pdfJayaMalaR6
 
Social Media Privacy Protection for Blockchain with Cyber Security Prediction...
Social Media Privacy Protection for Blockchain with Cyber Security Prediction...Social Media Privacy Protection for Blockchain with Cyber Security Prediction...
Social Media Privacy Protection for Blockchain with Cyber Security Prediction...IRJET Journal
 
Robots in The Chemical Industry
Robots in The Chemical IndustryRobots in The Chemical Industry
Robots in The Chemical IndustryIJRTEMJOURNAL
 
Cybersecurity for Chemical Industry
Cybersecurity for Chemical IndustryCybersecurity for Chemical Industry
Cybersecurity for Chemical Industryjournal ijrtem
 
A Comprehensive Review of Cyber Security, Threats and Cyber Attacks
A Comprehensive Review of Cyber Security, Threats and Cyber AttacksA Comprehensive Review of Cyber Security, Threats and Cyber Attacks
A Comprehensive Review of Cyber Security, Threats and Cyber AttacksIRJET Journal
 
THE PROFESSIONALIZATION OF THE HACKER INDUSTRY
THE PROFESSIONALIZATION OF THE HACKER INDUSTRYTHE PROFESSIONALIZATION OF THE HACKER INDUSTRY
THE PROFESSIONALIZATION OF THE HACKER INDUSTRYijcsit
 
Security Issues Concerning CryptosystemsStudents NameInstitu.docx
Security Issues Concerning CryptosystemsStudents NameInstitu.docxSecurity Issues Concerning CryptosystemsStudents NameInstitu.docx
Security Issues Concerning CryptosystemsStudents NameInstitu.docxjeffreye3
 
Cyber Security – Indian Perspective.pptx
Cyber Security – Indian Perspective.pptxCyber Security – Indian Perspective.pptx
Cyber Security – Indian Perspective.pptxSharifulShishir
 
Threat, Attack and Vulnerability Play a Key Role in Cyber Security
Threat, Attack and Vulnerability Play a Key Role in Cyber SecurityThreat, Attack and Vulnerability Play a Key Role in Cyber Security
Threat, Attack and Vulnerability Play a Key Role in Cyber SecurityIRJET Journal
 
Management Structures for IT Security
Management Structures for IT SecurityManagement Structures for IT Security
Management Structures for IT Securityzohraz
 
A Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityA Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityIRJET Journal
 
ID-20305090 Fahim Montasir.pptx
ID-20305090 Fahim Montasir.pptxID-20305090 Fahim Montasir.pptx
ID-20305090 Fahim Montasir.pptxFahimMuntasir21
 

Similar to Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE ENTERPRISE SECURITY (20)

188
188188
188
 
Emerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive AnalysisEmerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
 
Class activity 4
Class activity 4 Class activity 4
Class activity 4
 
CYBER SECURITY (R18A0521).pdf
CYBER SECURITY (R18A0521).pdfCYBER SECURITY (R18A0521).pdf
CYBER SECURITY (R18A0521).pdf
 
cyber security.pdf
cyber security.pdfcyber security.pdf
cyber security.pdf
 
Cyber security
Cyber security Cyber security
Cyber security
 
Social Media Privacy Protection for Blockchain with Cyber Security Prediction...
Social Media Privacy Protection for Blockchain with Cyber Security Prediction...Social Media Privacy Protection for Blockchain with Cyber Security Prediction...
Social Media Privacy Protection for Blockchain with Cyber Security Prediction...
 
Robots in The Chemical Industry
Robots in The Chemical IndustryRobots in The Chemical Industry
Robots in The Chemical Industry
 
Cybersecurity for Chemical Industry
Cybersecurity for Chemical IndustryCybersecurity for Chemical Industry
Cybersecurity for Chemical Industry
 
A Comprehensive Review of Cyber Security, Threats and Cyber Attacks
A Comprehensive Review of Cyber Security, Threats and Cyber AttacksA Comprehensive Review of Cyber Security, Threats and Cyber Attacks
A Comprehensive Review of Cyber Security, Threats and Cyber Attacks
 
