I was very fortunate to be offered an opportunity to teach a semester long undergraduate and graduate student class, at the University of Wisconsin-Madison. The class has 50 students and every one of them is so friendly, outgoing and kind. The UW should be proud of the quality of the students it admits. I am lucky to be an employee of this massive and fantastic university. Here is the lecture I gave today. This module of the course is entitled Physical Security, which is an integral part of Information Security. It isn't all about hackers and spies. A lot of Information Security is derived from having solid documented and tested business processes.
UW-Madison Information Systems 365 -- Physical Security -- Lecture 9 Nicholas Davis
These are the lecture slides I created, to teach the topic of Physical Security to the students of the Information Systems 365/765 Information Security course I teach at UW-Madison. Physical security is a critical component of effective information security, but is often not given enough consideration.
Tablero actividades o actividades programadasAprenentABA
Tablero para realizar una secuencia de acciones de forma autónoma, sirve igual para realizar una actividad de la vida diaria como para trabajar en ejercicios escolares de forma autónoma. Más información sobre su uso la podeis encontrar en nuestro blog: http://www.aprenent.es/index.php/inicio/blog/tableros-de-actividades-o-actividades-programadas/
¿A quién no le cuesta levantarse por la mañana? ¿A quién no le cuesta lavarse la cara cuando hace frío? Hace tiempo creamos una rutina mañanera más extensa, pero esta vez necesitábamos menos pasos, más concretos, para ayudar a una peque a la que le cuesta mucho seguir la secuencia de autonomía diaria antes de ir al cole.
UW-Madison Information Systems 365 -- Physical Security -- Lecture 9 Nicholas Davis
These are the lecture slides I created, to teach the topic of Physical Security to the students of the Information Systems 365/765 Information Security course I teach at UW-Madison. Physical security is a critical component of effective information security, but is often not given enough consideration.
Tablero actividades o actividades programadasAprenentABA
Tablero para realizar una secuencia de acciones de forma autónoma, sirve igual para realizar una actividad de la vida diaria como para trabajar en ejercicios escolares de forma autónoma. Más información sobre su uso la podeis encontrar en nuestro blog: http://www.aprenent.es/index.php/inicio/blog/tableros-de-actividades-o-actividades-programadas/
¿A quién no le cuesta levantarse por la mañana? ¿A quién no le cuesta lavarse la cara cuando hace frío? Hace tiempo creamos una rutina mañanera más extensa, pero esta vez necesitábamos menos pasos, más concretos, para ayudar a una peque a la que le cuesta mucho seguir la secuencia de autonomía diaria antes de ir al cole.
Estrategias para el desarrollo del lenguajeRedParaCrecer
Presentación usada por la Lic. Soledad Alberdi, en el Taller de Terapia de Lenguaje realizado dentro del marco del V Congreso de Educación Especial organizado por la Universidad Nacional Abierta (UNA), la Universidad de Los Andes y RedParaCrecer y realizado en Mérida, Venezuela, los días 22 y 23 de Noviembre de 2011
Information systems 365 lecture three - Performing an IT Security Risk AnalysisNicholas Davis
Lecture 3 slides for the Information Systems 365/765 class I teach at UW-Madison. If you ever had the urge to perform a 5 step quantitative IT Security Risk Analysis, then this is for you!
In this presentation, we will explore the significance of bridge monitoring for floods, discuss the challenges involved, delve into innovative technologies for monitoring, highlight the benefits of technology adoption, showcase successful case studies, and outline best practices for effective bridge monitoring.
https://aqua3s.eu/
Exposure of citizens to potential disasters has led to vulnerable societies that require risk reduction measures. Drinking water is one of the main risk sources when its safety and security are not ensured.
aqua3S project steps in to combine novel technologies in water safety and security, aiming to standardize existing sensor technologies complemented by state-of-the-art detection mechanisms.
In this presentation, we will explore the significance of bridge monitoring for floods, discuss the challenges involved, delve into innovative technologies for monitoring, highlight the benefits of technology adoption, showcase successful case studies, and outline best practices for effective bridge monitoring.
Conducting a NIST Cybersecurity Framework (CSF) AssessmentNicholas Davis
In today's ever-evolving cybersecurity landscape, organizations face an increasing number of threats. Conducting a NIST Cybersecurity Framework (CSF) assessment can be a valuable tool to identify, manage, and mitigate these risks. Let's explore how it can benefit your organization.
