SlideShare a Scribd company logo

Access Control, Authentication, and Public Key Infrastructure.docx

Download as DOCX, PDF
N
nettletondevon

Access Control, Authentication, and Public Key Infrastructure Lesson 5 Security Breaches and the Law © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1 Laws and Data Breaches Federal and state laws act as deterrents Organizations are required to take steps to protect the sensitive data An organization may have a legal obligation to inform all stakeholders if a breach occurred Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 2 Federal Laws Computer Fraud and Abuse Act (CFAA) designed to protect electronic data from theft Digital Millennium Copyright Act (DMCA) prohibits unauthorized disclosure of data by circumventing an established technological measure Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. The Computer Fraud and Abuse Act (CFAA)[1] was enacted by Congress in 1986 as an amendment to existing computer fraud law (18 U.S.C. § 1030), which had been included in the Comprehensive Crime Control Act of 1984. 2008[1] Eliminated the requirement that information must have been stolen through an interstate or foreign communication, thereby expanding jurisdiction for cases involving theft of information from computers; Eliminated the requirement that the defendant’s action must result in a loss exceeding $5,000 and created a felony offense where the damage affects ten or more computers, closing a gap in the law; Expanded 18 U.S.C. § 1030(a)(7) to criminalize not only explicit threats to cause damage to a computer, but also threats to (1) steal data on a victim's computer, (2) publicly disclose stolen data, or (3) not repair damage the offender already caused to the computer; Created a criminal offense for conspiring to commit a computer hacking offense under section 1030; Broadened the definition of “protected computer” in 18 U.S.C. § 1030(e)(2) to the full extent of Congress’s commerce power by including those computers used in or affecting interstate or foreign commerce or communication; and Provided a mechanism for civil and criminal forfeiture of property used in or derived from section 1030 violations. 3 State Laws California Identity Theft Statute requires businesses to notify customers when personal information has been disclosed Research specific laws that apply in your state. You can begin by visiting your state’s Office of Attorney General Web site. Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Kentucky State Laws On April 10, Governor Beshear signed into law H.B. 232, desi.

