SlideShare a Scribd company logo

ISM Chapter 1.ppt

Download as PPT, PDF
S
SajjadAbdullah4

Information Security Chapter 1

Education
1 of 47
About the Presentations • The presentations cover the objectives found in the opening of each chapter. • All chapter objectives are listed in the beginning of each presentation. • You may customize the presentations to fit your class needs. • Some figures from the chapters are included. A complete set of images from the book can be found on the Instructor Resources disc.
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 1 Introduction to Security
Objectives • Describe the challenges of securing information • Define information security and explain why it is important • Identify the types of attackers that are common today • List the basic steps of an attack • Describe the five basic principles of defense Security+ Guide to Network Security Fundamentals, Fourth Edition 3
Challenges of Securing Information • Security figures prominently in 21st century world – Personal security – Information security • Securing information – No simple solution – Many different types of attacks – Defending against attacks often difficult Security+ Guide to Network Security Fundamentals, Fourth Edition 4
Today’s Security Attacks • Advances in computing power – Make password-breaking easy • Software vulnerabilities often not patched – Smartphones a new target Security+ Guide to Network Security Fundamentals, Fourth Edition 5
Today’s Security Attacks (cont’d.) • Examples of recent attacks – Bogus antivirus software • Marketed by credit card thieves – Online banking attacks – Hacking contest – Nigerian 419 advanced fee fraud • Number one type of Internet fraud – Identity theft using Firesheep – Malware – Infected USB flash drive devices Security+ Guide to Network Security Fundamentals, Fourth Edition 6
Security+ Guide to Network Security Fundamentals, Fourth Edition 7 Table 1-1 Selected security breaches involving personal information in a one-month period
Difficulties in Defending Against Attacks • Universally connected devices • Increased speed of attacks • Greater sophistication of attacks • Availability and simplicity of attack tools • Faster detection of vulnerabilities Security+ Guide to Network Security Fundamentals, Fourth Edition 8
Difficulties in Defending Against Attacks (cont’d.) • Delays in patching – Weak distribution of patches • Distributed attacks • User confusion Security+ Guide to Network Security Fundamentals, Fourth Edition 9
Security+ Guide to Network Security Fundamentals, Fourth Edition 10 Table 1-2 Difficulties in defending against attacks
What Is Information Security? • Before defense is possible, one must understand: – What information security is – Why it is important – Who the attackers are Security+ Guide to Network Security Fundamentals, Fourth Edition 11
Defining Information Security • Security – Steps to protect person or property from harm • Harm may be intentional or nonintentional – Sacrifices convenience for safety • Information security – Guarding digitally-formatted information: • That provides value to people and organizations Security+ Guide to Network Security Fundamentals, Fourth Edition 12
Defining Information Security (cont’d.) • Three types of information protection: often called CIA – Confidentiality • Only approved individuals may access information – Integrity • Information is correct and unaltered – Availability • Information is accessible to authorized users Security+ Guide to Network Security Fundamentals, Fourth Edition 13
Defining Information Security (cont’d.) • Protections implemented to secure information – Identification • Proof of who you are – Authentication • Individual is who they claim to be – Authorization • Grant ability to access information – Accounting • Provides tracking of events Security+ Guide to Network Security Fundamentals, Fourth Edition 14
Security+ Guide to Network Security Fundamentals, Fourth Edition 15 Figure 1-3 Information security components © Cengage Learning 2012
Security+ Guide to Network Security Fundamentals, Fourth Edition Defining Information Security (cont’d.) 16 Table 1-3 Information security layers
Information Security Terminology • Asset – Item of value • Threat – Actions or events that have potential to cause harm • Threat agent – Person or element with power to carry out a threat Security+ Guide to Network Security Fundamentals, Fourth Edition 17
Security+ Guide to Network Security Fundamentals, Fourth Edition 18 Table 1-4 Information technology assets
