SlideShare a Scribd company logo

security in is.pptx

Download as PPTX, PDF
S
selvapriyabiher

- The document discusses information systems security and identifies its key components of confidentiality, integrity and availability (CIA). - It describes various tools used for information security like authentication, access control, encryption, passwords, backups, firewalls and security policies. - Basic concepts around threats to information security are also covered like types of attackers, levels of vulnerabilities and ways data confidentiality, integrity and availability can be attacked.

Engineering
1 of 48
Information Systems Security
Introduction • Computers and digital devices are becoming integral to conducting business – Which also makes them a target of attack • Devices needs to be secured • Networks that computers and devices use should also be secured
3. Basic Components of Security: Confidentiality, Integrity, Availability (CIA) • CIA – Confidentiality: Who is authorized to use data? – Integrity: Is data „good?” – Availability: Can access data whenever need it? C I A S S = Secure  CIA or CIAAAN…  (other security components added to CIA)  Authentication  Authorization  Non-repudiation  …
The security triad Availability Confidentiality – restrict access to authorized individuals Integrity – data has not been altered in an unauthorized manner Availability – information can be accessed and modified by authorized individuals in an appropriate timeframe
• Confidentiality is the ability to prevent information and data from being exposed to any unauthorized individual or party from inside or outside the system. Maintaining data and information confidentiality is done by applying encryption algorithms on stored and transmitted data and by restricting access to the places where data appear [15] . In CPS, Confidentiality is ensured by protecting communication channels from eavesdropping to prevent the system status from being deduced, which may occur due to eavesdropping [16] . • Integrity is the ability to keep data as it is and prevent any unauthorized manipulation. In other words, the data must be kept away from both outsiders and insiders who seek to modify it. Thus, a destination will receive incorrect data and treat it as correct. In CPS, Integrity is ensured by catching all possible attacks that seek to ruin the CPS’s physical goals and change data that are collected and sent by sensors [17] .
3.Availability: Generally, this is the system’s ability to provide services and output products in a time manner. Availability is the ability of all subsystems to work properly and have their work done on time and when needed [18] . In other words, availability ensures that all CPS subsystems are functioning correctly by preventing all types of corruption, such as hardware and software failures, power failures and DoS attacks. 4) Authenticity: This is the ability to guarantee that all parties participating in any CPS processes are supposed to do so. Authenticity must be realized in all subsystems and processes to have an authentic and genuine CPS [15] . 5) Robustness is the degree to which CPS can continue to work properly, even in the presence of limited disturbances. There are two types of failures: limited failures that have limited consequences and occasional failures whose little effects disappear with time [16] . 6) Trustworthiness is the degree to which people (e.g., Owners, users, and individuals) can rely on the CPS to perform required tasks under specific domain constraints and according to specific time conditions [19] . The software, hardware, and collected data must all show level trustworthiness to consider a CPS feasible and trustworthy.
Tools for Information Security • Authentication • Access Control • Encryption • Passwords • Backup • Firewalls • Virtual Private Networks (VPN) • Physical Security • Security Policies
Authentication • Persons accessing the information is who they say they are • Factors of identification: – Something you know – user ID and password • User ID identifies you while the password authenticates you • Easy to compromise if weak password – Something you have – key or card • Can be lost or stolen – Something you are – physical characteristics (i.e., biometrics) • Much harder to compromise • A combination of at least 2 factors is recommended
Access Control • Once authenticated – only provide access to information necessary to perform their job duties to read, modify, add, and/or delete information by: – Access control list (ACL) created for each resource (information) • List of users that can read, write, delete or add information • Difficult to maintain all the lists – Role-based access control (RBAC) • Rather than individual lists • Users are assigned to roles • Roles define what they can access • Simplifies administration
Encryption • An algorithm (program) encodes or scrambles information during transmission or storage • Decoded/unscrambled by only authorized individuals to read it • How is this done? – Both parties agree on the encryption method (there are many) using keys • Symmetric key – sender and receiver have the key which can be risky • Public Key – use a public and private key where the public key is used to send an encrypted message and a private key that the receiver uses to decode the message
Passwords • Single-factor authentication (user ID/password) is the easiest to break • Password policies ensure that this risk is minimized by requiring: – A certain length to make it harder to guess – Contain certain characters – such as upper and lower case, one number, and a special character – Changing passwords regularly and do not a password to be reused – Employees do not share their password – Notifying the security department if they feel their password has been compromised. – Yearly confirmation from employees that they understand their responsibilities
Backup • Important information should be backed up and store in a separate location – Very useful in the event that the primary computer systems become unavailable • A good backup plan requires: – Understanding of the organizational information resources – Regular backups of all data – Offsite storage of backups – Test of the data restoration • Complementary practices: – UPS systems – Backup processing sites
Firewalls • Can be a piece of hardware and/or software • Inspects and stops packets of information that don’t apply to a strict set of rules – Inbound and outbound • Hardware firewalls are connected to the network • Software firewalls run on the operating system and intercepts packets as they arrive to a computer • Can implement multiple firewalls to allow segments of the network to be partially secured to conduct business • Intrusion Detection Systems (IDS) watch for specific types of activities to alert security personnel of potential network attack
Virtual Private Networks (VPN) • Some systems can be made private using an internal network to limit access to them – Can’t be accessed remotely and are more secure – Requires specific connections such as being onsite • VPN allows users to remotely access these systems over a public network like the Internet – Bypasses the firewall – Encrypts the communication or the data exchanged • CPP students have this ability for: – Exchange services from your Outlook client – Mapping a drive or mounting a file share – Instructions to establish a VPN connection can be found at https://ehelp.wiki.cpp.edu/VPN_(Virtual_Private_Network):_ Requirements
Physical Security • Protection of the actual equipment – Hardware – Networking components • Organizations need to identify assets that need to be physically secured: – Locked doors – Physical intrusion detection - e.g., using security cameras – Secured equipment – Environmental monitoring – temperature, humidity, and airflow for computer equipment – Employee training
Security Policies • Starting point in developing an overall security plan • Formal, brief, and high-level statement issued by senior management – Guidelines for employee use of the information resources – Embraces general beliefs, goals, objectives, and acceptable procedures – Includes company recourse if employees violate the policy • Security policies focus on confidentiality, integrity, and availability – Includes applicable government or industry regulations • Bring Your Own Device (BYOD) policies for mobile devices – Use when accessing/storing company information – Intellectual property implications • Difficult to balance the need for security and users’ needs