Education
1 of 21
Access Control, Authentication, and Public Key Infrastructure Lesson 5 Security Breaches and the Law © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1 Laws and Data Breaches Federal and state laws act as deterrents Organizations are required to take steps to protect the sensitive data An organization may have a legal obligation to inform all stakeholders if a breach occurred Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.
2 Federal Laws Computer Fraud and Abuse Act (CFAA) designed to protect electronic data from theft Digital Millennium Copyright Act (DMCA) prohibits unauthorized disclosure of data by circumventing an established technological measure Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. The Computer Fraud and Abuse Act (CFAA)[1] was enacted by Congress in 1986 as an amendment to existing computer fraud law (18 U.S.C. § 1030), which had been included in the Comprehensive Crime Control Act of 1984. 2008[1] Eliminated the requirement that information must have been stolen through an interstate or foreign communication, thereby expanding jurisdiction for cases involving theft of information from computers; Eliminated the requirement that the defendant’s action must result in a loss exceeding $5,000 and created a felony offense where the damage affects ten or more computers, closing a gap in the law; Expanded 18 U.S.C. § 1030(a)(7) to criminalize not only explicit threats to cause damage to a computer, but also threats to (1) steal data on a victim's computer, (2) publicly disclose
stolen data, or (3) not repair damage the offender already caused to the computer; Created a criminal offense for conspiring to commit a computer hacking offense under section 1030; Broadened the definition of “protected computer” in 18 U.S.C. § 1030(e)(2) to the full extent of Congress’s commerce power by including those computers used in or affecting interstate or foreign commerce or communication; and Provided a mechanism for civil and criminal forfeiture of property used in or derived from section 1030 violations. 3 State Laws California Identity Theft Statute requires businesses to notify customers when personal information has been disclosed Research specific laws that apply in your state. You can begin by visiting your state’s Office of Attorney General Web site. Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Kentucky State Laws On April 10, Governor Beshear signed into law H.B. 232, designed to address the compromise of personally identifiable information of residents of the Bluegrass State. The law also requires cloud service providers that contract with educational institutions (K-12) to maintain the security of student data (name, address, email address, emails, and any documents, photos or unique identifiers relating to the student) and prohibits the sale or disclosure, or processing of student data
for commercial purposes. Like most states, Kentucky has defined personally identifiable information as first name or first initial and last name combined with any of the following data elements when the name or data element is not redacted: Social Security number Driver’s license number Account number, credit or debit card number in combination with any required security code, access code or password permitting access to an individual’s financial account Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. First-Layer Access Controls All physical security must comply with all applicable regulations Access to secure computing facilities granted only to individuals with a legitimate business need for access. All secure computing facilities that allow visitors must have an access log. Visitors must be escorted at all times Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.
Most common and easiest form of access To be effective: Requires the use of a secure channel through the network to transmit the encrypted password Not very secure WHY USE THEM?? Something you know User friendly – People get the concept (like an ATM pin #) Two factor authentication – Combine passwords with a (smart card) token – ATM card and PIN –improved protection Easy to manage Supported across IT platforms 6 Access Control Failures People Technology Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.
People Social engineering Phishing and spear phishing attacks Poor physical security on systems File-sharing and social networking sites Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 8 Technology Very weak password encryption Web browsers are a major vector for unauthorized access Web servers and other public-facing systems, are an entry point for unauthorized access Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 9 Privacy Impact Assessment (PIA) A comprehensive process for determining the privacy, confidentiality, and security risks associated with the collection, use, and disclosure of personal information
Describes the measures used to mitigate and, if possible, eliminate identified risks Required in the public sector for any new system that handles personally identifiable information (PII) Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 10 Privacy Impact Assessment (PIA) (Cont.) Identifies the key factors involved in securing PII Emphasizes the process used to secure PII as well as product Has a sufficient degree of independence from the project implementing the new system Has a degree of public exposure Is integrated into the decision-making process Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 11 Security Breach Principles Page ‹#›
Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. The difference between a direct & an indirect attack is in a direct attack, the computer being used is that of the criminal to commit a break-in of other computers/systems whereas an indirect attack is where the actual computer or system being attacked is compromised to completely this objective. 12 System exploits Eavesdropping Social engineering Denial of service (DoS) attacks Indirect attacks Direct attacks
Consequences Security breaches can have serious consequences for an organization. They can rely on: Lax physical security Inadequate logical access controls A combination of both Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 13 Implications of Security Breaches Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 14
Damages organizations’ computer systems Financial Impact Legal action Loss of reputation Costs of contacting all of the individuals Organization’s market share Prevent or Mitigate Access Control Attacks Example: Target ‹#› Hackers originally gained access to Target’s network by stealing the access credentials, via a phishing attack, of a
refrigeration contractor Electronic interaction with Target was limited to billing, contract submission, project management Sophisticated and prolonged attack at Target Once the hackers infiltrated the Target network, they distributed malware to thousands of PoS machines designed to siphon off customer data The stolen data was later uploaded from the Target network to an FTP server Then, they set up a control server within Target’s internal network that acted as the central repository for the stolen credit card data Example Discussion Activity How could this attack have been prevented? ‹#›
Protecting the Enterprise ‹#› Requires a coordinated defense involving people, processes and tools that span anti-malware, firewalls, applications, servers, network access controls, intrusion detection and prevention, security event monitoring, and more Identity and Access Management (IAM) Obtain visibility and control over user access privileges, who has access to what? ‹#› Detective controls Access policy Automated account reconciliation Authentication Attacks
‹#› Occur when a web application authenticates users unsafely, granting access to web clients that lack the appropriate credentials Access Control Attacks ‹#› Occur when an access control check in the web application is incorrect or missing, allowing users unauthorized access to privileged resources such as databases and files Web Applications ‹#› Exposing these rich interfaces to anyone on the Internet makes web applications an appealing target for attackers who want to gain access to other users’ data or resources Access Control
‹#› Access control attacks attempt to bypass or circumvent access control methods Access control begins with identification and authorization Access Aggregation ‹#› Collecting multiple pieces of non-sensitive information and combining, or aggregating, the pieces to learn sensitive information Reconnaissance Attacks ‹#› Access aggregation attacks that combine multiple tools to identify elements of a system, such as IP addresses, open ports, running services, and operating systems
Protecting Against Access Control Attacks ‹#› Control physical access to systems Control electronic access to password files Encrypt password files Create a strong password policy Use password masking Deploy multifactor authentication Use account lockout controls Use last logon notification Educate users about security Audit access controls
Actively manage accounts Use vulnerability scanners
Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Virtual Lab Managing Group Policy Objects in Active Directory Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. If your educational institution included the Jones & Bartlett labs as part of the course curriculum, use this script to introduce the lab: “In this lesson, you learned about ways that compromised access controls can result in security breaches. You also discovered the legal implications of security incidents. One effective way to help prevent security breaches is to enforce system logon security controls. In the lab for this lesson, you will use the Group Policy Management tool to edit the default domain policy and set up a new password policy. You will also create a new group policy object (GPO) and apply it to an organizational unit." 6/7/2016 28
1 Running head: TITLE OF YOUR PAPER (50 characters max) 4 TITLE OF YOUR PAPER Title of Your Paper Your Name Independence University Abstract An abstract is optional and is a general overview of the content covered in your paper. The abstract should be no more than 250 words. In general class assignments, the abstract may not be required. Please check with you instructor regarding this requirement. For the running head above, the words Running head: should be in the same 12-point font as the rest of the paper, only appear on the cover page, be on the same line as the page number, and be aligned with the left 1” margin. The paper title portion should be in all caps. For the second page and beyond, the running head should only include the paper title in all caps. The page numbers should be aligned at the right 1” margin.
Title of Your Paper The initial paragraph is assumed in APA to include the introduction to your paper, and therefore does not require the heading of “Introduction”. Use the paper title as the initial paper heading, centered, not in bold, with major words capitalized. The heading and content should start at the top of the page with no extra spacing. The entire paper should be double-spaced with no extra spacing between headings or paragraphs. The first line of every paragraph should be indented 5-7 spaces, or .5” by default. This includes paragraphs following numbered lists and images. This section should “introduce” the reader to the content covered in your paper. In many ways, the introduction serves as a mini-outline for the rest of the paper. So, as you continue to write the remaining sections, make sure to only include the information related to what you have “introduced” in your introduction paragraph. To sum it up, this section should tell the audience what you are going to talk about in the Body. Body Use a level 1 APA heading appropriate for the content to introduce this section, centered and in bold. Do not use the Body heading. The “body” of your paper should expand on the concepts covered in your introduction. It is appropriate to have main and subtopics in this section. The main and subtopics should be identified by using the appropriate Level Heading. To sum it up, this section should talk about what you told the
audience you were going to talk about in your Introduction. Use additional APA heading levels following an outline format for each new concept section in your paper. Level 1 is centered and in bold. Level 2 is left-aligned and in bold, level 3 is in the first line of the paragraph, in bold, and ending with a period., etc. Each heading should be appropriate for the content contained in the paragraphs under the heading. Citing Your Sources When using information from outside sources in your writing, you must cite those sources appropriately. As an example, if you are paraphrasing, follow the end of the information with a citation, then follow with the period to end the sentence. The citation must include the author and year, like this (Lodico, Spaulding & Voegtle, 2010). The citations must match the references provided at the end of the paper. Only provide the author’s initials in the full references at the end of the paper, not within the citations. A quote would be followed with a citation containing the page or paragraph number for the quoted content. An example would be, “This is a hypothetical quote” (Scaduto, Lindsay, & Chiaburu, 2008, p. 27). If you introduce the authors in your sentence, immediately follow their names with the year in parentheses. For example, Lodico, Spaulding and Voegtle (2010) wrote a paper discussing educational research methods. Conclusion This section should cover the highlights of the previous content. The conclusion should “briefly” remind your reader/audience about what is included in the previous sections. Refrain from introducing new topics or ideas in this section, unless you want to revisit and rework/rewrite previous sections to include them. To sum it up, this section is going to remind your audience of what you just told them in the Body, while making a final point. Once you have completed this section, you need to complete the References page. An outline of the Reference page is below.
References Lodico, M.G., Spaulding, D.T., & Voegtle, K.H. (2010). Methods in educational research: From theory to practice. San Francisco, CA: Jossey-Bass. Scaduto, A., Lindsay, D., Chiaburu, D.S. (2008). Leader influences on training effectiveness: motivation and outcome expectation processes. International Journal of Training and Development, 12(3), 158-170. This is where all the references you used will be listed alphabetically by author’s last name. The reference page needs to be double-spaced and the second line of the same reference should be added as a “hanging” indent. All references should also be double-spaced with no extra spacing between them. All references should be in the same font as the rest of the paper. The content of this page should begin at the top of the page with no extra spacing. Once you have added your references, please delete this section and the information below from the template. Additional APA resources are below: Purdue Online Writing Lab APA Son of Citation Machine APA How to cite and reference just about any type of source, with examples APA 6 writing instructions and example

