Presentation is loading. Please wait.

Presentation is loading. Please wait.

Thursday, April 3, 2008 Presenters: Dr. Tom Cupples, EdD, CISSP, MCSE Dr. Craig Klimczak, DVM, MS.

Similar presentations


Presentation on theme: "Thursday, April 3, 2008 Presenters: Dr. Tom Cupples, EdD, CISSP, MCSE Dr. Craig Klimczak, DVM, MS."— Presentation transcript:

1 Thursday, April 3, 2008 Presenters: Dr. Tom Cupples, EdD, CISSP, MCSE Dr. Craig Klimczak, DVM, MS

2  Security Terms 101  The Security Forecast ◦ Technology Risks ◦ Personnel Risks  The Threat to Higher Education  Tools for Coping Thursday, April 3, 2008

3  Threat – potential cause of an unwanted event which could cause damage to an asset  Vulnerability – weakness of an asset that can be exploited by a threat  Impact – a measure of the effect of an event  Risk – the combination of the likelihood of an event and its potential impact  Control – means of managing risk – can be administrative, technical, managerial, or legal in nature Reference - Thursday, April 3, 2008

4  VoIP  Professional Attack Toolkits  Virtualization  Online gaming  Vista  Storm Worms  Pump and Dump  Social Networking Sites  Online applications  Phishing Reference - Thursday, April 3, 2008

5  Browser vulnerabilities  Botnets  Targeted Phishing  VoIP/Mobile Devices  Insider Attacks  Persistent Bots  Spyware  Web Applications  Blended Phishing with VoIP & Event Phishing  Supply chain attacks Reference - Thursday, April 3, 2008

6  Web 2.0  Botnets  Instant Malware  Online Gaming  Vista  Adware  Targeted Phishing  Parasitic Malware  Virtualization  VoIP Reference - Thursday, April 3, 2008

7  Botnets  Malware  Online Gaming  Social Networking Sites  Key Dates of Opportunity  Web 2.0  Vista  Mobile Devices Reference - Thursday, April 3, 2008

8  Bot Evolution  Election Campaigns  Mobile Platforms  Spam Evolution  Virtual Worlds Reference - Thursday, April 3, 2008

9  VoIP/Mobile Devices & Platforms  Professional Attack Toolkits  Virtualization & Vista  Online & Web-based Applications  Browser Vulnerabilities  Botnets & Persistent Bots & Bot Evolution  Spyware  Supply Chain Attacks  Web 2.0  Instant Malware, Parasitic Malware & Adware Thursday, April 3, 2008

10  Online Gaming  Storm Worms  Pump and Dump  Social Networking Sites  Event, Targeted, & Blended Phishing  Insider Attacks  Key Dates of Opportunity & Election Campaigns  Virtual Worlds Thursday, April 3, 2008

11  Web Applications  Social Engineering  Cyber Terrorism  Communications  Human Error/Lack of Training  Crisis Management  Strong Passwords/ID Protection  Networks (Physical-Wireless, Logical-Social)  Identity Life Cycle Management  PCI Standard for Payment Acceptance Thursday, April 3, 2008

12  Microsoft (http://www.microsoft.com/downloads/detail s.aspx?familyid=E9C4BFAA-AF88-4AA5- 88D4-0DEA898C31B9&displaylang=en)http://www.microsoft.com/downloads/detail s.aspx?familyid=E9C4BFAA-AF88-4AA5- 88D4-0DEA898C31B9&displaylang=en  Sun Microsystems (http://www.javapassion.com/j2ee/WebSecuri tyThreats.pdf)http://www.javapassion.com/j2ee/WebSecuri tyThreats.pdf Thursday, April 3, 2008

13  Education  Policy Development  Procedure Development & Personnel Training  Monitoring Thursday, April 3, 2008

14  Federal Bureau of Investigation (http://www.fbi.gov/)http://www.fbi.gov/  Law Enforcement Training Site (http://www.counterterrorismtraining.gov/pu bs/02.html)http://www.counterterrorismtraining.gov/pu bs/02.html  Department of Homeland Security (http://www.dhs.gov/index.shtm)http://www.dhs.gov/index.shtm Thursday, April 3, 2008

15  International Telecommunications Union (http://www.itu.int/net/home/index.aspx)http://www.itu.int/net/home/index.aspx  Federal Communications Commission (http://www.fcc.gov/pshs/)http://www.fcc.gov/pshs/  National Institute of Standards and Technology (http://csrc.nist.gov/)http://csrc.nist.gov/ Thursday, April 3, 2008

16  Education  Policy Development  Procedure Development & Personnel Training  Monitoring Thursday, April 3, 2008

17  Missouri Department of Homeland Security (http://www.dps.mo.gov/HomelandSecurity/)http://www.dps.mo.gov/HomelandSecurity/  Missouri Campus Security Task Force (http://www.dps.mo.gov/CampusSafety/inde x.htm)http://www.dps.mo.gov/CampusSafety/inde x.htm  FEMA (http://www.fema.gov)http://www.fema.gov  Local Law Enforcement Thursday, April 3, 2008

18  Microsoft “How-to” (http://www.microsoft.com/protect/yourself/password/cr eate.mspx)http://www.microsoft.com/protect/yourself/password/cr eate.mspx  Microsoft ‘Password Checker” (http://www.microsoft.com/protect/yourself/password/ch ecker.mspx)http://www.microsoft.com/protect/yourself/password/ch ecker.mspx  Microsoft - What is a Strong Password? (http://technet2.microsoft.com/windowsserver/en/library /d406b c-4c2a-8de2- 9b7ecbfa6e mspx?mfr=true)http://technet2.microsoft.com/windowsserver/en/library /d406b c-4c2a-8de2- 9b7ecbfa6e mspx?mfr=true  SANS Tutorial (http://www.sans.org/reading_room/whitepapers/authenti cation/1636.php)http://www.sans.org/reading_room/whitepapers/authenti cation/1636.php Thursday, April 3, 2008

19  Use Encryption for ◦ Storing Usernames and Passwords ◦ Transmitting Usernames and Passwords ◦ Storing Files ◦ Transmitting files on a  Local Area Network  Virtual Private Network  Intranet/Extranet  Use two factor authentication when possible  Enforce Strong Passwords  Use Password Policies that require timely changes in passwords Thursday, April 3, 2008

20 ◦ Microsoft (http://www.microsoft.com/windowsserver2003/te chnologies/idm/ilm.mspx)http://www.microsoft.com/windowsserver2003/te chnologies/idm/ilm.mspx ◦ Sun Microsystems (http://www.sun.com/storagetek/white- papers/identity_enabled_ilm.pdf)http://www.sun.com/storagetek/white- papers/identity_enabled_ilm.pdf Thursday, April 3, 2008

21  PCI Standard Website (http://www.pcistandard.com/home.html)http://www.pcistandard.com/home.html  PCI Standard White Paper (https://www.pcisecuritystandards.org/pdfs/ pci_dss_v1-1.pdf)https://www.pcisecuritystandards.org/pdfs/ pci_dss_v1-1.pdf  PCI Forum (http://www.pciforum.us/pci/)http://www.pciforum.us/pci/ Thursday, April 3, 2008

22  There is no guarantee of total security.  The best that can be accomplished is managing the threats  Know your enemy! Thursday, April 3, 2008

23 Dr. Tom Dr. Craig Thursday, April 3, 2008


Download ppt "Thursday, April 3, 2008 Presenters: Dr. Tom Cupples, EdD, CISSP, MCSE Dr. Craig Klimczak, DVM, MS."

Similar presentations


Ads by Google