Presentation is loading. Please wait.

Presentation is loading. Please wait.

SECURITY EVALUATION OF AN ORGANIZATION TA Md Morshedul Islam.

Published byMallory Rippon Modified over 9 years ago

Similar presentations

Presentation on theme: "SECURITY EVALUATION OF AN ORGANIZATION TA Md Morshedul Islam."— Presentation transcript:

1 SECURITY EVALUATION OF AN ORGANIZATION TA Md Morshedul Islam

2 Process of Security Evaluation Identify the security goal Perform a threat assessment Do a security analysis

3 Identify the security goal It directly related with integrity, confidentiality and availability of the resources(assets) Assents of an organization: Hardware: computer system, data storage, data communication devices Software: Operating system, application program Data: file, database, password file Communication and network facility: Local communication, global communication, router and so on

4 Identify the security goal Security goal of U of C- 1. Student’s point of view: Keep result private (confidentiality) No one can alter or temper my assignment(integrity) I like to see my result from my home (availability) ………………………………………….. 2. TA’s point of view: ----------------------------------------- 3. Instructor’s point of view ……………………………………………... 4. In Administrator points of view ------------------------------------------- All are related with- 1.Confidentiality 2.Integrity 3.Availability

5 Perform a threat assessment What is threat?: In computer security a threat is a possible danger that might exploit a vulnerability to breach security and thus cause possible harm. Example: Vulnerability: A weakness of system’s design, implementation or operation that could be exploited to violate the system policy and increase risk. Example: System Policy: Risk:

6 Perform a threat assessment We need t find out the answer of those following question- Whom am I trying to protect against?(adversary) How they motivated?(curiosity, revenge, financial gain) What capability and adversary have? (tool, skill, knowledge, etc.) What threat might I face?

7 Security analysis What kind of attack is possible? Active attack: : Denial-of-service attack, Spoofing, Network: Man in the middle, ARP poisoning, Ping flood, Ping of death, Smurf attack Host: Buffer overflow, Heap overflow,Stack overflow,Format string attack Passive attack: Passive Network : wiretapping, Port scanner, Idle scan Origin of the attack Inside attack Outside attack

8 Security, Access & Accounts of UofC Latest Threats & Vulnerabilities Information Security Policies Anti-Virus Protection Access Management Security Awareness Program Systems Security Security Advisories Vulnerability Assessment Program SecurID More Details

9 Information Security Awareness Program of UofC http://www.ucalgary.ca/it/infosecurity/awareness/posters

10 Some Observation….. Select a password for your system and then justify your selection. What can you do to protect your laptop? How to identify a pirated software? How can you avoid spam? Give an example of identity theft. Give some examples of Malware. Which kind of information is highly confidential for UofC? What kind of the social networking technique you can use to know the id of your classmate? What is the most potential threat to your smart phone? Consider, some of your resources are in security risk. What kind of initiative you have to take to protect them?

Download ppt "SECURITY EVALUATION OF AN ORGANIZATION TA Md Morshedul Islam."

Similar presentations

Security and Systems. Three tenets of security Confidentiality Integrity Availability.

Security and Systems. Three tenets of security Confidentiality Integrity Availability.
Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
Mr C Johnston ICT Teacher

Mr C Johnston ICT Teacher
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
1 Network Security Ola Flygt Växjö University +46 470 70 86 49.

1 Network Security Ola Flygt Växjö University
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Lesson 1-What Is Information Security?. Overview History of security. Security as a process.

Lesson 1-What Is Information Security?. Overview History of security. Security as a process.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.

Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Storage Security and Management: Security Framework

Storage Security and Management: Security Framework
BUSINESS B1 Information Security.

BUSINESS B1 Information Security.
By Hafez Barghouthi. Agenda Today Attack. Security policy. Measuring Security. Standard. Assest. Vulnerability. Threat. Risk and Risk Mitigation.

By Hafez Barghouthi. Agenda Today Attack. Security policy. Measuring Security. Standard. Assest. Vulnerability. Threat. Risk and Risk Mitigation.
What does “secure” mean? Protecting Valuables

What does “secure” mean? Protecting Valuables

Similar presentations

Ads by Google