Recommended

Cyber security
Cyber security Cyber security
Cyber securityTanu Basoiya
 
IT-Risks-for-Non-profits-September-18SEPT17.pptx
IT-Risks-for-Non-profits-September-18SEPT17.pptxIT-Risks-for-Non-profits-September-18SEPT17.pptx
IT-Risks-for-Non-profits-September-18SEPT17.pptxSAbedinArman
 
Cyber Safety
Cyber Safety Cyber Safety
Cyber Safety Asim Sourav Rath
 
The new massachusetts privacy rules v5.35.1
The new massachusetts privacy rules v5.35.1The new massachusetts privacy rules v5.35.1
The new massachusetts privacy rules v5.35.1stevemeltzer
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010joevest
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCybAnastaciaShadelb
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCybChantellPantoja184
 
Strong authentication implementation guide
Strong authentication implementation guideStrong authentication implementation guide
Strong authentication implementation guideNis
 

Recommended

Cyber security
Cyber security Cyber security
Cyber securityTanu Basoiya
 
IT-Risks-for-Non-profits-September-18SEPT17.pptx
IT-Risks-for-Non-profits-September-18SEPT17.pptxIT-Risks-for-Non-profits-September-18SEPT17.pptx
IT-Risks-for-Non-profits-September-18SEPT17.pptxSAbedinArman
 
Cyber Safety
Cyber Safety Cyber Safety
Cyber Safety Asim Sourav Rath
 
The new massachusetts privacy rules v5.35.1
The new massachusetts privacy rules v5.35.1The new massachusetts privacy rules v5.35.1
The new massachusetts privacy rules v5.35.1stevemeltzer
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010joevest
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCybAnastaciaShadelb
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCybChantellPantoja184
 
Strong authentication implementation guide
Strong authentication implementation guideStrong authentication implementation guide
Strong authentication implementation guideNis
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
unit-1-is1.pptx
unit-1-is1.pptxunit-1-is1.pptx
unit-1-is1.pptxsorabhsingh17
 
Dr K Subramanian
Dr K SubramanianDr K Subramanian
Dr K Subramanianeletseditorial
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Baker Tilly Presents: Emerging Trends in Cybersecurity
Baker Tilly Presents: Emerging Trends in CybersecurityBaker Tilly Presents: Emerging Trends in Cybersecurity
Baker Tilly Presents: Emerging Trends in CybersecurityBakerTillyConsulting
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6seadeloitte
 
