is security sep 30
TRANSCRIPT
-
8/3/2019 Is Security Sep 30
1/21
IS Security
-
8/3/2019 Is Security Sep 30
2/21
Agenda
IS Security
Managerial Techniques
Security Threats and Technologies Tips to mitigate risk of security threats
-
8/3/2019 Is Security Sep 30
3/21
Information System Security
IS SecurityPrecautions taken to keep all aspects of information systems safe fromunauthorized use access
Managerial MethodsSeveral techniques are commonly used to manage information systemssecurity:
Risk Assessment Controlling Access Organizational Policies and Procedures
Backups and Recovery
-
8/3/2019 Is Security Sep 30
4/21
Information System Security
Managerial TechniquesAssessing Risk
Security Audit identifies all aspects of information systems and businessprocesses that use them
Risk Analysis assesses the value of assets being protected
Alternatives based on Risk Analysis: Risk Reduction implementing active counter measures to protect
systems (e.g. firewalls)
Risk Acceptance implementing no counter measures
Risk Transference transferring riskbuying insurance
Controlling AccessKeeping information safe by only allowing access to those that require it todo their jobs Authentication verifying identity before granting access(e.g.passwords) Access Control Granting access to only those system areas where theuser is authorized (e.g. accouting)
-
8/3/2019 Is Security Sep 30
5/21
Information System Security
Managerial TechniquesOrganizational Policies and Procedures Acceptable Use Policies formally document how systems
should be used, for what, and penalties for non-compliance
Backups and Disaster Recovery Backups taking periodic snapshots of critical systems data
and storing in a safe place or system (e.g. backup tape)
Disaster Recovery Plans spell out detailed procedures tobe used by the organization to restore access to criticalbusiness systems (e.g. viruses or fire)
Disaster Recovery executing Disaster Recoveryprocedures using backups to restore the system to the last
backup if it was totally lost
-
8/3/2019 Is Security Sep 30
6/21
State of IS Security - Security
Threats & Technologies
Security TechnologiesCompanies and research organizations continue to develop and refinetechnologies to prevent security breaches. Some Include: Firewalls Biometrics
VPN and Encryption
Security ThreatsToday we hear about many security breaches that affect organizationsand individuals. Some recently in the news: Identity Theft gaining access to some ones personal
information allowing them to imitate you (stolen laptop) Denial of Service attacks on websites using zombie computers thatoverwhelm the site and shuts it down Others: Spyware, Spam, Wireless Access, Viruses
-
8/3/2019 Is Security Sep 30
7/21
IS Security: Technology
Firewall Techniques
Packet Filter examine each packet entering and leaving network and
accept/reject based on rules
Application Level Control Performs certain security measures basedon a specific application (e.g. file transfer)
Circuit Level Control detects certain types of connections or circuits
on either side of the firewall
Firewalls
A system of software, hardware or both designed to detect intrusion
and prevent unauthorized access to or from a private network
-
8/3/2019 Is Security Sep 30
8/21
Security Technology: Firewall
Architecture - Home
-
8/3/2019 Is Security Sep 30
9/21
Security Technology: Firewall
Architecture Enterprise
-
8/3/2019 Is Security Sep 30
10/21
Security Threat: Spyware, Spam, and
Cookies
Cookies
A message passed to a browser from a Web server. Used by legitimateprograms to store state and userinformation
Problems: can be used to track user activities
Prevention: browser settings, firewall
SpywareAny software that covertly gathers information about a user through anInternet connection without the users knowledge Problems: uses memory resources, uses bandwidth, and can cause
system instability Prevention: Firewalls and Spyware software
SpamElectronic junk mail or junk newsgroup postings usually for purpose ofadvertising for some product and/or service Problems: nuisance, wastes time deleting, uses storage
Prevention: Spam Blocker software
-
8/3/2019 Is Security Sep 30
11/21
Security Technology: Biometrics
Biometrics
A sophisticated authentication
technique used to restrict accessto systems, data and/or facilities
Uses biological characteristics
to identify individuals such as
fingerprints, retinal patterns in theeye, etc. that are not easily
counterfeited
Has great promise in providing
high security
-
8/3/2019 Is Security Sep 30
12/21
Security Threat: Access to Wireless
Unauthorized Access to Wireless Networks
With the prevalence in use of wireless networks this threat is
increasing Problems - Drive-by hackingan attacker accesses the
network, intercepts data from it, and can use networkservices and/or sends attack instructions without enteringthe building
Prevention - Encryption between network and userdevices
-
8/3/2019 Is Security Sep 30
13/21
Security Technology: VPN and
EncryptionVPN (Virtual Private Network)
Called a secure tunnel
Dynamically generated network connection to connect users or nodes This approach uses both authentication and encryption
Used extensively forremote access by employees
Encryption
The process of encoding messages before they enter the network orairwaves, and then decoding at the receiving end
Public Key - known and used to scramble messages (SSL)
Private Key - not known and used by receiver to descramble
Certificate Authority a third party that issues keys
-
8/3/2019 Is Security Sep 30
14/21
How Encryption Works
-
8/3/2019 Is Security Sep 30
15/21
Security Threat: Viruses
Viruses
Programs that can attack a computer and/or a network and deleteinformation, disable software, use up all system resources, etc.
Prevention Steps:
AntiVirus software: install this software which is designed to block allknown viruses and offers automatic or manual updates to virus patterns
to block future virusesNo Disk Sharing Viruses can be transferred to clean computers byinserting disks containing infected files
Delete Suspicious Email Messages Do not open suspicious e-mailmessagesDelete Only!
Report Viruses If you get a virus, report it to you network
administrator immediately!
-
8/3/2019 Is Security Sep 30
16/21
Viruses/Worms
Software programsdesigned to invadeyour computer, andcopy, damage ordelete your data
Trojan Horses
Viruses that pretendto be programs thathelp you whiledestroying your data
and damaging yourcomputer
Spyware
Software thatsecretly watchesand records your
online activities orsend you endlesspop-up ads
Threats to Information Security
-
8/3/2019 Is Security Sep 30
17/21
Slide 16
MH1 add in better images.Michelle Hargarten, 5/9/2006
-
8/3/2019 Is Security Sep 30
18/21
Steps to help Protect Information
Practice Internet behavior that lowers your risk
Manage your business information carefully
Use technology to reduce nuisances, and reportsecurity incidents when appropriate
-
8/3/2019 Is Security Sep 30
19/21
Delete Spam mail without OpeningIt
Validate the sender ID before opening themail
Do not open any attachment or click onany link
Permanently delete (Shift+Del) the SPAMmail (even from your sent items)
If by mistake any attachment is openedor hyperlink clicked - Immediatelydisconnect system from network, contactlocal Enterprise IT Helpdesk for necessary
action to be taken
Prevention is better than cure.
-
8/3/2019 Is Security Sep 30
20/21
Slide 18
MH2 add in new image.Michelle Hargarten, 5/9/2006
-
8/3/2019 Is Security Sep 30
21/21
Four Steps To Protect Your Computer
Dont access unknown/non-business related sites
Dont open mails from unknown senders
Dont download movies, songs, & install freeware
Check for updates of anti-virus software on your systems