A NIST CSF assessment is not just about compliance; it's about proactively managing your cybersecurity posture. By identifying and addressing your vulnerabilities, you can reduce the likelihood and impact of cyberattacks. Additionally, the framework can help you communicate your security efforts effectively to internal and external stakeholders.
UW-Madison, Information Systems 371 - Decision Support SystemsNicholas Davis
Today, is Information Systems 371, I am lecturing about Decision Support Systems. In addition to covering the basics at a conceptual level, I am trying to get the students to think about the impact of IoT, 5G, and Artificial Intelligence, in terms of how Decision Support Systems are changing and what the new demands placed upon them will be.
During the Spring semester, I teach a 3 credit survey course in software development, at UW-Madison (IS 371), which is the first in the series of courses in the Information Systems major track. As part of this course, I devote an entire lecture to discussing different types of software development (Agile, Waterfall, Extreme, Spiral, etc.) I hope it helps the students better understand the different types of software development styles, as well as the benefits and drawbacks of each. In my opinion, they need to learn early on that there is more than one way to go about a software development challenge, and they need to figure out which style works best for them.
Information systems 365 - Cloud and BYOD SecurityNicholas Davis
Today, in class, I will be covering the topics of Cloud and BYOD Information Security. The intent of the lecture is to introduce students to the general issues surrounding information security in these two areas.
Information Security Awareness: at Work, at Home, and For Your Kids Nicholas Davis
This is the security awareness presentation which I will be giving to Quartz Health Solutions, on October 24, 2018. If focuses in on three areas: information security best practices for work, at home, and also contains some tips for kids. Topics include: PHI, ePHI, HIPAA, Identity Theft, Social Engineering, phishing, password management, malware, insider threats, social networks, and mobile devices.
Estrategias para el desarrollo del lenguajeRedParaCrecer
Presentación usada por la Lic. Soledad Alberdi, en el Taller de Terapia de Lenguaje realizado dentro del marco del V Congreso de Educación Especial organizado por la Universidad Nacional Abierta (UNA), la Universidad de Los Andes y RedParaCrecer y realizado en Mérida, Venezuela, los días 22 y 23 de Noviembre de 2011
Information systems 365 lecture three - Performing an IT Security Risk AnalysisNicholas Davis
Lecture 3 slides for the Information Systems 365/765 class I teach at UW-Madison. If you ever had the urge to perform a 5 step quantitative IT Security Risk Analysis, then this is for you!
In this presentation, we will explore the significance of bridge monitoring for floods, discuss the challenges involved, delve into innovative technologies for monitoring, highlight the benefits of technology adoption, showcase successful case studies, and outline best practices for effective bridge monitoring.
https://aqua3s.eu/
Exposure of citizens to potential disasters has led to vulnerable societies that require risk reduction measures. Drinking water is one of the main risk sources when its safety and security are not ensured.
aqua3S project steps in to combine novel technologies in water safety and security, aiming to standardize existing sensor technologies complemented by state-of-the-art detection mechanisms.
In this presentation, we will explore the significance of bridge monitoring for floods, discuss the challenges involved, delve into innovative technologies for monitoring, highlight the benefits of technology adoption, showcase successful case studies, and outline best practices for effective bridge monitoring.
Similar to Information Systems Security 365/765 UW-Madison (6)
Conducting a NIST Cybersecurity Framework (CSF) AssessmentNicholas Davis
In today's ever-evolving cybersecurity landscape, organizations face an increasing number of threats. Conducting a NIST Cybersecurity Framework (CSF) assessment can be a valuable tool to identify, manage, and mitigate these risks. Let's explore how it can benefit your organization.
A NIST CSF assessment is not just about compliance; it's about proactively managing your cybersecurity posture. By identifying and addressing your vulnerabilities, you can reduce the likelihood and impact of cyberattacks. Additionally, the framework can help you communicate your security efforts effectively to internal and external stakeholders.
UW-Madison, Information Systems 371 - Decision Support SystemsNicholas Davis
Today, is Information Systems 371, I am lecturing about Decision Support Systems. In addition to covering the basics at a conceptual level, I am trying to get the students to think about the impact of IoT, 5G, and Artificial Intelligence, in terms of how Decision Support Systems are changing and what the new demands placed upon them will be.
