2. Robbing a grocery store G
• Consider a grocery store (called G).
• A customer goes into the store and picks up stuff by
himself
• Goes to the cashier,
• Pays for the stuff, packs his bags and leaves
• Think of ways someone can rob the store
• Write down your list of answers
• Feel free to discuss with other students
• You have 10 minutes
TkT Mikko Särelä
4. Robbing a grocery store G
• Customer hides something in his bag while paying for the rest
TkT Mikko Särelä
5. Robbing a grocery store G
• Customer hides something in his bag while paying for the rest
• Customer takes stuff from the store and runs for it
TkT Mikko Särelä
6. Robbing a grocery store G
• Customer hides something in his bag while paying for the rest
• Customer takes stuff from the store and runs for it
• Customer puts a chocolate bar in another customers shopping
queue and gets him to pay for it
TkT Mikko Särelä
7. Robbing a grocery store G
• Customer hides something in his bag while paying for the rest
• Customer takes stuff from the store and runs for it
• Customer puts a chocolate bar in another customers shopping
queue and gets him to pay for it
• Clerk takes money for groceries, but does not put it in the
cash register
TkT Mikko Särelä
8. Robbing a grocery store G
• Customer hides something in his bag while paying for the rest
• Customer takes stuff from the store and runs for it
• Customer puts a chocolate bar in another customers shopping
queue and gets him to pay for it
• Clerk takes money for groceries, but does not put it in the
cash register
• Someone robs the cash register of the money (perhaps with a
gun
TkT Mikko Särelä
9. Robbing a grocery store G
• Customer hides something in his bag while paying for the rest
• Customer takes stuff from the store and runs for it
• Customer puts a chocolate bar in another customers shopping
queue and gets him to pay for it
• Clerk takes money for groceries, but does not put it in the
cash register
• Someone robs the cash register of the money (perhaps with a
gun
• Someone robs the money when it is being transferred to the
bank
TkT Mikko Särelä
10. Robbing a grocery store G
• Customer hides something in his bag while paying for the rest
• Customer takes stuff from the store and runs for it
• Customer puts a chocolate bar in another customers shopping
queue and gets him to pay for it
• Clerk takes money for groceries, but does not put it in the
cash register
• Someone robs the cash register of the money (perhaps with a
gun
• Someone robs the money when it is being transferred to the
bank
• Breaking in during the night and stealing groceries
TkT Mikko Särelä
11. Robbing a grocery store G
• Customer hides something in his bag while paying for the rest
• Customer takes stuff from the store and runs for it
• Customer puts a chocolate bar in another customers shopping
queue and gets him to pay for it
• Clerk takes money for groceries, but does not put it in the
cash register
• Someone robs the cash register of the money (perhaps with a
gun
• Someone robs the money when it is being transferred to the
bank
• Breaking in during the night and stealing groceries
• Someone empties the company bank account
TkT Mikko Särelä
13. Robbing a grocery store G
• Competitor tampers with the food and tries to cause a
scandal
TkT Mikko Särelä
14. Robbing a grocery store G
• Competitor tampers with the food and tries to cause a
scandal
• Competitor (hires someone to) photograph and publish
pictures of people buying e.g. condoms or pornography
TkT Mikko Särelä
15. Robbing a grocery store G
• Competitor tampers with the food and tries to cause a
scandal
• Competitor (hires someone to) photograph and publish
pictures of people buying e.g. condoms or pornography
• Competitor hires someone to prevent supply truck from
arriving to the store
TkT Mikko Särelä
16. Robbing a grocery store G
• Competitor tampers with the food and tries to cause a
scandal
