History, What is Information Security?, Critical Characteristics of Information, Components of an
Information System, Securing the Components, Balancing Security and Access,
I was invited to present a talk on "Artificial Intelligence for Cyber Security" for #GirlsInAIHack2021 by #TeenInAIFiji. It was my honor to be there and share my words with the participants and I wish all the participants the best wishes.
Girls from 25 counties aged 12-18 had participated in this Hackathon. They were using Hot Technologies like AI and ML to fight world problems to make good. The event was started on #InternationalWomensDay2021. Total of 1000 participations
500+ Mentors & Organizers
120+ International Speakers were part of it
You can watch it here - https://youtu.be/rhWyt68yuI0
If you want to invite me for a webinar or conference connect
mail: hello@priyanshuratnakar.com or priyanshuratnakar@protonmail.com
You can use the slides but give credit somewhere
Crime analysis mapping, intrusion detection using data miningVenkat Projects
Crime analysis mapping, intrusion detection using data mining
Data Mining plays a key role in Crime Analysis. There are many different algorithms mentioned in previous research papers, among them are the virtual identifier, pruning strategy, support vector machines, and apriori algorithms. VID is to find relation between record and vid. The apriori algorithm helps the fuzzy association rules algorithm and it takes around six hundred seconds to detect a mail bomb attack. In this research paper, we identified Crime mapping analysis based on KNN (K – Nearest Neighbor) and ANN (Artificial Neural Network) algorithms to simplify this process. Crime Mapping is conducted and Funded by the Office of Community Oriented Policing Services (COPS). Evidence based research helps in analyzing the crimes. We calculate the crime rate based on the previous data using data mining techniques. Crime Analysis uses quantitative and qualitative data in combination with analytic techniques in resolving the cases. For public safety purposes, the crime mapping is an essential research area to concentrate on. We can identity the most frequently crime occurring zones with the help of data mining techniques. In Crime Analysis Mapping, we follow the following steps in order to reduce the crime rate: 1) Collect crime data 2) Group data 3) Clustering 4) Forecasting the data. Crime Analysis with crime mapping helps in understanding the concepts and practice of Crime Analysis in assisting police and helps in reduction and prevention of crimes and crime disorders.
I was invited to present a talk on "Artificial Intelligence for Cyber Security" for #GirlsInAIHack2021 by #TeenInAIFiji. It was my honor to be there and share my words with the participants and I wish all the participants the best wishes.
Girls from 25 counties aged 12-18 had participated in this Hackathon. They were using Hot Technologies like AI and ML to fight world problems to make good. The event was started on #InternationalWomensDay2021. Total of 1000 participations
500+ Mentors & Organizers
120+ International Speakers were part of it
You can watch it here - https://youtu.be/rhWyt68yuI0
If you want to invite me for a webinar or conference connect
mail: hello@priyanshuratnakar.com or priyanshuratnakar@protonmail.com
You can use the slides but give credit somewhere
Crime analysis mapping, intrusion detection using data miningVenkat Projects
Crime analysis mapping, intrusion detection using data mining
Data Mining plays a key role in Crime Analysis. There are many different algorithms mentioned in previous research papers, among them are the virtual identifier, pruning strategy, support vector machines, and apriori algorithms. VID is to find relation between record and vid. The apriori algorithm helps the fuzzy association rules algorithm and it takes around six hundred seconds to detect a mail bomb attack. In this research paper, we identified Crime mapping analysis based on KNN (K – Nearest Neighbor) and ANN (Artificial Neural Network) algorithms to simplify this process. Crime Mapping is conducted and Funded by the Office of Community Oriented Policing Services (COPS). Evidence based research helps in analyzing the crimes. We calculate the crime rate based on the previous data using data mining techniques. Crime Analysis uses quantitative and qualitative data in combination with analytic techniques in resolving the cases. For public safety purposes, the crime mapping is an essential research area to concentrate on. We can identity the most frequently crime occurring zones with the help of data mining techniques. In Crime Analysis Mapping, we follow the following steps in order to reduce the crime rate: 1) Collect crime data 2) Group data 3) Clustering 4) Forecasting the data. Crime Analysis with crime mapping helps in understanding the concepts and practice of Crime Analysis in assisting police and helps in reduction and prevention of crimes and crime disorders.
Monitoraggio della sicurezza e rilevamento di anomalie cyber (Roberta Terruggia)Sardegna Ricerche
La presentazione di Roberta Terruggia dal titolo "Monitoraggio della sicurezza e rilevamento di anomalie cyber", realizzato durante l’evento “La Cybersecurity nelle Smart Grid”. L’evento è stato organizzato dalla Piattaforma Energie rinnovabili per parlare di sicurezza informatica nelle reti energetiche.
