Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cory Bowers Harold Gray Brian Schneider Data Security.

Published byAda Glenn Modified over 8 years ago

Similar presentations

Presentation on theme: "Cory Bowers Harold Gray Brian Schneider Data Security."— Presentation transcript:

1 Cory Bowers Harold Gray Brian Schneider Data Security

2 Security Security is all about trust in protection and authenticity No matter how much you patch or secure your systems, weakest link in security chain is the natural human willingness to accept someone at their own word

3 Why? Hacker’s motivation: Pride Commit fraud Identity Theft Espionage Disrupt Administrator’s motivation: Protect company data Protect resources Protect company reputation

4 Threats Social Engineering Manipulating people to get access to confidential data Malware Worms Trojan Horses Rootkits Keylogger

5 Social Engineering Physical By Phone – call up a company and gradually get information Dumpster Diving – phone books, org charts, calendars, old paperwork, internal technical documentation, old hardware Online – most users use the same password, exploit through phishing sites and spam Psychological Impersonation – repairman, IT support, manager, trusted third party Ingratiation – using a position of power to get somebody to perform an unauthorized action Conformity – everybody else has given us this info, Diffusion of responsibility – alleviate the stress on the employee Friendliness – most people want to help, just have to be believable Reverse Social Engineering – sabotage, advertising, and assisting Kevin Mitnick – most famous, raised the issue of computer security in the US

6 Malware Worms – actively transmits itself over a network to infect other computers, possibly carrying a malicious payload Virus – a piece of software that infects a piece of software through a security hole allowing itself to run malicious code or propogate Trojan Horses – a piece of malware that masquerades as a good piece of software, but has a harmful payload, opens a backdoor to the system usually Rootkits – help malicious programs avoid detection on the system Keylogger – monitor user keystrokes and report them back to attacker

7 Good Security Policies Applicable to any variable inside of a system including hardware, software and people We are familiar with the practice of good policies in regard to hardware and software, but the policy of people within the system is most important.

8 Simple common policy Complex passwords Don’t share passwords Don’t write passwords down

9 Policy for paper documents First, what are you going to allow your employees to print? Where are they stored in between usage? ‘Who’ can take ‘what’, ‘where’? Time to shred? Who is responsible? Should the policy require in-house shredding or is it acceptable to transport the documents first? What degree of shredding is necessary? Is the policy the same for all documents?

10 Human Policy The human policy can apply to every aspect such as cameras, access cards, restricted area access, physical access to machines, direct physical access to certain machines, etc… On a basic level, policy helps prevent negligence Email attachments/USB drives/”Screensavers”/lost corporate devices Beyond that, a user can be educated to a policy that would help the system defend against social engineering

11 [Virtual] Protection Standard network protection, password protection, etc… Select which data is worth backing up and how often. Protection policies must be aware of budgets! Make offline (separate) copies Encrypt those copies

12 [Real] Protection Physical data threats Vandalism Theft Natural Disaster Fire/Water/Climate Control Power surge/Lightning EMP Terrorism

13 Backups Housing for the backups must be secure. In instances where a system is backed up to a remote location, part of the policy is to keep the location secret. Some mediums degrade over time and became unreliable Rewriteable mediums degrade relative to use

14 Tools to prevent unauthorized physical access: various physical identifications systems cameras alarms logging of physical access

15 Reasons for destroying data Data Remanence Tendency of data to remain on the medium after deletion Removal of equipment Might donate old equipment to charities, other organizations

16 Proper ways to delete data Deletion ‘Soft’ delete by marking files for deletion OS generally keeps file in holding area for easy recover if user made a mistake When deletion is confirmed, the file’s entry is just removed from the file system. Reasons not to do it Even after deletion, the data is still there. Can be recovered through file recovery utilities Can also be retrieved by reading disk sectors directly. Sterilization

17 Involves complete destruction of data Clearing Writing over deleted files with dummy data. Typically all 0’s, but patterns of alternating 1’s and 0’s are better. Can only be used on media that can be rewritten Purging Destruction of the magnetic domains of the media by exposure to a strong magnetic field. For high security application, specially made degaussers are used. Destroying Done via disintegration, pulverization, melting, incineration, or shredding. Ultimately, the only way to assure destruction of data.

18 Destroying optical or other media Optical Disks Cannot be deleted, cleared, or purged. Must be destroyed. Must be shredded via a crosscut shredder, burned, or pulverized. Magnetic Disks May have any of the above done, based on importance of data being destroyed. Equipment If applicable, may be cleared or purged, but can always be destroyed. Paper Shredding via a crosscut shredder Size varies by importance of paperwork Disintegration into pulp by water and a fine screen.

Download ppt "Cory Bowers Harold Gray Brian Schneider Data Security."

Similar presentations

Chapter 1 - 1 ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.

Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
POSSIBLE THREATS TO DATA

POSSIBLE THREATS TO DATA
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.

1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.
Computer Ethics Ms. Scales. Computer Ethics Ethics  the right thing to do Acceptable Use Policy  A set of rules and guidelines that are set up to regulate.

Computer Ethics Ms. Scales. Computer Ethics Ethics  the right thing to do Acceptable Use Policy  A set of rules and guidelines that are set up to regulate.
Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Social Engineering Networks Reid Chapman Ciaran Hannigan.

Social Engineering Networks Reid Chapman Ciaran Hannigan.
Computer Viruses.

Computer Viruses.
Defining Security Issues Chapter 8. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a.

Defining Security Issues Chapter 8. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”

Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”
Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.
Course ILT Security Unit objectives Configure operating system and file system security Install a fingerprint scanner and card reader Manage the human.

Course ILT Security Unit objectives Configure operating system and file system security Install a fingerprint scanner and card reader Manage the human.

Similar presentations

Ads by Google