Information Security Terminology (cont’d.) • Vulnerability – Flaw or weakness • Threat agent can bypass security • Risk – Likelihood that threat agent will exploit vulnerability – Cannot be eliminated entirely • Cost would be too high • Take too long to implement – Some degree of risk must be assumed Security+ Guide to Network Security Fundamentals, Fourth Edition 19
Security+ Guide to Network Security Fundamentals, Fourth Edition 20 Figure 1-4 Information security components analogy © Cengage Learning 2012
Information Security Terminology (cont’d.) • Options to deal with risk – Accept • Realize there is a chance of loss – Diminish • Take precautions • Most information security risks should be diminished – Transfer risk to someone else • Example: purchasing insurance Security+ Guide to Network Security Fundamentals, Fourth Edition 21
Understanding the Importance of Information Security • Preventing data theft – Security often associated with theft prevention – Business data theft • Proprietary information – Individual data theft • Credit card numbers Security+ Guide to Network Security Fundamentals, Fourth Edition 22
Understanding the Importance of Information Security (cont’d.) • Thwarting identity theft – Using another’s personal information in unauthorized manner • Usually for financial gain – Example: • Steal person’s SSN • Create new credit card account • Charge purchases • Leave unpaid Security+ Guide to Network Security Fundamentals, Fourth Edition 23
Understanding the Importance of Information Security (cont’d.) • Avoiding legal consequences – Laws protecting electronic data privacy • The Health Insurance Portability and Accountability Act of 1996 (HIPAA) • The Sarbanes-Oxley Act of 2002 (Sarbox) • The Gramm-Leach-Bliley Act (GLBA) • California’s Database Security Breach Notification Act (2003) Security+ Guide to Network Security Fundamentals, Fourth Edition 24
Understanding the Importance of Information Security (cont’d.) • Maintaining productivity – Post-attack clean up diverts resources • Time and money Security+ Guide to Network Security Fundamentals, Fourth Edition 25 Table 1-6 Cost of attacks
Understanding the Importance of Information Security (cont’d.) • Foiling cyberterrorism – Premeditated, politically motivated attacks – Target: information, computer systems, data – Designed to: • Cause panic • Provoke violence • Result in financial catastrophe Security+ Guide to Network Security Fundamentals, Fourth Edition 26
Understanding the Importance of Information Security (cont’d.) • Potential cyberterrorism targets – Banking – Military – Energy (power plants) – Transportation (air traffic control centers) – Water systems Security+ Guide to Network Security Fundamentals, Fourth Edition 27
Who Are the Attackers? • Categories of attackers – Hackers – Script kiddies – Spies – Insiders – Cybercriminals – Cyberterrorists Security+ Guide to Network Security Fundamentals, Fourth Edition 28
Hackers • Hacker – Person who uses computer skills to attack computers – Term not common in security community • White hat hackers – Goal to expose security flaws – Not to steal or corrupt data • Black hat hackers – Goal is malicious and destructive Security+ Guide to Network Security Fundamentals, Fourth Edition 29
Script Kiddies • Script kiddies – Goal: break into computers to create damage – Unskilled users – Download automated hacking software (scripts) • Use them to perform malicious acts – Attack software today has menu systems • Attacks are even easier for unskilled users – 40 percent of attacks performed by script kiddies Security+ Guide to Network Security Fundamentals, Fourth Edition 30
Spies • Computer spy – Person hired to break into a computer: • To steal information • Hired to attack a specific computer or system: – Containing sensitive information • Goal: steal information without drawing attention to their actions • Possess excellent computer skills: – To attack and cover their tracks Security+ Guide to Network Security Fundamentals, Fourth Edition 31
Insiders • Employees, contractors, and business partners • 48 percent of breaches attributed to insiders • Examples of insider attacks – Health care worker publicized celebrities’ health records • Disgruntled over upcoming job termination – Government employee planted malicious coding script – Stock trader concealed losses through fake transactions – U.S. Army private accessed sensitive documents Security+ Guide to Network Security Fundamentals, Fourth Edition 32
Cybercriminals • Network of attackers, identity thieves, spammers, financial fraudsters • Difference from ordinary attackers – More highly motivated – Willing to take more risk – Better funded – More tenacious – Goal: financial gain Security+ Guide to Network Security Fundamentals, Fourth Edition 33