L’evento si inserisce nelle attività di divulgazione del Progetto Complesso "Reti Intelligenti per la gestione efficiente dell'energia", sviluppato nell'attuale programmazione comunitaria POR FESR Sardegna 2014-2020.
Cyber threat intelligence: maturity and metricsMark Arena
From SANS Cyber Threat Intelligence Summit 2016. What are the characteristics of a mature cyber threat intelligence program, and how do you develop meaningful metrics? Traditionally, intelligence has been about providing decision
support to executives whilst the field of cyber threat intelligence supports this customer, and network defenders, who have different requirements. By using the intelligence cycle, this talk will
seek to help attendees understand how they can identify what a mature intelligence program looks like and the steps to take their program to the next level.
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl
This joint webinar, in collaboration with IBM, offers a look at the industry leading Threat Hunting App for IBM QRadar. By combining the threat detection capabilities of QRadar and Sqrrl, security analysts are armed with advanced analytics and visualization to hunt for unknown threats and more efficiently investigate known incidents.
Watch the training with audio here: http://info.sqrrl.com/sqrrl-ibm-threat-hunting-for-qradar-users
Delivered 1 - day Practical Threat Hunting workshop at sacon.io in Bangalore,India balancing on developing the threat hunting program in organization, how and where to start from as well threat hunting demos as it would look on the ground with hands on labs for 100+ participants.
CNIT 123 8: Desktop and Server OS VulnerabilitiesSam Bowne
For a college class in Ethical Hacking and Network Defense at CCSF, by Sam Bowne. More info at https://samsclass.info/123/123_S18.shtml
Based on this book
Hands-On Ethical Hacking and Network Defense, Third Edition by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
The Security Vulnerability Assessment Process & Best PracticesKellep Charles
Conducting regular security assessments on the organizational network and computer systems has become a vital part of protecting information-computing assets. Security assessments are a proactive and offensive posture towards information security as compared to the traditional reactive and defensive stance normally implemented with the use of Access Control-Lists (ACLs) and firewalls.
Too effectively conduct a security assessment so it is beneficial to an organization, a proven methodology must be followed so the assessors and assesses are on the same page.
This presentation will evaluate the benefits of credential scanning, scanning in a virtual environment, distributed scanning as well as vulnerability management.
This training creates the awareness of the security threats facing individuals, business owner’s, and corporations in today’s society and induces a’ plan-protection’ attitude. It enriches individuals, students’, business owners’ and workers’ approach to handling these threats and responding appropriately when these threats occur.
Monitoraggio della sicurezza e rilevamento di anomalie cyber (Roberta Terruggia)Sardegna Ricerche
La presentazione di Roberta Terruggia dal titolo "Monitoraggio della sicurezza e rilevamento di anomalie cyber", realizzato durante l’evento “La Cybersecurity nelle Smart Grid”. L’evento è stato organizzato dalla Piattaforma Energie rinnovabili per parlare di sicurezza informatica nelle reti energetiche.
L’evento si inserisce nelle attività di divulgazione del Progetto Complesso "Reti Intelligenti per la gestione efficiente dell'energia", sviluppato nell'attuale programmazione comunitaria POR FESR Sardegna 2014-2020.
Cyber threat intelligence: maturity and metricsMark Arena
From SANS Cyber Threat Intelligence Summit 2016. What are the characteristics of a mature cyber threat intelligence program, and how do you develop meaningful metrics? Traditionally, intelligence has been about providing decision
support to executives whilst the field of cyber threat intelligence supports this customer, and network defenders, who have different requirements. By using the intelligence cycle, this talk will
seek to help attendees understand how they can identify what a mature intelligence program looks like and the steps to take their program to the next level.
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl
This joint webinar, in collaboration with IBM, offers a look at the industry leading Threat Hunting App for IBM QRadar. By combining the threat detection capabilities of QRadar and Sqrrl, security analysts are armed with advanced analytics and visualization to hunt for unknown threats and more efficiently investigate known incidents.
Watch the training with audio here: http://info.sqrrl.com/sqrrl-ibm-threat-hunting-for-qradar-users
Delivered 1 - day Practical Threat Hunting workshop at sacon.io in Bangalore,India balancing on developing the threat hunting program in organization, how and where to start from as well threat hunting demos as it would look on the ground with hands on labs for 100+ participants.
