SlideShare a Scribd company logo

Cybersecurity 5 improving cybersecurity

Download as PPTX, PDF
S
sommerville-videos

This document outlines strategies for improving cybersecurity, including deterrence, awareness, procedures, and monitoring/logging. Deterrence aims to increase the costs and risks of attacks so attackers are discouraged. Awareness involves educating all users about security risks and improving security culture. Procedures should be realistic and tailored to asset values. Monitoring and logging tracks all system access to detect anomalies and deter insider threats. The overall goal is a multifaceted approach to strengthen defenses through multiple layers of security controls.

Technology
1 of 27
Making systems more secure • Strategies that can be used to improve cybersecurity Making systems more secure, 2013 Slide 1
Improving cybersecurity • Deterrence – • Increase the costs of making an attack on your systems Awareness – Improve awareness of all system users of security risks and types of attack Making systems more secure, 2013 Slide 2
Improving cybersecurity • Procedures – • Design realistic security procedures that can be followed by everyone in an organisation (including the boss) Monitoring and logging – Monitor and log all system operations Making systems more secure, 2013 Slide 3
Deterrence • It is impossible to develop a completely secure personal, business and government system. If an attacker has unlimited resources and motivation, it will always be possible to invoke some attacks on a given system. Making systems more secure, 2013 Slide 4
Deterrence • However, attackers NEVER have unlimited resources and motivation so, an aim of security is to increase the costs of making a successful attack to such an extent that attackers will (a) be deterred from attacking and (b) will abandon attempted attacks before they are successful Making systems more secure, 2013 Slide 5
Diverse authentication systems • Use strong passwords and multiple forms of authentication • Login/password + personal question or biometric • Attacker has to break two levels of authentication to gain access Making systems more secure, 2013 Slide 6
Firewalls Making systems more secure, 2013 Slide 7
Encryption • Use https protocol to encrypt information whilst in transit across the Internet • Encrypt confidential information stored on your system Making systems more secure, 2013 Slide 8
Password security Making systems more secure, 2013 Slide 9
Password security • Password strength measurement – https://passfault.appspot.com/password_stre ngth.html#menu • Calculates how long it would take to break a password using a brute force attack, using a standard PC Making systems more secure, 2013 Slide 10
Making systems more secure, 2013 Slide 11
Making systems more secure, 2013 Slide 12
Making systems more secure, 2013 Slide 13
Making systems more secure, 2013 Slide 14
Encryption • Encryption is the process of encoding information in such a way that it is not directly readable. A key is required to decrypt the information and understand it • A systematic transformation is applied to the information, based on the key, to transform it to a different form. • The original information can only be recovered if the reader has the key that can be used to reverse the transformation Making systems more secure, 2013 Slide 15
Example of encryption here Making systems more secure, 2013 Slide 16
• Used sensibly, encryption can contribute to cybersecurity improvement but is not an answer in itself – Security of encryption keys – Inconvenience of encryption leads to patchy utilisation and user frustration – Risk of key loss or corruption – information is completely lost (and backups don’t help) – Can make recovery more difficult Making systems more secure, 2013 Slide 17
Awareness • Educate users into the importance of cyber security and provide information that supports their secure use of computer systems • Be open about incidents that may have occurred Making systems more secure, 2013 Slide 18
Awareness • Take into account how people really are rather than how you might like them to be • People have human failings and inevitably will make mistakes Making systems more secure, 2013 Slide 19
• Bad security advice – Many security guidelines and rules are unrealistic and cannot be followed in practice by users – Use a different password for every website you visit Making systems more secure, 2013 Slide 20
• Good security advice – If you use the same password for everything, an attacker can get access to your accounts if they find that out – Use a different passwords for all online bank accounts and only reuse passwords when you don’t really care about the accounts Making systems more secure, 2013 Slide 21
Procedures • Businesses should design appropriate procedures based around the value of the assets that are being protected • If you simply apply the most secure procedures to all information, this will disrupt work and users are more likely to try to circumvent these procedures Making systems more secure, 2013 Slide 22
• If information is not confidential, then it often makes sense to make it public • This reduces the need for users to authenticate to access the information Making systems more secure, 2013 Slide 23
• Cybersecurity awareness procedures for all staff including the most senior management • Recognise reality – people will use phones and tablets and derive procedures for their safe use Making systems more secure, 2013 Slide 24
Monitoring and logging • Monitoring and logging means that you record all user actions and so keep track of all accesses to the system Making systems more secure, 2013 Slide 25
• Use tools to scan log frequently looking for anomalies • Can be an important deterrent to insider attacks if attackers know that they have a chance of being discovered through the logging system Making systems more secure, 2013 Slide 26
Summary • Improving cybersecurity depends on – Deterrence – Awareness – Effective procedures – Monitoring and logging Making systems more secure, 2013 Slide 27