Cybercriminals (cont’d.) • Organized gangs of young attackers – Eastern European, Asian, and third-world regions Security+ Guide to Network Security Fundamentals, Fourth Edition 34 Table 1-7 Characteristics of cybercriminals
Cybercriminals (cont’d.) • Cybercrime – Targeted attacks against financial networks – Unauthorized access to information – Theft of personal information • Financial cybercrime – Trafficking in stolen credit cards and financial information – Using spam to commit fraud Security+ Guide to Network Security Fundamentals, Fourth Edition 35
Cyberterrorists • Cyberterrorists – Ideological motivation • Attacking because of their principles and beliefs • Goals of a cyberattack: – Deface electronic information • Spread misinformation and propaganda – Deny service to legitimate computer users – Commit unauthorized intrusions • Results: critical infrastructure outages; corruption of vital data Security+ Guide to Network Security Fundamentals, Fourth Edition 36
Attacks and Defenses • Wide variety of attacks – Same basic steps used in attack • To protect computers against attacks: – Follow five fundamental security principles Security+ Guide to Network Security Fundamentals, Fourth Edition 37
Steps of an Attack • Probe for information – Such as type of hardware or software used • Penetrate any defenses – Launch the attack • Modify security settings – Allows attacker to reenter compromised system easily • Circulate to other systems – Same tools directed toward other systems • Paralyze networks and devices Security+ Guide to Network Security Fundamentals, Fourth Edition 38
Security+ Guide to Network Security Fundamentals, Fourth Edition 39 Figure 1-6 Steps of an attack © Cengage Learning 2012
Security+ Guide to Network Security Fundamentals, Fourth Edition Defenses Against Attacks • Fundamental security principles for defenses – Layering – Limiting – Diversity – Obscurity – Simplicity 40
Layering • Information security must be created in layers – Single defense mechanism may be easy to circumvent – Unlikely that attacker can break through all defense layers • Layered security approach – Can be useful in resisting a variety of attacks – Provides the most comprehensive protection Security+ Guide to Network Security Fundamentals, Fourth Edition 41
Limiting • Limiting access to information: – Reduces the threat against it • Only those who must use data granted access – Amount of access limited to what that person needs to know • Methods of limiting access – Technology • File permissions – Procedural • Prohibiting document removal from premises Security+ Guide to Network Security Fundamentals, Fourth Edition 42
Diversity • Closely related to layering – Layers must be different (diverse) • If attackers penetrate one layer: – Same techniques unsuccessful in breaking through other layers • Breaching one security layer does not compromise the whole system • Example of diversity – Using security products from different manufacturers Security+ Guide to Network Security Fundamentals, Fourth Edition 43
Obscurity • Obscuring inside details to outsiders • Example: not revealing details – Type of computer – Operating system version – Brand of software used • Difficult for attacker to devise attack if system details are unknown Security+ Guide to Network Security Fundamentals, Fourth Edition 44
Simplicity • Nature of information security is complex • Complex security systems – Difficult to understand and troubleshoot – Often compromised for ease of use by trusted users • Secure system should be simple: – For insiders to understand and use • Simple from the inside – Complex from the outside Security+ Guide to Network Security Fundamentals, Fourth Edition 45
Summary • Information security attacks growing exponentially in recent years • Several reasons for difficulty defending against today’s attacks • Information security protects information’s integrity, confidentiality, and availability: – On devices that store, manipulate, and transmit information – Using products, people, and procedures Security+ Guide to Network Security Fundamentals, Fourth Edition 46
Summary (cont’d.) • Goals of information security – Prevent data theft – Thwart identity theft – Avoid legal consequences of not securing information – Maintain productivity – Foil cyberterrorism • Different types of people with different motivations conduct computer attacks • An attack has five general steps Security+ Guide to Network Security Fundamentals, Fourth Edition 47