CNIT 123 8: Desktop and Server OS VulnerabilitiesSam Bowne
For a college class in Ethical Hacking and Network Defense at CCSF, by Sam Bowne. More info at https://samsclass.info/123/123_S18.shtml
Based on this book
Hands-On Ethical Hacking and Network Defense, Third Edition by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
The Security Vulnerability Assessment Process & Best PracticesKellep Charles
Conducting regular security assessments on the organizational network and computer systems has become a vital part of protecting information-computing assets. Security assessments are a proactive and offensive posture towards information security as compared to the traditional reactive and defensive stance normally implemented with the use of Access Control-Lists (ACLs) and firewalls.
Too effectively conduct a security assessment so it is beneficial to an organization, a proven methodology must be followed so the assessors and assesses are on the same page.
This presentation will evaluate the benefits of credential scanning, scanning in a virtual environment, distributed scanning as well as vulnerability management.
This training creates the awareness of the security threats facing individuals, business owner’s, and corporations in today’s society and induces a’ plan-protection’ attitude. It enriches individuals, students’, business owners’ and workers’ approach to handling these threats and responding appropriately when these threats occur.
01Introduction to Information Security.pptit160320737038
A distributed system is a collection of computer programs that utilize computational resources across multiple, separate computation nodes to achieve a common, shared goal. Distributed systems aim to remove bottlenecks or central points of failure from a system.
Session 2 (two) of the course Information Technology Security and Business Continuity . Objective if information security, attacking method, responsibilities, risk management and Security System Development Life Cycle are discussed
Presented at Bangladesh Institute of Management on 21 November 2015.
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxEduSkills OECD
Andreas Schleicher presents at the OECD webinar ‘Digital devices in schools: detrimental distraction or secret to success?’ on 27 May 2024. The presentation was based on findings from PISA 2022 results and the webinar helped launch the PISA in Focus ‘Managing screen time: How to protect and equip students against distraction’ https://www.oecd-ilibrary.org/education/managing-screen-time_7c225af4-en and the OECD Education Policy Perspective ‘Students, digital devices and success’ can be found here - https://oe.cd/il/5yV
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
How to Create Map Views in the Odoo 17 ERPCeline George
The map views are useful for providing a geographical representation of data. They allow users to visualize and analyze the data in a more intuitive manner.
How to Split Bills in the Odoo 17 POS ModuleCeline George
Bills have a main role in point of sale procedure. It will help to track sales, handling payments and giving receipts to customers. Bill splitting also has an important role in POS. For example, If some friends come together for dinner and if they want to divide the bill then it is possible by POS bill splitting. This slide will show how to split bills in odoo 17 POS.
The Indian economy is classified into different sectors to simplify the analysis and understanding of economic activities. For Class 10, it's essential to grasp the sectors of the Indian economy, understand their characteristics, and recognize their importance. This guide will provide detailed notes on the Sectors of the Indian Economy Class 10, using specific long-tail keywords to enhance comprehension.
For more information, visit-www.vavaclasses.com
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
This is a presentation by Dada Robert in a Your Skill Boost masterclass organised by the Excellence Foundation for South Sudan (EFSS) on Saturday, the 25th and Sunday, the 26th of May 2024.
He discussed the concept of quality improvement, emphasizing its applicability to various aspects of life, including personal, project, and program improvements. He defined quality as doing the right thing at the right time in the right way to achieve the best possible results and discussed the concept of the "gap" between what we know and what we do, and how this gap represents the areas we need to improve. He explained the scientific approach to quality improvement, which involves systematic performance analysis, testing and learning, and implementing change ideas. He also highlighted the importance of client focus and a team approach to quality improvement.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
1. INFORMATION
SECURITY
Unit I
History, What is Information Security?, Critical Characteristics of Information, Components of an
Information System, Securing the Components, Balancing Security and Access,
4. • 1960s: Organizations start to protect their computers
• 1970s:The first hacker attacks begin
• 1980s: Governments become proactive in the fight against
cybercrime
• 1990s: Organized crime gets involved in hacking
• 2000s: Cybercrime becomes treated like a crime
• 2010s: Information security becomes serious
5. VARIOUS
ASPECTS OF
SECURITY
Physical Security - to protect the physical items, objects, or
areas of an organization from unauthorized access and misuse.
Personal Security – to protect the individual or group of
individuals who are authorized to access the organization and
its operations.
Operations Security – to protect the details of a particular
operation or series of activities.
Communications Security – to protect an organization’s
communications media, technology, and content.
Network Security – to protect networking components,
connections, and contents.
