SlideShare a Scribd company logo

Commercial and government cyberwarfare

Download as PPT, PDF
Nicholas Davis
Nicholas Davis
Technology
1 of 27
Information Systems 365/765 Lecture 2 Commercial and Government Cyberwarfare
Today – Cyber-warfare • Discuss “How to Sell Information Security” article • Introduction to Cyberwar • Discuss technical vs. administrative controls • Watch Frontline video • Discuss written assignment #1
Prospect Theory • People react differently to risk and guaranteed outcomes based on whether those outcomes are positive or negative. Known as the Prospect Theory S-Curve
Prospect Theory • If someone offers you a guaranteed $500 or a 50% chance at winning $1000, studies show that people tend to pick the guaranteed $500
Prospect Theory • If someone told you that you had to surrender $500 or take a 50% chance of surrendering $1000, most people would tend to take the risk of losing $1000 rather than the fixed $500 loss
Prospect Theory • When it comes to gain, people are risk averse • When it comes to loss, people embrace risk • What does this mean for IT security, which is almost always sold based on potential to avoid loss?
How to Sell Information Security Prospect Theory in relation to information systems security, the battle of cost, risk and features. The constant of battle of proving ROI The challenges of Layering security on after the sale: cost, complexity of administration and true usefulness.
How to Sell Information Security (DISCUSSION) • What has your personal experience been with security add on products? • How do you feel about paying for virus scanning, when you already paid for the Operating System? • If you were selling a system which required a security add on component, what approach would you take? • As an IS security decision maker, what approach would you take with your vendors?
Security Technologies are Exciting, But… In this class you will get hands on experience with powerful military grade encryption technology, you will use automated Rainbow Tables to crack top level Administrator Passwords and you will learn how to sniff network traffic! But, we have to start at the beginning, by gaining an understanding of the threats.
Cyberwar • Cyber-warfare (also known as cybernetic war, or cyberwar) is the use of computers and the Internet in conducting warfare in cyberspace.
Types of Attacks Cyber Espionage The act or practice of obtaining secrets (sensitive, proprietary of classified information) from individuals, competitors, rivals, groups, governments and enemies for military, political, or economic advantage using illegal exploitation methods via the internet, networks, software and or computers.
Web Vandalism – The Weapon of Mass Irritation • Attacks that deface web pages, or denial-of-service attacks. This is normally swiftly contained and of little harm. • Distributed Denial-of-Service Attacks: Large numbers of computers in one country launch a DoS attack against systems in another country.
Gathering Sensitive or Proprietary Information • Classified information that is not handled securely can be intercepted and even modified, making espionage possible from the other side of the world. See Titan Rain and Moonlight Maze. • Encryption!
Equipment Disruption • Military and commercial activities that use computers and satellites for co-ordination are at risk from this type of attack. Orders and communications can be intercepted or replaced, putting soldiers at risk
Attacking Critical Infrastructure • Power, water, fuel, communications, commercial and transportation are all vulnerable to a cyber attack
Information Security Controls • Two types of controls in all information systems • Technical controls • Administrative controls • Most good systems contain a combination of both types of controls
Technical Controls • A direct, continuous and unavoidable control on the use and distribution of data which allows, also for the purposes of possible audits, the following: • The direct identification of each user in auditable form • Keeping track, with auditable evidence, of the accesses which have occurred in the relevant period • The prevention and exclusion of any utilization of data and systems by subjects who are not authorized
Technical Controls - Examples • Can you think of any technical controls? • Username/Password • Building access card • ATM card, with PIN (dual factor)
Benefits of Technical Controls • Strong and consistent, treat everyone equally • Can be audited with real assurance of the truthfulness of the data
Drawbacks of Technical Controls • Costly • Complex and time consuming • When they break, they either fail open or fail closed, neither of which may be desirable
Administrative Controls • Using policies, procedures, safety signs, training or supervision, or a combination of these, to control risk.
Administrative Controls Examples • Can you think of any examples of administrative controls? • Signing out a key • Policy requiring the shredding of documents • Filling out a check in sheet when you enter and leave a secure area
Benefits of Administrative Controls • Usually inexpensive • Easy to implement • Very flexible
Drawbacks of Administrative Controls • Difficult to enforce • Difficult to audit • Impossible to verify • Easy to evade by a dedicated individual
Controls - Summary and Conclusions • Both technical controls and administrative controls have benefits and drawbacks • Technical controls are often used in highly sensitive systems • Administrative controls are used in lower priority situations • Hybrid solutions are the most common, placing technical controls at the front door and administrative controls behind them. Example: Server Platform
Cyberwar Video • When watching this video, think about the following: • How real is the threat of Cyberwar? • How does the application of Prospect Theory relate to the threat of Cyberwar? • What types of technical and administrative controls might help mitigate the risks posed by cyber attack?
Readings on Cybersecurity • Might give you some things to think about when writing Assignment #1 • Cyberwar – Myth or Reality • Make Vendors Liable for Bugs • The Truth About Chinese Hackers