Personal Information Security • Simple steps that individuals can take to be more secure: – Keep your software up to date – Install antivirus software – Use public networks carefully – Backup your data – Secure your accounts with two-factor authentication – Make your passwords long, unique, and strong – Be suspicious of strange links and attachments • For more information on personal information security, visit the Stop, Think, Connect website at http://www.stopthinkconnect.org/
Summary • Identified the information security triad • Identified and understand the high-level concepts surrounding information security tools • How to secure yourself digitally
Kinds of Threats • Kinds of threats: – Interception • an unauthorized party (human or not) gains access to an asset – Interruption • an asset becomes lost, unavailable, or unusable – Modification • an unauthorized party changes the state of an asset – Fabrication • an unauthorized party counterfeits an asset [Pfleeger & Pfleeger] • Examples?
Levels of Vulnerabilities / Threats (reversed order to illustrate interdependencies) • D) for other assets (resources) • including. people using data, s/w, h/w • C) for data • „on top” of s/w, since used by s/w • B) for software • „on top” of h/w, since run on h/w • A) for hardware [Pfleeger & Pfleeger]
A) Hardware Level of Vulnerabilities / Threats • Add / remove a h/w device – Ex: Snooping, wiretapping Snoop = to look around a place secretly in order to discover things about it or the people connected with it. [Cambridge Dictionary of American English] – Ex: Modification, alteration of a system – ... • Physical attacks on h/w => need physical security: locks and guards – Accidental (dropped PC box) or voluntary (bombing a computer room) – Theft / destruction • Damage the machine (spilled coffe, mice, real bugs) • Steal the machine • „Machinicide:” Axe / hammer the machine • ...
Example of Snooping: Wardriving / Warwalking, Warchalking, • Wardriving/warwalking -- driving/walking around with a wireless-enabled notebook looking for unsecured wireless LANs • Warchalking -- using chalk markings to show the presence and vulnerabilities of wireless networks nearby – E.g., a circled "W” -- indicates a WLAN protected by Wired Equivalent Privacy (WEP) encryption [Barbara Edicott-Popovsky and Deborah Frincke, CSSE592/492, U. Washington]
B) Software Level of Vulnerabilities / Threats • Software Deletion – Easy to delete needed software by mistake – To prevent this: use configuration management software • Software Modification – Trojan Horses, , Viruses, Logic Bombs, Trapdoors, Information Leaks (via covert channels), ... • Software Theft – Unauthorized copying • via P2P, etc.
Types of Malicious Code Bacterium - A specialized form of virus which does not attach to a specific file. Usage obscure. Logic bomb - Malicious [program] logic that activates when specified conditions are met. Usually intended to cause denial of service or otherwise damage system resources. Trapdoor - A hidden computer flaw known to an intruder, or a hidden computer mechanism (usually software) installed by an intruder, who can activate the trap door to gain access to the computer without being blocked by security services or mechanisms. Trojan horse - A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program. Virus - A hidden, self-replicating section of computer software, usually malicious logic, that propagates by infecting (i.e., inserting a copy of itself into and becoming part of) another program. A virus cannot run by itself; it requires that its host program be run to make the virus active. Worm - A computer program that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume computer resources destructively. More types of malicious code exist… [cf. http://www.ietf.org/rfc/rfc2828.txt]
C) Data Level of Vulnerabilities / Threats • How valuable is your data? – Credit card info vs. your home phone number – Source code – Visible data vs. context • „2345” -> Phone extension or a part of SSN? • Adequate protection – Cryptography • Good if intractable for a long time • Threat of Identity Theft – Cf. Federal Trade Commission: http://www.consumer.gov/idtheft/
Identity Theft • Cases in 2003: – Credit card skimmers plus drivers license, Florida – Faked social security and INS cards $150-$250 – Used 24 aliases – used false id to secure credit cards, open mail boxes and bank accounts, cash fraudulently obtained federal income tax refund checks, and launder the proceeds – Bank employee indicted for stealing depositors' information to apply over the Internet for loans – $7M loss, Florida: Stole 12,000 cards from restaurants via computer networks and social engineering • Federal Trade Commission: http://www.consumer.gov/idtheft/ [Barbara Edicott-Popovsky and Deborah Frincke, CSSE592/492, U. Washington]
Types of Attacks on Data CIA • Disclosure – Attack on data confidentiality • Unauthorized modification / deception – E.g., providing wrong data (attack on data integrity) • Disruption – DoS (attack on data availability) • Usurpation – Unauthorized use of services (attack on data confidentiality, integrity or availability)
Ways of Attacking Data CIA • Examples of Attacks on Data Confidentiality – Tapping / snooping • Examples of Attacks on Data Integrity – Modification: salami attack -> little bits add up • E.g/ „shave off” the fractions of cents after interest calculations – Fabrication: replay data -> send the same thing again • E.g., a computer criminal replays a salary deposit to his account • Examples of Attacks on Data Availability – Delay vs. „full” DoS • Examples of Repudiation Attacks on Data: – Data origin repudiation: „I never sent it” Repudiation = refusal to acknowledge or pay a debt or honor a contract (especially by public authorities). [http://www.onelook.com] – Data receipt repudiation: „I never got it”
D) Vulnerab./Threats at Other Exposure Points • Network vulnerabilities / threats – Networks multiply vulnerabilties and threats, due to: • their complexity => easier to make design/implem./usage mistakes • „bringing close” physically distant attackers – Esp. wireless (sub)networks • Access vulnerabilities / threats – Stealing cycles, bandwidth – Malicious physical access – Denial of access to legitimate users • People vulnerabilities / threats – Crucial weak points in security • too often, the weakest links in a security chain – Honest insiders subjected to skillful social engineering – Disgruntled employees
5. Attackers • Attackers need MOM – Method Skill, knowledge, tools, etc. with which to pull off an attack – Opportunity Time and access to accomplish an attack – Motive Reason to perform an attack
Types of Attackers • Types of Attackers - Classification 1 – Amateurs • Opportunistic attackers (use a password they found) • Script kiddies – Hackers - nonmalicious • In broad use beyond security community: also malicious – Crackers – malicious – Career criminals – State-supported spies and information warriors • Types of Attackers - Classification 2 (cf. before) – Recreational hackers / Institutional hackers – Organized criminals / Industrial spies / Terrorists – National intelligence gatherers / Info warriors
Example: Hacking As Social Protest • Hactivism • Electro-Hippies • DDOS attacks on government agencies • SPAM attacks as “retaliation” [Barbara Edicott-Popovsky and Deborah Frincke, CSSE592/492, U. Washington]
• What is threat detection? • As the term relates to computer security, a threat refers to anything that has the potential to cause harm to a computer system or network. • Importantly, threats are not the same as attacks. • Threats represent the potential for attacks to occur; attacks are the act of breaking in or harming a computer or network. • A more advanced form of threat, the Advanced Persistent Threat (APT), emerged several years ago. • As the name suggests, the threat is sophisticated and remains in your network for a prolonged period of time, giving attackers a longer window to act. • Threat detection is the process by which you find threats on your network, your systems or your applications.