During the Spring semester, I teach a 3 credit survey course in software development, at UW-Madison (IS 371), which is the first in the series of courses in the Information Systems major track. As part of this course, I devote an entire lecture to discussing different types of software development (Agile, Waterfall, Extreme, Spiral, etc.) I hope it helps the students better understand the different types of software development styles, as well as the benefits and drawbacks of each. In my opinion, they need to learn early on that there is more than one way to go about a software development challenge, and they need to figure out which style works best for them.
Information systems 365 - Cloud and BYOD SecurityNicholas Davis
Today, in class, I will be covering the topics of Cloud and BYOD Information Security. The intent of the lecture is to introduce students to the general issues surrounding information security in these two areas.
Information Security Awareness: at Work, at Home, and For Your Kids Nicholas Davis
This is the security awareness presentation which I will be giving to Quartz Health Solutions, on October 24, 2018. If focuses in on three areas: information security best practices for work, at home, and also contains some tips for kids. Topics include: PHI, ePHI, HIPAA, Identity Theft, Social Engineering, phishing, password management, malware, insider threats, social networks, and mobile devices.
A presentation about cyberwar basics, the past, present and future directions of cyberwar and some needed changes in technology and long standing societal attitudes, to combat this escalating threat
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...Nicholas Davis
Last day of lecture, a summary presentation of everything the students learned this semester, in the information security class I teach at the University of Wisconsin-Madison
Bringing the Entire Information Security Semester Together With a Team ProjectNicholas Davis
Absorbing information does no good, unless you are able to apply what you have learned. Each semester, I give my information security students a team project, in which they must use all the knowledge acquired during the semester, in combination with their ability to do Internet research, to deliver an overall information security assessment of a company of their choosing. To make it a challenge, I make them grade all the other teams in the class, but only give them enough points to distribute so that the average is 90. In grading their peers, they must make decisions about which presentations are excellent, and which are not.
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...Nicholas Davis
Horrible things happen on the Deep Web. It is important for information security professionals to know about this topic, so that we can help to stop the problem. Silence is acquiescence----If you see something horribly wrong, you have got to speak up and be part of the solution to stop it. Contact the FBI or local law enforcement.
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...Nicholas Davis
The final assignment in the Information Security 365/765 course I teach at UW-Madison, is for teams of students to put together company focused IT security presentations, in which they take the concepts learned in class throughout the entire semester, and apply them to a real company. Here is a sample from Team Netflix! I am proud of the students, and feel that they have gained a solid foundation in the field of information security. Another semester come and gone!
Information Security Fall Semester 2016 - Course Wrap Up SummaryNicholas Davis
This presentation is a summary, for the students of the IS 365/765 course I teach, at the University of Wisconsin-Madison, providing a 104 slide reminder of the most important topics in Information Security, which we covered throughout the semester. Today is the last day of course material. We have 4 days of student team presentations, to follow.
A general education presentation, created to teach employees of an organization about Phishing, what it is, how to recognize it, avoid becoming a phishing victim, how to recognize common social engineering techniques, and what to do if you think you have been phished.
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...Nicholas Davis
Today's topic in the Information Security 365/765 class, which I teach at the University of Wisconsin-Madison.
Computer crimes and computer laws, Motives and profiles of attackers, Various types of evidence, Laws and acts to fight computer crime, Computer crime investigation process, Incident handling procedures, Ethics and best practices
2. TTooddaayy’’ss CCaannddyy
TTwwiizzzzlleerrss
Twizzlers is a brand of candy in the United
States and Canada. Twizzlers is the product
of Y&S Candies, Inc., of Lancaster,
Pennsylvania, now a subsidiary of The
Hershey Company. In 1908 a plant was
opened in Montreal and in 1929 the
Twizzler brand was established
10/02/14 UNIVERSITY OF WISCONSIN 2
3. PPhhyyssiiccaall SSeeccuurriittyy
It used to be easy, way back in the 1960s
Today, with IT assets on every desk, we
have:
Theft
Fraud
Vandalism
Sabotage
Accidents
10/02/14 UNIVERSITY OF WISCONSIN 3
5. FFuunnnnyy CCaarrttoooonn VViiddeeoo
BBuutt,, iitt MMaakkeess aa GGoooodd PPooiinntt
https://
www.youtube.com/watch?v=tmOGJVDvJaQ
2 minutes
10/02/14 UNIVERSITY OF WISCONSIN 5
6. FFoouurr MMaajjoorr PPhhyyssiiccaall
SSeeccuurriittyy TThhrreeaattss
Natural environmental
Supply system
Human made
Politically motivated
Good security program protects against
all of these, in layers
10/02/14 UNIVERSITY OF WISCONSIN 6
11. WWhhaatt CCoonnssttiittuutteess aa GGoooodd
SSeeccuurriittyy PPllaann
Crime and disruption through
deterrence
Fences, security guards, warning signs,
etc.