Recommended

Understanding Technology Stakeholders: Their Progress and Challenges
Understanding Technology Stakeholders: Their Progress and ChallengesUnderstanding Technology Stakeholders: Their Progress and Challenges
Understanding Technology Stakeholders: Their Progress and ChallengesJohn Gilligan
 
Qualys user group presentation - vulnerability management - November 2009 v1 3
Qualys user group presentation - vulnerability management - November 2009 v1 3Qualys user group presentation - vulnerability management - November 2009 v1 3
Qualys user group presentation - vulnerability management - November 2009 v1 3Tom King
 
CISSP week 26
CISSP week 26CISSP week 26
CISSP week 26jemtallon
 
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_designNCC Group
 
Lock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data SecurityLock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data SecuritySmartCompliance
 
Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3Chinatu Uzuegbu
 
Ch1 cse
Ch1 cseCh1 cse
Ch1 csebhaskard8
 
Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Chinatu Uzuegbu
 

Recommended

Understanding Technology Stakeholders: Their Progress and Challenges
Understanding Technology Stakeholders: Their Progress and ChallengesUnderstanding Technology Stakeholders: Their Progress and Challenges
Understanding Technology Stakeholders: Their Progress and ChallengesJohn Gilligan
 
Qualys user group presentation - vulnerability management - November 2009 v1 3
Qualys user group presentation - vulnerability management - November 2009 v1 3Qualys user group presentation - vulnerability management - November 2009 v1 3
Qualys user group presentation - vulnerability management - November 2009 v1 3Tom King
 
CISSP week 26
CISSP week 26CISSP week 26
CISSP week 26jemtallon
 
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_designNCC Group
 
Lock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data SecurityLock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data SecuritySmartCompliance
 
Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3Chinatu Uzuegbu
 
Ch1 cse
Ch1 cseCh1 cse
Ch1 csebhaskard8
 
Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Chinatu Uzuegbu
 
Ch01
Ch01Ch01
Ch01Alitta Aisyawati
 
Mca Erg Oct 09
Mca Erg Oct 09Mca Erg Oct 09
Mca Erg Oct 09Donald Tabone
 
Information Security Overview
Information Security OverviewInformation Security Overview
Information Security Overviewn|u - The Open Security Community
 
The Datacenter Security Continuum
The Datacenter Security ContinuumThe Datacenter Security Continuum
The Datacenter Security ContinuumMartin Hingley
 
DRC -- Cybersecurity concepts2015
DRC -- Cybersecurity concepts2015DRC -- Cybersecurity concepts2015
DRC -- Cybersecurity concepts2015T. J. Saotome
 
Blue Ocean IT Security
Blue Ocean IT SecurityBlue Ocean IT Security
Blue Ocean IT SecurityJonathan Sinclair
 
Access control Week 1
Access control Week 1Access control Week 1
Access control Week 1jemtallon
 
Information Systems Security: An Overview
Information Systems Security: An OverviewInformation Systems Security: An Overview
Information Systems Security: An OverviewApostolos Syropoulos
 
Intro to Security
Intro to SecurityIntro to Security
Intro to Securityprimeteacher32
 
Physical security
Physical securityPhysical security
Physical securityDhani Ahmad
 
Security Awareness and Training
Security Awareness and TrainingSecurity Awareness and Training
Security Awareness and TrainingPriyank Hada
 
Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"Sean Bradley
 
Harshit security
Harshit securityHarshit security
Harshit securityHarshitGupta435
 
Information security
Information securityInformation security
Information securitylinalona515
 
Network and Endpoint Security v1.0 (2017)
Network and Endpoint Security v1.0 (2017)Network and Endpoint Security v1.0 (2017)
Network and Endpoint Security v1.0 (2017)Rui Miguel Feio
 