• The idea is to detect threats before they are exploited as attacks. • Malware on an endpoint, for example, may or may not have been exploited in an attack. • For that reason, security teams have been shifting their focus from so-called indicators of compromise (IoC), like a malware infection, to techniques, tactics, and procedures (TTPs). • The goal is to catch the bad actor in the process of introducing a threat by watching for telltale techniques versus finding evidence that a threat was already introduced by finding an IoC.
What are attackers after? • Cybercriminals are usually after one of five things. Not surprisingly, the end goal is usually monetary. • User credentials—cybercriminals are often not after you, but rather after your credentials. They want your username and password to get into systems that you have access to. It’s much easier to open a door with a key then pick a lock or break a window. Some attackers will use a technique called privilege escalation to grant themselves additional privileges by exploiting the underlying operating system. They then use these escalated privileges to get to what they are really after. • Personally identifiable information (PII)—some criminals want personal information they can use to impersonate you, such as a social security number or driver’s license number. These and other details can be used to apply for credit cards, open bank accounts in your name, and the like. • Intellectual property or sensitive corporate information—industrial espionage is alive and well.
• Nation states are looking to steal trade secrets to boost their own economies. Competitors are looking to gain an advantage or fill a gap in their offerings by taking advantage of what their rivals know. Employees are at risk for stealing important secrets for personal gain, or perhaps out of spite for being passed over for a promotion. Companies need to protect their product designs, customer databases, business processes, marketing plans and more. • Ransom—criminals have been extorting companies and individuals for years online. Their two most potent weapons are ransomware where endpoint or server files are encrypted and a ransom demanded to unlock them and DDoS attacks where traffic floods web servers or networks with bogus traffic until the ransom is paid. • Revenge—some disgruntled users or so-called hacktivists look to bring down or slow down systems to protest company policy. In some cases, attackers may deface web pages to embarrass companies or government organizations.
What are examples of threats? • Here are some common examples of threats: • Malware—malicious software that infects your computer, such as computer viruses, worms, Trojan horses, spyware, and adware. • Phishing—fake emails disguised as legitimate communications that seek to steal sensitive information from an unwitting recipient. • Ransomware—a malware that encrypts files on an endpoint or server and then displays a message demanding ransom in exchange for decrypting files. • Trojan horse—a computer executable, sometimes known as a back door, that can be remotely activated to perform a variety of attacks.
How to identify threats? • Successful threat detection is highly reliant on the maturity of the local cybersecurity capabilities. • It’s relatively simple to know the landscape, keep up with intelligence and sector-related resources, and have an internal program for identifying vulnerabilities. • However, the larger an environment grows – the higher the demand for solutions that can assist in advanced threat detection, at least in part automatically, becomes necessary. • Furthermore, sophisticated actors that are targeting your organization might not be so easy to identify. For example, you can never be entirely sure if a state actor has taken an interest in your research. Which has been a cause of many high-profile breaches.
• Security refers to protection against the unauthorized access of data. We security controls in place to limit who access the information. • Privacy is harder to define, in part because user-specific details can also secure data. In the coming month, we have a blog with more information on Personally Identifiable Information
• For example, hospital and clinic staff use secure systems to communicate with patients about their health, instead of sending information via personal email accounts.This type of data transmission is an example of security. On the other hand, privacy provisions, might limit patient health record access to specific hospital staff members, such as doctors, nurses, and medical assistants. Privacy might also stipulate when users can access specific information (i.e. business hours only).
• privacy:In CPS, a huge data collection process is constantly taking place, and this is what most people are not aware of .Therefore, a person has the right to access his own data, along with being given the right to know what type of data is being collected about them by data collectors, and to whom these data is being given or sold to. However, this also requires preventing the illegal/unauthorised access to the user’s personal data and their information disclosure
• Threat modelling for Cyber-Physical Systems (CPS) • CPS is a combination of computation, physical processes, and networking built on the traditional embedded systems technology. Though it has been around for some time, users and experts alike have not truly realized its actual potential. However, companies and institutions are understanding the wealth of opportunities CPS promises in recent years and are investing heavily to catalyze its development. • CPS is not immune to cyber or physical threats. There are three main reasons for this: system diversity, reliance on sensitive information, and large-scale deployment. Exposure of these systems to threats can have far-reaching ramifications, but efficient threat modelling can prevent this. Here are three ways threat modelling can protect CPS:
1. STRIDE • STRIDE stands for a combination of six security threats: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. Microsoft first developed it to identify computer security threats. Lightweight and effective, their mechanism analyses missing security properties that could help determine emerging threat types. It also identifies how a vulnerability in a system component can weaken the security structure.
3.LINDDUN • LINDDUN stands for Linkability, Identifiability, Nonrepudiation, Detectability, Disclosure of Information, Unawareness, and Noncompliance. It is a privacy threat modelling technique that systematically mitigates privacy threats in software architectures. It supports the customer in navigating the threat modelling process in a structured way. LINDDUN gives knowledge support to even non-experts for understanding privacy threats. • Using the LINDDUN framework, organizations can model their systems with data flow diagrams, determine the scenario and identify threats, and finally map the threats back to a data flow diagram. Using this analysis, companies get the support to prioritize threats and create case-appropriate threat mitigation and management strategies.
CPS Security Approaches from a Control-theoretic Perspective
CPS Security Approaches from a Cyber Security Perspective
• What Are the Key Features of Cyber-Physical Systems? • The Cyber-Physical systems are not only the interface between physical systems and computational systems, but they are also have all structural characteristics that emerge from combining two different kinds of systems, as shown in Figure 2. Some key features of CPS are [2] :  All physical objects have a cyber capability that is IT- dominated.  Every action is predicted in CPSs.  Advanced sensing is applied to CPSs.  All software and systems that are used are trusted and highly confident.  CPSs always have one or more feedback loops from their output to their input.  CPSs are self-documenting, self-monitoring and self-optimizing.  CPSs should be securely connected via global networks.

