Chapter 12 PPT

erosjellyΑσφάλεια

23 Φεβ 2014 (πριν από 3 χρόνια και 6 μήνες)

90 εμφανίσεις

Information

Security Management

Chapter 12

12
-
4

Study Questions

Q1:
What is the goal of information systems security?

Q2:
How big is the computer security problem?

Q3:
How should you respond to security threats?

Q4:
How should organizations respond to security threats?

Q5:
How can technical safeguards protect
against security
threats?

Q6:
How can data safeguards protect against
security threats
?

Q7:
How can human safeguards protect against
security threats
?

Q8:
How should organizations respond to security incidents?

12
-
5

Q1:

What Is the Goal of Information
Systems Security?

12
-
6

Examples of Threat/Loss

12
-
7

What Are the Sources of Threats?

Unauthorized data disclosure

inadvertent release of data
in violation of policy

Pretexting

pretending to be someone else via phone call

Phishing

pretexting using email; email spoofing

Spoofing

disguising as a different IP address or different
email
sender, web spoofing

IP spoofing

impersonating another computing system

Email spoofing

synonym for phishing

Drive
-
by Sniffing

intercepting
computer communications

Unauthorized Data Disclosure

12
-
8

Hacking, natural disasters, etc.

12
-
9

Incorrect Data Modification


Procedures not followed or incorrectly designed
procedures


Increasing a customer’s discount or incorrectly
modifying employee’s salary


Placing incorrect data on company Web site


Improper internal controls on systems


System errors


Faulty recovery actions after a disaster

12
-
10

Faulty Service


Incorrect data modification


Systems working incorrectly


Procedural mistakes


Programming errors


IT installation errors


Usurpation


Denial of service (unintentional)


Denial
-
of
-
service attacks

(intentional)

12
-
11

Loss of Infrastructure


Human accidents


Theft and terrorist events


Disgruntled or terminated employee


Natural disasters


Advanced Persistent Threat (APT) or
cyberwarfare


155% increase in mobile malware apps from
2010 to 2011


Apps for snooping


track location, record phone
calls, save and display chats and messages.


“jailbreak” targeted at App Store of iPhone


Sniffer programs to access Wi
-
Fi networks
unauthorized.


Kaspersky, Lookout,
DroidSecurity
, Sandboxing


Performing a remote wipe of offending apps

Mobile Security

12
-
12

12
-
13

Q2: How Big Is the Computer Security

Problem?

12
-
14

Verizon

Secret Service Findings 2011


Number of data
-
loss security incidents
reached all
-
time high, but number of data
records lost fell dramatically for second year
in a row


Data theft most successful at small and
medium
-
sized businesses

12
-
15

Verizon

Secret Service Findings 2011
(cont'd)

Four
most frequent computer crimes

1.
Criminal
activity against
servers

2.
Viruses

3.
Code insertion

4.
Data loss
on user computer

12
-
16

Types of Attacks Experienced

12
-
17

Intrusion Detection System (IDS)


Computer
program that senses when
another computer is attempting to scan
disk
or otherwise access a
computer



“When I run an IDS on a computer
on the
public
Internet,...
I get more than 1,000
attempts, mostly from foreign countries
.
There
is nothing you can do about it except
use reasonable safeguards.”



12
-
18

Q3: How Should You Respond to
Security Threats?

12
-
19

Q4: How Should Organizations Respond
to Security Threats?


Establish a company
-
wide security policy


What sensitive data to store


How it will process that data


Will data be shared with other
organizations


How employees and others can obtain
copies of data stored about them

12
-
20

Q4: How Should Organizations Respond
to Security Threats? (cont'd)


How employees and others can request
changes to inaccurate data


What employees can do with their own
mobile devices at work


What non
-
organizational activities
employees can take with employee
-
owned
equipment


12
-
21

Security Safeguards as They Relate to
the Five IS Components

12
-
22

Q5: How Can Technical Safeguards

Protect Against Security Threats?


Password


Smart card


Biometric

Authentication
methods


Microchip embedded with identifying data


Authentication by PIN

Smart cards


Fingerprints, face scans, retina scans


See
http://searchsecurity.techtarget.com

Biometric
authentication


Authenticate to network and other servers

Single sign
-
on for
multiple systems

Identification and Authentication (Access)

12
-
23

Encryption algorithms

(
DES, 3DES, AES, blowfish, idea)

Key

a number used to encrypt the data

Symmetric encryption

Asymmetric encryption

public/private key

HTTPS

(HTTP + SSL/TLS)

Secure Sock Layer (SSL
) (Predecessor of TLS)

Transport Layer Security (TLS)

(DC, Privacy, PKE)

Encryption Terminology

12
-
24

12
-
25

Encryption: Essence of HTTPS (SSL or
TLS)

12
-
26

Firewalls

12
-
27

Malware Types and Spyware and
Adware Symptoms


Viruses


Payload


Trojan horses


Worms


Beacons

Spyware & Adware Symptoms

12
-
28

Malware Safeguards

1.
Install antivirus
and antispyware
programs

2.
Scan frequently

3.
Update malware
definitions

4.
Open email attachments only from known
sources

5.
Install
software
updates from legitimate
sources

6.
Browse
only
reputable Internet neighborhoods

12
-
31

Q6: How Can Data Safeguards Protect

Against Security Threats?

12
-
32

Q7:

How can
Human
Safeguards

Protect Against
Security
Threats?

12
-
33

Account Administration


Account
Management


S
tandards for new user
accounts,

modification of account
permissions,
removal
of unneeded
accounts


Password Management


U
sers
should change passwords
frequently


Help Desk Policies

12
-
34

Sample Account Acknowledgment Form

12
-
35

Systems Procedures

Data recovery; online recovery
-

the process of salvaging data from
damaged, failed, corrupted, or inaccessible secondary storage media
when it cannot be accessed normally
.


Firewall logs


DBMS log
-
in records


Web server logs

Activity log analyses


In
-
house and external security professionals

Security testing


How did the problem occur?

Investigation of
incidents


Indication of potential vulnerability and
needed corrective actions

Learn from
incidences

Review and update security and safeguard policies

Security Monitoring Functions

12
-
36

12
-
37

What Is Necessary for Disaster Preparedness?


Disaster


Substantial loss of infrastructure
caused by acts of nature, crime,
or terrorism


Appropriate location


Avoid places prone to floods,
earthquakes, tornadoes,
hurricanes, avalanches,
car/truck accidents


Not in unobtrusive buildings,
basements, backrooms, physical
perimeter


Fire
-
resistant buildings

12
-
38


Hamina

Data Center


http://www.google.co
m/about/datacenters
/locations/hamina
/


http://
www.youtube.c
om/watch?v=VChOEv
KicQQ



High
-
tech
cooling
system

Google’s Data Center in Finland

What Is Necessary for Disaster preparedness?
(cont’d)

12
-
39

Backup processing centers in geographically removed
site

Create backups for critical resources

Contract with “hot site” or “cold site” provider


Hot site provides all equipment needed to continue operations
there


Cold site provides space but you set up and install equipment


www.ragingwire.com/managed_services?=recovery

Periodically train and rehearse cutover of operations

Cloud Backup
: a service that provides users with a system for the
backup

and storage of
computer files
. A form of cloud computing

12
-
40

Q8: How Should Organizations

Respond to Security Incidents?

12
-
41

How Does the Knowledge in this

Chapter Help You?


Aware of threats to computer security as an
individual, business professional and employee


Know trade
-
offs of loss risks and cost of
safeguards


Ways to protect your computing devices and data


Understand technical, data, and human
safeguards


Understand how organizations should respond to
security incidents