370 likes | 912 Views
Security Awareness: Applying Practical Security in Your World, Second Edition. Chapter 1 Introduction to Security. Objectives. List the challenges of defending against attacks Explain why information security is important Describe the different types of attackers
E N D
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 1 Introduction to Security
Objectives • List the challenges of defending against attacks • Explain why information security is important • Describe the different types of attackers • List the general principles for defending against attacks Security Awareness: Applying Practical Security in Your World, 2e
Challenges of Security • Last six months of 2004 • Organizations faced average of 13.6 attacks per day versus 10.6 the previous six months • During second quarter of 2005 • 422 Internet security vulnerabilities were discovered • During first six months of 2005 • Over 46.5 million Americans had their privacy breached Security Awareness: Applying Practical Security in Your World, 2e
Security Awareness: Applying Practical Security in Your World, 2e
Today’s Security Attacks • Department of Defense • Records over 60,000 attempted intrusions annually against their unclassified networks • Companies worldwide • Will spend almost $13 billion on computer security in 2005 • Number of Internet fraud complaints • Rose from 6,087 in 2000 to 48,252 in 2002 and 207,449 in 2004 Security Awareness: Applying Practical Security in Your World, 2e
Security Awareness: Applying Practical Security in Your World, 2e
Security Awareness: Applying Practical Security in Your World, 2e
Difficulties in Defending Against Attackers • Why security is becoming increasingly difficult • Speed of attacks • Greater sophistication of attacks • Attackers detect weaknesses faster and can quickly exploit these vulnerabilities • Increasing number of zero day attacks • Distributed attacks • User confusion Security Awareness: Applying Practical Security in Your World, 2e
Security Awareness: Applying Practical Security in Your World, 2e
What is Information Security? • Information security • Describes task of guarding information that is in a digital format • Ensures that protective measures are properly implemented • Intended to protect information that has high value to people and organizations Security Awareness: Applying Practical Security in Your World, 2e
Characteristics of Information • Confidentiality • Ensures that only authorized parties can view the information • Integrity • Ensures that information is correct • Availability • Secure computer must make data immediately available to authorized users Security Awareness: Applying Practical Security in Your World, 2e
What is Information Security? (continued) • Information security • Protects the characteristics of information on • Devices that store, manipulate, and transmit information • Achieved through a combination of three entities • Proper use of products • People • Procedures Security Awareness: Applying Practical Security in Your World, 2e
Security Awareness: Applying Practical Security in Your World, 2e
Information Security Terminology • Asset • Something that has value • Threat • Event or object that may defeat the security measures in place and result in a loss • Threat agent • Person or thing that has power to carry out a threat Security Awareness: Applying Practical Security in Your World, 2e
Information Security Terminology (continued) • Vulnerability • Weakness that allows threat agent to bypass security • Risk • Likelihood that threat agent will exploit a vulnerability Security Awareness: Applying Practical Security in Your World, 2e
Security Awareness: Applying Practical Security in Your World, 2e
Understanding the Importance of Information Security • Information security is important to businesses and individuals • Prevent data theft • Thwart identify theft • Avoid legal consequences of not securing information • Maintain productivity • Foil cyberterrorism Security Awareness: Applying Practical Security in Your World, 2e
Preventing Data Theft • Security • Often associated with theft prevention • Data theft • Single largest cause of financial loss due to a security breach • Individuals can be victims Security Awareness: Applying Practical Security in Your World, 2e
Thwarting Identity Theft • Identity theft • Involves using someone’s personal information to establish bank or credit card accounts • According to the Federal Trade Commission (FTC) • Number of identity theft victims increased 152% from 2002-2004 • Cost of identity theft for 2004 exceeded $52 billion • Age group that suffered the most identity theft • Adults 18-29 years of age Security Awareness: Applying Practical Security in Your World, 2e