Recommended

Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issue
sommerville-videos
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causes
sommerville-videos
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
sommerville-videos
 
System safety
System safetySystem safety
System safety
sommerville-videos
 
Bl cybersecurity z_dooly
Bl cybersecurity z_doolyBl cybersecurity z_dooly
Bl cybersecurity z_dooly
zdooly
 
Infrastructure resilience
Infrastructure resilienceInfrastructure resilience
Infrastructure resilience
sommerville-videos
 
What every executive needs to know about information technology security
What every executive needs to know about information technology securityWhat every executive needs to know about information technology security
What every executive needs to know about information technology security
Legal Services National Technology Assistance Project (LSNTAP)
 
Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001
Donald E. Hester
 

Recommended

Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issue
sommerville-videos
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causes
sommerville-videos
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
sommerville-videos
 
System safety
System safetySystem safety
System safety
sommerville-videos
 
Bl cybersecurity z_dooly
Bl cybersecurity z_doolyBl cybersecurity z_dooly
Bl cybersecurity z_dooly
zdooly
 
Infrastructure resilience
Infrastructure resilienceInfrastructure resilience
Infrastructure resilience
sommerville-videos
 
What every executive needs to know about information technology security
What every executive needs to know about information technology securityWhat every executive needs to know about information technology security
What every executive needs to know about information technology security
Legal Services National Technology Assistance Project (LSNTAP)
 
Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001
Donald E. Hester
 
Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...
Michael Kaishar, MSIA | CISSP
 
VIISA Investment Day #4 - SecurityBox
VIISA Investment Day #4 - SecurityBoxVIISA Investment Day #4 - SecurityBox
VIISA Investment Day #4 - SecurityBox
Vietnam Innovative Startup Accelerator VIISA
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
The Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsThe Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security Certifications
Mercury Solutions Limited
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptx
Govt. P.G. College Sendhwa, Barwani (M.P.)
 
Governance fail security fail
Governance fail security failGovernance fail security fail
Governance fail security failEnclaveSecurity
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
Evolve IP
 
Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01
ITNet
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2
Marneil Sanchez
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
Career guide on cyber security
Career guide on cyber securityCareer guide on cyber security
Career guide on cyber security
avinashkumar1912
 
SGSB Webcast 3: Smart Grid IT Systems Security
SGSB Webcast 3: Smart Grid IT Systems SecuritySGSB Webcast 3: Smart Grid IT Systems Security
SGSB Webcast 3: Smart Grid IT Systems Security
Andy Bochman
 
Computer security
Computer securityComputer security
Computer security
abdulrehman1673
 
security and ethical challenges in information systems
security and ethical challenges in information systemssecurity and ethical challenges in information systems
security and ethical challenges in information systems
hilal12
 
information security technology
information security technologyinformation security technology
information security technologygarimasagar
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
Evan Francen
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16James Rutt
 
Cat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsCat21:Development Mangement Information Systems
Cat21:Development Mangement Information Systems
Simeon Ogao
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issue
sommerville-videos
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causes
sommerville-videos
 
Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurity
sommerville-videos
 
Infrastructure dependability
Infrastructure dependabilityInfrastructure dependability
Infrastructure dependabilitysommerville-videos
 

More Related Content

What's hot

Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...
Michael Kaishar, MSIA | CISSP
 
VIISA Investment Day #4 - SecurityBox
VIISA Investment Day #4 - SecurityBoxVIISA Investment Day #4 - SecurityBox
VIISA Investment Day #4 - SecurityBox
Vietnam Innovative Startup Accelerator VIISA
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
The Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsThe Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security Certifications
Mercury Solutions Limited
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptx
Govt. P.G. College Sendhwa, Barwani (M.P.)
 
