1 / 34

Security Awareness:  Applying Practical Security in Your World, Second Edition

Security Awareness:  Applying Practical Security in Your World, Second Edition. Chapter 1 Introduction to Security. Objectives. List the challenges of defending against attacks Explain why information security is important Describe the different types of attackers

senona
Download Presentation

Security Awareness:  Applying Practical Security in Your World, Second Edition

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Awareness:  Applying Practical Security in Your World, Second Edition Chapter 1 Introduction to Security

  2. Objectives • List the challenges of defending against attacks • Explain why information security is important • Describe the different types of attackers • List the general principles for defending against attacks Security Awareness: Applying Practical Security in Your World, 2e

  3. Challenges of Security • Last six months of 2004 • Organizations faced average of 13.6 attacks per day versus 10.6 the previous six months • During second quarter of 2005 • 422 Internet security vulnerabilities were discovered • During first six months of 2005 • Over 46.5 million Americans had their privacy breached Security Awareness: Applying Practical Security in Your World, 2e

  4. Security Awareness: Applying Practical Security in Your World, 2e

  5. Today’s Security Attacks • Department of Defense • Records over 60,000 attempted intrusions annually against their unclassified networks • Companies worldwide • Will spend almost $13 billion on computer security in 2005 • Number of Internet fraud complaints • Rose from 6,087 in 2000 to 48,252 in 2002 and 207,449 in 2004 Security Awareness: Applying Practical Security in Your World, 2e

  6. Security Awareness: Applying Practical Security in Your World, 2e

  7. Security Awareness: Applying Practical Security in Your World, 2e

  8. Difficulties in Defending Against Attackers • Why security is becoming increasingly difficult • Speed of attacks • Greater sophistication of attacks • Attackers detect weaknesses faster and can quickly exploit these vulnerabilities • Increasing number of zero day attacks • Distributed attacks • User confusion Security Awareness: Applying Practical Security in Your World, 2e

  9. Security Awareness: Applying Practical Security in Your World, 2e

  10. What is Information Security? • Information security • Describes task of guarding information that is in a digital format • Ensures that protective measures are properly implemented • Intended to protect information that has high value to people and organizations Security Awareness: Applying Practical Security in Your World, 2e

  11. Characteristics of Information • Confidentiality • Ensures that only authorized parties can view the information • Integrity • Ensures that information is correct • Availability • Secure computer must make data immediately available to authorized users Security Awareness: Applying Practical Security in Your World, 2e

  12. What is Information Security? (continued) • Information security • Protects the characteristics of information on • Devices that store, manipulate, and transmit information • Achieved through a combination of three entities • Proper use of products • People • Procedures Security Awareness: Applying Practical Security in Your World, 2e

  13. Security Awareness: Applying Practical Security in Your World, 2e

  14. Information Security Terminology • Asset • Something that has value • Threat • Event or object that may defeat the security measures in place and result in a loss • Threat agent • Person or thing that has power to carry out a threat Security Awareness: Applying Practical Security in Your World, 2e

  15. Information Security Terminology (continued) • Vulnerability • Weakness that allows threat agent to bypass security • Risk • Likelihood that threat agent will exploit a vulnerability Security Awareness: Applying Practical Security in Your World, 2e

  16. Security Awareness: Applying Practical Security in Your World, 2e

  17. Understanding the Importance of Information Security • Information security is important to businesses and individuals • Prevent data theft • Thwart identify theft • Avoid legal consequences of not securing information • Maintain productivity • Foil cyberterrorism Security Awareness: Applying Practical Security in Your World, 2e

  18. Preventing Data Theft • Security • Often associated with theft prevention • Data theft • Single largest cause of financial loss due to a security breach • Individuals can be victims Security Awareness: Applying Practical Security in Your World, 2e

  19. Thwarting Identity Theft • Identity theft • Involves using someone’s personal information to establish bank or credit card accounts • According to the Federal Trade Commission (FTC) • Number of identity theft victims increased 152% from 2002-2004 • Cost of identity theft for 2004 exceeded $52 billion • Age group that suffered the most identity theft • Adults 18-29 years of age Security Awareness: Applying Practical Security in Your World, 2e

