Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 4.  Can technology alone provide the best security for your organization?

Published byJared Thompson Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 4.  Can technology alone provide the best security for your organization?"— Presentation transcript:

1 Chapter 4

2  Can technology alone provide the best security for your organization?

3  Your organization can have the best and the latest technology to provide security. But, if that technology is not used properly or ignored, then your organization is at risk.  The biggest threat for your organization is from internal sources.  People (Employees, Custodians, Consultants etc.) are the biggest security threat to an organization’s security.

4  The users often pick something easy for them to remember, which means that the more you know about the user, the better your chances of discovering their passwords.

5  Password Dilemma - The more difficult we make it for attackers to guess our passwords, and the more frequently we force password changes, the more difficult the passwords are for authorized uses to remember and the more likely they are to write them down.

6  Piggybacking – is the simple tactic of following closely behind a person who has just used their own access card or PIN to gain physical access to a room or a building.

7  Shoulder Surfing – is a similar procedure in which attackers position themselves in such a way as to be able to observe the authorized user entering the correct access code.

8  Dumpster Diving – is the process of going through (searching) the target’s trash cans/ bins in order to find little bits of information that could be useful for a potential attack.

9  System administrators should restrict the normal users from installing unnecessary hardware and software.  Software’s such as communication tools (messenger's and VOIP clients) and games should not be installed on your computer without the knowledge of the system administrator.

10  When a normal user installs unauthorized software or hardware, he is setting up a backdoor.  Backdoor – Backdoors are avenues that can be used to access a system while circumventing normal security mechanisms.

11  If any unauthorized person can gain physical access to a faculty, chances are very good that enough information has been collected to plan a potential attack, or carry out any unlawful activity.  Common method used to prevent unauthorized access is the use of identification badge/ card (id cards).  Problems with identification badge ◦ Easy to forge ◦ Often neglected or ignored

12  How do you prevent genuine employees from planning an attack or collecting sensitive information?  Examples ◦ Consultants ◦ Business Partners ◦ Janitorial and security staff

13  Social Engineering – is a technique in which the attacker uses various deceptive practices to obtain information they would normally not be privilege to, or to convince the target of the attack to do something they normally wouldn't. Attacker Target Attacker contacts the Target

14  Reverse Social Engineering – in this technique, the attacker hopes to convince the target to initiate the contact. Attacker Target Target contacts the Attacker

15  Social Engineering and Reverse Social Engineering are very common when the organization is going through some significant changes. ◦ Deployment of new software and hardware ◦ When two companies merge

16  Employees/ People can be the biggest threat to the organization’s security, but, they can also be the best tool in defending against social engineering, reverse social engineering and other security breaches and break-ins.  Organization can implement stringent policies and procedure that establishes the roles and responsibilities for all the employees within an organization.

17  Providing periodic security awareness and training programs to all the employees is the single most important step any organization can take to prevent against any attacks, especially social engineering and reverse social engineering.  Employees should know the importance of information and also, they should know what kind of information is sensitive to their organization.

Download ppt "Chapter 4.  Can technology alone provide the best security for your organization?"

Similar presentations

1 Identification Who are you? How do I know you are who you say you are?

1 Identification Who are you? How do I know you are who you say you are?
Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,

Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
Social Engineering – Threats & Concerns Avisek Ghosh, CISA CISSP Sr. Manager – Corporate Security Cognizant Technology Solutions.

Social Engineering – Threats & Concerns Avisek Ghosh, CISA CISSP Sr. Manager – Corporate Security Cognizant Technology Solutions.
Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.

Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
BUSINESS PLUG-IN B6 Information Security.

BUSINESS PLUG-IN B6 Information Security.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Security Controls – What Works

Security Controls – What Works
CSA 223 network and web security Chapter one

CSA 223 network and web security Chapter one
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
The Art of Deception - Controlling Human Element of Security - Shohei Hagiwara November 17th, 2009.

The Art of Deception - Controlling Human Element of Security - Shohei Hagiwara November 17th, 2009.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Information Networking Security and Assurance Lab National Chung Cheng University COUNTER HACK Chapter 5 Reconnaissance Information Networking Security.

Information Networking Security and Assurance Lab National Chung Cheng University COUNTER HACK Chapter 5 Reconnaissance Information Networking Security.
Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.

Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.
Hacking and Network Defense. Introduction  With the media attention covering security breaches at even the most tightly controlled organization, it is.

Hacking and Network Defense. Introduction  With the media attention covering security breaches at even the most tightly controlled organization, it is.
Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”

Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”

Similar presentations

Ads by Google