IBM i Security SIEM Integration
IBM i Security SIEM IntegrationIBM i Security SIEM Integration
IBM i Security SIEM IntegrationPrecisely
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security StrategyLaura Vanassche
 
Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsNCC Group
 
USSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert LinUSSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert LinAFCEA International
 
Building a Hacker Resistant Network
Building a Hacker Resistant Network Building a Hacker Resistant Network
Building a Hacker Resistant Network Sentry Global Technologies, LLC
 
Network Security, Change Control, Outsourcing
Network Security, Change Control, OutsourcingNetwork Security, Change Control, Outsourcing
Network Security, Change Control, OutsourcingNicholas Davis
 
Network security, change control, outsourcing
Network security, change control, outsourcingNetwork security, change control, outsourcing
Network security, change control, outsourcingNicholas Davis
 

More Related Content

What's hot

The Datacenter Security Continuum
The Datacenter Security ContinuumThe Datacenter Security Continuum
The Datacenter Security ContinuumMartin Hingley
 
DRC -- Cybersecurity concepts2015
DRC -- Cybersecurity concepts2015DRC -- Cybersecurity concepts2015
DRC -- Cybersecurity concepts2015T. J. Saotome
 
Access control Week 1
Access control Week 1Access control Week 1
Access control Week 1jemtallon
 
Information Systems Security: An Overview
Information Systems Security: An OverviewInformation Systems Security: An Overview
Information Systems Security: An OverviewApostolos Syropoulos
 
Physical security
Physical securityPhysical security
Physical securityDhani Ahmad
 
Security Awareness and Training
Security Awareness and TrainingSecurity Awareness and Training
Security Awareness and TrainingPriyank Hada
 
Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"Sean Bradley
 
Information security
Information securityInformation security
Information securitylinalona515
 
Network and Endpoint Security v1.0 (2017)
Network and Endpoint Security v1.0 (2017)Network and Endpoint Security v1.0 (2017)
Network and Endpoint Security v1.0 (2017)Rui Miguel Feio
 
IBM i Security SIEM Integration
IBM i Security SIEM IntegrationIBM i Security SIEM Integration
IBM i Security SIEM IntegrationPrecisely
 
Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsNCC Group
 
USSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert LinUSSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert LinAFCEA International
 

What's hot (20)

Ch01
Ch01Ch01
Ch01
 
Mca Erg Oct 09
Mca Erg Oct 09Mca Erg Oct 09
Mca Erg Oct 09
 
Information Security Overview
Information Security OverviewInformation Security Overview
Information Security Overview
 
The Datacenter Security Continuum
The Datacenter Security ContinuumThe Datacenter Security Continuum
The Datacenter Security Continuum
 
DRC -- Cybersecurity concepts2015
DRC -- Cybersecurity concepts2015DRC -- Cybersecurity concepts2015
DRC -- Cybersecurity concepts2015
 
Blue Ocean IT Security
Blue Ocean IT SecurityBlue Ocean IT Security
Blue Ocean IT Security
 
Access control Week 1
Access control Week 1Access control Week 1
Access control Week 1
 
Information Systems Security: An Overview
Information Systems Security: An OverviewInformation Systems Security: An Overview
Information Systems Security: An Overview
 
Intro to Security
Intro to SecurityIntro to Security
Intro to Security
 
Physical security
Physical securityPhysical security
Physical security
 
Security Awareness and Training
Security Awareness and TrainingSecurity Awareness and Training
Security Awareness and Training
 
Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"
 
Harshit security
Harshit securityHarshit security
Harshit security
 
Information security
Information securityInformation security
Information security
 
Network and Endpoint Security v1.0 (2017)
Network and Endpoint Security v1.0 (2017)Network and Endpoint Security v1.0 (2017)
Network and Endpoint Security v1.0 (2017)
 
IBM i Security SIEM Integration
IBM i Security SIEM IntegrationIBM i Security SIEM Integration
IBM i Security SIEM Integration
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security Strategy
 
Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security Threats
 
USSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert LinUSSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert Lin
 
Building a Hacker Resistant Network
Building a Hacker Resistant Network Building a Hacker Resistant Network
Building a Hacker Resistant Network
 

Similar to Commercial and government cyberwarfare

Network Security, Change Control, Outsourcing
Network Security, Change Control, OutsourcingNetwork Security, Change Control, Outsourcing
Network Security, Change Control, OutsourcingNicholas Davis
 