Ethical and security issues on MIS inte 322 assignment.docx
Ethical and security issues on MIS inte 322 assignment.docxEthical and security issues on MIS inte 322 assignment.docx
Ethical and security issues on MIS inte 322 assignment.docxGogoOmolloFrancis
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4stevemeltzer
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4stevemeltzer
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4stevemeltzer
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDFBan Selvakumar
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019Ulf Mattsson
 
Task 3
Task 3Task 3
Task 3BIBEKCHAUDHARYBScHon
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselCasey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counselbugcrowd
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
Chapter 8 securing information systems MIS
Chapter 8 securing information systems MISChapter 8 securing information systems MIS
Chapter 8 securing information systems MISAmirul Shafiq Ahmad Zuperi
 
Cybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security ControlsCybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security ControlsKristian Alisasis Pura
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligenceijtsrd
 
Your NamePractical ConnectionYour NameNOTE To insert a .docx
Your NamePractical ConnectionYour NameNOTE To insert a .docxYour NamePractical ConnectionYour NameNOTE To insert a .docx
Your NamePractical ConnectionYour NameNOTE To insert a .docxnettletondevon
 
Your namePresenter’s name(s) DateTITILE Motivatio.docx
Your namePresenter’s name(s) DateTITILE Motivatio.docxYour namePresenter’s name(s) DateTITILE Motivatio.docx
Your namePresenter’s name(s) DateTITILE Motivatio.docxnettletondevon
 

More Related Content

Similar to Access Control, Authentication, and Public Key Infrastructure.docx

Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Baker Tilly Presents: Emerging Trends in Cybersecurity
Baker Tilly Presents: Emerging Trends in CybersecurityBaker Tilly Presents: Emerging Trends in Cybersecurity
Baker Tilly Presents: Emerging Trends in CybersecurityBakerTillyConsulting
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6seadeloitte
 
Ethical and security issues on MIS inte 322 assignment.docx
Ethical and security issues on MIS inte 322 assignment.docxEthical and security issues on MIS inte 322 assignment.docx
Ethical and security issues on MIS inte 322 assignment.docxGogoOmolloFrancis
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4stevemeltzer
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4stevemeltzer
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4stevemeltzer
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019Ulf Mattsson
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselCasey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counselbugcrowd
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
Cybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security ControlsCybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security ControlsKristian Alisasis Pura
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligenceijtsrd
 

Similar to Access Control, Authentication, and Public Key Infrastructure.docx (20)

Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
unit-1-is1.pptx
unit-1-is1.pptxunit-1-is1.pptx
unit-1-is1.pptx
 
Dr K Subramanian
Dr K SubramanianDr K Subramanian
Dr K Subramanian
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
 
Baker Tilly Presents: Emerging Trends in Cybersecurity
Baker Tilly Presents: Emerging Trends in CybersecurityBaker Tilly Presents: Emerging Trends in Cybersecurity
Baker Tilly Presents: Emerging Trends in Cybersecurity
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6
 
Ethical and security issues on MIS inte 322 assignment.docx
Ethical and security issues on MIS inte 322 assignment.docxEthical and security issues on MIS inte 322 assignment.docx
Ethical and security issues on MIS inte 322 assignment.docx
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 
What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019
 
Task 3
Task 3Task 3
Task 3
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
 
Chapter 8 securing information systems MIS
Chapter 8 securing information systems MISChapter 8 securing information systems MIS
Chapter 8 securing information systems MIS
 
Cybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security ControlsCybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security Controls
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
 

More from nettletondevon

Your NamePractical ConnectionYour NameNOTE To insert a .docx
Your NamePractical ConnectionYour NameNOTE To insert a .docxYour NamePractical ConnectionYour NameNOTE To insert a .docx
Your NamePractical ConnectionYour NameNOTE To insert a .docxnettletondevon
 
Your namePresenter’s name(s) DateTITILE Motivatio.docx
Your namePresenter’s name(s) DateTITILE Motivatio.docxYour namePresenter’s name(s) DateTITILE Motivatio.docx
Your namePresenter’s name(s) DateTITILE Motivatio.docxnettletondevon
 
Your nameProfessor NameCourseDatePaper Outline.docx
Your nameProfessor NameCourseDatePaper Outline.docxYour nameProfessor NameCourseDatePaper Outline.docx
Your nameProfessor NameCourseDatePaper Outline.docxnettletondevon
 
Your name _________________________________ Date of submission _.docx
Your name _________________________________ Date of submission _.docxYour name _________________________________ Date of submission _.docx
Your name _________________________________ Date of submission _.docxnettletondevon
 
Your NameECD 310 Exceptional Learning and InclusionInstruct.docx
Your NameECD 310 Exceptional Learning and InclusionInstruct.docxYour NameECD 310 Exceptional Learning and InclusionInstruct.docx
Your NameECD 310 Exceptional Learning and InclusionInstruct.docxnettletondevon
 
