Presentation is loading. Please wait.

Presentation is loading. Please wait.

Richard Henson University of Worcester September 2016

Published byCharles Barrett Modified over 6 years ago

Similar presentations

Presentation on theme: "Richard Henson University of Worcester September 2016"— Presentation transcript:

1 Richard Henson University of Worcester September 2016
COMP3371 Cyber Security Richard Henson University of Worcester September 2016

2 By the end of this module you should be able to:
Analyse the information security issues and threats facing both users and information managers in organizations Identify methods, tools and techniques for combating security threats Demonstrate and understanding of methods used to protect a device, computer or network from malware and unauthorized access Review real-world security and/or forensics issues and synthesize appropriate solutions using a combination of technical and user controls

3 Week 1: Securing digital data in the hyperconnected world
Objectives: Explain the difference between “data” and information” Explain why Data Security has become so hard Know where to start in managing the security of digital information

4 Is it data… or information?
Kids stuff? the difference between the two is subtle but crucial. And it should be clearly understood… Exercise in pairs… discuss what is (a) similar (b) different about data and information give an example of digital data that could be categorised as (a) data and (b) information be prepared to explain why each can be categorised as such…

5 Data… or Information? All about context… Great confusion about this
if on its own…. just numbers & characters if linked to something else… really important information Great confusion about this certainly among mangers even among IT professionals…

6 Scenario Within the organisation/department a few bytes sent may be “just data” employees may not see it as personal or sensitive relaxed attitude? Outsider… still just data? e.g. taken via a wireless link With help from an internal “informer”… The data has context! It becomes information

7 How Valuable is Data? (1) Data breach
an external agency… gets organisational data… without permission If what is compromised remains just “data”, perhaps a breach is not so serious… data is worthless without context

8 How Valuable is Data? (2) However… If the data becomes information…
it will have value… maybe a lot… breach could be very serious indeed Examples: rival organisation gets corporate information … then uses it to undermine the hacked organisation hacker accesses customer personal information (e.g. Ashley Madison) and threatens to leak it…

9 How much is Data worth? Well, how much is the organisation worth… ?
classically based on physical assets & trading BUT… data or information not physical… classical model therefore out of date!? What is the value of e.g company database?

10 Black Market Value… Information has intrinsic value
e.g. personal data record - if contextualised, becomes “personal information” worth e.g. £50 on the black market? e.g. spreadsheet, confidential memo could become financial or corporate information may be worth a lot more than £50… By contrast, data only has potential value just add context, though… and…

11 Keeping Data Secure If data can easily become information, it needs to be kept safe… Prime concern for all organisations! take special care of any digital data of importance could be contextualised to become information…

12 Information Security and Organisations
Nothing new! always kept information… important to the extent that the organisation IS its information loss of vital data could therefore be curtains for the organisation!!! information kept very secure… in fireproof, lockable, filing cabinets

13 Nowadays, usually held digitally
Until 1980s, always held in expensive, secure computer areas well-paid experts looked at computer operations completely beyond scope of an SME! Then came the PC… the network… the portable storage device… and… public access to the Internet!

14 Navigating data round the Internet
Over 1 biilion Internet servers!

15 Users, Users Everywhere!
2 billion!

16 Mission Impossible? another group exercise coming up…

17 Data Security? Digital Security? Information Security? Cyber Security?
Matters relating to digital stuff referred to by organisations as “data security” regarded as an IT matter “Information Security” also takes account of contextualisation & human factors 2009 on… became Cyber Security woke up to “cyber threats…”

18 Group Exercise Define: Which would be the best to use with
Data Security Information Security Cyber security Digital Security Which would be the best to use with small businesses (SMEs) <250 employees larger organisations?

19 Users: E-commerce from home…
Principles of good data management not just about business computing… computer at home connected to the Internet… (!) family members sharing the computer/home network could get hold of each other’s information All much, much more important when a whole organisation’s data is being managed…

20 Information Security: Technology & Management
Basic problem… technology is useless if people won’t stick to procedures procedures are equally useless if the technology can’t detect intrusions or prevent them

21 A Company like Yours? sk/articles/cyber-video-companies-like- yours.html Watch carefully… how do the hackers get in…? and then wreak havoc…?

22 Client-Server Networks
Most organisations have their own centrally controlled network access to files and applications on the network should be carefully controlled the network manager does the controlling! A taste of this, in the practical seminar… Next week… Malvern “cyber day”… Bus leaves at 9.15 am, Thursday 6th Oct

Download ppt "Richard Henson University of Worcester September 2016"

Similar presentations

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,

Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,
Information Security Decision- Making Tool What kind of data do I have and how do I protect it appropriately? Continue Information Security decision making.

Information Security Decision- Making Tool What kind of data do I have and how do I protect it appropriately? Continue Information Security decision making.
TITLE : E-SAFETY NAME : ABDUL HAFIQ ISKANDAR BIN ROZLAN PROGRAM : SR221 NO.STUDENT : 2011390663.

TITLE : E-SAFETY NAME : ABDUL HAFIQ ISKANDAR BIN ROZLAN PROGRAM : SR221 NO.STUDENT :
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
AtomPark Software is founded in 2001. The head office is located in Saint-Petersburg, Russia. Company is officially registered in the United States. AtomPark.

AtomPark Software is founded in The head office is located in Saint-Petersburg, Russia. Company is officially registered in the United States. AtomPark.
DATA COMMUNICATION. Data Communication Data communication is the transmission of data from one location to the other. Data can be sent in two ways: directly.

DATA COMMUNICATION. Data Communication Data communication is the transmission of data from one location to the other. Data can be sent in two ways: directly.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Year 9 Autumn Assessment Computer system/Information security-Planning, Communicating, Information. By Louis Smith-Lassey 9k 9Y1.

Year 9 Autumn Assessment Computer system/Information security-Planning, Communicating, Information. By Louis Smith-Lassey 9k 9Y1.
CLOUD COMPUTING Overview on cloud computing. Cloud vendors. Cloud computing is a type of internet based computing where we use a network of remote servers.

CLOUD COMPUTING Overview on cloud computing. Cloud vendors. Cloud computing is a type of internet based computing where we use a network of remote servers.
COMP1321 Networks in Organisations Richard Henson March 2014.

COMP1321 Networks in Organisations Richard Henson March 2014.
Prepared by Dept. of Information Technology & Telecommunications, November 19, 2015 Application Security Business Risk and Data Protection Gregory Neuhaus.

Prepared by Dept. of Information Technology & Telecommunications, November 19, 2015 Application Security Business Risk and Data Protection Gregory Neuhaus.
COMP1321 Digital Infrastructure Richard Henson University of Worcester December 2012.

COMP1321 Digital Infrastructure Richard Henson University of Worcester December 2012.
Topic 5: Basic Security.

Topic 5: Basic Security.
COMP3371 Cyber Security Richard Henson University of Worcester September 2015.

COMP3371 Cyber Security Richard Henson University of Worcester September 2015.
I NTRODUCTION TO N ETWORK A DMINISTRATION. W HAT IS A N ETWORK ? A network is a group of computers connected to each other to share information. Networks.

I NTRODUCTION TO N ETWORK A DMINISTRATION. W HAT IS A N ETWORK ? A network is a group of computers connected to each other to share information. Networks.
Introduction TO Network Administration

Introduction TO Network Administration
Computer Security By Duncan Hall.

Computer Security By Duncan Hall.

Similar presentations

Ads by Google