Information Security – to protect information assets
6. A
C
I
CIA Triad:
1. Confidentiality
ensures information is inaccessible
to unauthorized people
2. Integrity
ensures the data is accurate and
trustworthy by preventing
unauthorized modification
3. Availability
ensures authorized people can
access the information when needed
Fundamental principles of Information Security
7. CRITICAL
CHARACTERISTICS
OF INFORMATION
• The value of information comes from the characteristics it
possesses:
• Availability – available to authorized user on demand
• Accuracy – error free to expected standards
• Authenticity – original & genuine, not fabrication
• Confidentiality – undisclosed to unauthorized people
• Integrity – whole, complete, and uncorrupted
• Utility – serves the purpose & available in meaningful form
• Possession - Information is said to be in possession if one
obtains it, independent of format or other characteristic.
While a breach of confidentiality always results in a breach of possession,a breach of
possession does not always result in a breach of confidentiality.
8. COMPONENTS OF
INFORMATION
SYSTEM
• Information System (IS) is entire set of software,
hardware, data, people and networks necessary to
use information as a resource in the organization
• Software
• Exploitation substantial portion of attacks on
information
• Hardware
• Physical security policies
• Securing physical location important
• Data
• Often most valuable asset
• Main target of intentional attacks
• People
• Weakest link
• Must be well trained and informed
• Networks
• Locks and keys won’t work
9. COMPONENTS OF
INFORMATION
SECURITY
• Management of Information Security primarily focuses on the
managerial aspects of information security, such as
• access control models
• information security governance
• information security program assessment and metrics
• Network security consists of the policies and practices
adopted to prevent and monitor unauthorized access, misuse,
modification, or denial of a computer network and network-
accessible resources.
• Computer Security is the protection of computing systems
and the data that they store or access.
• Computer and Data security refers to protective digital
privacy measures that are applied to prevent unauthorized
access to computers, databases and websites. Data security
also protects data from corruption. Data security is an
essential aspect of IT for organizations of every size and type.
10. Approaches to
Information Security
The approaches are
based on:
1. where planning is
sourced and
2. from which direction
the pressure for
success if driven
11. APPROACHES TO INFO. SECURITY
Bottom Up approach
• Grassroots effort: systems administrators
attempt to improve security of their systems
• Key advantage: technical expertise of
individual administrators
• Seldom works, as it lacks several critical
features:
• Participant support
• Scalability
Top Down approach
• Initiated by upper management
• Issue policy, procedures and processes
• Dictate goals and expected outcomes of
project
• Determine accountability for each required
action
• The most successful also involve formal
development strategy referred to as systems
development life cycle
13. PHASES OF SECSDLC
INVESTIGATION
• Directive from
management
• Creation of security policy
• Teams:
– Analyse problem
– Define Scope
– Specify Goals
– Identify Constraints
• Feasibility Analysis
• Determine:
– Resources
– Commitment
ANALYSIS
Analysis of:
• Existing security policies
• Known threats
• Current controls
• Legal issues –privacy laws on
personal info
Risk Management
– Identify, assess & evaluate risks
levels
– Prioritise risks and manage
them
Threat:
• Threat agent: the cause of danger –
object, person or entity
• Vulnerability: weakness, exposure,
helplessness, defenceless
DESIGN
• LOGICAL DESIGN
Team members:
• Create & develop blue
print for security
• Examine & implement
key policies
• PHYSICAL DESIGN
Team members:
• Evaluate technology to
support security blue
print
• Generate alternative
solutions
• Agree on final design
• Also includes developing
criteria for determining
the definition of
successful solution.
14. PHASES OF SECSDLC
DESIGN
• Policies
provides rules for protection
of information assets
– Gen/Security program policy
– Issue specific security policy
– System specific security
policy
• SETA
– Security education – building
in-depth education
– Security training – develop
skills & knowledge
– Security awareness –
improving awareness
• Design of controls
– Managerial
– Operational
– Technical
IMPLEMENTATION
• Security solutions acquired,
implemented and tested
• Personnel issues
– Training
– Education programs
• Management of project plan
• Staffing InfoSec function
– Position & name security function
– Understand impact of InfoSec
across IT
– Integrate InfoSec concepts into
personnel management practices
• Information Security
Professionals
– CIO, CISO, Security Manager,
Data Owner, Data Custodian, Data
users
• Professional Certification
MAINTENANCE
• Maintenance Model
• External
monitoring
• Internal monitoring
• Planning & risk
assessment
• Vulnerability
assessment &
remediation –
penetration testing
• Readiness & review -
functionality
15. MAINTENANCE
MODEL
• Fault Management – id and
address faults
• Configuration & Change
Management – change
components & change
administration
• Accounting Management &
Auditing – system monitoring
• Performance Management
16. THREATS TO
INFORMATION
SECURITY
Overview of various threats to the
information security.