Recommended

Information Security
Information SecurityInformation Security
Information Security
sonykhan3
 
ISBB_Chapter6.pptx
ISBB_Chapter6.pptxISBB_Chapter6.pptx
ISBB_Chapter6.pptx
AmanSoni665879
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
System Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptxSystem Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptx
rahulkumarcscsf21
 
Unit v
Unit vUnit v
Unit v
bharatnaruka90
 
CIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdfCIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdf
BabyBoy55
 
Information Security
Information SecurityInformation Security
Information Security
Dhilsath Fathima
 
Computer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVComputer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOV
Eric Vanderburg
 

Recommended

Information Security
Information SecurityInformation Security
Information Security
sonykhan3
 
ISBB_Chapter6.pptx
ISBB_Chapter6.pptxISBB_Chapter6.pptx
ISBB_Chapter6.pptx
AmanSoni665879
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
System Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptxSystem Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptx
rahulkumarcscsf21
 
Unit v
Unit vUnit v
Unit v
bharatnaruka90
 
CIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdfCIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdf
BabyBoy55
 
Information Security
Information SecurityInformation Security
Information Security
Dhilsath Fathima
 
Computer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVComputer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOV
Eric Vanderburg
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
Zaid Shabbir
 
basic-security-concepts-what-is-security48.ppt
basic-security-concepts-what-is-security48.pptbasic-security-concepts-what-is-security48.ppt
basic-security-concepts-what-is-security48.ppt
PawachMetharattanara
 
ISM-CS5750-01.pptx
ISM-CS5750-01.pptxISM-CS5750-01.pptx
ISM-CS5750-01.pptx
RashidSahito1
 
Mis
MisMis
Mis
misecho
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1
misecho
 
Mis
MisMis
Mis
misecho
 
Coud discovery chap 5
Coud discovery chap 5Coud discovery chap 5
Coud discovery chap 5
Alain Charpentier
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
Seth Nurul
 
cyber Forensics
cyber Forensicscyber Forensics
cyber Forensics
Muzzammil Wani
 
informations_security_presentations.pptx
informations_security_presentations.pptxinformations_security_presentations.pptx
informations_security_presentations.pptx
FAKHARZAMANPROUD
 
crisc_wk_5.pptx
crisc_wk_5.pptxcrisc_wk_5.pptx
crisc_wk_5.pptx
dotco
 
security introduction and overview lecture1 .pptx
security introduction and overview lecture1 .pptxsecurity introduction and overview lecture1 .pptx
security introduction and overview lecture1 .pptx
nagwaAboElenein
 
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
NISHASOMSCS113
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
dotco
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
Technocracy2
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
Zara Nawaz
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
Zara Nawaz
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1
limsh
 
security and system mainatance
security and system mainatancesecurity and system mainatance
security and system mainatance
Kudzi Chikwatu
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
Dr. Kapil Gupta
 
Toll tax management system project report..pdf
Toll tax management system project report..pdfToll tax management system project report..pdf
Toll tax management system project report..pdf
Kamal Acharya
 
The Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdfThe Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdf
Pipe Restoration Solutions
 

More Related Content

Similar to security in is.pptx

Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1
misecho
 
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
NISHASOMSCS113
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
dotco
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1
limsh
 

Similar to security in is.pptx (20)

Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
 
basic-security-concepts-what-is-security48.ppt
basic-security-concepts-what-is-security48.pptbasic-security-concepts-what-is-security48.ppt
basic-security-concepts-what-is-security48.ppt
 
ISM-CS5750-01.pptx
ISM-CS5750-01.pptxISM-CS5750-01.pptx
ISM-CS5750-01.pptx
 
Mis
MisMis
Mis
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1
 
Mis
MisMis
Mis
 
Coud discovery chap 5
Coud discovery chap 5Coud discovery chap 5
Coud discovery chap 5
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
 
cyber Forensics
cyber Forensicscyber Forensics
cyber Forensics
 
informations_security_presentations.pptx
informations_security_presentations.pptxinformations_security_presentations.pptx
informations_security_presentations.pptx
 
crisc_wk_5.pptx
crisc_wk_5.pptxcrisc_wk_5.pptx
crisc_wk_5.pptx
 
security introduction and overview lecture1 .pptx
security introduction and overview lecture1 .pptxsecurity introduction and overview lecture1 .pptx
security introduction and overview lecture1 .pptx
 
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1
 
security and system mainatance
security and system mainatancesecurity and system mainatance
security and system mainatance
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
 

Recently uploaded

The Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdfThe Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdf
Pipe Restoration Solutions
 
RS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
RS Khurmi Machine Design Clutch and Brake Exercise Numerical SolutionsRS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
RS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
Atif Razi
 
Online resume builder management system project report.pdf
Online resume builder management system project report.pdfOnline resume builder management system project report.pdf
Online resume builder management system project report.pdf
Kamal Acharya
 
Digital Signal Processing Lecture notes n.pdf
Digital Signal Processing Lecture notes n.pdfDigital Signal Processing Lecture notes n.pdf
Digital Signal Processing Lecture notes n.pdf
AbrahamGadissa
 