THE PROFESSIONALIZATION OF THE HACKER INDUSTRY
THE PROFESSIONALIZATION OF THE HACKER INDUSTRYTHE PROFESSIONALIZATION OF THE HACKER INDUSTRY
THE PROFESSIONALIZATION OF THE HACKER INDUSTRY
 
The Professionalization of the Hacker Industry
The Professionalization of the Hacker IndustryThe Professionalization of the Hacker Industry
The Professionalization of the Hacker Industry
 
6 e commerce security
6 e commerce security6 e commerce security
6 e commerce security
 
Security Issues Concerning CryptosystemsStudents NameInstitu.docx
Security Issues Concerning CryptosystemsStudents NameInstitu.docxSecurity Issues Concerning CryptosystemsStudents NameInstitu.docx
Security Issues Concerning CryptosystemsStudents NameInstitu.docx
 
The red book
The red book The red book
The red book
 
Cyber Security – Indian Perspective.pptx
Cyber Security – Indian Perspective.pptxCyber Security – Indian Perspective.pptx
Cyber Security – Indian Perspective.pptx
 
Threat, Attack and Vulnerability Play a Key Role in Cyber Security
Threat, Attack and Vulnerability Play a Key Role in Cyber SecurityThreat, Attack and Vulnerability Play a Key Role in Cyber Security
Threat, Attack and Vulnerability Play a Key Role in Cyber Security
 
Management Structures for IT Security
Management Structures for IT SecurityManagement Structures for IT Security
Management Structures for IT Security
 
A Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityA Review Paper on Cyber-Security
A Review Paper on Cyber-Security
 
ID-20305090 Fahim Montasir.pptx
ID-20305090 Fahim Montasir.pptxID-20305090 Fahim Montasir.pptx
ID-20305090 Fahim Montasir.pptx
 

More from Meletis Belsis MPhil/MRes/BSc

Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and VulnerabilitiesMeletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and VulnerabilitiesMeletis Belsis MPhil/MRes/BSc
 
Meletis Belsis - Workflow based Incident Management Model
Meletis Belsis - Workflow based Incident Management ModelMeletis Belsis - Workflow based Incident Management Model
Meletis Belsis - Workflow based Incident Management ModelMeletis Belsis MPhil/MRes/BSc
 
Meletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information securityMeletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information securityMeletis Belsis MPhil/MRes/BSc
 
Meletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis Belsis MPhil/MRes/BSc
 

More from Meletis Belsis MPhil/MRes/BSc (7)

Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and VulnerabilitiesMeletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
 
Meletis Belsis - Workflow based Incident Management Model
Meletis Belsis - Workflow based Incident Management ModelMeletis Belsis - Workflow based Incident Management Model
Meletis Belsis - Workflow based Incident Management Model
 
Meletis Belsis -CSIRTs
Meletis Belsis -CSIRTsMeletis Belsis -CSIRTs
Meletis Belsis -CSIRTs
 
Meletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information securityMeletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information security
 
Meletis Belsis - Voip security
Meletis Belsis - Voip securityMeletis Belsis - Voip security
Meletis Belsis - Voip security
 
Meletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information security
 
Meletis Belsis - IMS Security
Meletis Belsis - IMS SecurityMeletis Belsis - IMS Security
Meletis Belsis - IMS Security
 

Recently uploaded

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 

Recently uploaded (20)