Network security, change control, outsourcing
Network security, change control, outsourcingNetwork security, change control, outsourcing
Network security, change control, outsourcingNicholas Davis
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Claus Cramon Houmann
 
How US Cybersecurity Executive Order Impacts IBM i Customers
How US Cybersecurity Executive Order Impacts IBM i Customers How US Cybersecurity Executive Order Impacts IBM i Customers
How US Cybersecurity Executive Order Impacts IBM i Customers Precisely
 
The 5 ws of Cyber Security
The 5 ws of Cyber SecurityThe 5 ws of Cyber Security
The 5 ws of Cyber SecurityMisha Hanin
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsBilalMehmood44
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Kirti Ahirrao
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iPrecisely
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...Robert Parker
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...Leif Davidsen
 
The Evolution of Cybercrime
The Evolution of CybercrimeThe Evolution of Cybercrime
The Evolution of CybercrimeStephen Cobb
 
UNit 7 Information Security By Sulav Acharya
UNit 7 Information Security By Sulav AcharyaUNit 7 Information Security By Sulav Acharya
UNit 7 Information Security By Sulav Acharyanmnqknibzxthowqwzc
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Michele Chubirka
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineeringaizazhussain234
 
How To Secure MIS
How To Secure MISHow To Secure MIS
How To Secure MISAaDi Malik
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsInfonaligy
 
IM Unit 4 Security and its a control.ppt
IM Unit 4 Security and its a control.pptIM Unit 4 Security and its a control.ppt
IM Unit 4 Security and its a control.pptRAJESH S
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?Kurt Hagerman
 

Similar to Commercial and government cyberwarfare (20)

Network Security, Change Control, Outsourcing
Network Security, Change Control, OutsourcingNetwork Security, Change Control, Outsourcing
Network Security, Change Control, Outsourcing
 
Network security, change control, outsourcing
Network security, change control, outsourcingNetwork security, change control, outsourcing
Network security, change control, outsourcing
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015
 
How US Cybersecurity Executive Order Impacts IBM i Customers
How US Cybersecurity Executive Order Impacts IBM i Customers How US Cybersecurity Executive Order Impacts IBM i Customers
How US Cybersecurity Executive Order Impacts IBM i Customers
 
The 5 ws of Cyber Security
The 5 ws of Cyber SecurityThe 5 ws of Cyber Security
The 5 ws of Cyber Security
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
 
U nit 4
U nit 4U nit 4
U nit 4
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)
 
CSO CXO Series Breakfast
CSO CXO Series BreakfastCSO CXO Series Breakfast
CSO CXO Series Breakfast
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM i
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...
 
The Evolution of Cybercrime
The Evolution of CybercrimeThe Evolution of Cybercrime
The Evolution of Cybercrime
 
UNit 7 Information Security By Sulav Acharya
UNit 7 Information Security By Sulav AcharyaUNit 7 Information Security By Sulav Acharya
UNit 7 Information Security By Sulav Acharya
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
 
How To Secure MIS
How To Secure MISHow To Secure MIS
How To Secure MIS
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control Systems
 
IM Unit 4 Security and its a control.ppt
IM Unit 4 Security and its a control.pptIM Unit 4 Security and its a control.ppt
IM Unit 4 Security and its a control.ppt
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?
 

More from Nicholas Davis

Conducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentConducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentNicholas Davis
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessNicholas Davis
 
UW-Madison, Information Systems 371 - Decision Support Systems
UW-Madison, Information Systems 371 - Decision Support SystemsUW-Madison, Information Systems 371 - Decision Support Systems
UW-Madison, Information Systems 371 - Decision Support SystemsNicholas Davis
 
Software Development Methodologies
Software Development MethodologiesSoftware Development Methodologies
Software Development MethodologiesNicholas Davis
 
Information systems 365 - Cloud and BYOD Security
Information systems 365 - Cloud and BYOD SecurityInformation systems 365 - Cloud and BYOD Security
Information systems 365 - Cloud and BYOD SecurityNicholas Davis
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Nicholas Davis
 
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...Nicholas Davis
 
Information Systems 371 -The Internet of Things Overview
Information Systems 371 -The Internet of Things OverviewInformation Systems 371 -The Internet of Things Overview
Information Systems 371 -The Internet of Things OverviewNicholas Davis
 
Cyberwar Gets Personal
Cyberwar Gets PersonalCyberwar Gets Personal
Cyberwar Gets PersonalNicholas Davis
 