Courier management system project report.pdf
Courier management system project report.pdfCourier management system project report.pdf
Courier management system project report.pdf
Kamal Acharya
 
Hall booking system project report .pdf
Hall booking system project report .pdfHall booking system project report .pdf
Hall booking system project report .pdf
Kamal Acharya
 
Laundry management system project report.pdf
Laundry management system project report.pdfLaundry management system project report.pdf
Laundry management system project report.pdf
Kamal Acharya
 
Automobile Management System Project Report.pdf
Automobile Management System Project Report.pdfAutomobile Management System Project Report.pdf
Automobile Management System Project Report.pdf
Kamal Acharya
 
LIGA(E)11111111111111111111111111111111111111111.ppt
LIGA(E)11111111111111111111111111111111111111111.pptLIGA(E)11111111111111111111111111111111111111111.ppt
LIGA(E)11111111111111111111111111111111111111111.ppt
ssuser9bd3ba
 

Recently uploaded (20)

Toll tax management system project report..pdf
Toll tax management system project report..pdfToll tax management system project report..pdf
Toll tax management system project report..pdf
 
The Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdfThe Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdf
 
RS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
RS Khurmi Machine Design Clutch and Brake Exercise Numerical SolutionsRS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
RS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
 
Online resume builder management system project report.pdf
Online resume builder management system project report.pdfOnline resume builder management system project report.pdf
Online resume builder management system project report.pdf
 
Arduino based vehicle speed tracker project
Arduino based vehicle speed tracker projectArduino based vehicle speed tracker project
Arduino based vehicle speed tracker project
 
NO1 Pandit Amil Baba In Bahawalpur, Sargodha, Sialkot, Sheikhupura, Rahim Yar...
NO1 Pandit Amil Baba In Bahawalpur, Sargodha, Sialkot, Sheikhupura, Rahim Yar...NO1 Pandit Amil Baba In Bahawalpur, Sargodha, Sialkot, Sheikhupura, Rahim Yar...
NO1 Pandit Amil Baba In Bahawalpur, Sargodha, Sialkot, Sheikhupura, Rahim Yar...
 
Digital Signal Processing Lecture notes n.pdf
Digital Signal Processing Lecture notes n.pdfDigital Signal Processing Lecture notes n.pdf
Digital Signal Processing Lecture notes n.pdf
 
weather web application report.pdf
weather web application report.pdfweather web application report.pdf
weather web application report.pdf
 
fluid mechanics gate notes . gate all pyqs answer
fluid mechanics gate notes . gate all pyqs answerfluid mechanics gate notes . gate all pyqs answer
fluid mechanics gate notes . gate all pyqs answer
 
2024 DevOps Pro Europe - Growing at the edge
2024 DevOps Pro Europe - Growing at the edge2024 DevOps Pro Europe - Growing at the edge
2024 DevOps Pro Europe - Growing at the edge
 
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
 
Danfoss NeoCharge Technology -A Revolution in 2024.pdf
Danfoss NeoCharge Technology -A Revolution in 2024.pdfDanfoss NeoCharge Technology -A Revolution in 2024.pdf
Danfoss NeoCharge Technology -A Revolution in 2024.pdf
 
ENERGY STORAGE DEVICES INTRODUCTION UNIT-I
ENERGY STORAGE DEVICES INTRODUCTION UNIT-IENERGY STORAGE DEVICES INTRODUCTION UNIT-I
ENERGY STORAGE DEVICES INTRODUCTION UNIT-I
 
Construction method of steel structure space frame .pptx
Construction method of steel structure space frame .pptxConstruction method of steel structure space frame .pptx
Construction method of steel structure space frame .pptx
 
Courier management system project report.pdf
Courier management system project report.pdfCourier management system project report.pdf
Courier management system project report.pdf
 
Hall booking system project report .pdf
Hall booking system project report .pdfHall booking system project report .pdf
Hall booking system project report .pdf
 
Introduction to Machine Learning Unit-4 Notes for II-II Mechanical Engineering
Introduction to Machine Learning Unit-4 Notes for II-II Mechanical EngineeringIntroduction to Machine Learning Unit-4 Notes for II-II Mechanical Engineering
Introduction to Machine Learning Unit-4 Notes for II-II Mechanical Engineering
 
Laundry management system project report.pdf
Laundry management system project report.pdfLaundry management system project report.pdf
Laundry management system project report.pdf
 
Automobile Management System Project Report.pdf
Automobile Management System Project Report.pdfAutomobile Management System Project Report.pdf
Automobile Management System Project Report.pdf
 
LIGA(E)11111111111111111111111111111111111111111.ppt
LIGA(E)11111111111111111111111111111111111111111.pptLIGA(E)11111111111111111111111111111111111111111.ppt
LIGA(E)11111111111111111111111111111111111111111.ppt
 