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 

Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE ENTERPRISE SECURITY

  • 1. Proc. Of the 2nd Symposium on Research in Computer Science, Coventry, UK, May 2002. THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE ENTERPRISE SECURITY Andreas Oikonomou, Meletis A. Belsis, Saad Amin, Leon Smalov {a.oikonomou, belsis, s.amin, l.smalov}@Coventry.ac.uk ABSTRACT The theme of Internet security has recently became extremely attractive. From big national newspapers to discussions between groups of teenagers - no one has been left neutral. Practically some of technical aspects of defence are completed by system administrators and/or network managers. Outsiders like hackers, insiders like disgruntled employees or simply ignorant employees, all present a serious risk for the corporate data. In case of the latter the firewalls do not give protection at all. Social engineering methods are common and usually successful. To provide effective and comprehensive defence all corporative users need to be educated. However an attempt to convert all corporative users in to security experts or network managers by simple team briefing sounds as not very realistic. Using traditional approaches such as posters, newsletters and e-mails is not so effective. This paper discusses the potential and effectiveness of using multimedia in the process of users’ education on the essential aspects of information security. Multimedia applications have been successfully used in other areas of training and education, with astonishing results both in terms of educational and cost effectiveness. Examples of the use of multimedia will be given; the challenges and benefits of similar approaches to info security training will be discussed. 1. INTRODUCTION. The last decades the world of computing has changed. The TCP/IP protocol suite and the evolution in both hardware and software have changed the way computers are used. The Internet as it is known today provides functionality from e-commerce and on line banking to entertainment and multiplayer gaming environment. These new trends and the shape of the modern computing usage have opened a new market for criminals of any form. Today an adversary does not have to be a computer expert to attack systems connected on the Internet. Automated attacking software may potentially penetrate the secure perimeter to attack the corporative systems in milliseconds. Security incidents that involved the defacement of a corporate Web site are numerous. Organized distributed denial of services attacks can make e-commerce sites unavailable producing millions of dollars in losses. To make things worst the employees may attack the corporate networks to revenge a manager’s action or to sell corporate confidential information to opposing industries. Insider’s attacks are the most difficult to prevent. This is due to fact that employees know the corporative procedures, where the weak links in defence and the locations where sensitive information stored. To understand the size of the problem one has to look at table 1 [CSI/FBI 2000]. This table displays the statistics coming from different types of attacks. Note: According to the CSI/FBI in year 2000, 74% of the survey respondents acknowledge financial losses, but only 42% of respondents could quantify the losses. In this paper authors will justify a real need for users’ education, discuss the advantages of using multimedia technologies and techniques to provide effective security training, consider potential challenges and difficulties. 1. WILL USERS’ EDUCATION COMPLIMENT A STRONG DEFENCE? One of the most effective strategies for defending corporative information is based on the following paradigm: Protect-Detect-React. This encouraging organisations not to rely on defences but to expect breaches of security, concentrate efforts on earlier detection of these breaches and finally to coordinated response and recovery procedures. In most cases the information security is treated as a “step child”, no one responsible for anything: network administrators are busy to keep a corporative network going, system administrators are engaged in endless troubleshooting of users’ day-to-day problems, help desks are trying to sort out the “leftovers” of the first two. Security services have
  • 2. Proc. Of the 2nd Symposium on Research in Computer Science, Coventry, UK, May 2002. Respondents Total losses Year 1999 2000 1999 2000 Theft Of proprietary Info 23 22 $42,462,000 $66,708,000 Sabotage of data or networks 27 28 $4,421,000 $27,148,000 Telecom eavesdropping 10 15 $765,000 $991,200 System penetration by outsider 28 29 $2,885,000 $7,104,000 Financial Fraud 27 34 $39,706,000 $55,996,000 Denial of Service 28 46 $3,255,000 $8,247,500 Virus 116 162 N/A N/A Telecom Fraud 29 19 $773,000 $4,028,000 Unauthorised insider access 25 20 $3,567,000 $22,554,500 Insider abuse if Net Access 81 91 $7,576,000 $27,984,740 Active wiretapping 1 1 $20,000 $5,000,000 Laptop theft 150 174 $13,038,000 $10,404,300 Table 1: losses from computer crime installed few CCTV cameras, bolted cages on the top of servers, chained PCs to the desks, computing services have installed firewall facilities and e-mail scanner, the administration has detailed corporative security policy, and users are well-protected from the possible intrusion. Or are they? Here it is – the “dark side of the moon”: CCTV cameras could be easily jammed with “laser” pointers, bolted servers could be access