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...Nicholas Davis
 
Bringing the Entire Information Security Semester Together With a Team Project
Bringing the Entire Information Security Semester Together With a Team ProjectBringing the Entire Information Security Semester Together With a Team Project
Bringing the Entire Information Security Semester Together With a Team ProjectNicholas Davis
 
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...Nicholas Davis
 
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...Nicholas Davis
 
Information Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up SummaryInformation Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up SummaryNicholas Davis
 
Organizational Phishing Education
Organizational Phishing EducationOrganizational Phishing Education
Organizational Phishing EducationNicholas Davis
 
Security Operations -- An Overview
Security Operations -- An OverviewSecurity Operations -- An Overview
Security Operations -- An OverviewNicholas Davis
 
Network Design, Common Network Terminology and Security Implications
Network Design, Common Network Terminology and Security ImplicationsNetwork Design, Common Network Terminology and Security Implications
Network Design, Common Network Terminology and Security ImplicationsNicholas Davis
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application SecurityNicholas Davis
 
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...Nicholas Davis
 

More from Nicholas Davis (20)

Conducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentConducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) Assessment
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your Business
 
UW-Madison, Information Systems 371 - Decision Support Systems
UW-Madison, Information Systems 371 - Decision Support SystemsUW-Madison, Information Systems 371 - Decision Support Systems
UW-Madison, Information Systems 371 - Decision Support Systems
 
Lecture blockchain
Lecture blockchainLecture blockchain
Lecture blockchain
 
Software Development Methodologies
Software Development MethodologiesSoftware Development Methodologies
Software Development Methodologies
 
Information systems 365 - Cloud and BYOD Security
Information systems 365 - Cloud and BYOD SecurityInformation systems 365 - Cloud and BYOD Security
Information systems 365 - Cloud and BYOD Security
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids
 
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
 
Information Systems 371 -The Internet of Things Overview
Information Systems 371 -The Internet of Things OverviewInformation Systems 371 -The Internet of Things Overview
Information Systems 371 -The Internet of Things Overview
 
Cyberwar Gets Personal
Cyberwar Gets PersonalCyberwar Gets Personal
Cyberwar Gets Personal
 
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
 
Bringing the Entire Information Security Semester Together With a Team Project
Bringing the Entire Information Security Semester Together With a Team ProjectBringing the Entire Information Security Semester Together With a Team Project
Bringing the Entire Information Security Semester Together With a Team Project
 
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
 
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
 
Information Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up SummaryInformation Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up Summary
 
Organizational Phishing Education
Organizational Phishing EducationOrganizational Phishing Education
Organizational Phishing Education
 
Security Operations -- An Overview
Security Operations -- An OverviewSecurity Operations -- An Overview
Security Operations -- An Overview
 
Network Design, Common Network Terminology and Security Implications
Network Design, Common Network Terminology and Security ImplicationsNetwork Design, Common Network Terminology and Security Implications
Network Design, Common Network Terminology and Security Implications
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
 
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...
 

Recently uploaded

IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoTAnalytics
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...marcuskenyatta275
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfFIDO Alliance
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?Mark Billinghurst
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekCzechDreamin
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxJennifer Lim
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Julian Hyde
 
The UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, OcadoThe UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, OcadoUXDXConf
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfFIDO Alliance
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...CzechDreamin
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyUXDXConf
 
THE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreelTHE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreelreely ones
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityScyllaDB
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101vincent683379
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyJohn Staveley
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsUXDXConf
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutesconfluent
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...FIDO Alliance
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftshyamraj55
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeCzechDreamin
 

Recently uploaded (20)

IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
The UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, OcadoThe UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, Ocado
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
THE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreelTHE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreel
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 