security in is.pptx

  • 2. Introduction • Computers and digital devices are becoming integral to conducting business – Which also makes them a target of attack • Devices needs to be secured • Networks that computers and devices use should also be secured
  • 3. 3. Basic Components of Security: Confidentiality, Integrity, Availability (CIA) • CIA – Confidentiality: Who is authorized to use data? – Integrity: Is data „good?” – Availability: Can access data whenever need it? C I A S S = Secure  CIA or CIAAAN…  (other security components added to CIA)  Authentication  Authorization  Non-repudiation  …
  • 4. The security triad Availability Confidentiality – restrict access to authorized individuals Integrity – data has not been altered in an unauthorized manner Availability – information can be accessed and modified by authorized individuals in an appropriate timeframe
  • 5. • Confidentiality is the ability to prevent information and data from being exposed to any unauthorized individual or party from inside or outside the system. Maintaining data and information confidentiality is done by applying encryption algorithms on stored and transmitted data and by restricting access to the places where data appear [15] . In CPS, Confidentiality is ensured by protecting communication channels from eavesdropping to prevent the system status from being deduced, which may occur due to eavesdropping [16] . • Integrity is the ability to keep data as it is and prevent any unauthorized manipulation. In other words, the data must be kept away from both outsiders and insiders who seek to modify it. Thus, a destination will receive incorrect data and treat it as correct. In CPS, Integrity is ensured by catching all possible attacks that seek to ruin the CPS’s physical goals and change data that are collected and sent by sensors [17] .
  • 6. 3.Availability: Generally, this is the system’s ability to provide services and output products in a time manner. Availability is the ability of all subsystems to work properly and have their work done on time and when needed [18] . In other words, availability ensures that all CPS subsystems are functioning correctly by preventing all types of corruption, such as hardware and software failures, power failures and DoS attacks. 4) Authenticity: This is the ability to guarantee that all parties participating in any CPS processes are supposed to do so. Authenticity must be realized in all subsystems and processes to have an authentic and genuine CPS [15] . 5) Robustness is the degree to which CPS can continue to work properly, even in the presence of limited disturbances. There are two types of failures: limited failures that have limited consequences and occasional failures whose little effects disappear with time [16] . 6) Trustworthiness is the degree to which people (e.g., Owners, users, and individuals) can rely on the CPS to perform required tasks under specific domain constraints and according to specific time conditions [19] . The software, hardware, and collected data must all show level trustworthiness to consider a CPS feasible and trustworthy.
  • 7.
  • 8. Tools for Information Security • Authentication • Access Control • Encryption • Passwords • Backup • Firewalls • Virtual Private Networks (VPN) • Physical Security • Security Policies
  • 9. Authentication • Persons accessing the information is who they say they are • Factors of identification: – Something you know – user ID and password • User ID identifies you while the password authenticates you • Easy to compromise if weak password – Something you have – key or card • Can be lost or stolen – Something you are – physical characteristics (i.e., biometrics) • Much harder to compromise • A combination of at least 2 factors is recommended
  • 10. Access Control • Once authenticated – only provide access to information necessary to perform their job duties to read, modify, add, and/or delete information by: – Access control list (ACL) created for each resource (information) • List of users that can read, write, delete or add information • Difficult to maintain all the lists – Role-based access control (RBAC) • Rather than individual lists • Users are assigned to roles • Roles define what they can access • Simplifies administration
  • 11. Encryption • An algorithm (program) encodes or scrambles information during transmission or storage • Decoded/unscrambled by only authorized individuals to read it • How is this done? – Both parties agree on the encryption method (there are many) using keys • Symmetric key – sender and receiver have the key which can be risky • Public Key – use a public and private key where the public key is used to send an encrypted message and a private key that the receiver uses to decode the message
  • 12. Passwords • Single-factor authentication (user ID/password) is the easiest to break • Password policies ensure that this risk is minimized by requiring: – A certain length to make it harder to guess – Contain certain characters – such as upper and lower case, one number, and a special character – Changing passwords regularly and do not a password to be reused – Employees do not share their password – Notifying the security department if they feel their password has been compromised. – Yearly confirmation from employees that they understand their responsibilities
  • 13. Backup • Important information should be backed up and store in a separate location – Very useful in the event that the primary computer systems become unavailable • A good backup plan requires: – Understanding of the organizational information resources – Regular backups of all data – Offsite storage of backups – Test of the data restoration • Complementary practices: – UPS systems – Backup processing sites
  • 14. Firewalls • Can be a piece of hardware and/or software • Inspects and stops packets of information that don’t apply to a strict set of rules – Inbound and outbound • Hardware firewalls are connected to the network • Software firewalls run on the operating system and intercepts packets as they arrive to a computer • Can implement multiple firewalls to allow segments of the network to be partially secured to conduct business • Intrusion Detection Systems (IDS) watch for specific types of activities to alert security personnel of potential network attack
  • 15. Virtual Private Networks (VPN) • Some systems can be made private using an internal network to limit access to them – Can’t be accessed remotely and are more secure – Requires specific connections such as being onsite • VPN allows users to remotely access these systems over a public network like the Internet – Bypasses the firewall – Encrypts the communication or the data exchanged • CPP students have this ability for: – Exchange services from your Outlook client – Mapping a drive or mounting a file share – Instructions to establish a VPN connection can be found at https://ehelp.wiki.cpp.edu/VPN_(Virtual_Private_Network):_ Requirements
  • 16. Physical Security • Protection of the actual equipment – Hardware – Networking components • Organizations need to identify assets that need to be physically secured: – Locked doors – Physical intrusion detection - e.g., using security cameras – Secured equipment – Environmental monitoring – temperature, humidity, and airflow for computer equipment – Employee training
  • 17. Security Policies • Starting point in developing an overall security plan • Formal, brief, and high-level statement issued by senior management – Guidelines for employee use of the information resources – Embraces general beliefs, goals, objectives, and acceptable procedures – Includes company recourse if employees violate the policy • Security policies focus on confidentiality, integrity, and availability – Includes applicable government or industry regulations • Bring Your Own Device (BYOD) policies for mobile devices – Use when accessing/storing company information – Intellectual property implications • Difficult to balance the need for security and users’ needs