with CDs or floppies, email could be read from “hotmail” or “yahoo” accounts, viruses could be brought in from a home PC, employees or contractors may have escalated their access rights, temporary accounts are “forgotten”, the vendors patches get ignored by system administrators, fake questionnaire “win a free trip to Paris – just answer five questions about your network”, corporative security policy was unchanged since “the Romans were here”. Needles to say a properly scaled and combined attempt will certainly be a successful one! Our respectable opponents may say, “This is paranoia”. To justify our point we will produce two cases: 1. Very “famous” Code Red worm has exploited vulnerability in Microsoft’s IIS web server software. The Code Red worm freely ran on the Internet starting July 19, 2001 despite the fact that Microsoft had released a patch for the vulnerability on June 18, 2001. And all system administrators and network managers have had more than a month – perhaps it was a holiday period! Next one and not less “famous” W32.Nimda worm has enjoyed not one but two different vulnerabilities. The worm introduced itself September 18, 2001 but Microsoft had released fixes for both vulnerabilities on August 10, 2000 [Microsoft 2000] and March 29, 2001 [Microsoft 2001]. On this occasion one can see that system administrators along with network managers have been given enough time to cover the gaps. Why did they fail?! 2. Kevin Mitnick, who claimed he has penetrated into all targeted sites but one, openly declared in his Senate testimony [Mitnik 1997] that: “Enacting policies and procedures simply won't suffice. Even with oversight the policies and procedures may not be effective: my access to Motorola, Nokia, ATT, Sun depended upon the willingness of people to bypass policies and procedures that were in place for years before I compromised them successfully”. Please note this “..willingness.. to bypass..” and “..in place for years..”. No single security measure can guarantee the strong defence and the complicated and well- protected system may get compromised. Users’ reaction - this last element of the triad is as important as the first two. Simple yet effective backup procedure will reduce loses as
  • 3. Proc. Of the 2nd Symposium on Research in Computer Science, Coventry, UK, May 2002. well as the recovery time, without the backup strategy the corporative data may be lost forever. So let us summarise: all complicated and expensive technological approaches will not work without appropriate education and training all corporative users. The famous hacker has openly “shared” [Mitnik 1997] his opinion: “The methods that will most effectively minimize the ability of intruders to compromise information security are comprehensive user training and education”. Such education is expensive and continuous process and on authors’ opinion the Multimedia approach will play an ultimate role here. 2. WHAT IS MULTIMEDIA? Multimedia is defined as “computer mediated interactive presentations that utilize more than one medium” [Elsom-Cook 1997]. This definition tells us that multimedia is primarily used to for the presentation of information. Computers have been used as tools for processing information for years. It was only lately during the 80s and the appearance of the first home computers that computers have been used for presenting information as well as processing it. Multimedia is a relatively new field of Information Technology. Advances in computer technology has allowed for computer presentation to include images and other media in addition to the text only presentations of older computer systems. This has been achieved in widely and multimedia ready computer systems are available in most houses and even more businesses in the Europe and the United States. 3. WHY MULTIMEDIA IS MORE EFFECTIVE THAN OTHER TRAINING APPROACHES? To enhance the user learning process and to reduce the training time a number of mechanisms exists [Seymour 2001]: • Magazine articles discussing security procedures. • Wall sings explaining different parts of the security policies. • Network messages that inform users on new vulnerabilities and viruses. • E-mail newsletters describing different areas of the system’s security. • Training classes where security experts explain hacking techniques along with the countermeasures for them. Although all of the above aids are successful up to a degree, they are less successful than what is required in terms of security by business organisations. In an attempt to provide better quality more effective, more efficient and more cost–effective training, multimedia technology needs to be utilised for the specific needs of security training and awareness among organisations that rely primarily on IT for their everyday organisational needs. Comprehension and memory recall could be improved as realistic simulation of action descriptions can be achieved [Faraday 1997]. Multimedia technology enhances computer presentations by introducing all or some (but at least two) of the following elements [Elsom- Cook 2001]: • Audio • Video • Animation • Text • Still images All of the above elements are used to improve communication between the presenter and the presentation receiver. It is proven [Scarlatos 1997] that the use of multiple channels of communication correctly utilized can be more effective than a single channel of communication. For example, it would be a far more effective educational method to use an image or an animation along with the textual description of an action. Multimedia enhances a software presentation in such a way that communication of knowledge is more effective and efficient 4. EXAMPLES OF USER TRAINING WITH MULTIMEDIA Multimedia presentations have been used extensively in user training along wide and diverse areas of application. A few examples of training with the use of multimedia would be the following: • Military training • Biomedical training • Scientific training • Industrial training • Educational tra ining
