Dr. Alan Shark


Published on

Slides presented by Dr. Alan Shark, Executive Director and CEO of Public Technology Institute

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Dr. Alan Shark

  1. 1. Security Threat Assessment 2013: Preparing Your Agency Dr. Alan R. Shark Executive Director Public Technology Institute and Associate Professor of Practice Rutgers University School of Public Affairs & Administration
  2. 2. It Used to be that paper was the problem..
  3. 3. But now it been replaced with this….....
  4. 4. Cyber Issues……Cyber crimeCyber hackingIdentity theftData theftFinancial theftData manipulation
  5. 5. What do these organizations have in common?
  6. 6. hrea ts…..Inte rnal t What About Our Employees? We can no longer simply rely on the CIO or chief security officer?
  7. 7. Points of Entry – Portable Devices
  8. 8. Points of Entry – Wireless Devices
  9. 9. Points of Entry – Storage Devices
  10. 10. Along Came the Cloud(s)………
  11. 11. Points of Entry – Storage Devices
  12. 12. Personal Connectivity…
  13. 13. Cautions to the Wind!
  14. 14. Points of Concern……Internal threats (disgruntled employees)External threatsMobile devicesBYOD (bring your own device)Storage devicesCloud-basedLax security ecosystemsCarelessnessIgnorance
  15. 15. Common Myths (Employees)1. I don’t have anything anyone would ever want;2. I have the best antivirus software installed;3. I don’t use Windows so I’m safe;4. My network has a great firewall so I am safe;5. I only visit safe sites, so I’m okay;6. My network administrator is the one in charge for my data.7. I have had my password for years and nothing ever happened.
  16. 16. Passwords Weak to Strong
  17. 17. Siobhan Duncan“No worries, I keep all the necessary passcodespasted to my monitor so I don’t loose them!”
  18. 18. Password Strength A six character, single case password has 308 million possible combinations.It can be cracked in just minutes! Combining upper and lower case and using 8 characters instead of 6 = 53 trillion possible combinations. Substituting a number for one of the letters yields 218 trillion possibilities. Substituting a special character 6,095 trillion possibilities
  19. 19. QuizHow long would it take for an individual desktopcomputer to “crack” a password?A. 1,000 passwords per second?B. 100,000 passwords per second?C.5 million passwords per second?D.More than a hundred million passwords per second?
  20. 20. Postscript on PasswordsUsing a special high speed computer that is GPU-based, it can scan billions of passwords persecond!
  21. 21. Security & Prevention1. Use strong minimum 8 character passwords, with upper and lower case letters, and special characters.2. Insist on no more than ten tries or less before the system does an automatic lock- out.3. Consider CAPTCHA as a means to thwart high-speed automated systems.
  22. 22. Security & Prevention4. Consider fingerprint readers in addition to or along with password protected systems.5. Consider iris display readers for added authentication.6. Require periodic mandatory training.
  23. 23. Policy ConsiderationsFrequency of password changes?Type of secure passwords?Encryption of files and records?Access to files and records? (in office & remote)Citizen privacy protection?When workers leave?Laptop and portable device & storage polices?Portable device policies?Back-up polices?Portable Device cut-off & destroy systems?
  24. 24. Policy ConsiderationsBack-up polices?Portable device cut-off & destroy systems?Disposal of any equipment with hard drives & storage?Disposal of copiers?Encrypted USB and portable storage devices?On-going training and threat assessment?
  25. 25. Public Technology Institute1420 Prince StreetAlexandria, VA 22314www.pti.orgashark@pti.org