  • 18. Personal Information Security • Simple steps that individuals can take to be more secure: – Keep your software up to date – Install antivirus software – Use public networks carefully – Backup your data – Secure your accounts with two-factor authentication – Make your passwords long, unique, and strong – Be suspicious of strange links and attachments • For more information on personal information security, visit the Stop, Think, Connect website at http://www.stopthinkconnect.org/
  • 19. Summary • Identified the information security triad • Identified and understand the high-level concepts surrounding information security tools • How to secure yourself digitally
  • 20. Kinds of Threats • Kinds of threats: – Interception • an unauthorized party (human or not) gains access to an asset – Interruption • an asset becomes lost, unavailable, or unusable – Modification • an unauthorized party changes the state of an asset – Fabrication • an unauthorized party counterfeits an asset [Pfleeger & Pfleeger] • Examples?
  • 21. Levels of Vulnerabilities / Threats (reversed order to illustrate interdependencies) • D) for other assets (resources) • including. people using data, s/w, h/w • C) for data • „on top” of s/w, since used by s/w • B) for software • „on top” of h/w, since run on h/w • A) for hardware [Pfleeger & Pfleeger]
  • 22. A) Hardware Level of Vulnerabilities / Threats • Add / remove a h/w device – Ex: Snooping, wiretapping Snoop = to look around a place secretly in order to discover things about it or the people connected with it. [Cambridge Dictionary of American English] – Ex: Modification, alteration of a system – ... • Physical attacks on h/w => need physical security: locks and guards – Accidental (dropped PC box) or voluntary (bombing a computer room) – Theft / destruction • Damage the machine (spilled coffe, mice, real bugs) • Steal the machine • „Machinicide:” Axe / hammer the machine • ...
  • 23. Example of Snooping: Wardriving / Warwalking, Warchalking, • Wardriving/warwalking -- driving/walking around with a wireless-enabled notebook looking for unsecured wireless LANs • Warchalking -- using chalk markings to show the presence and vulnerabilities of wireless networks nearby – E.g., a circled "W” -- indicates a WLAN protected by Wired Equivalent Privacy (WEP) encryption [Barbara Edicott-Popovsky and Deborah Frincke, CSSE592/492, U. Washington]
  • 24. B) Software Level of Vulnerabilities / Threats • Software Deletion – Easy to delete needed software by mistake – To prevent this: use configuration management software • Software Modification – Trojan Horses, , Viruses, Logic Bombs, Trapdoors, Information Leaks (via covert channels), ... • Software Theft – Unauthorized copying • via P2P, etc.
  • 25. Types of Malicious Code Bacterium - A specialized form of virus which does not attach to a specific file. Usage obscure. Logic bomb - Malicious [program] logic that activates when specified conditions are met. Usually intended to cause denial of service or otherwise damage system resources. Trapdoor - A hidden computer flaw known to an intruder, or a hidden computer mechanism (usually software) installed by an intruder, who can activate the trap door to gain access to the computer without being blocked by security services or mechanisms. Trojan horse - A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program. Virus - A hidden, self-replicating section of computer software, usually malicious logic, that propagates by infecting (i.e., inserting a copy of itself into and becoming part of) another program. A virus cannot run by itself; it requires that its host program be run to make the virus active. Worm - A computer program that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume computer resources destructively. More types of malicious code exist… [cf. http://www.ietf.org/rfc/rfc2828.txt]
  • 26. C) Data Level of Vulnerabilities / Threats • How valuable is your data? – Credit card info vs. your home phone number – Source code – Visible data vs. context • „2345” -> Phone extension or a part of SSN? • Adequate protection – Cryptography • Good if intractable for a long time • Threat of Identity Theft – Cf. Federal Trade Commission: http://www.consumer.gov/idtheft/
  • 27. Identity Theft • Cases in 2003: – Credit card skimmers plus drivers license, Florida – Faked social security and INS cards $150-$250 – Used 24 aliases – used false id to secure credit cards, open mail boxes and bank accounts, cash fraudulently obtained federal income tax refund checks, and launder the proceeds – Bank employee indicted for stealing depositors' information to apply over the Internet for loans – $7M loss, Florida: Stole 12,000 cards from restaurants via computer networks and social engineering • Federal Trade Commission: http://www.consumer.gov/idtheft/ [Barbara Edicott-Popovsky and Deborah Frincke, CSSE592/492, U. Washington]
  • 28. Types of Attacks on Data CIA • Disclosure – Attack on data confidentiality • Unauthorized modification / deception – E.g., providing wrong data (attack on data integrity) • Disruption – DoS (attack on data availability) • Usurpation – Unauthorized use of services (attack on data confidentiality, integrity or availability)
  • 29. Ways of Attacking Data CIA • Examples of Attacks on Data Confidentiality – Tapping / snooping • Examples of Attacks on Data Integrity – Modification: salami attack -> little bits add up • E.g/ „shave off” the fractions of cents after interest calculations – Fabrication: replay data -> send the same thing again • E.g., a computer criminal replays a salary deposit to his account • Examples of Attacks on Data Availability – Delay vs. „full” DoS • Examples of Repudiation Attacks on Data: – Data origin repudiation: „I never sent it” Repudiation = refusal to acknowledge or pay a debt or honor a contract (especially by public authorities). [http://www.onelook.com] – Data receipt repudiation: „I never got it”
  • 30. D) Vulnerab./Threats at Other Exposure Points • Network vulnerabilities / threats – Networks multiply vulnerabilties and threats, due to: • their complexity => easier to make design/implem./usage mistakes • „bringing close” physically distant attackers – Esp. wireless (sub)networks • Access vulnerabilities / threats – Stealing cycles, bandwidth – Malicious physical access – Denial of access to legitimate users • People vulnerabilities / threats – Crucial weak points in security • too often, the weakest links in a security chain – Honest insiders subjected to skillful social engineering – Disgruntled employees
  • 31. 5. Attackers • Attackers need MOM – Method Skill, knowledge, tools, etc. with which to pull off an attack – Opportunity Time and access to accomplish an attack – Motive Reason to perform an attack
  • 32. Types of Attackers • Types of Attackers - Classification 1 – Amateurs • Opportunistic attackers (use a password they found) • Script kiddies – Hackers - nonmalicious • In broad use beyond security community: also malicious – Crackers – malicious – Career criminals – State-supported spies and information warriors • Types of Attackers - Classification 2 (cf. before) – Recreational hackers / Institutional hackers – Organized criminals / Industrial spies / Terrorists – National intelligence gatherers / Info warriors
  • 33. Example: Hacking As Social Protest • Hactivism • Electro-Hippies • DDOS attacks on government agencies • SPAM attacks as “retaliation” [Barbara Edicott-Popovsky and Deborah Frincke, CSSE592/492, U. Washington]
  • 34. • What is threat detection? • As the term relates to computer security, a threat refers to anything that has the potential to cause harm to a computer system or network. • Importantly, threats are not the same as attacks. • Threats represent the potential for attacks to occur; attacks are the act of breaking in or harming a computer or network. • A more advanced form of threat, the Advanced Persistent Threat (APT), emerged several years ago. • As the name suggests, the threat is sophisticated and remains in your network for a prolonged period of time, giving attackers a longer window to act. • Threat detection is the process by which you find threats on your network, your systems or your applications.
