Download presentation
Presentation is loading. Please wait.
Published byKimberly Gilbert Modified over 9 years ago
1
Thursday, April 3, 2008 Presenters: Dr. Tom Cupples, EdD, CISSP, MCSE Dr. Craig Klimczak, DVM, MS
2
Security Terms 101 The Security Forecast ◦ Technology Risks ◦ Personnel Risks The Threat to Higher Education Tools for Coping Thursday, April 3, 2008
3
Threat – potential cause of an unwanted event which could cause damage to an asset Vulnerability – weakness of an asset that can be exploited by a threat Impact – a measure of the effect of an event Risk – the combination of the likelihood of an event and its potential impact Control – means of managing risk – can be administrative, technical, managerial, or legal in nature Reference - http://www.iso27001security.com/Top_information_security_risks_for_2008.pdf Thursday, April 3, 2008
4
VoIP Professional Attack Toolkits Virtualization Online gaming Vista Storm Worms Pump and Dump Social Networking Sites Online applications Phishing Reference - http://www.crn.com/security/203600054?queryText=top+10+risks+2008 Thursday, April 3, 2008
5
Browser vulnerabilities Botnets Targeted Phishing VoIP/Mobile Devices Insider Attacks Persistent Bots Spyware Web Applications Blended Phishing with VoIP & Event Phishing Supply chain attacks Reference - http://www.sans.org/top20/ Thursday, April 3, 2008
6
Web 2.0 Botnets Instant Malware Online Gaming Vista Adware Targeted Phishing Parasitic Malware Virtualization VoIP Reference - http://www.mcafee.com/us/local_content/white_papers/threat_center/wp_avert_predictions_2008.pdf Thursday, April 3, 2008
7
Botnets Malware Online Gaming Social Networking Sites Key Dates of Opportunity Web 2.0 Vista Mobile Devices Reference - http://www.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97702 Thursday, April 3, 2008
8
Bot Evolution Election Campaigns Mobile Platforms Spam Evolution Virtual Worlds Reference - http://www.symantec.com/about/news/resources/press_kits/detail.jsp?pkid=endofyear Thursday, April 3, 2008
9
VoIP/Mobile Devices & Platforms Professional Attack Toolkits Virtualization & Vista Online & Web-based Applications Browser Vulnerabilities Botnets & Persistent Bots & Bot Evolution Spyware Supply Chain Attacks Web 2.0 Instant Malware, Parasitic Malware & Adware Thursday, April 3, 2008
10
Online Gaming Storm Worms Pump and Dump Social Networking Sites Event, Targeted, & Blended Phishing Insider Attacks Key Dates of Opportunity & Election Campaigns Virtual Worlds Thursday, April 3, 2008
11
Web Applications Social Engineering Cyber Terrorism Communications Human Error/Lack of Training Crisis Management Strong Passwords/ID Protection Networks (Physical-Wireless, Logical-Social) Identity Life Cycle Management PCI Standard for Payment Acceptance Thursday, April 3, 2008
12
Microsoft (http://www.microsoft.com/downloads/detail s.aspx?familyid=E9C4BFAA-AF88-4AA5- 88D4-0DEA898C31B9&displaylang=en)http://www.microsoft.com/downloads/detail s.aspx?familyid=E9C4BFAA-AF88-4AA5- 88D4-0DEA898C31B9&displaylang=en Sun Microsystems (http://www.javapassion.com/j2ee/WebSecuri tyThreats.pdf)http://www.javapassion.com/j2ee/WebSecuri tyThreats.pdf Thursday, April 3, 2008
13
Education Policy Development Procedure Development & Personnel Training Monitoring Thursday, April 3, 2008
14
Federal Bureau of Investigation (http://www.fbi.gov/)http://www.fbi.gov/ Law Enforcement Training Site (http://www.counterterrorismtraining.gov/pu bs/02.html)http://www.counterterrorismtraining.gov/pu bs/02.html Department of Homeland Security (http://www.dhs.gov/index.shtm)http://www.dhs.gov/index.shtm Thursday, April 3, 2008
15
International Telecommunications Union (http://www.itu.int/net/home/index.aspx)http://www.itu.int/net/home/index.aspx Federal Communications Commission (http://www.fcc.gov/pshs/)http://www.fcc.gov/pshs/ National Institute of Standards and Technology (http://csrc.nist.gov/)http://csrc.nist.gov/ Thursday, April 3, 2008
16
Education Policy Development Procedure Development & Personnel Training Monitoring Thursday, April 3, 2008
17
Missouri Department of Homeland Security (http://www.dps.mo.gov/HomelandSecurity/)http://www.dps.mo.gov/HomelandSecurity/ Missouri Campus Security Task Force (http://www.dps.mo.gov/CampusSafety/inde x.htm)http://www.dps.mo.gov/CampusSafety/inde x.htm FEMA (http://www.fema.gov)http://www.fema.gov Local Law Enforcement Thursday, April 3, 2008
18
Microsoft “How-to” (http://www.microsoft.com/protect/yourself/password/cr eate.mspx)http://www.microsoft.com/protect/yourself/password/cr eate.mspx Microsoft ‘Password Checker” (http://www.microsoft.com/protect/yourself/password/ch ecker.mspx)http://www.microsoft.com/protect/yourself/password/ch ecker.mspx Microsoft - What is a Strong Password? (http://technet2.microsoft.com/windowsserver/en/library /d406b824-857c-4c2a-8de2- 9b7ecbfa6e511033.mspx?mfr=true)http://technet2.microsoft.com/windowsserver/en/library /d406b824-857c-4c2a-8de2- 9b7ecbfa6e511033.mspx?mfr=true SANS Tutorial (http://www.sans.org/reading_room/whitepapers/authenti cation/1636.php)http://www.sans.org/reading_room/whitepapers/authenti cation/1636.php Thursday, April 3, 2008
19
Use Encryption for ◦ Storing Usernames and Passwords ◦ Transmitting Usernames and Passwords ◦ Storing Files ◦ Transmitting files on a Local Area Network Virtual Private Network Intranet/Extranet Use two factor authentication when possible Enforce Strong Passwords Use Password Policies that require timely changes in passwords Thursday, April 3, 2008
20
◦ Microsoft (http://www.microsoft.com/windowsserver2003/te chnologies/idm/ilm.mspx)http://www.microsoft.com/windowsserver2003/te chnologies/idm/ilm.mspx ◦ Sun Microsystems (http://www.sun.com/storagetek/white- papers/identity_enabled_ilm.pdf)http://www.sun.com/storagetek/white- papers/identity_enabled_ilm.pdf Thursday, April 3, 2008
21
PCI Standard Website (http://www.pcistandard.com/home.html)http://www.pcistandard.com/home.html PCI Standard White Paper (https://www.pcisecuritystandards.org/pdfs/ pci_dss_v1-1.pdf)https://www.pcisecuritystandards.org/pdfs/ pci_dss_v1-1.pdf PCI Forum (http://www.pciforum.us/pci/)http://www.pciforum.us/pci/ Thursday, April 3, 2008
22
There is no guarantee of total security. The best that can be accomplished is managing the threats Know your enemy! Thursday, April 3, 2008
23
Dr. Tom Cupplestgcupples@stlcc.edutgcupples@stlcc.edu Dr. Craig Klimczakcklimczak@stlcc.educklimczak@stlcc.edu http://www.stlcc.edu Thursday, April 3, 2008
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.