Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Slidecast ppt

988 views

Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Slidecast ppt

  1. 1. Web 2.0/Social Networks and Security<br />By: Sherry Gu<br />For: ACC626<br />
  2. 2. Agenda<br />Definition of Web 2.0 <br />Magnitude on use of Web 2.0/social networking applications <br />Impacts of Web 2.0/social networks have on security and security risks<br />Types of security attacks <br />Triggers/motivations behind security attacks<br />Remedies/solutions to security vulnerabilities<br />Implications for accountants<br />
  3. 3. What is Web 2.0?<br />Web 2.0 Conference<br />“Network as Platform” – Web 2.0<br />“managing, understanding, responding…”<br />“…to massive amount of user generated data…”<br />“…in real time”<br />
  4. 4. Magnitude of Use<br />For Businesses:<br />2008 Survey:<br />18% of companies use blogs<br />32% of companies use wikis<br />23% of companies use RSS-feeds<br />Forrester Research:<br />Spending on Web 2.0 application: $4.6 billion in 2013<br />
  5. 5. Impacts on Security Risks<br />Control/Detection Risk <br />Add complexity to the current system (multiple platforms, multiple sources)<br />Inherent Risk<br />Interactive nature<br />Increase in likelihood of leaking confidential data<br />Statistics:<br />40% users attacked by malwares and phishing from social networking sites<br />Ranked as “most serious risk to information security” in 2010 by SMB’s<br />60% companies believed that employee behaviour on social networks could endanger network security<br />
  6. 6. XSS Attack<br />Injecting malicious codes into otherwise trusted websites<br />Gives hackers access to information on browser<br />E.g. “Samy” Attack on MySpace<br />Add Samy as a friend<br />Add “Samy is my hero” on profile pages<br />One million friend requests<br />
  7. 7. CSRF Attack<br />Lure users to open/load malicious links<br />Gives hacker access to already - authenticated applications<br />Hacker make undesirable modifications/changes/extractions to applications<br />E.g. Gmail<br />Malicious codes create email filters that that forward emails to another account<br />
  8. 8. Malwares/Spywares/Adwares<br />Malware: worms, viruses, trojan<br />Examples:<br />Koobface family malware on Youtube and Facebook<br />Bebloh Trojan: “man-in-the-browser” attack<br />
  9. 9. Spear Phishing<br />Target specific organizations<br />Seek unauthorized access to confidential data<br />Appearance of sender: more direct relationship with the victim<br />Social networks: help hackers to build more complete profile about the sender<br />
  10. 10. Identity Theft<br />Researchers from Eurecom<br />Profile cloning<br />Cross-site cloning<br />Authentication problems<br />
  11. 11. Triggers/Motivations <br />Technical nature:<br />Largely dependent on source codes: e.g. AJAX<br />Open – source<br />Complex scripts and dynamic technology: difficult for protection software to identify malware signatures <br />
  12. 12. Triggers/Motivations <br />Financial Gain<br />Hack into bank accounts<br />Sell to buyers in the large underground market<br />Organized crime/bot recruitment<br />Web 2.0 applications are: public, open, scalable, anonymous<br />
  13. 13. Remedies/Solutions<br />Employee use policies and education <br />(balance between flexibility and security)<br />Strengthen monitoring and reviewing activities: extensive logs and audit trails<br />Encryption of user data using public and private keys<br />
  14. 14. Implications for Accountants<br />Auditors: <br />Assess need for risk assessment<br />Social network/Web 2.0 strategy, policies, and regulatory compliance requirements<br />Risk assessment<br />Identify types of risk<br />Analyze threat potential<br />Validate risk ratings<br />Hire IT specialist<br />ISACA: social media assurance/audit program<br />
  15. 15. Conclusion<br />Heightened security risks<br />Risk assessment is critical<br />Policies and procedures<br />

×