Presentation is loading. Please wait.

Presentation is loading. Please wait.

Thursday, April 3, 2008 Presenters: Dr. Tom Cupples, EdD, CISSP, MCSE Dr. Craig Klimczak, DVM, MS.

Published byKimberly Gilbert Modified over 9 years ago

Similar presentations

Presentation on theme: "Thursday, April 3, 2008 Presenters: Dr. Tom Cupples, EdD, CISSP, MCSE Dr. Craig Klimczak, DVM, MS."— Presentation transcript:

1 Thursday, April 3, 2008 Presenters: Dr. Tom Cupples, EdD, CISSP, MCSE Dr. Craig Klimczak, DVM, MS

2  Security Terms 101  The Security Forecast ◦ Technology Risks ◦ Personnel Risks  The Threat to Higher Education  Tools for Coping Thursday, April 3, 2008

3  Threat – potential cause of an unwanted event which could cause damage to an asset  Vulnerability – weakness of an asset that can be exploited by a threat  Impact – a measure of the effect of an event  Risk – the combination of the likelihood of an event and its potential impact  Control – means of managing risk – can be administrative, technical, managerial, or legal in nature Reference - http://www.iso27001security.com/Top_information_security_risks_for_2008.pdf Thursday, April 3, 2008

4  VoIP  Professional Attack Toolkits  Virtualization  Online gaming  Vista  Storm Worms  Pump and Dump  Social Networking Sites  Online applications  Phishing Reference - http://www.crn.com/security/203600054?queryText=top+10+risks+2008 Thursday, April 3, 2008

5  Browser vulnerabilities  Botnets  Targeted Phishing  VoIP/Mobile Devices  Insider Attacks  Persistent Bots  Spyware  Web Applications  Blended Phishing with VoIP & Event Phishing  Supply chain attacks Reference - http://www.sans.org/top20/ Thursday, April 3, 2008

6  Web 2.0  Botnets  Instant Malware  Online Gaming  Vista  Adware  Targeted Phishing  Parasitic Malware  Virtualization  VoIP Reference - http://www.mcafee.com/us/local_content/white_papers/threat_center/wp_avert_predictions_2008.pdf Thursday, April 3, 2008

7  Botnets  Malware  Online Gaming  Social Networking Sites  Key Dates of Opportunity  Web 2.0  Vista  Mobile Devices Reference - http://www.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97702 Thursday, April 3, 2008

8  Bot Evolution  Election Campaigns  Mobile Platforms  Spam Evolution  Virtual Worlds Reference - http://www.symantec.com/about/news/resources/press_kits/detail.jsp?pkid=endofyear Thursday, April 3, 2008

9  VoIP/Mobile Devices & Platforms  Professional Attack Toolkits  Virtualization & Vista  Online & Web-based Applications  Browser Vulnerabilities  Botnets & Persistent Bots & Bot Evolution  Spyware  Supply Chain Attacks  Web 2.0  Instant Malware, Parasitic Malware & Adware Thursday, April 3, 2008

10  Online Gaming  Storm Worms  Pump and Dump  Social Networking Sites  Event, Targeted, & Blended Phishing  Insider Attacks  Key Dates of Opportunity & Election Campaigns  Virtual Worlds Thursday, April 3, 2008

11  Web Applications  Social Engineering  Cyber Terrorism  Communications  Human Error/Lack of Training  Crisis Management  Strong Passwords/ID Protection  Networks (Physical-Wireless, Logical-Social)  Identity Life Cycle Management  PCI Standard for Payment Acceptance Thursday, April 3, 2008

12  Microsoft (http://www.microsoft.com/downloads/detail s.aspx?familyid=E9C4BFAA-AF88-4AA5- 88D4-0DEA898C31B9&displaylang=en)http://www.microsoft.com/downloads/detail s.aspx?familyid=E9C4BFAA-AF88-4AA5- 88D4-0DEA898C31B9&displaylang=en  Sun Microsystems (http://www.javapassion.com/j2ee/WebSecuri tyThreats.pdf)http://www.javapassion.com/j2ee/WebSecuri tyThreats.pdf Thursday, April 3, 2008

13  Education  Policy Development  Procedure Development & Personnel Training  Monitoring Thursday, April 3, 2008

14  Federal Bureau of Investigation (http://www.fbi.gov/)http://www.fbi.gov/  Law Enforcement Training Site (http://www.counterterrorismtraining.gov/pu bs/02.html)http://www.counterterrorismtraining.gov/pu bs/02.html  Department of Homeland Security (http://www.dhs.gov/index.shtm)http://www.dhs.gov/index.shtm Thursday, April 3, 2008

15  International Telecommunications Union (http://www.itu.int/net/home/index.aspx)http://www.itu.int/net/home/index.aspx  Federal Communications Commission (http://www.fcc.gov/pshs/)http://www.fcc.gov/pshs/  National Institute of Standards and Technology (http://csrc.nist.gov/)http://csrc.nist.gov/ Thursday, April 3, 2008