  • 4. Proc. Of the 2nd Symposium on Research in Computer Science, Coventry, UK, May 2002. In particular educational training has been one of the most common forms of multimedia. The benefits of utilising more channels of communication and interacting with the viewer has been measured and documented well. The saying “one picture equals a thousand words” has been proven right over and over again. Multimedia training is an accepted and endorsed practice by the biggest and most prestigious organisations including Microsoft, IBM and Hewlett Packard to mention just a few. Examples of multimedia training can also be found in schools of all levels and for numerous subjects and in a lot of Internet websites. Atypical multimedia application will use at least two channels of communication. Today’s standards go far beyond that statement to utilise even interactive 3D environments for the purpose of accelerated learning. In figure 1 a typical multimedia application user interface is shown [Digevent 2002]. Figure 1: Multimedia music instruction In that particular example multimedia has been used for musical training online. The application utilises text, audio, images, and video to present information of musical nature to a worldwide audience. It must be mentioned here that the application is interactive providing viewers with the option to “ask” questions and get answers in real time. Training of that type would be impossible with any other approach because of the following reasons: • Distance • Availability of trainer • Space related issues (how can one accommodate for a world wide audience?) Al these issues are addressed successfully by the multimedia application. In figure 2 we can see another example of an educational multimedia application [Oikonomou 2002]. Figure 2: BSE application Interface This is an offline application used for biomedical training and education specifically on how to perform the breast self-examination procedures (BSE), which is an aid to early breast cancer detection. Breast cancer statistics show that 1 in 10 women [Oikonomou 2001] will develop breast cancer at some point in their life. Making Breast cancer a common disease. Multimedia has been considered as a valid and effective method for such a highly critical training need. 5. CONCLUSIONS AND FURTHER WORK The examples previously presented clearly show that the use of multimedia for training purposes is widely trusted and used in applications where user training is important and in some cases critical. Information systems security is both important and critical for businesses. The authors propose the development of multimedia user training material for the purpose of security training. Providing such a training tool will assist in providing better systems security. Although effective a multimedia-training tool could work as ma jor security flaw if fallen into the wrong hands. Adversaries that can get a copy of it will be able to understand the security policy the business follows. In cases where the tool includes training sessions for security administrators, adversaries will be able to understand the security methods and tools that are used by the organisation. Any further work in the investigation of the application of multimedia for security awareness, should take into account the previous discussed challenge. 6. References [Oikonomou 2002] A. Oikonomou, S.A. Amin, R.N.G. Naguib, A. Todman, H. Al- Omishy, “Breast Self Examination Training Through the Use of Multimedia: Developing a BSE CHAPTERS MENU OPTIONS MENU INTERACTIVE 3D ANIMATION, IMAGES AND TEXT VIDEO
  • 5. Proc. Of the 2nd Symposium on Research in Computer Science, Coventry, UK, May 2002. prototype multimedia application”, submitted to IEEE ICME 2002, Lausanne, Switcherland, 2002. [Oikonomou 2001] A. Oikonomou, S.A. Amin, R.N.G. Naguib, A. Todman, “Breast Self Examination Training Through the Use of Multimedia: A Benchmark Multimedia Development Methodology for Biomedical Applications”, IEEE-EMBS, 2001 [Microsoft 2001] Security Bulletin (MS00- 057), Microsoft Corporation. August 10, 2000 [Microsoft 1997] Security Bulletin (MS01- 020), Microsoft Corporation. March 29, 2001 [Mitnik 1997] Kevin Mitnick. Testimony. Committee on Governmental Affairs, The United States Senate, 1997. [Elsom-Cook 2001] M. Elsom-Cook, Principles of interactive multimedia, McGraw- Hill, 2001. [Scarlatos 1997] L.L. Scarlatos, R. Darken, K. Harada, C. Heeter, R. Muller, B. Shneiderman, Designing Interactive Multimedia, Fifth ACM International Multimedia Conference, 1997. [Faraday 1997] P. Faraday, A. Sutcliffe, Designing effective multimedia presentations, Computer Human Interaction conference, Atlanta, 1997 [Digevent 2002], http://www.digevent.com/events/consumer/mu sic/guitar_mania/, accessed March 2002. [CSI/FBI 2000] Computer Crime and Security Survey, Computer Security Issues and Trends, 2000. Vol. VI, No1. [Seymour 2001] Bosworth Seymour and M.E. Kabay Kabay. Computer Security Handbook: Fourth Edition. 2001.