10/02/14 UNIVERSITY OF WISCONSIN 11
12. WWhhaatt CCoonnssttiittuutteess aa GGoooodd
SSeeccuurriittyy PPllaann
Reduction of damage through use of
delaying mechanisms
Layers of defenses that slow down the
adversary, such as locks, security
personnel, barriers
10/02/14 UNIVERSITY OF WISCONSIN 12
13. WWhhaatt CCoonnssttiittuutteess aa GGoooodd
SSeeccuurriittyy PPllaann
Crime or disruption detection
Smoke detectors, motion detectors,
surveillance cameras, etc
10/02/14 UNIVERSITY OF WISCONSIN 13
14. WWhhaatt CCoonnssttiittuutteess aa GGoooodd
SSeeccuurriittyy PPllaann
Incident assessment
Response of personnel to quickly
evaluate situation and damage level
10/02/14 UNIVERSITY OF WISCONSIN 14
15. WWhhaatt CCoonnssttiittuutteess aa GGoooodd
SSeeccuurriittyy PPllaann
Rapid response procedures
Fire suppression systems, emergency
response systems, law enforcement
notification
10/02/14 UNIVERSITY OF WISCONSIN 15
16. 55 CCoorree SStteeppss iinn aa PPhhyyssiiccaall
SSeeccuurriittyy SSyysstteemm
Deter
Delay
Detect
Assess
Respond
10/02/14 UNIVERSITY OF WISCONSIN 16
18. PPhhyyssiiccaall AAcccceessss CCoonnttrrooll
FFoorr VViissiittoorrss
Limit the number of entry points
Force all guests to sign-in at a common
location
Reduce entry points even more, after hours
and on weekends
Validate a government issued picture ID
before allowing entry
Require all guests to be escorted by a full
time employee
Encourage employees to question strangers
10/02/14 UNIVERSITY OF WISCONSIN 18
19. NNaattuurraall SSuurrvveeiillllaannccee
Natural Surveillance is the intentional
and visible surveillance, to make
potential criminals aware that they are
being watch and make all others feel safe
10/02/14 UNIVERSITY OF WISCONSIN 19
21. SSeelleeccttiinngg aa FFaacciilliittyy SSiittee
Visibility – Terrain, neighbors,
population
Surrounding area – Crime, riots, police,
medical, fire, other hazzards
Accessibility – Road access, traffic,
airport access, etc
Natural Disasters – floods, tornadoes,
earthquakes, rain, etc
10/02/14 UNIVERSITY OF WISCONSIN 21
22. EEnnttrryy PPooiinnttss
Windows and doors
are the standard
access points. They
should be secure,
strong, foolproof
Walls should be at
least as strong as
the doors and
windows
10/02/14 UNIVERSITY OF WISCONSIN 22
23. AA HHuummaann TTrraapp
Only allows one
person into a secure
area at a time
Open first door, enter
Wait for first door to
close
Enter second door to
secure area
Only enough space for
one person at a time
10/02/14 UNIVERSITY OF WISCONSIN 23
25. IInn CCoommppuutteerr FFaacciilliittiieess
WWaatteerr DDeetteeccttoorrss AArree IImmppoorrttaanntt
Water detectors should be placed under
raised floors and on ceilings
10/02/14 UNIVERSITY OF WISCONSIN 25
26. LLaappttooppss AArree OOnnee ooff tthhee
MMoosstt FFrreeqquueennttllyy SSttoolleenn PPhhyyssiiccaall
AAsssseettss
Inventory the laptops
Harden the Operating system
Password protect BIOS
Register laptops with vendor
Don’t check laptop as baggage!