• Competitor (hires someone to) photograph and publish
pictures of people buying e.g. condoms or pornography
• Competitor hires someone to prevent supply truck from
arriving to the store
• Preventing employees from arriving at work
TkT Mikko Särelä
17. Robbing a grocery store G
• Competitor tampers with the food and tries to cause a
scandal
• Competitor (hires someone to) photograph and publish
pictures of people buying e.g. condoms or pornography
• Competitor hires someone to prevent supply truck from
arriving to the store
• Preventing employees from arriving at work
• A mafia threatens to burn the building unless the owner pays
protection fees
TkT Mikko Särelä
18. Robbing a grocery store G
• Competitor tampers with the food and tries to cause a
scandal
• Competitor (hires someone to) photograph and publish
pictures of people buying e.g. condoms or pornography
• Competitor hires someone to prevent supply truck from
arriving to the store
• Preventing employees from arriving at work
• A mafia threatens to burn the building unless the owner pays
protection fees
• Someone plants illegal drugs into the store and informs local
police enforcement
TkT Mikko Särelä
24. Assets needing protection
• The building and customer access
• Store reputation
• The stock of groceries
TkT Mikko Särelä
25. Assets needing protection
• The building and customer access
• Store reputation
• The stock of groceries
• Deliveries
TkT Mikko Särelä
26. Assets needing protection
• The building and customer access
• Store reputation
• The stock of groceries
• Deliveries
• Employees
TkT Mikko Särelä
27. Assets needing protection
• The building and customer access
• Store reputation
• The stock of groceries
• Deliveries
• Employees
• Money
TkT Mikko Särelä
28. Assets needing protection
• The building and customer access
• Store reputation
• The stock of groceries
• Deliveries
• Employees
• Money
• Customer information
TkT Mikko Särelä
29. Threat model
• Threats from the store owner’s
perspective
• Someone steals money, or food
• Someone destroys food or money
• Someone prevents store from being open
• Someone causes problems for the store
image
• and more
TkT Mikko Särelä
30. Attacker model
• Potential attackers include
• customer, employee, outsider, competitor,
organized crime, government
• Attacker capabilities
• From empty hands, to guns and millions of dollars
and thousands of employees to do their bidding
• Attacks: technical or social engineering?
TkT Mikko Särelä
31. Risk assessment
• Security is not a purpose by itself!
• Weighing costs of security to its
benefits
• Good enough security
• You can never protect against all
threats!
TkT Mikko Särelä
32.
33. Wait a second!
• That was only store owner’s
perspective
• How about the perspective of
• customer,
• insurance company,
• government,
• etc.
TkT Mikko Särelä
Tehtävänanto harhaanjohtaja. Tämä on tyypillistä tietoturvatyössä. Asiakas tulee pyytämään apua ihan eri asiassa kuin mikä oikeasti on ongelma\n\nLähde tangentille yliopistokoulutuksesta!\n
Laita kalvot tulemaan bullet kerrallaan!\n\n\n
Laita kalvot tulemaan bullet kerrallaan!\n\n\n
Laita kalvot tulemaan bullet kerrallaan!\n\n\n
Laita kalvot tulemaan bullet kerrallaan!\n\n\n
Laita kalvot tulemaan bullet kerrallaan!\n\n\n
Laita kalvot tulemaan bullet kerrallaan!\n\n\n
Laita kalvot tulemaan bullet kerrallaan!\n\n\n
Laita kalvot tulemaan bullet kerrallaan!\n\n\n
\n
\n
\n
\n
\n
\n
\n
\n
credit card info\n
credit card info\n
credit card info\n
credit card info\n
credit card info\n
credit card info\n
credit card info\n
\n
\n
Piirrä kuva turvallisuuden kustannuksista ja riskien kustannuksista\n\nMeteoriittihyökkäys\n - ovat tappaneet ihmisiä, voimme laskea uhalle todennäköisyyden\nLiikenne\n - 20kmh kattonopeus\n - Kaiva liikenneturvallisuuskuva\n\n
\n
\n
\n
Hyviä esimerkkejä kaupan turvallisuuden parantamisen jäljiltä\n\nSocial engineering -hyökkäykset\n