Governance fail security fail
Governance fail security failGovernance fail security fail
Governance fail security failEnclaveSecurity
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
Evolve IP
 
Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01
ITNet
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2
Marneil Sanchez
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
Career guide on cyber security
Career guide on cyber securityCareer guide on cyber security
Career guide on cyber security
avinashkumar1912
 
SGSB Webcast 3: Smart Grid IT Systems Security
SGSB Webcast 3: Smart Grid IT Systems SecuritySGSB Webcast 3: Smart Grid IT Systems Security
SGSB Webcast 3: Smart Grid IT Systems Security
Andy Bochman
 
Computer security
Computer securityComputer security
Computer security
abdulrehman1673
 
security and ethical challenges in information systems
security and ethical challenges in information systemssecurity and ethical challenges in information systems
security and ethical challenges in information systems
hilal12
 
information security technology
information security technologyinformation security technology
information security technologygarimasagar
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
Evan Francen
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16James Rutt
 
Cat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsCat21:Development Mangement Information Systems
Cat21:Development Mangement Information Systems
Simeon Ogao
 

What's hot (18)

Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...
 
VIISA Investment Day #4 - SecurityBox
VIISA Investment Day #4 - SecurityBoxVIISA Investment Day #4 - SecurityBox
VIISA Investment Day #4 - SecurityBox
 
Information security
Information securityInformation security
Information security
 
The Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsThe Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security Certifications
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptx
 
Governance fail security fail
Governance fail security failGovernance fail security fail
Governance fail security fail
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
 
Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Career guide on cyber security
Career guide on cyber securityCareer guide on cyber security
Career guide on cyber security
 
SGSB Webcast 3: Smart Grid IT Systems Security
SGSB Webcast 3: Smart Grid IT Systems SecuritySGSB Webcast 3: Smart Grid IT Systems Security
SGSB Webcast 3: Smart Grid IT Systems Security
 
Computer security
Computer securityComputer security
Computer security
 
security and ethical challenges in information systems
security and ethical challenges in information systemssecurity and ethical challenges in information systems
security and ethical challenges in information systems
 
information security technology
information security technologyinformation security technology
information security technology
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16
 
Cat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsCat21:Development Mangement Information Systems
Cat21:Development Mangement Information Systems
 

Viewers also liked

Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issue
sommerville-videos
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causes
sommerville-videos
 
Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurity
sommerville-videos
 
Infrastructure control
Infrastructure controlInfrastructure control
Infrastructure control
sommerville-videos
 
Introduction to systems of systems
Introduction to systems of systemsIntroduction to systems of systems
Introduction to systems of systems
sommerville-videos
 
Maroochy water breach
Maroochy water breachMaroochy water breach
Maroochy water breach
sommerville-videos
 
Critical national infrastructure
Critical national infrastructureCritical national infrastructure
Critical national infrastructure
sommerville-videos
 
Cybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurityCybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurity
sommerville-videos
 
Reuse landscape
Reuse landscapeReuse landscape
Reuse landscape
sommerville-videos
 
Intro to requirements eng.
Intro to requirements eng.Intro to requirements eng.
Intro to requirements eng.
sommerville-videos
 
Scada security
Scada securityScada security
Scada security
sommerville-videos
 
System of systems classification
System of systems classificationSystem of systems classification
System of systems classificationsommerville-videos
 
Critical systems intro
Critical systems introCritical systems intro
Critical systems intro
sommerville-videos
 
Cybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacksCybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacks
sommerville-videos
 
Requirements engineering processes
Requirements engineering processesRequirements engineering processes
Requirements engineering processes
sommerville-videos
 
Scaling agile
Scaling agileScaling agile
Scaling agile
sommerville-videos
 
System dependability
System dependabilitySystem dependability
System dependability
sommerville-videos
 

Viewers also liked (20)

Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issue
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causes
 
Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurity
 
Infrastructure dependability
Infrastructure dependabilityInfrastructure dependability
Infrastructure dependability
 
Infrastructure control
Infrastructure controlInfrastructure control
Infrastructure control
 
Introduction to systems of systems
Introduction to systems of systemsIntroduction to systems of systems
Introduction to systems of systems
 
Maroochy water breach
Maroochy water breachMaroochy water breach
Maroochy water breach
 
Critical national infrastructure
Critical national infrastructureCritical national infrastructure
Critical national infrastructure
 
Cybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurityCybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurity
 
System success and failure
System success and failureSystem success and failure
System success and failure
 
Warsaw airbus accident
Warsaw airbus accidentWarsaw airbus accident
Warsaw airbus accident
 
Reuse landscape
Reuse landscapeReuse landscape
Reuse landscape
 
Intro to requirements eng.
Intro to requirements eng.Intro to requirements eng.
Intro to requirements eng.
 