Your Name University of the Cumberlands ISOL634-25 P.docx
Your Name University of the Cumberlands ISOL634-25 P.docxYour Name University of the Cumberlands ISOL634-25 P.docx
Your Name University of the Cumberlands ISOL634-25 P.docxnettletondevon
 
Your Name Professor Name Subject Name 06 Apr.docx
Your Name Professor Name Subject Name 06 Apr.docxYour Name Professor Name Subject Name 06 Apr.docx
Your Name Professor Name Subject Name 06 Apr.docxnettletondevon
 
Your muscular system examassignment is to describe location (su.docx
Your muscular system examassignment is to describe location (su.docxYour muscular system examassignment is to describe location (su.docx
Your muscular system examassignment is to describe location (su.docxnettletondevon
 
Your midterm will be a virtual, individual assignment. You can choos.docx
Your midterm will be a virtual, individual assignment. You can choos.docxYour midterm will be a virtual, individual assignment. You can choos.docx
Your midterm will be a virtual, individual assignment. You can choos.docxnettletondevon
 
Your local art museum has asked you to design a gallery dedicated to.docx
Your local art museum has asked you to design a gallery dedicated to.docxYour local art museum has asked you to design a gallery dedicated to.docx
Your local art museum has asked you to design a gallery dedicated to.docxnettletondevon
 
Your letter should include Introduction – Include your name, i.docx
Your letter should include Introduction – Include your name, i.docxYour letter should include Introduction – Include your name, i.docx
Your letter should include Introduction – Include your name, i.docxnettletondevon
 
Your legal analysis should be approximately 500 wordsDetermine.docx
Your legal analysis should be approximately 500 wordsDetermine.docxYour legal analysis should be approximately 500 wordsDetermine.docx
Your legal analysis should be approximately 500 wordsDetermine.docxnettletondevon
 
Your Last Name 1Your Name Teacher Name English cl.docx
Your Last Name 1Your Name Teacher Name English cl.docxYour Last Name 1Your Name Teacher Name English cl.docx
Your Last Name 1Your Name Teacher Name English cl.docxnettletondevon
 
Your job is to delegate job tasks to each healthcare practitioner (U.docx
Your job is to delegate job tasks to each healthcare practitioner (U.docxYour job is to delegate job tasks to each healthcare practitioner (U.docx
Your job is to delegate job tasks to each healthcare practitioner (U.docxnettletondevon
 
Your job is to look at the routing tables and DRAW (on a piece of pa.docx
Your job is to look at the routing tables and DRAW (on a piece of pa.docxYour job is to look at the routing tables and DRAW (on a piece of pa.docx
Your job is to look at the routing tables and DRAW (on a piece of pa.docxnettletondevon
 
Your job is to design a user interface that displays the lotto.docx
Your job is to design a user interface that displays the lotto.docxYour job is to design a user interface that displays the lotto.docx
Your job is to design a user interface that displays the lotto.docxnettletondevon
 
Your Introduction of the StudyYour Purpose of the stud.docx
Your Introduction of the StudyYour Purpose of the stud.docxYour Introduction of the StudyYour Purpose of the stud.docx
Your Introduction of the StudyYour Purpose of the stud.docxnettletondevon
 
Your instructor will assign peer reviewers. You will review a fell.docx
Your instructor will assign peer reviewers. You will review a fell.docxYour instructor will assign peer reviewers. You will review a fell.docx
Your instructor will assign peer reviewers. You will review a fell.docxnettletondevon
 
Your initial reading is a close examination of the work youve c.docx
Your initial reading is a close examination of the work youve c.docxYour initial reading is a close examination of the work youve c.docx
Your initial reading is a close examination of the work youve c.docxnettletondevon
 
Your initial posting must be no less than 200 words each and is due .docx
Your initial posting must be no less than 200 words each and is due .docxYour initial posting must be no less than 200 words each and is due .docx
Your initial posting must be no less than 200 words each and is due .docxnettletondevon
 

More from nettletondevon (20)

Your NamePractical ConnectionYour NameNOTE To insert a .docx
Your NamePractical ConnectionYour NameNOTE To insert a .docxYour NamePractical ConnectionYour NameNOTE To insert a .docx
Your NamePractical ConnectionYour NameNOTE To insert a .docx
 
Your namePresenter’s name(s) DateTITILE Motivatio.docx
Your namePresenter’s name(s) DateTITILE Motivatio.docxYour namePresenter’s name(s) DateTITILE Motivatio.docx
Your namePresenter’s name(s) DateTITILE Motivatio.docx
 
Your nameProfessor NameCourseDatePaper Outline.docx
Your nameProfessor NameCourseDatePaper Outline.docxYour nameProfessor NameCourseDatePaper Outline.docx
Your nameProfessor NameCourseDatePaper Outline.docx
 
Your name _________________________________ Date of submission _.docx
Your name _________________________________ Date of submission _.docxYour name _________________________________ Date of submission _.docx
Your name _________________________________ Date of submission _.docx
 
Your NameECD 310 Exceptional Learning and InclusionInstruct.docx
Your NameECD 310 Exceptional Learning and InclusionInstruct.docxYour NameECD 310 Exceptional Learning and InclusionInstruct.docx
Your NameECD 310 Exceptional Learning and InclusionInstruct.docx
 
