Presentation is loading. Please wait.

Presentation is loading. Please wait.

Anderson School of Management University of New Mexico.

Published byAlvin Curtis Modified over 8 years ago

Similar presentations

Presentation on theme: "Anderson School of Management University of New Mexico."— Presentation transcript:

1 Anderson School of Management University of New Mexico

2 Trade offs in information security. Finding the balance between efficiency and effectiveness.

3 Introduction What is information security? Why is information security important today? Does information security only apply to organizations? The history and evolution of information security.

4 History WWII – need for communication code breaking 1960’s – ARPANET program developed 1970’s & 80’s – development of MUTLICS and the microprocessor 1990’s – Rise of the internet 2000 to Present – the internet now dominates every aspect of daily life

5 What is Information Security? Information security is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction. Information security is the ongoing process of defending and maintaining our information system as individuals and organizations.

6 What is Information Security? Information security ensures: Integrity Availability Accessibility Utility Confidentiality

7 Information System Hardware – routers, computers, servers, etc Software – programs & operating system Network – LAN, WAN, Internet, etc Data – stored, processed, communicated People Policy and procedures

8 What are we defending our information system from? Threats and Attacks!! Deliberate software attacks –Malicious code, viruses, worms, Trojan horses, etc Deviations in quality of service – denial of service attack, Trespassing/Espionage - hackers Forces of Nature – fire, flood, or any natural disaster Human error/sabotage/vandalism

9 Target Data Breach Up to 70 million individuals personal information was stolen Names, address, phone numbers, credit card numbers Malicious software on system Extended credit monitoring and identity theft protection to all guests

10 NSA Data Breach Snowden accessed unauthorized data Released confidential information Internal breach – lack of policy and procedures, maybe poor oversight

11 Anonymous Hacking Group Attacks governments, businesses, non profits and anybody on their agenda Denial service attacks Stolen data Lost revenues, reputation implications, service disruption, national security etc

12 Recent Threat and Attack Against APD By Anonymous Hacktivist group Anonymous had stated that they were going to attack APD’s online presence. Denial of Service Attack (shutting down their site for a few hours) Planned it for Sunday night (the least busy night)

13 Stole data, high ranking APD official’s home addresses and released to public Incited protestors to take to the streets

14

15 Small Scale Attack

16

17 Survey Results Many had learned something about information security Most realize the importance of keeping passwords secure Many realize that there are online predators looking to get information and are good about not giving it out.

18 Speed VS Security

19 Network only as strong as its weakest link

20 Password Security

21 How are these machines used by Police in the field

22 BCSO Bernalillo County Sherriff's Office –What systems are they using? –What security measures are in place? –Are they achieving their information security goals? –What do users think of the measures? –Can they do something different?

23 Deputies are Dispatched to calls through these machines The internal GPS relays their coordinates to dispatchers as well as giving them directions to calls Run plates through governmental sites Looking up individuals to see if they have outstanding warrants Write reports

24 What Security is in place Saved passwords to log onto a machine Verizon air card placed in a secure tunnel Dual authentication key generator Secure Virtual Private Network (VPN) Login to separate applications using other passwords Automatic logout times

25 Drawbacks Login time (3-5 min) The amount of passwords With so many passwords, some can be forgotten Long login process can lead to accidentally messing up in process and locking the user out Frustrated users

26 Thoughts? What do you think? Is it too much security, not enough?

27 Security Need Ability to see location of deputies and other first responders in live time Ability to access entire country’s network Mobility of laptop increases threat of unauthorized access due to theft or loss State and Federal guidelines require minimum security standards

28 Achieving the balance It is the job of everyone involved in information security to determine the trade offs Weigh the pros and cons and evaluate the importance of each The users and the system need to be evaluated together, to ensure that thorough analysis occurs. Should not evaluate separately.

29 Large Scale Attack

30

31 Pop Quiz (5 Questions)

Download ppt "Anderson School of Management University of New Mexico."

Similar presentations

CS5038 The Electronic Society

CS5038 The Electronic Society
Laptop Security in the current IT world W3 group.

Laptop Security in the current IT world W3 group.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Using Your Knowledge – Security Threats

Using Your Knowledge – Security Threats
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Computer Security 1 Keeping your computer safe. Computer Security 1 Computer Security 1 includes two lessons:  Lesson 1: An overview of computer security.

Computer Security 1 Keeping your computer safe. Computer Security 1 Computer Security 1 includes two lessons:  Lesson 1: An overview of computer security.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Protecting ICT Systems

Protecting ICT Systems
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.

CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.

Similar presentations

Ads by Google