Scada security
Scada securityScada security
Scada security
 
System of systems classification
System of systems classificationSystem of systems classification
System of systems classification
 
Critical systems intro
Critical systems introCritical systems intro
Critical systems intro
 
Cybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacksCybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacks
 
Requirements engineering processes
Requirements engineering processesRequirements engineering processes
Requirements engineering processes
 
Scaling agile
Scaling agileScaling agile
Scaling agile
 
System dependability
System dependabilitySystem dependability
System dependability
 

Similar to Cybersecurity 5 improving cybersecurity

System security
System securitySystem security
System security
sommerville-videos
 
Net essentials6e ch10
Net essentials6e ch10Net essentials6e ch10
Net essentials6e ch10
APSU
 
Principles for Secure Design and Software Security
Principles for Secure Design and Software Security Principles for Secure Design and Software Security
Principles for Secure Design and Software Security
Mona Rajput
 
Lecture 01 Information Security BS computer Science
Lecture 01 Information Security BS computer ScienceLecture 01 Information Security BS computer Science
Lecture 01 Information Security BS computer Science
maqib8373
 
1_Introduction to security.pptx
1_Introduction to security.pptx1_Introduction to security.pptx
1_Introduction to security.pptx
diaa46
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
Muhammad Asim
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
elmuhammadmuhammad
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsAndrew S. Baker (ASB)
 
02.security systems
02.security systems02.security systems
02.security systems
Sri Lanka Institute of Information Technology
 
9780840024220 ppt ch05
9780840024220 ppt ch059780840024220 ppt ch05
9780840024220 ppt ch05
Kristin Harrison
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
aizazhussain234
 
Security Design Principles.ppt
Security Design Principles.ppt Security Design Principles.ppt
Security Design Principles.ppt
DrBasemMohamedElomda
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptx
Piyush Jain
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptx
LokNathRegmi1
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
shinydey
 
Engineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacyEngineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacy
software-engineering-book
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...
Leif Davidsen
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...
Robert Parker
 
Security Design Concepts
Security Design ConceptsSecurity Design Concepts
Security Design Concepts
Mohammed Fazuluddin
 

Similar to Cybersecurity 5 improving cybersecurity (20)

System security
System securitySystem security
System security
 
Net essentials6e ch10
Net essentials6e ch10Net essentials6e ch10
Net essentials6e ch10
 
Principles for Secure Design and Software Security
Principles for Secure Design and Software Security Principles for Secure Design and Software Security
Principles for Secure Design and Software Security
 
Lecture 01 Information Security BS computer Science
Lecture 01 Information Security BS computer ScienceLecture 01 Information Security BS computer Science
Lecture 01 Information Security BS computer Science
 
1_Introduction to security.pptx
1_Introduction to security.pptx1_Introduction to security.pptx
1_Introduction to security.pptx
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and Tools
 
02.security systems
02.security systems02.security systems
02.security systems
 
9780840024220 ppt ch05
9780840024220 ppt ch059780840024220 ppt ch05
9780840024220 ppt ch05
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
 
Security Design Principles.ppt
Security Design Principles.ppt Security Design Principles.ppt
Security Design Principles.ppt
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptx
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptx
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 
Engineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacyEngineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacy
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...
 