Don’t leave laptop unattended
Engrave the laptop visibly
Use a physical cable and lock
Backup data
Encrypt hard disk
Store in secure place when not in use
10/02/14 UNIVERSITY OF WISCONSIN 26
27. EElleeccttrriicc PPoowweerr
Electricity is the lifeline of the company
Use multiple supply circuits coming into
the facility
Filter power for a clean electrical signal,
important for computers
Have a backup generator, test it regularly
Have an appropriately sized battery
backup power supply (UPS)
Test EVERYTHING, test OFTEN
10/02/14 UNIVERSITY OF WISCONSIN 27
28. KKeeeepp AAllll WWiirriinngg OOrrggaanniizzeedd
OOnn CCoommppuutteerr EEqquuiippmmeenntt
Reduces confusion
Makes troubleshooting easier
Lower risk of fire hazard
Lower risk of electrical interference
Looks professional and trustworthy, in
case visitors come through
Use shielded cabling to stop electrical
interference
Don’t run electrical wiring close to
fluorescent lighting
10/02/14 UNIVERSITY OF WISCONSIN 28
30. MMaakkee SSuurree AAllll UUttiilliittyy LLiinneess
HHaavvee EEmmeerrggeennccyy SShhuuttooffff VVaallvveess
10/02/14 UNIVERSITY OF WISCONSIN 30
31. SSttaattiicc EElleeccttrriicciittyy,, tthhee
IInnvviissiibbllee EEnneemmyy
Protect against static electricity, which
can destroy computer equipment:
Antistatic flooring
Humidity levels should be kept
moderate
Use proper electrical grounding
No carpeting, ever!!!
Use anti-static bands on wrist when
working on a computer server
10/02/14 UNIVERSITY OF WISCONSIN 31
32. HHVVAACC –– HHeeaattiinngg,, VVeennttiillaattiioonn,,
AAiirr CCoonnddiittiioonniinngg
Important to have commercial grade
systems to keep temperature are proper
level, and keep air filtered and
circulating
10/02/14 UNIVERSITY OF WISCONSIN 32
34. WWaatteerr SSpprriinnkklleerr SSyysstteemmss
There are two types:
Wet Pipe – always contains water
Advantage – always ready for use
Disadvantage – most costly, possibility
of accidental release of water
Dry Pipe – has to be connected to a tank
Advantage – no risk of accidental water
release
Disadvantage – not ready immediately
10/02/14 UNIVERSITY OF WISCONSIN 34
35. OOtthheerr SSeeccuurriittyy CCoonnttrroollss
Fences – different heights, strengths
Bollards – those odd looking posts in
front of Best Buy
Lighting – one of the best deterrents
around, cheap and effective
Locks – usually easy to defeat, but good
as once layer of security for defense in
depth strategy
CCTV – Efficient for monitoring
10/02/14 UNIVERSITY OF WISCONSIN 35
36. AAuuddiittiinngg PPhhyyssiiccaall AAcccceessss
CCrriittiiccaall PPiieecceess ooff IInnffoorrmmaattiioonn
The date and time of the access attempt
The entry point at which access was
attempted
The user ID associated with the access
attempt
Any unsuccessful attempts, especially if
done during unauthorized hours
10/02/14 UNIVERSITY OF WISCONSIN 36
37. TTeessttss aanndd DDrriillllss
Need to be developed
Must be put into action, at least once per
year, generally speaking
Must be documented
Must be put in easily accessible places
People must be assigned specific tasks
People should be taught and informed
on how to fulfill specific tasks
Determine in advance what will
determine success
10/02/14 UNIVERSITY OF WISCONSIN 37
38. AA NNoottee AAbboouutt CCrreeddiitt CCaarrdd
RReeaaddeerr PPhhyyssiiccaall SSeeccuurriittyy
https://
www.youtube.com/watch?v=XipjYIbBj7k
Physical access to credit card transaction
equipment is one of the greatest physical
security threats facing most small
businesses in the United States, but
most people never give it a second
thought
10/02/14 UNIVERSITY OF WISCONSIN 38