Your Name University of the Cumberlands ISOL634-25 P.docx
Your Name University of the Cumberlands ISOL634-25 P.docxYour Name University of the Cumberlands ISOL634-25 P.docx
Your Name University of the Cumberlands ISOL634-25 P.docx
 
Your Name Professor Name Subject Name 06 Apr.docx
Your Name Professor Name Subject Name 06 Apr.docxYour Name Professor Name Subject Name 06 Apr.docx
Your Name Professor Name Subject Name 06 Apr.docx
 
Your muscular system examassignment is to describe location (su.docx
Your muscular system examassignment is to describe location (su.docxYour muscular system examassignment is to describe location (su.docx
Your muscular system examassignment is to describe location (su.docx
 
Your midterm will be a virtual, individual assignment. You can choos.docx
Your midterm will be a virtual, individual assignment. You can choos.docxYour midterm will be a virtual, individual assignment. You can choos.docx
Your midterm will be a virtual, individual assignment. You can choos.docx
 
Your local art museum has asked you to design a gallery dedicated to.docx
Your local art museum has asked you to design a gallery dedicated to.docxYour local art museum has asked you to design a gallery dedicated to.docx
Your local art museum has asked you to design a gallery dedicated to.docx
 
Your letter should include Introduction – Include your name, i.docx
Your letter should include Introduction – Include your name, i.docxYour letter should include Introduction – Include your name, i.docx
Your letter should include Introduction – Include your name, i.docx
 
Your legal analysis should be approximately 500 wordsDetermine.docx
Your legal analysis should be approximately 500 wordsDetermine.docxYour legal analysis should be approximately 500 wordsDetermine.docx
Your legal analysis should be approximately 500 wordsDetermine.docx
 
Your Last Name 1Your Name Teacher Name English cl.docx
Your Last Name 1Your Name Teacher Name English cl.docxYour Last Name 1Your Name Teacher Name English cl.docx
Your Last Name 1Your Name Teacher Name English cl.docx
 
Your job is to delegate job tasks to each healthcare practitioner (U.docx
Your job is to delegate job tasks to each healthcare practitioner (U.docxYour job is to delegate job tasks to each healthcare practitioner (U.docx
Your job is to delegate job tasks to each healthcare practitioner (U.docx
 
Your job is to look at the routing tables and DRAW (on a piece of pa.docx
Your job is to look at the routing tables and DRAW (on a piece of pa.docxYour job is to look at the routing tables and DRAW (on a piece of pa.docx
Your job is to look at the routing tables and DRAW (on a piece of pa.docx
 
Your job is to design a user interface that displays the lotto.docx
Your job is to design a user interface that displays the lotto.docxYour job is to design a user interface that displays the lotto.docx
Your job is to design a user interface that displays the lotto.docx
 
Your Introduction of the StudyYour Purpose of the stud.docx
Your Introduction of the StudyYour Purpose of the stud.docxYour Introduction of the StudyYour Purpose of the stud.docx
Your Introduction of the StudyYour Purpose of the stud.docx
 
Your instructor will assign peer reviewers. You will review a fell.docx
Your instructor will assign peer reviewers. You will review a fell.docxYour instructor will assign peer reviewers. You will review a fell.docx
Your instructor will assign peer reviewers. You will review a fell.docx
 
Your initial reading is a close examination of the work youve c.docx
Your initial reading is a close examination of the work youve c.docxYour initial reading is a close examination of the work youve c.docx
Your initial reading is a close examination of the work youve c.docx
 
Your initial posting must be no less than 200 words each and is due .docx
Your initial posting must be no less than 200 words each and is due .docxYour initial posting must be no less than 200 words each and is due .docx
Your initial posting must be no less than 200 words each and is due .docx
 

Recently uploaded

Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxAvyJaneVismanos
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxJiesonDelaCerna
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,Virag Sontakke
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 

Recently uploaded (20)

Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptx
 
ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 

Access Control, Authentication, and Public Key Infrastructure.docx

  • 1. Access Control, Authentication, and Public Key Infrastructure Lesson 5 Security Breaches and the Law © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1 Laws and Data Breaches Federal and state laws act as deterrents Organizations are required to take steps to protect the sensitive data An organization may have a legal obligation to inform all stakeholders if a breach occurred Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.
  • 2. 2 Federal Laws Computer Fraud and Abuse Act (CFAA) designed to protect electronic data from theft Digital Millennium Copyright Act (DMCA) prohibits unauthorized disclosure of data by circumventing an established technological measure Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. The Computer Fraud and Abuse Act (CFAA)[1] was enacted by Congress in 1986 as an amendment to existing computer fraud law (18 U.S.C. § 1030), which had been included in the Comprehensive Crime Control Act of 1984. 2008[1] Eliminated the requirement that information must have been stolen through an interstate or foreign communication, thereby expanding jurisdiction for cases involving theft of information from computers; Eliminated the requirement that the defendant’s action must result in a loss exceeding $5,000 and created a felony offense where the damage affects ten or more computers, closing a gap in the law; Expanded 18 U.S.C. § 1030(a)(7) to criminalize not only explicit threats to cause damage to a computer, but also threats to (1) steal data on a victim's computer, (2) publicly disclose
  • 3. stolen data, or (3) not repair damage the offender already caused to the computer; Created a criminal offense for conspiring to commit a computer hacking offense under section 1030; Broadened the definition of “protected computer” in 18 U.S.C. § 1030(e)(2) to the full extent of Congress’s commerce power by including those computers used in or affecting interstate or foreign commerce or communication; and Provided a mechanism for civil and criminal forfeiture of property used in or derived from section 1030 violations. 3 State Laws California Identity Theft Statute requires businesses to notify customers when personal information has been disclosed Research specific laws that apply in your state. You can begin by visiting your state’s Office of Attorney General Web site. Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Kentucky State Laws On April 10, Governor Beshear signed into law H.B. 232, designed to address the compromise of personally identifiable information of residents of the Bluegrass State. The law also requires cloud service providers that contract with educational institutions (K-12) to maintain the security of student data (name, address, email address, emails, and any documents, photos or unique identifiers relating to the student) and prohibits the sale or disclosure, or processing of student data
  • 4. for commercial purposes. Like most states, Kentucky has defined personally identifiable information as first name or first initial and last name combined with any of the following data elements when the name or data element is not redacted: Social Security number Driver’s license number Account number, credit or debit card number in combination with any required security code, access code or password permitting access to an individual’s financial account Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. First-Layer Access Controls All physical security must comply with all applicable regulations Access to secure computing facilities granted only to individuals with a legitimate business need for access. All secure computing facilities that allow visitors must have an access log. Visitors must be escorted at all times Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.
  • 5. Most common and easiest form of access To be effective: Requires the use of a secure channel through the network to transmit the encrypted password Not very secure WHY USE THEM?? Something you know User friendly – People get the concept (like an ATM pin #) Two factor authentication – Combine passwords with a (smart card) token – ATM card and PIN –improved protection Easy to manage Supported across IT platforms 6 Access Control Failures People Technology Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.
  • 6. People Social engineering Phishing and spear phishing attacks Poor physical security on systems File-sharing and social networking sites Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 8 Technology Very weak password encryption Web browsers are a major vector for unauthorized access Web servers and other public-facing systems, are an entry point for unauthorized access Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 9 Privacy Impact Assessment (PIA) A comprehensive process for determining the privacy, confidentiality, and security risks associated with the collection, use, and disclosure of personal information
  • 7. Describes the measures used to mitigate and, if possible, eliminate identified risks Required in the public sector for any new system that handles personally identifiable information (PII) Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 10 Privacy Impact Assessment (PIA) (Cont.) Identifies the key factors involved in securing PII Emphasizes the process used to secure PII as well as product Has a sufficient degree of independence from the project implementing the new system Has a degree of public exposure Is integrated into the decision-making process Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 11 Security Breach Principles Page ‹#›
  • 8. Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. The difference between a direct & an indirect attack is in a direct attack, the computer being used is that of the criminal to commit a break-in of other computers/systems whereas an indirect attack is where the actual computer or system being attacked is compromised to completely this objective. 12 System exploits Eavesdropping Social engineering Denial of service (DoS) attacks Indirect attacks Direct attacks
  • 9. Consequences Security breaches can have serious consequences for an organization. They can rely on: Lax physical security Inadequate logical access controls A combination of both Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 13 Implications of Security Breaches Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 14
  • 10. Damages organizations’ computer systems Financial Impact Legal action Loss of reputation Costs of contacting all of the individuals Organization’s market share Prevent or Mitigate Access Control Attacks Example: Target ‹#› Hackers originally gained access to Target’s network by stealing the access credentials, via a phishing attack, of a
  • 11. refrigeration contractor Electronic interaction with Target was limited to billing, contract submission, project management Sophisticated and prolonged attack at Target Once the hackers infiltrated the Target network, they distributed malware to thousands of PoS machines designed to siphon off customer data The stolen data was later uploaded from the Target network to an FTP server Then, they set up a control server within Target’s internal network that acted as the central repository for the stolen credit card data Example Discussion Activity How could this attack have been prevented? ‹#›
  • 12. Protecting the Enterprise ‹#› Requires a coordinated defense involving people, processes and tools that span anti-malware, firewalls, applications, servers, network access controls, intrusion detection and prevention, security event monitoring, and more Identity and Access Management (IAM) Obtain visibility and control over user access privileges, who has access to what? ‹#› Detective controls Access policy Automated account reconciliation Authentication Attacks
