Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Security Awareness

Published byBernadette Tyler Modified over 6 years ago

Similar presentations

Presentation on theme: "Cyber Security Awareness"— Presentation transcript:

1 Cyber Security Awareness
Why people are of No 1 importance… HIDE / UNHIDE SLIDES 4/5/6 and 10/11: 4 and 10 are aimed at USERS 5, 6 and 11 are aimed at PROGRAMMER CERN Computer Security Team (2008) L. Cons, S. Lopienski, S. Lüders, D. Myers “Protecting Office Computing, Computing Services, GRID & Controls”

2 Security is not a synonym for safety.
About Security Security is not a synonym for safety. Security is a system property (not a feature). Security is a permanent process (not a product). Security is difficult to achieve, and only to 100%-ε: Complexity of systems & code No metrics to measure “security” No testing methods, proving that a system is “secure” (“phase-space problem”) Security is as high as the weakest link: Defender needs to protect against all possible attacks (currently known, and those yet to be discovered) Attacker chooses the time, place, method

3 The Learning Curve A defaced web-page…
“If your kid just got the driving-license, you might wish for a ‘small’ accident, so it is aware of the risks, and drives with care.” Oops !!??? …a user listing…

4 Protect your Assets ! Everyone can upload whatever…
Configuration well doc’d in Google… Control who can do/access what: Have your PC centrally/IT managed ( free patching, firewalling, anti-virus) DON’T use administrator rights except when really needed (the “rule of least privilege”) Control published information This is the slide for USERS.

5 Who owns the consequences ?
Can you allow for: Loss of resources… Loss of data… Loss of functionality… Loss of control… Loss of reputation… This boils down to CHF €€ ££ $$ ¥¥ !! Are you prepared to take the full responsibility ? Are you in the hierarchical position to really take it ?

6 Security risks are everywhere !!!
Hacked oscilloscope (running Win XP SP2) Lack of input validation & sanitization Confidential data on CVS, Wiki, Savannah… Free passwords on Google: What about you?

7 Be Vigilant & Stay Alert !!!
addresses can easily be faked ! Stop “Phishing” attacks: No legitimate person will EVER ask for your credentials ! Do not trust your web browser !

8 Do not trust your web browser !
What links to ebay.com ? %2e%31%33%38%2e%31%33%37%2e%31%37%37/p?uh3f223d co_partnerid=2&usage=0&ru=http%3A%2F%2Fwww.ebay.com&rafId=0 &encRafId=default The answers are not obvious even for IT professionals !

9 General Computing at CERN
The operational circular #5 defines the rules for the use of CERN computing facilities. Personal use is tolerated or allowed provided: Frequency and duration is limited and resources used are minimal Activity is not illegal, political, commercial, inappropriate, offensive, detrimental to official duties Restricted personal use: Applications known to cause security and/or network problems e.g. IRC, P2P (eDonkey, BitTorrent, …) see Respect confidentiality and copyrights Illegal or pirated data (software, music, video, etc.) is not permitted

10 The time has come to face the problem NOW ! Do you want to act
Summary Security is a system property and can be achieved to 100%-ε. YOU are responsible for securing your service(s) (i.e. ε): As user, developer, system expert or administrator As a project manager or line manager Therefore: Provide funding and resources Close vulnerabilities: prevent incidents from happening Check access rights and stick to the principle of least privileges Review your configuration & coding practices Be vigilant and stay alert ! The Computer Security Team can provide assistance. The time has come to face the problem NOW ! Do you want to act BEFORE or AFTER the incident ?

11 More Information… http://cern.ch/security Computer.Security@cern.ch
Pierre Charrue (AB), Vittorio Remondino (AT), Peter Jurcso (DSU), Flavio Costa (FI), Catharina Hoch (HR), David Myers (IT), Joel Closier (PH), Gustavo Segura (SC), Timo Hakulinen (TS) Peter Chochula (ALICE), Giuseppe Mornacchi (ATLAS), Eric Cano (CMS), Gerhart Mallot (COMPASS), Niko Neufeld (LHCb), Alberto Gianoli (NA48), Technical-Network Administrator (TN) CERN Computing Rules OC#5, subsidiary service rules & Computer Security information: Please report incidents to: Security contacts (Departments): Security contacts (Experiments):

Download ppt "Cyber Security Awareness"

Similar presentations

3 rd Control System Cyber-Security Workshop A Summary of this year’s meeting Dr. Stefan Lüders (CERN Computer Security Officer) with contributions from.

3 rd Control System Cyber-Security Workshop A Summary of this year’s meeting Dr. Stefan Lüders (CERN Computer Security Officer) with contributions from.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
IST346: Information Ethics. Ethics  Ethics are the principles of conduct that govern a group of people.  Ethics are not morals.  Morals are the proclamation.

IST346: Information Ethics. Ethics  Ethics are the principles of conduct that govern a group of people.  Ethics are not morals.  Morals are the proclamation.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.

Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Reliability & Desirability of Data

Reliability & Desirability of Data
Presented by: Dr. Munam Ali Shah

Presented by: Dr. Munam Ali Shah
ARE YOU BEING SAFE? What you need to know about technology safety Shenea Haynes Digital Citizenship Project ED 505.

ARE YOU BEING SAFE? What you need to know about technology safety Shenea Haynes Digital Citizenship Project ED 505.
Information Security Awareness Training. Why Information Security? Information is a valuable asset for all kinds of business More and more information.

Information Security Awareness Training. Why Information Security? Information is a valuable asset for all kinds of business More and more information.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
Introduction to Computer Security PA Turnpike Commission.

Introduction to Computer Security PA Turnpike Commission.
1 CERN’s Computer Security Challenges Denise Heagerty CERN Computer Security Officer Openlab Security Workshop, 27 Apr 2004.

1 CERN’s Computer Security Challenges Denise Heagerty CERN Computer Security Officer Openlab Security Workshop, 27 Apr 2004.
Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.

Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
Use of CERN’s Computing Facilities Why is security important? What are the rules? HR Induction Programme.

Use of CERN’s Computing Facilities Why is security important? What are the rules? HR Induction Programme.
Cyber Security Awareness Why people are of N o 1 importance… CERN Computer Security Team (2009) L. Cons, S. Lopienski, S. Lüders, D. Myers “Protecting.

Cyber Security Awareness Why people are of N o 1 importance… CERN Computer Security Team (2009) L. Cons, S. Lopienski, S. Lüders, D. Myers “Protecting.
Operational Circular No 5 Use of CERN Computing Facilities.

Operational Circular No 5 Use of CERN Computing Facilities.
Security and Web Programming/Design. cell phones bio-facilities Sodas, junk food, and coffee Welcome to the No Smoking State.

Security and Web Programming/Design. cell phones bio-facilities Sodas, junk food, and coffee Welcome to the No Smoking State.
Problems to Overcome Implementation Issues at CERN Dr. Stefan Lüders (CERN Computer Security Officer) (CS) 2 /HEP Workshop, Kobe (Japan) October 11th 2009.

Problems to Overcome Implementation Issues at CERN Dr. Stefan Lüders (CERN Computer Security Officer) (CS) 2 /HEP Workshop, Kobe (Japan) October 11th 2009.

Similar presentations

Ads by Google