9780840024220 ppt ch01
9780840024220 ppt ch019780840024220 ppt ch01
9780840024220 ppt ch01
 
Security Design Concepts
Security Design ConceptsSecurity Design Concepts
Security Design Concepts
 

More from sommerville-videos

Architectural patterns for real-time systems
Architectural patterns for real-time systemsArchitectural patterns for real-time systems
Architectural patterns for real-time systems
sommerville-videos
 
Introduction to real time software systems script
Introduction to real time software systems scriptIntroduction to real time software systems script
Introduction to real time software systems script
sommerville-videos
 
Agile methods for large systems
Agile methods for large systemsAgile methods for large systems
Agile methods for large systems
sommerville-videos
 
User stories
User storiesUser stories
User stories
sommerville-videos
 
Agile and plan based development processes
Agile and plan based development processesAgile and plan based development processes
Agile and plan based development processes
sommerville-videos
 
Fundamental software engineering activities
Fundamental software engineering activitiesFundamental software engineering activities
Fundamental software engineering activities
sommerville-videos
 
Introducing Software Engineering
Introducing Software EngineeringIntroducing Software Engineering
Introducing Software Engineering
sommerville-videos
 
Why se script
Why se scriptWhy se script
Why se script
sommerville-videos
 
Ariane 5 launcher failure
Ariane 5 launcher failure Ariane 5 launcher failure
Ariane 5 launcher failure
sommerville-videos
 
Airbus Flight Control System
Airbus Flight Control SystemAirbus Flight Control System
Airbus Flight Control System
sommerville-videos
 
Stakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernsStakeholders, viewpoints and concerns
Stakeholders, viewpoints and concerns
sommerville-videos
 
Requirements engineering challenges
Requirements engineering challengesRequirements engineering challenges
Requirements engineering challenges
sommerville-videos
 
Introducing sociotechnical systems
Introducing sociotechnical systemsIntroducing sociotechnical systems
Introducing sociotechnical systemssommerville-videos
 
Availability and reliability
Availability and reliabilityAvailability and reliability
Availability and reliability
sommerville-videos
 
Critical systems engineering
Critical systems engineeringCritical systems engineering
Critical systems engineering
sommerville-videos
 

More from sommerville-videos (16)

Architectural patterns for real-time systems
Architectural patterns for real-time systemsArchitectural patterns for real-time systems
Architectural patterns for real-time systems
 
Introduction to real time software systems script
Introduction to real time software systems scriptIntroduction to real time software systems script
Introduction to real time software systems script
 
Agile methods for large systems
Agile methods for large systemsAgile methods for large systems
Agile methods for large systems
 
User stories
User storiesUser stories
User stories
 
Agile and plan based development processes
Agile and plan based development processesAgile and plan based development processes
Agile and plan based development processes
 
Fundamental software engineering activities
Fundamental software engineering activitiesFundamental software engineering activities
Fundamental software engineering activities
 
Introducing Software Engineering
Introducing Software EngineeringIntroducing Software Engineering
Introducing Software Engineering
 
Why se script
Why se scriptWhy se script
Why se script
 
Ariane 5 launcher failure
Ariane 5 launcher failure Ariane 5 launcher failure
Ariane 5 launcher failure
 
Airbus Flight Control System
Airbus Flight Control SystemAirbus Flight Control System
Airbus Flight Control System
 
Stakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernsStakeholders, viewpoints and concerns
Stakeholders, viewpoints and concerns
 
Requirements engineering challenges
Requirements engineering challengesRequirements engineering challenges
Requirements engineering challenges
 
Emergent properties
Emergent propertiesEmergent properties
Emergent properties
 
Introducing sociotechnical systems
Introducing sociotechnical systemsIntroducing sociotechnical systems
Introducing sociotechnical systems
 
Availability and reliability
Availability and reliabilityAvailability and reliability
Availability and reliability
 
Critical systems engineering
Critical systems engineeringCritical systems engineering
Critical systems engineering
 

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..
UiPathCommunity
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Alex Pruden
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 