  20. Avoiding Legal Consequences • The Health Insurance Portability and Accountability Act of 1996 (HIPAA) • Healthcare enterprises must guard protected health information • The Sarbanes-Oxley Act of 2002 (Sarbox) • Attempts to fight corporate corruption Security Awareness: Applying Practical Security in Your World, 2e

  21. Avoiding Legal Consequences (continued) • The Gramm-Leach-Bliley Act (GLBA) • Protects private data • USA Patriot Act of 2001 • Broadens surveillance of law enforcement agencies Security Awareness: Applying Practical Security in Your World, 2e

  22. Avoiding Legal Consequences (continued) • The California Database Security Breach Act of 2003 • Businesses should inform residents within 48 hours if breach of personal information occurs • Children’s Online Privacy Protection Act of 1998 (COPPA) • Web sites designed for children under 13 should obtain parental consent prior to the • Collection, use, disclosure, or display of child’s personal information Security Awareness: Applying Practical Security in Your World, 2e

  23. Maintaining Productivity • Computer Crime and Security Survey indicate that • Virus attacks alone cost more than $42 million • Spam • Unsolicited e-mail messages • Almost 230 million spam messages are sent each day (67% of total e-mail transmitted) Security Awareness: Applying Practical Security in Your World, 2e

  24. Security Awareness: Applying Practical Security in Your World, 2e

  25. Foiling Cyberterrorism • Cyberterrorism • Attacks by terrorist groups using computer technology and the Internet • Challenges • Many prime targets are not owned and managed by federal government Security Awareness: Applying Practical Security in Your World, 2e

  26. Who are the Attackers? • Hacker • Someone who attacks computers • Cracker • Person who violates system security with malicious intent • Script kiddies • Want to break into computers to create damage • Download automated hacking software (scripts) • Lack the technical skills of crackers Security Awareness: Applying Practical Security in Your World, 2e

  27. Who are the Attackers? (continued) • Spies • Hired to break into a computer and steal information • Thieves • Search for any unprotected computer and • Attempt to steal credit card numbers, banking passwords, or similar information • Employees • May want to show the company a security weakness Security Awareness: Applying Practical Security in Your World, 2e

  28. Cyberterrorists • May attack because of ideology • Goals of a cyberattack • To deface electronic information • To deny service to legitimate computer users • To commit unauthorized intrusions into systems and networks Security Awareness: Applying Practical Security in Your World, 2e

  29. Defending Against Attacks • Layering • Creates a barrier of multiple defenses that can be coordinated to thwart a variety of attacks • Limiting • Limiting access to information reduces the threat against it • Diversity • Breaching one security layer does not compromise the whole system Security Awareness: Applying Practical Security in Your World, 2e

  30. Defending Against Attacks (continued) • Obscurity • Avoiding clear patterns of behavior make attacks from the outside much more difficult • Simplicity • Creating a system that is simple from the inside but complex on the outside reaps a major benefit Security Awareness: Applying Practical Security in Your World, 2e

  31. Building a Comprehensive Security Strategy • Block attacks • If attacks are blocked by network security perimeter • Then attacker cannot reach personal computers on which data is stored • Security devices can be added to computer network • To block unauthorized or malicious traffic Security Awareness: Applying Practical Security in Your World, 2e

  32. Building a Comprehensive Security Strategy (continued) • Update defenses • Involves updating defensive hardware and software • Involves applying operating system patches on a regular basis • Minimize losses • May involve keeping backup copies of important data in a safe place • Send secure information • May involve “scrambling” data so that unauthorized eyes cannot read it Security Awareness: Applying Practical Security in Your World, 2e

  33. Summary • Several difficulties in keeping computers and the information on them secure • Why information security is becoming more difficult • Speed and sophistication of attack • Vulnerabilities • User confusion • Information security protects integrity, confidentiality, and availability of information Security Awareness: Applying Practical Security in Your World, 2e

  34. Summary (continued) • Information security has its own set of terminology • Preventing theft of information • Most important reason for protecting data • Hacker • Possesses advanced computer skills • Basic principles for creating a secure environment • Layering, limiting, diversity • Obscurity, and simplicity Security Awareness: Applying Practical Security in Your World, 2e

More Related