Commercial and government cyberwarfare

  • 1. Information Systems 365/765 Lecture 2 Commercial and Government Cyberwarfare
  • 2. Today – Cyber-warfare • Discuss “How to Sell Information Security” article • Introduction to Cyberwar • Discuss technical vs. administrative controls • Watch Frontline video • Discuss written assignment #1
  • 3. Prospect Theory • People react differently to risk and guaranteed outcomes based on whether those outcomes are positive or negative. Known as the Prospect Theory S-Curve
  • 4. Prospect Theory • If someone offers you a guaranteed $500 or a 50% chance at winning $1000, studies show that people tend to pick the guaranteed $500
  • 5. Prospect Theory • If someone told you that you had to surrender $500 or take a 50% chance of surrendering $1000, most people would tend to take the risk of losing $1000 rather than the fixed $500 loss
  • 6. Prospect Theory • When it comes to gain, people are risk averse • When it comes to loss, people embrace risk • What does this mean for IT security, which is almost always sold based on potential to avoid loss?
  • 7. How to Sell Information Security Prospect Theory in relation to information systems security, the battle of cost, risk and features. The constant of battle of proving ROI The challenges of Layering security on after the sale: cost, complexity of administration and true usefulness.
  • 8. How to Sell Information Security (DISCUSSION) • What has your personal experience been with security add on products? • How do you feel about paying for virus scanning, when you already paid for the Operating System? • If you were selling a system which required a security add on component, what approach would you take? • As an IS security decision maker, what approach would you take with your vendors?
  • 9. Security Technologies are Exciting, But… In this class you will get hands on experience with powerful military grade encryption technology, you will use automated Rainbow Tables to crack top level Administrator Passwords and you will learn how to sniff network traffic! But, we have to start at the beginning, by gaining an understanding of the threats.
  • 10. Cyberwar • Cyber-warfare (also known as cybernetic war, or cyberwar) is the use of computers and the Internet in conducting warfare in cyberspace.
  • 11. Types of Attacks Cyber Espionage The act or practice of obtaining secrets (sensitive, proprietary of classified information) from individuals, competitors, rivals, groups, governments and enemies for military, political, or economic advantage using illegal exploitation methods via the internet, networks, software and or computers.
  • 12. Web Vandalism – The Weapon of Mass Irritation • Attacks that deface web pages, or denial-of-service attacks. This is normally swiftly contained and of little harm. • Distributed Denial-of-Service Attacks: Large numbers of computers in one country launch a DoS attack against systems in another country.
  • 13. Gathering Sensitive or Proprietary Information • Classified information that is not handled securely can be intercepted and even modified, making espionage possible from the other side of the world. See Titan Rain and Moonlight Maze. • Encryption!
  • 14. Equipment Disruption • Military and commercial activities that use computers and satellites for co-ordination are at risk from this type of attack. Orders and communications can be intercepted or replaced, putting soldiers at risk
  • 15. Attacking Critical Infrastructure • Power, water, fuel, communications, commercial and transportation are all vulnerable to a cyber attack
  • 16. Information Security Controls • Two types of controls in all information systems • Technical controls • Administrative controls • Most good systems contain a combination of both types of controls
  • 17. Technical Controls • A direct, continuous and unavoidable control on the use and distribution of data which allows, also for the purposes of possible audits, the following: • The direct identification of each user in auditable form • Keeping track, with auditable evidence, of the accesses which have occurred in the relevant period • The prevention and exclusion of any utilization of data and systems by subjects who are not authorized
  • 18. Technical Controls - Examples • Can you think of any technical controls? • Username/Password • Building access card • ATM card, with PIN (dual factor)
  • 19. Benefits of Technical Controls • Strong and consistent, treat everyone equally • Can be audited with real assurance of the truthfulness of the data
  • 20. Drawbacks of Technical Controls • Costly • Complex and time consuming • When they break, they either fail open or fail closed, neither of which may be desirable
  • 21. Administrative Controls • Using policies, procedures, safety signs, training or supervision, or a combination of these, to control risk.
  • 22. Administrative Controls Examples • Can you think of any examples of administrative controls? • Signing out a key • Policy requiring the shredding of documents • Filling out a check in sheet when you enter and leave a secure area
  • 23. Benefits of Administrative Controls • Usually inexpensive • Easy to implement • Very flexible
  • 24. Drawbacks of Administrative Controls • Difficult to enforce • Difficult to audit • Impossible to verify • Easy to evade by a dedicated individual
  • 25. Controls - Summary and Conclusions • Both technical controls and administrative controls have benefits and drawbacks • Technical controls are often used in highly sensitive systems • Administrative controls are used in lower priority situations • Hybrid solutions are the most common, placing technical controls at the front door and administrative controls behind them. Example: Server Platform
  • 26. Cyberwar Video • When watching this video, think about the following: • How real is the threat of Cyberwar? • How does the application of Prospect Theory relate to the threat of Cyberwar? • What types of technical and administrative controls might help mitigate the risks posed by cyber attack?
  • 27. Readings on Cybersecurity • Might give you some things to think about when writing Assignment #1 • Cyberwar – Myth or Reality • Make Vendors Liable for Bugs • The Truth About Chinese Hackers