Recommended

1_Introduction to security.pptx
1_Introduction to security.pptx1_Introduction to security.pptx
1_Introduction to security.pptx
diaa46
 
Intro to Security
Intro to SecurityIntro to Security
Intro to Security
primeteacher32
 
Week 1 - Introduction to Information Security.pptx
Week 1 - Introduction to Information Security.pptxWeek 1 - Introduction to Information Security.pptx
Week 1 - Introduction to Information Security.pptx
ChristianEarlPalason
 
Chapter 1 Presentation
Chapter 1 PresentationChapter 1 Presentation
Chapter 1 Presentation
Amy McMullin
 
ch02_2.ppt
ch02_2.pptch02_2.ppt
ch02_2.ppt
IbrahimAl22
 
ch02_2.ppt
ch02_2.pptch02_2.ppt
ch02_2.ppt
gtrajasekaran1
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2
MLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 

Recommended

1_Introduction to security.pptx
1_Introduction to security.pptx1_Introduction to security.pptx
1_Introduction to security.pptx
diaa46
 
Intro to Security
Intro to SecurityIntro to Security
Intro to Security
primeteacher32
 
Week 1 - Introduction to Information Security.pptx
Week 1 - Introduction to Information Security.pptxWeek 1 - Introduction to Information Security.pptx
Week 1 - Introduction to Information Security.pptx
ChristianEarlPalason
 
Chapter 1 Presentation
Chapter 1 PresentationChapter 1 Presentation
Chapter 1 Presentation
Amy McMullin
 
ch02_2.ppt
ch02_2.pptch02_2.ppt
ch02_2.ppt
IbrahimAl22
 
ch02_2.ppt
ch02_2.pptch02_2.ppt
ch02_2.ppt
gtrajasekaran1
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2
MLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Chapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptxChapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptx
JhaiJhai6
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
elmuhammadmuhammad
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
Elumalai Vasan
 
Cloud Security.pptx
Cloud Security.pptxCloud Security.pptx
Cloud Security.pptx
Binod Rimal
 
Isys20261 lecture 01
Isys20261 lecture 01Isys20261 lecture 01
Isys20261 lecture 01
Wiliam Ferraciolli
 
information security management
information security managementinformation security management
information security management
Gurpreetkaur838
 
Lecture 1-2.pdf
Lecture 1-2.pdfLecture 1-2.pdf
Lecture 1-2.pdf
FumikageTokoyami4
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdf
Ndheh
 
Security in IT (data and cyber security)
Security in IT (data and cyber security)Security in IT (data and cyber security)
Security in IT (data and cyber security)
Rohana K Amarakoon
 
security in it (data and cyber security)
security in it (data and cyber security)security in it (data and cyber security)
security in it (data and cyber security)
Rohana K Amarakoon
 
Chap01
Chap01Chap01
Chap01
KASSAWMAR AYALEW
 
How secure are your systems
How secure are your systemsHow secure are your systems
How secure are your systems
City Unrulyversity
 
15_526_topic01.ppt
15_526_topic01.ppt15_526_topic01.ppt
15_526_topic01.ppt
Faiz Fanani
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptx
Govt. P.G. College Sendhwa, Barwani (M.P.)
 
internet security and cyber lawUnit1
internet security and cyber lawUnit1internet security and cyber lawUnit1
internet security and cyber lawUnit1
Royalzig Luxury Furniture
 
DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!
DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!
DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!
Kevin Fisher
 
Describing the challenges of securing information
Describing the challenges of securing informationDescribing the challenges of securing information
Describing the challenges of securing information
Nicholas Davis
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
BilalMehmood44
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfUNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
VishwanathMahalle
 
DRC -- Cybersecurity concepts2015
DRC -- Cybersecurity concepts2015DRC -- Cybersecurity concepts2015
DRC -- Cybersecurity concepts2015
T. J. Saotome
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
RAM LAL ANAND COLLEGE, DELHI UNIVERSITY.
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
Thiyagu K
 

More Related Content

Similar to ISM Chapter 1.ppt

Describing the challenges of securing information
Describing the challenges of securing informationDescribing the challenges of securing information
Describing the challenges of securing information
Nicholas Davis
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfUNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
VishwanathMahalle
 
DRC -- Cybersecurity concepts2015
DRC -- Cybersecurity concepts2015DRC -- Cybersecurity concepts2015
DRC -- Cybersecurity concepts2015
T. J. Saotome
 

Similar to ISM Chapter 1.ppt (20)

Chapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptxChapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptx
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Cloud Security.pptx
Cloud Security.pptxCloud Security.pptx
Cloud Security.pptx
 
Isys20261 lecture 01
Isys20261 lecture 01Isys20261 lecture 01
Isys20261 lecture 01
 
information security management
information security managementinformation security management
information security management
 
Lecture 1-2.pdf
Lecture 1-2.pdfLecture 1-2.pdf
Lecture 1-2.pdf
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdf
 
Security in IT (data and cyber security)
Security in IT (data and cyber security)Security in IT (data and cyber security)
Security in IT (data and cyber security)
 
security in it (data and cyber security)
security in it (data and cyber security)security in it (data and cyber security)
security in it (data and cyber security)
 
Chap01
Chap01Chap01
Chap01
 
How secure are your systems
How secure are your systemsHow secure are your systems
How secure are your systems
 
15_526_topic01.ppt
15_526_topic01.ppt15_526_topic01.ppt
15_526_topic01.ppt
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptx
 
internet security and cyber lawUnit1
internet security and cyber lawUnit1internet security and cyber lawUnit1
internet security and cyber lawUnit1
 
DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!
DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!
DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!
 
