Presentation is loading. Please wait.

Presentation is loading. Please wait.

SECURITY EVALUATION OF AN ORGANIZATION TA Md Morshedul Islam.

Similar presentations


Presentation on theme: "SECURITY EVALUATION OF AN ORGANIZATION TA Md Morshedul Islam."— Presentation transcript:

1 SECURITY EVALUATION OF AN ORGANIZATION TA Md Morshedul Islam

2 Process of Security Evaluation Identify the security goal Perform a threat assessment Do a security analysis

3 Identify the security goal It directly related with integrity, confidentiality and availability of the resources(assets) Assents of an organization: Hardware: computer system, data storage, data communication devices Software: Operating system, application program Data: file, database, password file Communication and network facility: Local communication, global communication, router and so on

4 Identify the security goal Security goal of U of C- 1. Student’s point of view: Keep result private (confidentiality) No one can alter or temper my assignment(integrity) I like to see my result from my home (availability) ………………………………………….. 2. TA’s point of view: Instructor’s point of view …………………………………………… In Administrator points of view All are related with- 1.Confidentiality 2.Integrity 3.Availability

5 Perform a threat assessment What is threat?: In computer security a threat is a possible danger that might exploit a vulnerability to breach security and thus cause possible harm. Example: Vulnerability: A weakness of system’s design, implementation or operation that could be exploited to violate the system policy and increase risk. Example: System Policy: Risk:

6 Perform a threat assessment We need t find out the answer of those following question- Whom am I trying to protect against?(adversary) How they motivated?(curiosity, revenge, financial gain) What capability and adversary have? (tool, skill, knowledge, etc.) What threat might I face?

7 Security analysis What kind of attack is possible? Active attack: : Denial-of-service attack, Spoofing, Network: Man in the middle, ARP poisoning, Ping flood, Ping of death, Smurf attack Host: Buffer overflow, Heap overflow,Stack overflow,Format string attack Passive attack: Passive Network : wiretapping, Port scanner, Idle scan Origin of the attack Inside attack Outside attack

8 Security, Access & Accounts of UofC Latest Threats & Vulnerabilities Information Security Policies Anti-Virus Protection Access Management Security Awareness Program Systems Security Security Advisories Vulnerability Assessment Program SecurID More Details

9 Information Security Awareness Program of UofC

10 Some Observation….. Select a password for your system and then justify your selection. What can you do to protect your laptop? How to identify a pirated software? How can you avoid spam? Give an example of identity theft. Give some examples of Malware. Which kind of information is highly confidential for UofC? What kind of the social networking technique you can use to know the id of your classmate? What is the most potential threat to your smart phone? Consider, some of your resources are in security risk. What kind of initiative you have to take to protect them?


Download ppt "SECURITY EVALUATION OF AN ORGANIZATION TA Md Morshedul Islam."

Similar presentations


Ads by Google