Cybersecurity 5 improving cybersecurity

  • 1. Making systems more secure • Strategies that can be used to improve cybersecurity Making systems more secure, 2013 Slide 1
  • 2. Improving cybersecurity • Deterrence – • Increase the costs of making an attack on your systems Awareness – Improve awareness of all system users of security risks and types of attack Making systems more secure, 2013 Slide 2
  • 3. Improving cybersecurity • Procedures – • Design realistic security procedures that can be followed by everyone in an organisation (including the boss) Monitoring and logging – Monitor and log all system operations Making systems more secure, 2013 Slide 3
  • 4. Deterrence • It is impossible to develop a completely secure personal, business and government system. If an attacker has unlimited resources and motivation, it will always be possible to invoke some attacks on a given system. Making systems more secure, 2013 Slide 4
  • 5. Deterrence • However, attackers NEVER have unlimited resources and motivation so, an aim of security is to increase the costs of making a successful attack to such an extent that attackers will (a) be deterred from attacking and (b) will abandon attempted attacks before they are successful Making systems more secure, 2013 Slide 5
  • 6. Diverse authentication systems • Use strong passwords and multiple forms of authentication • Login/password + personal question or biometric • Attacker has to break two levels of authentication to gain access Making systems more secure, 2013 Slide 6
  • 7. Firewalls Making systems more secure, 2013 Slide 7
  • 8. Encryption • Use https protocol to encrypt information whilst in transit across the Internet • Encrypt confidential information stored on your system Making systems more secure, 2013 Slide 8
  • 9. Password security Making systems more secure, 2013 Slide 9
  • 10. Password security • Password strength measurement – https://passfault.appspot.com/password_stre ngth.html#menu • Calculates how long it would take to break a password using a brute force attack, using a standard PC Making systems more secure, 2013 Slide 10
  • 11. Making systems more secure, 2013 Slide 11
  • 12. Making systems more secure, 2013 Slide 12
  • 13. Making systems more secure, 2013 Slide 13
  • 14. Making systems more secure, 2013 Slide 14
  • 15. Encryption • Encryption is the process of encoding information in such a way that it is not directly readable. A key is required to decrypt the information and understand it • A systematic transformation is applied to the information, based on the key, to transform it to a different form. • The original information can only be recovered if the reader has the key that can be used to reverse the transformation Making systems more secure, 2013 Slide 15
  • 16. Example of encryption here Making systems more secure, 2013 Slide 16
  • 17. • Used sensibly, encryption can contribute to cybersecurity improvement but is not an answer in itself – Security of encryption keys – Inconvenience of encryption leads to patchy utilisation and user frustration – Risk of key loss or corruption – information is completely lost (and backups don’t help) – Can make recovery more difficult Making systems more secure, 2013 Slide 17
  • 18. Awareness • Educate users into the importance of cyber security and provide information that supports their secure use of computer systems • Be open about incidents that may have occurred Making systems more secure, 2013 Slide 18
  • 19. Awareness • Take into account how people really are rather than how you might like them to be • People have human failings and inevitably will make mistakes Making systems more secure, 2013 Slide 19
  • 20. • Bad security advice – Many security guidelines and rules are unrealistic and cannot be followed in practice by users – Use a different password for every website you visit Making systems more secure, 2013 Slide 20
  • 21. • Good security advice – If you use the same password for everything, an attacker can get access to your accounts if they find that out – Use a different passwords for all online bank accounts and only reuse passwords when you don’t really care about the accounts Making systems more secure, 2013 Slide 21
  • 22. Procedures • Businesses should design appropriate procedures based around the value of the assets that are being protected • If you simply apply the most secure procedures to all information, this will disrupt work and users are more likely to try to circumvent these procedures Making systems more secure, 2013 Slide 22
  • 23. • If information is not confidential, then it often makes sense to make it public • This reduces the need for users to authenticate to access the information Making systems more secure, 2013 Slide 23
  • 24. • Cybersecurity awareness procedures for all staff including the most senior management • Recognise reality – people will use phones and tablets and derive procedures for their safe use Making systems more secure, 2013 Slide 24
  • 25. Monitoring and logging • Monitoring and logging means that you record all user actions and so keep track of all accesses to the system Making systems more secure, 2013 Slide 25
  • 26. • Use tools to scan log frequently looking for anomalies • Can be an important deterrent to insider attacks if attackers know that they have a chance of being discovered through the logging system Making systems more secure, 2013 Slide 26
  • 27. Summary • Improving cybersecurity depends on – Deterrence – Awareness – Effective procedures – Monitoring and logging Making systems more secure, 2013 Slide 27

Editor's Notes

  1. Mystery why some organisations limit length of passwords and do not allow characters apart from letters and numbersSay you live at 15 south street so make up a password you can remember:SO51street Cracked in < 1 daySO_51_street Cracked in 23 years