© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security.

Slides:



Advertisements
Similar presentations
© Peter Readings Data Leakage Pete Readings CISSP.
Advertisements

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
E-Commerce Security and Fraud Issues and Protections
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Managing Risk in Information Systems Lesson.
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Managing Risk in Information Systems Strategies for Mitigating Risk
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.
Discovering Computers 2010
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.
Securing Information Systems
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
SEC835 Database and Web application security Information Security Architecture.
Confidential On-line Banking Risks & Countermeasures By Vishal Salvi – CISO HDFC Bank IBA Banking Security Summit 2009.
Computer Crime and Information Technology Security
PART THREE E-commerce in Action Norton University E-commerce in Action.
What does “secure” mean? Protecting Valuables
Lesson 2- Protecting Yourself Online. Determine the strength of passwords Evaluate online threats Protect against malware/hacking Protect against identity.
Prepared by: Dinesh Bajracharya Nepal Security and Control.
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
C8- Securing Information Systems
Software Security Testing Vinay Srinivasan cell:
Security Mark A. Magumba. Definitions Security implies the minimization of threats and vulnerabilities A security threat is a harmful event or object.
What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.
Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Basic Security Networking for Home and Small Businesses – Chapter 8.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Topic 5: Basic Security.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
What is Spam? d min.
Chapter 6: Securing the Local Area Network
Security fundamentals Topic 1 Addressing security threats and vulnerabilities.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Security Mindset Lesson Introduction Why is cyber security important?
IS3220 Information Technology Infrastructure Security
Sources of Network Intrusion Security threats from network intruders can come from both internal and external sources.  External Threats - External threats.
Analysing s Michael Jones. Overview How works Types of crimes associated with Mitigations Countermeasures Michael Jones2Analsysing s.
Network security Vlasov Illia
CS457 Introduction to Information Security Systems
IT Security  .
Secure Software Confidentiality Integrity Data Security Authentication
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Page 1 Fundamentals of Information Systems.
Network security threats
Year 10 ICT ECDL/ICDL IT Security.
Home Internet Vulnerabilities
Unit 1.6 Systems security Lesson 2
Networking for Home and Small Businesses – Chapter 8
Cyber security and Computer Misuse
Unit 1 Fundamentals of IT
Networking for Home and Small Businesses – Chapter 8
Networking for Home and Small Businesses – Chapter 8
In the attack index…what number is your Company?
Presentation transcript:

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Fundamentals of Information Systems Security Lesson 3 Malicious Attacks, Threats, and Vulnerabilities

Page 2 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Page 2 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Learning Objective  Describe how malicious attacks, threats, and vulnerabilities impact an IT infrastructure.

Page 3 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Page 3 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Key Concepts  Attacks, threats, and vulnerabilities in a typical IT infrastructure  Common security countermeasures typically found in an IT infrastructure  Risk assessment approach to securing an IT infrastructure  Risk mitigation strategies to shrink the information security gap

Page 4 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Page 4 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. DISCOVER: CONCEPTS

Page 5 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Page 5 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Definitions Probability that an intentional or unintentional act will harm resources Risk Accidental or intentional event that negatively impacts company resources Threat Inherent weakness that may enable threats to harm system or networks Vulnerability

Page 6 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Page 6 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Types of Threats  Brute-force password attacks  Dictionary password attacks  IP address spoofing  Hijacking  Replay attacks  Man-in-the-middle attacks

Page 7 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Page 7 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Types of Threats  Masquerading  Social engineering  Phishing  Phreaking  Pharming

Page 8 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Page 8 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Types of Vulnerabilities Insecure servers or servicesExploitable applications and protocolsUnprotected system or network resourcesTraffic interception and eavesdropping Lack of preventive and protective measures against malware or automated attacks

Page 9 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Page 9 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Identify the Criminal Criminal Profile #1  Victimizes people through unsolicited messages to get victim’s money  Does not rely on intrusive methods to commit crimes  Is motivated by financial gain

Page 10 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Page 10 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Identify the Criminal (Continued) Criminal Profile #2  Enters systems without permission to raise awareness of security issues  Does not work for the company or its clients  Does not intend harm, just tries to be “helpful”  Is motivated by impulse

Page 11 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Page 11 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Identify the Criminal (Continued) Criminal Profile #3  Engages in illegal black market transactions on the Internet  Traffics drugs, weapons, or banned materials  Is motivated by financial gain

Page 12 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Page 12 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Identify the Criminal (Continued) Criminal Profile #4  Enters systems without permission to take advantage of security issues  Does not work for the company or its clients  Does not intend to help, only wants to cause harm  Is motivated by peer acceptance

Page 13 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Page 13 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Identify the Criminal (Continued) Criminal Profile #5  Intrudes upon systems to verify and validate security issues  Works for the company or one of its clients  Does not intend harm, just tries to be “helpful”

Page 14 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Page 14 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Summary  Threats are controllable.  Risks are manageable.  Vulnerabilities are unavoidable.  All of these negatively affect the C-I-A triad.  Not all threats are intentional.

Page 15 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Page 15 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Virtual Lab  Performing a Vulnerability Assessment

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.