Potential Acts of Human Error or Failure
Deliberate Acts of Espionage or
Trespass
Deliberate Acts of Information Extortion
Deliberate Acts of Sabotage or
Vandalism
Deliberate Acts of Theft
Deliberate Software Attacks
Forces of Nature
Potential Deviations in Quality of
Service from Service Providers
Technical Hardware Failures or Errors
Technical Software Failures or Errors
Technological Obsolescence
17.
18.
19. CLASSIFICATION OF
SECURITY VULNERABILITIES
Information security threats are through possible
contact with the gaps in the protection system,
or factors of vulnerability.
The main vulnerabilities are caused by the
following factors:
•Shortcomings of software or hardware
•Different characteristics of the structure of
automated systems in the information flow
•Some operational processes of the system are
inadequate
•Inaccuracy of information exchange protocols
and interface
•Difficult operating conditions and conditions in
which the information is located.
Most often the sources of threats are triggered
in order to obtain illegal benefits after damaging
information. However, accidental effect of
threats due to insufficient protection and mass
attack of a threatening factor is also possible.
If you eliminate or at least mitigate the impact
from vulnerabilities, you can avoid a significant
threat meant to damage the storage system.
Types of
Vulnerabilities
Objective Subjective Random
20. Random vulnerabilities
These factors vary depending on unforeseen circumstances and features of the information
environment. They are almost impossible to predict in the information space, but you must be prepared
to rapidly eliminate them.
Engineering and technical investigation or a response attack will help to mitigate the following
problems:
1. System failures:
•Caused by malfunctions of technical means at different levels of processing and storage of information
(including those responsible for system performance and access to it).
•Malfunctions and obsolete elements (demagnetization of data carriers, such as diskettes, cables,
connection lines and microchips).
•Malfunctions of different software that supports all links in the chain of information storage and
processing (antiviruses, application and service programs).
•Malfunctions of auxiliary equipment of information systems (power transmission failures).
2. Factors weakening information security:
•Damage to communications such as water supply, electricity, ventilation and sewerage.
•Malfunctions of enclosing devices (fences, walls in buildings, housing of the equipment where
information is stored).
21. Objective vulnerabilities
They depend on the technical design of the equipment which is installed on the object requiring protection, as well as its
characteristics. It is impossible to escape all these factors, but their partial elimination can be achieved through engineering
techniques in the following cases:
1. Related to emission technical means:
•Electromagnetic techniques (side emission and signals from cable lines, elements of technical means).
•Sound versions (acoustic or with vibration signals).
•Electrical (slip of signals into the circuits of electrical network, through the induction into the lines and conductors, because of
uneven current distribution).
2. Activated:
•Malware, illegal programs, technological exits from programs which are together called ‘implant tools’.
•Hardware implants: introduced directly into telephone lines, electrical networks or premises.
3. Due to the characteristics of a protected object:
•Object location (visibility and absence of a controlled zone around the information object, presence of vibration or sound reflecting
elements around the object, presence of remote elements of the object).
•Arrangement of information exchange channels (use of radio channels, lease of frequencies or use of shared networks).
4. Those that depend on the characteristics of carriers:
•Parts with electro-acoustic modifications (transformers, telephone devices, microphones and loudspeakers, inductors).
•Elements under the influence of electromagnetic field (carriers, microcircuits and other elements).
22. Subjective vulnerabilities
In most cases, the vulnerabilities of this subtype result from inadequate employee actions at the level of storage and
protection system development. Eliminating such factors is possible using hardware and software:
1. Inaccuracies and gross errors that violate information security:
•At the stage of loading the ready software or preliminary algorithm development, as well as during its use (possibly,
during daily use or during data entry).
•When managing programs and information systems (difficulties in the training to work with the system, individual set
up of services, manipulation of information flows).
•During the use of technical equipment (during switch-on or switch-off, the use of devices for transmitting or receiving
information).
2. System malfunctions in the information environment:
•The mode of protection of personal data (the problem may be caused by laid-off employees or current employees
during off-hours when they get unauthorized access to the system).
•Safety and security mode (when accessing facilities or technical devices).
•While working with devices (inefficient energy use or improper equipment maintenance).
•While working with data (change of information, its saving, search and destruction of data, elimination of defects and
inaccuracies).