16  Education  Policy Development  Procedure Development & Personnel Training  Monitoring Thursday, April 3, 2008

17  Missouri Department of Homeland Security (http://www.dps.mo.gov/HomelandSecurity/)http://www.dps.mo.gov/HomelandSecurity/  Missouri Campus Security Task Force (http://www.dps.mo.gov/CampusSafety/inde x.htm)http://www.dps.mo.gov/CampusSafety/inde x.htm  FEMA (http://www.fema.gov)http://www.fema.gov  Local Law Enforcement Thursday, April 3, 2008

18  Microsoft “How-to” (http://www.microsoft.com/protect/yourself/password/cr eate.mspx)http://www.microsoft.com/protect/yourself/password/cr eate.mspx  Microsoft ‘Password Checker” (http://www.microsoft.com/protect/yourself/password/ch ecker.mspx)http://www.microsoft.com/protect/yourself/password/ch ecker.mspx  Microsoft - What is a Strong Password? (http://technet2.microsoft.com/windowsserver/en/library /d406b824-857c-4c2a-8de2- 9b7ecbfa6e511033.mspx?mfr=true)http://technet2.microsoft.com/windowsserver/en/library /d406b824-857c-4c2a-8de2- 9b7ecbfa6e511033.mspx?mfr=true  SANS Tutorial (http://www.sans.org/reading_room/whitepapers/authenti cation/1636.php)http://www.sans.org/reading_room/whitepapers/authenti cation/1636.php Thursday, April 3, 2008

19  Use Encryption for ◦ Storing Usernames and Passwords ◦ Transmitting Usernames and Passwords ◦ Storing Files ◦ Transmitting files on a  Local Area Network  Virtual Private Network  Intranet/Extranet  Use two factor authentication when possible  Enforce Strong Passwords  Use Password Policies that require timely changes in passwords Thursday, April 3, 2008

20 ◦ Microsoft (http://www.microsoft.com/windowsserver2003/te chnologies/idm/ilm.mspx)http://www.microsoft.com/windowsserver2003/te chnologies/idm/ilm.mspx ◦ Sun Microsystems (http://www.sun.com/storagetek/white- papers/identity_enabled_ilm.pdf)http://www.sun.com/storagetek/white- papers/identity_enabled_ilm.pdf Thursday, April 3, 2008

21  PCI Standard Website (http://www.pcistandard.com/home.html)http://www.pcistandard.com/home.html  PCI Standard White Paper (https://www.pcisecuritystandards.org/pdfs/ pci_dss_v1-1.pdf)https://www.pcisecuritystandards.org/pdfs/ pci_dss_v1-1.pdf  PCI Forum (http://www.pciforum.us/pci/)http://www.pciforum.us/pci/ Thursday, April 3, 2008

22  There is no guarantee of total security.  The best that can be accomplished is managing the threats  Know your enemy! Thursday, April 3, 2008

23 Dr. Tom Cupplestgcupples@stlcc.edutgcupples@stlcc.edu Dr. Craig Klimczakcklimczak@stlcc.educklimczak@stlcc.edu http://www.stlcc.edu Thursday, April 3, 2008

Download ppt "Thursday, April 3, 2008 Presenters: Dr. Tom Cupples, EdD, CISSP, MCSE Dr. Craig Klimczak, DVM, MS."

Similar presentations

Its a new digital world with new digital dangers….

Its a new digital world with new digital dangers….
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
What is Insider Threat? “Potential damage to the interests of an organization by a person(s) who is regarded, falsely, as loyally working for or on behalf.

What is Insider Threat? “Potential damage to the interests of an organization by a person(s) who is regarded, falsely, as loyally working for or on behalf.
A Security Analysis of Two Commercial Browser and Cloud Based Password Managers Rui Zhao 1, Chuan Yue 1, Kun Sun 2 University of Colorado Colorado Springs.

A Security Analysis of Two Commercial Browser and Cloud Based Password Managers Rui Zhao 1, Chuan Yue 1, Kun Sun 2 University of Colorado Colorado Springs.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
LittleOrange Internet Security an Endpoint Security Appliance.

LittleOrange Internet Security an Endpoint Security Appliance.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
CJ © 2011 Cengage Learning Chapter 17 Cyber Crime and The Future of Criminal Justice.

CJ © 2011 Cengage Learning Chapter 17 Cyber Crime and The Future of Criminal Justice.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.

Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
First Community Bank www.fcbnm.com Prevx Safe Online Rollout & Best Practice Presentation.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
Internet Safety CSA 105 1.0 September 21, 2010. Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
Steering Committee CSRIC Working Group 2A Cyber Security Best Practices October 7, 2010.

Steering Committee CSRIC Working Group 2A Cyber Security Best Practices October 7, 2010.
Securing Information Systems

Securing Information Systems

Similar presentations

Ads by Google