  • 13. ‹#› Occur when a web application authenticates users unsafely, granting access to web clients that lack the appropriate credentials Access Control Attacks ‹#› Occur when an access control check in the web application is incorrect or missing, allowing users unauthorized access to privileged resources such as databases and files Web Applications ‹#› Exposing these rich interfaces to anyone on the Internet makes web applications an appealing target for attackers who want to gain access to other users’ data or resources Access Control
  • 14. ‹#› Access control attacks attempt to bypass or circumvent access control methods Access control begins with identification and authorization Access Aggregation ‹#› Collecting multiple pieces of non-sensitive information and combining, or aggregating, the pieces to learn sensitive information Reconnaissance Attacks ‹#› Access aggregation attacks that combine multiple tools to identify elements of a system, such as IP addresses, open ports, running services, and operating systems
  • 15. Protecting Against Access Control Attacks ‹#› Control physical access to systems Control electronic access to password files Encrypt password files Create a strong password policy Use password masking Deploy multifactor authentication Use account lockout controls Use last logon notification Educate users about security Audit access controls
  • 16. Actively manage accounts Use vulnerability scanners
  • 17. Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Virtual Lab Managing Group Policy Objects in Active Directory Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. If your educational institution included the Jones & Bartlett labs as part of the course curriculum, use this script to introduce the lab: “In this lesson, you learned about ways that compromised access controls can result in security breaches. You also discovered the legal implications of security incidents. One effective way to help prevent security breaches is to enforce system logon security controls. In the lab for this lesson, you will use the Group Policy Management tool to edit the default domain policy and set up a new password policy. You will also create a new group policy object (GPO) and apply it to an organizational unit." 6/7/2016 28
  • 18. 1 Running head: TITLE OF YOUR PAPER (50 characters max) 4 TITLE OF YOUR PAPER Title of Your Paper Your Name Independence University Abstract An abstract is optional and is a general overview of the content covered in your paper. The abstract should be no more than 250 words. In general class assignments, the abstract may not be required. Please check with you instructor regarding this requirement. For the running head above, the words Running head: should be in the same 12-point font as the rest of the paper, only appear on the cover page, be on the same line as the page number, and be aligned with the left 1” margin. The paper title portion should be in all caps. For the second page and beyond, the running head should only include the paper title in all caps. The page numbers should be aligned at the right 1” margin.
  • 19. Title of Your Paper The initial paragraph is assumed in APA to include the introduction to your paper, and therefore does not require the heading of “Introduction”. Use the paper title as the initial paper heading, centered, not in bold, with major words capitalized. The heading and content should start at the top of the page with no extra spacing. The entire paper should be double-spaced with no extra spacing between headings or paragraphs. The first line of every paragraph should be indented 5-7 spaces, or .5” by default. This includes paragraphs following numbered lists and images. This section should “introduce” the reader to the content covered in your paper. In many ways, the introduction serves as a mini-outline for the rest of the paper. So, as you continue to write the remaining sections, make sure to only include the information related to what you have “introduced” in your introduction paragraph. To sum it up, this section should tell the audience what you are going to talk about in the Body. Body Use a level 1 APA heading appropriate for the content to introduce this section, centered and in bold. Do not use the Body heading. The “body” of your paper should expand on the concepts covered in your introduction. It is appropriate to have main and subtopics in this section. The main and subtopics should be identified by using the appropriate Level Heading. To sum it up, this section should talk about what you told the
  • 20. audience you were going to talk about in your Introduction. Use additional APA heading levels following an outline format for each new concept section in your paper. Level 1 is centered and in bold. Level 2 is left-aligned and in bold, level 3 is in the first line of the paragraph, in bold, and ending with a period., etc. Each heading should be appropriate for the content contained in the paragraphs under the heading. Citing Your Sources When using information from outside sources in your writing, you must cite those sources appropriately. As an example, if you are paraphrasing, follow the end of the information with a citation, then follow with the period to end the sentence. The citation must include the author and year, like this (Lodico, Spaulding & Voegtle, 2010). The citations must match the references provided at the end of the paper. Only provide the author’s initials in the full references at the end of the paper, not within the citations. A quote would be followed with a citation containing the page or paragraph number for the quoted content. An example would be, “This is a hypothetical quote” (Scaduto, Lindsay, & Chiaburu, 2008, p. 27). If you introduce the authors in your sentence, immediately follow their names with the year in parentheses. For example, Lodico, Spaulding and Voegtle (2010) wrote a paper discussing educational research methods. Conclusion This section should cover the highlights of the previous content. The conclusion should “briefly” remind your reader/audience about what is included in the previous sections. Refrain from introducing new topics or ideas in this section, unless you want to revisit and rework/rewrite previous sections to include them. To sum it up, this section is going to remind your audience of what you just told them in the Body, while making a final point. Once you have completed this section, you need to complete the References page. An outline of the Reference page is below.
  • 21. References Lodico, M.G., Spaulding, D.T., & Voegtle, K.H. (2010). Methods in educational research: From theory to practice. San Francisco, CA: Jossey-Bass. Scaduto, A., Lindsay, D., Chiaburu, D.S. (2008). Leader influences on training effectiveness: motivation and outcome expectation processes. International Journal of Training and Development, 12(3), 158-170. This is where all the references you used will be listed alphabetically by author’s last name. The reference page needs to be double-spaced and the second line of the same reference should be added as a “hanging” indent. All references should also be double-spaced with no extra spacing between them. All references should be in the same font as the rest of the paper. The content of this page should begin at the top of the page with no extra spacing. Once you have added your references, please delete this section and the information below from the template. Additional APA resources are below: Purdue Online Writing Lab APA Son of Citation Machine APA How to cite and reference just about any type of source, with examples APA 6 writing instructions and example