  • 35. • The idea is to detect threats before they are exploited as attacks. • Malware on an endpoint, for example, may or may not have been exploited in an attack. • For that reason, security teams have been shifting their focus from so-called indicators of compromise (IoC), like a malware infection, to techniques, tactics, and procedures (TTPs). • The goal is to catch the bad actor in the process of introducing a threat by watching for telltale techniques versus finding evidence that a threat was already introduced by finding an IoC.
  • 36. What are attackers after? • Cybercriminals are usually after one of five things. Not surprisingly, the end goal is usually monetary. • User credentials—cybercriminals are often not after you, but rather after your credentials. They want your username and password to get into systems that you have access to. It’s much easier to open a door with a key then pick a lock or break a window. Some attackers will use a technique called privilege escalation to grant themselves additional privileges by exploiting the underlying operating system. They then use these escalated privileges to get to what they are really after. • Personally identifiable information (PII)—some criminals want personal information they can use to impersonate you, such as a social security number or driver’s license number. These and other details can be used to apply for credit cards, open bank accounts in your name, and the like. • Intellectual property or sensitive corporate information—industrial espionage is alive and well.
  • 37. • Nation states are looking to steal trade secrets to boost their own economies. Competitors are looking to gain an advantage or fill a gap in their offerings by taking advantage of what their rivals know. Employees are at risk for stealing important secrets for personal gain, or perhaps out of spite for being passed over for a promotion. Companies need to protect their product designs, customer databases, business processes, marketing plans and more. • Ransom—criminals have been extorting companies and individuals for years online. Their two most potent weapons are ransomware where endpoint or server files are encrypted and a ransom demanded to unlock them and DDoS attacks where traffic floods web servers or networks with bogus traffic until the ransom is paid. • Revenge—some disgruntled users or so-called hacktivists look to bring down or slow down systems to protest company policy. In some cases, attackers may deface web pages to embarrass companies or government organizations.
  • 38. What are examples of threats? • Here are some common examples of threats: • Malware—malicious software that infects your computer, such as computer viruses, worms, Trojan horses, spyware, and adware. • Phishing—fake emails disguised as legitimate communications that seek to steal sensitive information from an unwitting recipient. • Ransomware—a malware that encrypts files on an endpoint or server and then displays a message demanding ransom in exchange for decrypting files. • Trojan horse—a computer executable, sometimes known as a back door, that can be remotely activated to perform a variety of attacks.
  • 39. How to identify threats? • Successful threat detection is highly reliant on the maturity of the local cybersecurity capabilities. • It’s relatively simple to know the landscape, keep up with intelligence and sector-related resources, and have an internal program for identifying vulnerabilities. • However, the larger an environment grows – the higher the demand for solutions that can assist in advanced threat detection, at least in part automatically, becomes necessary. • Furthermore, sophisticated actors that are targeting your organization might not be so easy to identify. For example, you can never be entirely sure if a state actor has taken an interest in your research. Which has been a cause of many high-profile breaches.
  • 40. • Security refers to protection against the unauthorized access of data. We security controls in place to limit who access the information. • Privacy is harder to define, in part because user-specific details can also secure data. In the coming month, we have a blog with more information on Personally Identifiable Information
  • 41. • For example, hospital and clinic staff use secure systems to communicate with patients about their health, instead of sending information via personal email accounts.This type of data transmission is an example of security. On the other hand, privacy provisions, might limit patient health record access to specific hospital staff members, such as doctors, nurses, and medical assistants. Privacy might also stipulate when users can access specific information (i.e. business hours only).
  • 42. • privacy:In CPS, a huge data collection process is constantly taking place, and this is what most people are not aware of .Therefore, a person has the right to access his own data, along with being given the right to know what type of data is being collected about them by data collectors, and to whom these data is being given or sold to. However, this also requires preventing the illegal/unauthorised access to the user’s personal data and their information disclosure
  • 43. • Threat modelling for Cyber-Physical Systems (CPS) • CPS is a combination of computation, physical processes, and networking built on the traditional embedded systems technology. Though it has been around for some time, users and experts alike have not truly realized its actual potential. However, companies and institutions are understanding the wealth of opportunities CPS promises in recent years and are investing heavily to catalyze its development. • CPS is not immune to cyber or physical threats. There are three main reasons for this: system diversity, reliance on sensitive information, and large-scale deployment. Exposure of these systems to threats can have far-reaching ramifications, but efficient threat modelling can prevent this. Here are three ways threat modelling can protect CPS:
  • 44. 1. STRIDE • STRIDE stands for a combination of six security threats: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. Microsoft first developed it to identify computer security threats. Lightweight and effective, their mechanism analyses missing security properties that could help determine emerging threat types. It also identifies how a vulnerability in a system component can weaken the security structure.
  • 45. 3.LINDDUN • LINDDUN stands for Linkability, Identifiability, Nonrepudiation, Detectability, Disclosure of Information, Unawareness, and Noncompliance. It is a privacy threat modelling technique that systematically mitigates privacy threats in software architectures. It supports the customer in navigating the threat modelling process in a structured way. LINDDUN gives knowledge support to even non-experts for understanding privacy threats. • Using the LINDDUN framework, organizations can model their systems with data flow diagrams, determine the scenario and identify threats, and finally map the threats back to a data flow diagram. Using this analysis, companies get the support to prioritize threats and create case-appropriate threat mitigation and management strategies.
  • 46. CPS Security Approaches from a Control-theoretic Perspective
  • 47. CPS Security Approaches from a Cyber Security Perspective
  • 48. • What Are the Key Features of Cyber-Physical Systems? • The Cyber-Physical systems are not only the interface between physical systems and computational systems, but they are also have all structural characteristics that emerge from combining two different kinds of systems, as shown in Figure 2. Some key features of CPS are [2] :  All physical objects have a cyber capability that is IT- dominated.  Every action is predicted in CPSs.  Advanced sensing is applied to CPSs.  All software and systems that are used are trusted and highly confident.  CPSs always have one or more feedback loops from their output to their input.  CPSs are self-documenting, self-monitoring and self-optimizing.  CPSs should be securely connected via global networks.