is security sep 30

8/3/2019 Is Security Sep 30

1/21

IS Security


2/21

Agenda

IS Security

Managerial Techniques

Security Threats and Technologies Tips to mitigate risk of security threats


3/21

Information System Security

IS SecurityPrecautions taken to keep all aspects of information systems safe fromunauthorized use access

Managerial MethodsSeveral techniques are commonly used to manage information systemssecurity:

Risk Assessment Controlling Access Organizational Policies and Procedures

Backups and Recovery


4/21


Managerial TechniquesAssessing Risk

Security Audit identifies all aspects of information systems and businessprocesses that use them

Risk Analysis assesses the value of assets being protected

Alternatives based on Risk Analysis: Risk Reduction implementing active counter measures to protect

systems (e.g. firewalls)

Risk Acceptance implementing no counter measures

Risk Transference transferring riskbuying insurance

Controlling AccessKeeping information safe by only allowing access to those that require it todo their jobs Authentication verifying identity before granting access(e.g.passwords) Access Control Granting access to only those system areas where theuser is authorized (e.g. accouting)


5/21


Managerial TechniquesOrganizational Policies and Procedures Acceptable Use Policies formally document how systems

should be used, for what, and penalties for non-compliance

Backups and Disaster Recovery Backups taking periodic snapshots of critical systems data

and storing in a safe place or system (e.g. backup tape)

Disaster Recovery Plans spell out detailed procedures tobe used by the organization to restore access to criticalbusiness systems (e.g. viruses or fire)

Disaster Recovery executing Disaster Recoveryprocedures using backups to restore the system to the last

backup if it was totally lost


6/21

State of IS Security - Security

Threats & Technologies

Security TechnologiesCompanies and research organizations continue to develop and refinetechnologies to prevent security breaches. Some Include: Firewalls Biometrics

VPN and Encryption

Security ThreatsToday we hear about many security breaches that affect organizationsand individuals. Some recently in the news: Identity Theft gaining access to some ones personal

information allowing them to imitate you (stolen laptop) Denial of Service attacks on websites using zombie computers thatoverwhelm the site and shuts it down Others: Spyware, Spam, Wireless Access, Viruses


7/21

IS Security: Technology

Firewall Techniques

Packet Filter examine each packet entering and leaving network and

accept/reject based on rules

Application Level Control Performs certain security measures basedon a specific application (e.g. file transfer)

Circuit Level Control detects certain types of connections or circuits

on either side of the firewall

Firewalls

A system of software, hardware or both designed to detect intrusion

and prevent unauthorized access to or from a private network


8/21

Security Technology: Firewall

Architecture - Home


9/21

Security Technology: Firewall

Architecture Enterprise


10/21

Security Threat: Spyware, Spam, and

Cookies

Cookies

A message passed to a browser from a Web server. Used by legitimateprograms to store state and userinformation

Problems: can be used to track user activities

Prevention: browser settings, firewall

SpywareAny software that covertly gathers information about a user through anInternet connection without the users knowledge Problems: uses memory resources, uses bandwidth, and can cause

system instability Prevention: Firewalls and Spyware software

SpamElectronic junk mail or junk newsgroup postings usually for purpose ofadvertising for some product and/or service Problems: nuisance, wastes time deleting, uses storage

Prevention: Spam Blocker software


11/21

Security Technology: Biometrics

Biometrics

A sophisticated authentication

technique used to restrict accessto systems, data and/or facilities

Uses biological characteristics

to identify individuals such as

fingerprints, retinal patterns in theeye, etc. that are not easily

counterfeited

Has great promise in providing

high security


12/21

Security Threat: Access to Wireless

Unauthorized Access to Wireless Networks

With the prevalence in use of wireless networks this threat is

increasing Problems - Drive-by hackingan attacker accesses the

network, intercepts data from it, and can use networkservices and/or sends attack instructions without enteringthe building

Prevention - Encryption between network and userdevices


13/21

Security Technology: VPN and

EncryptionVPN (Virtual Private Network)

Called a secure tunnel

Dynamically generated network connection to connect users or nodes This approach uses both authentication and encryption

Used extensively forremote access by employees

Encryption

The process of encoding messages before they enter the network orairwaves, and then decoding at the receiving end

Public Key - known and used to scramble messages (SSL)

Private Key - not known and used by receiver to descramble

Certificate Authority a third party that issues keys


14/21

How Encryption Works


15/21

Security Threat: Viruses

Viruses

Programs that can attack a computer and/or a network and deleteinformation, disable software, use up all system resources, etc.

Prevention Steps:

AntiVirus software: install this software which is designed to block allknown viruses and offers automatic or manual updates to virus patterns

to block future virusesNo Disk Sharing Viruses can be transferred to clean computers byinserting disks containing infected files

Delete Suspicious Email Messages Do not open suspicious e-mailmessagesDelete Only!

Report Viruses If you get a virus, report it to you network

administrator immediately!


16/21

Viruses/Worms

Software programsdesigned to invadeyour computer, andcopy, damage ordelete your data

Trojan Horses

Viruses that pretendto be programs thathelp you whiledestroying your data

and damaging yourcomputer

Spyware

Software thatsecretly watchesand records your

online activities orsend you endlesspop-up ads

Threats to Information Security


17/21

Slide 16

MH1 add in better images.Michelle Hargarten, 5/9/2006


18/21

Steps to help Protect Information

Practice Internet behavior that lowers your risk

Manage your business information carefully

Use technology to reduce nuisances, and reportsecurity incidents when appropriate


19/21

Delete Spam mail without OpeningIt

Validate the sender ID before opening themail

Do not open any attachment or click onany link

Permanently delete (Shift+Del) the SPAMmail (even from your sent items)

If by mistake any attachment is openedor hyperlink clicked - Immediatelydisconnect system from network, contactlocal Enterprise IT Helpdesk for necessary

action to be taken

Prevention is better than cure.


20/21

Slide 18

MH2 add in new image.Michelle Hargarten, 5/9/2006


21/21

Four Steps To Protect Your Computer

Dont access unknown/non-business related sites

Dont open mails from unknown senders

Dont download movies, songs, & install freeware

Check for updates of anti-virus software on your systems

is security sep 30

Documents