Describing the challenges of securing information
Describing the challenges of securing informationDescribing the challenges of securing information
Describing the challenges of securing information
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfUNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
 
DRC -- Cybersecurity concepts2015
DRC -- Cybersecurity concepts2015DRC -- Cybersecurity concepts2015
DRC -- Cybersecurity concepts2015
 

Recently uploaded

Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
kauryashika82
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Krashi Coaching
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 

Recently uploaded (20)

INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 

ISM Chapter 1.ppt

  • 1. About the Presentations • The presentations cover the objectives found in the opening of each chapter. • All chapter objectives are listed in the beginning of each presentation. • You may customize the presentations to fit your class needs. • Some figures from the chapters are included. A complete set of images from the book can be found on the Instructor Resources disc.
  • 2. Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 1 Introduction to Security
  • 3. Objectives • Describe the challenges of securing information • Define information security and explain why it is important • Identify the types of attackers that are common today • List the basic steps of an attack • Describe the five basic principles of defense Security+ Guide to Network Security Fundamentals, Fourth Edition 3
  • 4. Challenges of Securing Information • Security figures prominently in 21st century world – Personal security – Information security • Securing information – No simple solution – Many different types of attacks – Defending against attacks often difficult Security+ Guide to Network Security Fundamentals, Fourth Edition 4
  • 5. Today’s Security Attacks • Advances in computing power – Make password-breaking easy • Software vulnerabilities often not patched – Smartphones a new target Security+ Guide to Network Security Fundamentals, Fourth Edition 5
  • 6. Today’s Security Attacks (cont’d.) • Examples of recent attacks – Bogus antivirus software • Marketed by credit card thieves – Online banking attacks – Hacking contest – Nigerian 419 advanced fee fraud • Number one type of Internet fraud – Identity theft using Firesheep – Malware – Infected USB flash drive devices Security+ Guide to Network Security Fundamentals, Fourth Edition 6
  • 7. Security+ Guide to Network Security Fundamentals, Fourth Edition 7 Table 1-1 Selected security breaches involving personal information in a one-month period
  • 8. Difficulties in Defending Against Attacks • Universally connected devices • Increased speed of attacks • Greater sophistication of attacks • Availability and simplicity of attack tools • Faster detection of vulnerabilities Security+ Guide to Network Security Fundamentals, Fourth Edition 8
  • 9. Difficulties in Defending Against Attacks (cont’d.) • Delays in patching – Weak distribution of patches • Distributed attacks • User confusion Security+ Guide to Network Security Fundamentals, Fourth Edition 9
  • 10. Security+ Guide to Network Security Fundamentals, Fourth Edition 10 Table 1-2 Difficulties in defending against attacks
  • 11. What Is Information Security? • Before defense is possible, one must understand: – What information security is – Why it is important – Who the attackers are Security+ Guide to Network Security Fundamentals, Fourth Edition 11
  • 12. Defining Information Security • Security – Steps to protect person or property from harm • Harm may be intentional or nonintentional – Sacrifices convenience for safety • Information security – Guarding digitally-formatted information: • That provides value to people and organizations Security+ Guide to Network Security Fundamentals, Fourth Edition 12
  • 13. Defining Information Security (cont’d.) • Three types of information protection: often called CIA – Confidentiality • Only approved individuals may access information – Integrity • Information is correct and unaltered – Availability • Information is accessible to authorized users Security+ Guide to Network Security Fundamentals, Fourth Edition 13
  • 14. Defining Information Security (cont’d.) • Protections implemented to secure information – Identification • Proof of who you are – Authentication • Individual is who they claim to be – Authorization • Grant ability to access information – Accounting • Provides tracking of events Security+ Guide to Network Security Fundamentals, Fourth Edition 14
  • 15. Security+ Guide to Network Security Fundamentals, Fourth Edition 15 Figure 1-3 Information security components © Cengage Learning 2012
  • 16. Security+ Guide to Network Security Fundamentals, Fourth Edition Defining Information Security (cont’d.) 16 Table 1-3 Information security layers