Avoiding Legal Consequences • The Health Insurance Portability and Accountability Act of 1996 (HIPAA) • Healthcare enterprises must guard protected health information • The Sarbanes-Oxley Act of 2002 (Sarbox) • Attempts to fight corporate corruption Security Awareness: Applying Practical Security in Your World, 2e
Avoiding Legal Consequences (continued) • The Gramm-Leach-Bliley Act (GLBA) • Protects private data • USA Patriot Act of 2001 • Broadens surveillance of law enforcement agencies Security Awareness: Applying Practical Security in Your World, 2e
Avoiding Legal Consequences (continued) • The California Database Security Breach Act of 2003 • Businesses should inform residents within 48 hours if breach of personal information occurs • Children’s Online Privacy Protection Act of 1998 (COPPA) • Web sites designed for children under 13 should obtain parental consent prior to the • Collection, use, disclosure, or display of child’s personal information Security Awareness: Applying Practical Security in Your World, 2e
Maintaining Productivity • Computer Crime and Security Survey indicate that • Virus attacks alone cost more than $42 million • Spam • Unsolicited e-mail messages • Almost 230 million spam messages are sent each day (67% of total e-mail transmitted) Security Awareness: Applying Practical Security in Your World, 2e
Security Awareness: Applying Practical Security in Your World, 2e
Foiling Cyberterrorism • Cyberterrorism • Attacks by terrorist groups using computer technology and the Internet • Challenges • Many prime targets are not owned and managed by federal government Security Awareness: Applying Practical Security in Your World, 2e
Who are the Attackers? • Hacker • Someone who attacks computers • Cracker • Person who violates system security with malicious intent • Script kiddies • Want to break into computers to create damage • Download automated hacking software (scripts) • Lack the technical skills of crackers Security Awareness: Applying Practical Security in Your World, 2e
Who are the Attackers? (continued) • Spies • Hired to break into a computer and steal information • Thieves • Search for any unprotected computer and • Attempt to steal credit card numbers, banking passwords, or similar information • Employees • May want to show the company a security weakness Security Awareness: Applying Practical Security in Your World, 2e
Cyberterrorists • May attack because of ideology • Goals of a cyberattack • To deface electronic information • To deny service to legitimate computer users • To commit unauthorized intrusions into systems and networks Security Awareness: Applying Practical Security in Your World, 2e
Defending Against Attacks • Layering • Creates a barrier of multiple defenses that can be coordinated to thwart a variety of attacks • Limiting • Limiting access to information reduces the threat against it • Diversity • Breaching one security layer does not compromise the whole system Security Awareness: Applying Practical Security in Your World, 2e
Defending Against Attacks (continued) • Obscurity • Avoiding clear patterns of behavior make attacks from the outside much more difficult • Simplicity • Creating a system that is simple from the inside but complex on the outside reaps a major benefit Security Awareness: Applying Practical Security in Your World, 2e
Building a Comprehensive Security Strategy • Block attacks • If attacks are blocked by network security perimeter • Then attacker cannot reach personal computers on which data is stored • Security devices can be added to computer network • To block unauthorized or malicious traffic Security Awareness: Applying Practical Security in Your World, 2e
Building a Comprehensive Security Strategy (continued) • Update defenses • Involves updating defensive hardware and software • Involves applying operating system patches on a regular basis • Minimize losses • May involve keeping backup copies of important data in a safe place • Send secure information • May involve “scrambling” data so that unauthorized eyes cannot read it Security Awareness: Applying Practical Security in Your World, 2e
Summary • Several difficulties in keeping computers and the information on them secure • Why information security is becoming more difficult • Speed and sophistication of attack • Vulnerabilities • User confusion • Information security protects integrity, confidentiality, and availability of information Security Awareness: Applying Practical Security in Your World, 2e
Summary (continued) • Information security has its own set of terminology • Preventing theft of information • Most important reason for protecting data • Hacker • Possesses advanced computer skills • Basic principles for creating a secure environment • Layering, limiting, diversity • Obscurity, and simplicity Security Awareness: Applying Practical Security in Your World, 2e