  • 17. Information Security Terminology • Asset – Item of value • Threat – Actions or events that have potential to cause harm • Threat agent – Person or element with power to carry out a threat Security+ Guide to Network Security Fundamentals, Fourth Edition 17
  • 18. Security+ Guide to Network Security Fundamentals, Fourth Edition 18 Table 1-4 Information technology assets
  • 19. Information Security Terminology (cont’d.) • Vulnerability – Flaw or weakness • Threat agent can bypass security • Risk – Likelihood that threat agent will exploit vulnerability – Cannot be eliminated entirely • Cost would be too high • Take too long to implement – Some degree of risk must be assumed Security+ Guide to Network Security Fundamentals, Fourth Edition 19
  • 20. Security+ Guide to Network Security Fundamentals, Fourth Edition 20 Figure 1-4 Information security components analogy © Cengage Learning 2012
  • 21. Information Security Terminology (cont’d.) • Options to deal with risk – Accept • Realize there is a chance of loss – Diminish • Take precautions • Most information security risks should be diminished – Transfer risk to someone else • Example: purchasing insurance Security+ Guide to Network Security Fundamentals, Fourth Edition 21
  • 22. Understanding the Importance of Information Security • Preventing data theft – Security often associated with theft prevention – Business data theft • Proprietary information – Individual data theft • Credit card numbers Security+ Guide to Network Security Fundamentals, Fourth Edition 22
  • 23. Understanding the Importance of Information Security (cont’d.) • Thwarting identity theft – Using another’s personal information in unauthorized manner • Usually for financial gain – Example: • Steal person’s SSN • Create new credit card account • Charge purchases • Leave unpaid Security+ Guide to Network Security Fundamentals, Fourth Edition 23
  • 24. Understanding the Importance of Information Security (cont’d.) • Avoiding legal consequences – Laws protecting electronic data privacy • The Health Insurance Portability and Accountability Act of 1996 (HIPAA) • The Sarbanes-Oxley Act of 2002 (Sarbox) • The Gramm-Leach-Bliley Act (GLBA) • California’s Database Security Breach Notification Act (2003) Security+ Guide to Network Security Fundamentals, Fourth Edition 24
  • 25. Understanding the Importance of Information Security (cont’d.) • Maintaining productivity – Post-attack clean up diverts resources • Time and money Security+ Guide to Network Security Fundamentals, Fourth Edition 25 Table 1-6 Cost of attacks
  • 26. Understanding the Importance of Information Security (cont’d.) • Foiling cyberterrorism – Premeditated, politically motivated attacks – Target: information, computer systems, data – Designed to: • Cause panic • Provoke violence • Result in financial catastrophe Security+ Guide to Network Security Fundamentals, Fourth Edition 26
  • 27. Understanding the Importance of Information Security (cont’d.) • Potential cyberterrorism targets – Banking – Military – Energy (power plants) – Transportation (air traffic control centers) – Water systems Security+ Guide to Network Security Fundamentals, Fourth Edition 27
  • 28. Who Are the Attackers? • Categories of attackers – Hackers – Script kiddies – Spies – Insiders – Cybercriminals – Cyberterrorists Security+ Guide to Network Security Fundamentals, Fourth Edition 28
  • 29. Hackers • Hacker – Person who uses computer skills to attack computers – Term not common in security community • White hat hackers – Goal to expose security flaws – Not to steal or corrupt data • Black hat hackers – Goal is malicious and destructive Security+ Guide to Network Security Fundamentals, Fourth Edition 29
  • 30. Script Kiddies • Script kiddies – Goal: break into computers to create damage – Unskilled users – Download automated hacking software (scripts) • Use them to perform malicious acts – Attack software today has menu systems • Attacks are even easier for unskilled users – 40 percent of attacks performed by script kiddies Security+ Guide to Network Security Fundamentals, Fourth Edition 30
  • 31. Spies • Computer spy – Person hired to break into a computer: • To steal information • Hired to attack a specific computer or system: – Containing sensitive information • Goal: steal information without drawing attention to their actions • Possess excellent computer skills: – To attack and cover their tracks Security+ Guide to Network Security Fundamentals, Fourth Edition 31
  • 32. Insiders • Employees, contractors, and business partners • 48 percent of breaches attributed to insiders • Examples of insider attacks – Health care worker publicized celebrities’ health records • Disgruntled over upcoming job termination – Government employee planted malicious coding script – Stock trader concealed losses through fake transactions – U.S. Army private accessed sensitive documents Security+ Guide to Network Security Fundamentals, Fourth Edition 32
  • 33. Cybercriminals • Network of attackers, identity thieves, spammers, financial fraudsters • Difference from ordinary attackers – More highly motivated – Willing to take more risk – Better funded – More tenacious – Goal: financial gain Security+ Guide to Network Security Fundamentals, Fourth Edition 33
  • 34. Cybercriminals (cont’d.) • Organized gangs of young attackers – Eastern European, Asian, and third-world regions Security+ Guide to Network Security Fundamentals, Fourth Edition 34 Table 1-7 Characteristics of cybercriminals
  • 35. Cybercriminals (cont’d.) • Cybercrime – Targeted attacks against financial networks – Unauthorized access to information – Theft of personal information • Financial cybercrime – Trafficking in stolen credit cards and financial information – Using spam to commit fraud Security+ Guide to Network Security Fundamentals, Fourth Edition 35
  • 36. Cyberterrorists • Cyberterrorists – Ideological motivation • Attacking because of their principles and beliefs • Goals of a cyberattack: – Deface electronic information • Spread misinformation and propaganda – Deny service to legitimate computer users – Commit unauthorized intrusions • Results: critical infrastructure outages; corruption of vital data Security+ Guide to Network Security Fundamentals, Fourth Edition 36
  • 37. Attacks and Defenses • Wide variety of attacks – Same basic steps used in attack • To protect computers against attacks: – Follow five fundamental security principles Security+ Guide to Network Security Fundamentals, Fourth Edition 37
  • 38. Steps of an Attack • Probe for information – Such as type of hardware or software used • Penetrate any defenses – Launch the attack • Modify security settings – Allows attacker to reenter compromised system easily • Circulate to other systems – Same tools directed toward other systems • Paralyze networks and devices Security+ Guide to Network Security Fundamentals, Fourth Edition 38
  • 39. Security+ Guide to Network Security Fundamentals, Fourth Edition 39 Figure 1-6 Steps of an attack © Cengage Learning 2012
  • 40. Security+ Guide to Network Security Fundamentals, Fourth Edition Defenses Against Attacks • Fundamental security principles for defenses – Layering – Limiting – Diversity – Obscurity – Simplicity 40
  • 41. Layering • Information security must be created in layers – Single defense mechanism may be easy to circumvent – Unlikely that attacker can break through all defense layers • Layered security approach – Can be useful in resisting a variety of attacks – Provides the most comprehensive protection Security+ Guide to Network Security Fundamentals, Fourth Edition 41
  • 42. Limiting • Limiting access to information: – Reduces the threat against it • Only those who must use data granted access – Amount of access limited to what that person needs to know • Methods of limiting access – Technology • File permissions – Procedural • Prohibiting document removal from premises Security+ Guide to Network Security Fundamentals, Fourth Edition 42
  • 43. Diversity • Closely related to layering – Layers must be different (diverse) • If attackers penetrate one layer: – Same techniques unsuccessful in breaking through other layers • Breaching one security layer does not compromise the whole system • Example of diversity – Using security products from different manufacturers Security+ Guide to Network Security Fundamentals, Fourth Edition 43
  • 44. Obscurity • Obscuring inside details to outsiders • Example: not revealing details – Type of computer – Operating system version – Brand of software used • Difficult for attacker to devise attack if system details are unknown Security+ Guide to Network Security Fundamentals, Fourth Edition 44
  • 45. Simplicity • Nature of information security is complex • Complex security systems – Difficult to understand and troubleshoot – Often compromised for ease of use by trusted users • Secure system should be simple: – For insiders to understand and use • Simple from the inside – Complex from the outside Security+ Guide to Network Security Fundamentals, Fourth Edition 45
  • 46. Summary • Information security attacks growing exponentially in recent years • Several reasons for difficulty defending against today’s attacks • Information security protects information’s integrity, confidentiality, and availability: – On devices that store, manipulate, and transmit information – Using products, people, and procedures Security+ Guide to Network Security Fundamentals, Fourth Edition 46
  • 47. Summary (cont’d.) • Goals of information security – Prevent data theft – Thwart identity theft – Avoid legal consequences of not securing information – Maintain productivity – Foil cyberterrorism • Different types of people with different motivations conduct computer attacks • An attack has five general steps Security+ Guide to Network Security Fundamentals, Fourth Edition 47