Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.

Published byVerity Blankenship Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security."— Presentation transcript:

1 Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security

2 Objectives Define security and list the three basic goals of security Explain why information security is important List the six categories of individuals who break into computers

3 Security Awareness: Applying Practical Security in Your World 3 Objectives (continued) Describe the types of attacks on computers that can occur Explain how to safeguard a system Explain the big picture in information security

4 Security Awareness: Applying Practical Security in Your World 4 Introduction to Security Security  A state of freedom from a danger or risk Information security  Process of protecting a computer (or network of computers) from harmful attacks Three basic goals of information security: IntegrityConfidentiality Availability

5 Security Awareness: Applying Practical Security in Your World 5 Three Goals of Information Security Integrity Data correct and unaltered Confidentiality Data only accessible to authorized parties Availability Authorized users allowed immediate access to the data Main goal: MINIMIZE RISKS

6 Security Awareness: Applying Practical Security in Your World 6 Why Information Security Is Important Prevent Data Theft Single largest cause of financial loss due to a security breach Thefts most commonly include proprietary business information Industrial espionage Individuals can also suffer from data theft

7 Security Awareness: Applying Practical Security in Your World 7 Why Information Security Is Important (continued) Protect Intellectual Property Illegal copying or distribution deprives creator or owner of compensation for their work (See Figure 1-1 and 1-2) Electronic formats easy and cheap to copy Digital rights management (DRM) technologies Digital watermarksPhysical copy protection Software keysActivation code

8 Security Awareness: Applying Practical Security in Your World 8 Protect Intellectual Property Figure 1-1

9 Security Awareness: Applying Practical Security in Your World 9 Protect Intellectual Property (continued) Figure 1-2

10 Security Awareness: Applying Practical Security in Your World 10 Why Information Security Is Important (continued) Thwart Identity Theft About 3.4% of Americans have been victims of identity theft Average 609 hours and $1500 out-of-pocket expenses to repair damage

11 Security Awareness: Applying Practical Security in Your World 11 Why Information Security Is Important (continued) Avoid Legal Consequences—federal and state laws include: HIPAA Sarbox GLBA USA Patriot Act COPPA California Database Security Breach Act

12 Security Awareness: Applying Practical Security in Your World 12 Why Information Security Is Important (continued) Foil Cyberterrorism Cyberterrorism  Attacks by terrorist group(s) using computer technology Can damage or disable electronic and commercial infrastructure Most targets are not government-owned or operated: security procedures difficult to prescribe and enforce

13 Security Awareness: Applying Practical Security in Your World 13 Why Information Security Is Important (continued) Maintain Productivity Resources diverted for “clean-up” activities (See Table 1-1) Spam: unsolicited e-mail messages cost time Viruses and worms can be attached

14 Security Awareness: Applying Practical Security in Your World 14 Attacker Profiles Hackers Crackers Script kiddies Spies Employees Cyberterrorists

15 Security Awareness: Applying Practical Security in Your World 15 How Attackers Attack Social Engineering Trickery and deceit used rather than technical skill Difficult to defend against because it relies on human nature and not on computer systems Strongest defense: Strict company policies

16 Security Awareness: Applying Practical Security in Your World 16 How Attackers Attack (continued) Scanning  Locating a vulnerable computer to break into Port scanning War driving (See Figure 1-3)

17 Security Awareness: Applying Practical Security in Your World 17 How Attackers Attack (continued) Sniffing  Listening to and analyzing traffic on a network Requires access to the wired network (or information about the wireless network) and special software Sniffing output can reveal passwords and usernames

18 Security Awareness: Applying Practical Security in Your World 18 How Attackers Attack (continued)

19 Security Awareness: Applying Practical Security in Your World 19 How Attackers Attack (continued) Software Vulnerabilities  “Bugs” are errors in the programming code or logic of a computer program Buffer overflow (See Figures 1-5 and 1-6) is one of the preferred attack methods for virus authors

20 Security Awareness: Applying Practical Security in Your World 20 How Attackers Attack (continued)

21 Security Awareness: Applying Practical Security in Your World 21 How Attackers Attack (continued) Malicious Code Virus Attaches to other programs Spreads by exchanging files or e-mail (See Table 1-3)

22 Security Awareness: Applying Practical Security in Your World 22 How Attackers Attack (continued) Malicious Code (continued) Worm Similar in nature, but different from viruses: Worms can travel alone Self-executing Logic Bombs Computer programs triggered by specific events

23 Security Awareness: Applying Practical Security in Your World 23 How Attackers Attack (continued) Spyware  Hardware or software that spies on what the user is doing without their knowledge Keystroke logger (See Figure 1-7) Software that records and reports user activities

24 Security Awareness: Applying Practical Security in Your World 24 How Attackers Attack (continued)

25 Security Awareness: Applying Practical Security in Your World 25 Safeguarding a System Identifying, Analyzing and Controlling Risks Risk management  Systematic process of identifying, analyzing and controlling risks Risk assessment  Process of evaluating risks

26 Security Awareness: Applying Practical Security in Your World 26 Safeguarding a System (continued) Authentication, Access Control, and Accounting Restricting who can use the resource and what they are allowed to do Authentication  Verifies, confirms and validates the person requesting access to a resource Access Control  Limits what an authorized user can do Accounting  Provides a historical record (audit trail)

27 Security Awareness: Applying Practical Security in Your World 27 Safeguarding a System (continued) Formalized Security Policy  Tying it all together Outlines the importance of security to the organization Establishes Policy’s goals How the security program is organized Who is responsible at various levels Sketches out details

28 Security Awareness: Applying Practical Security in Your World 28 Information Security: The Big Picture Data at the center Layered protection around it: PRODUCTS PEOPLE PROCEDURES

29 Security Awareness: Applying Practical Security in Your World 29 Summary Security is a state of freedom from a danger or a risk. Information security protects the equipment and information stored on it. There are three basic goals of information security: Integrity Confidentiality Availability of data

30 Security Awareness: Applying Practical Security in Your World 30 Summary (continued) Reasons why information security is important: Protect data from theft Prevent loss of productivity Curb theft of intellectual property Ensure compliance with law and avoid legal consequences Thwart personal identity theft Counter cyberterrorism

31 Security Awareness: Applying Practical Security in Your World 31 Summary (continued) Six categories of attackers—all have different motives: Hackers Crackers Script kiddies Spies Employees Cyberterrorists

32 Security Awareness: Applying Practical Security in Your World 32 Summary (continued) Five categories of attacks: Social engineering Scanning and sniffing Software vulnerabilities Malicious code Spyware

33 Security Awareness: Applying Practical Security in Your World 33 Summary (continued) Three steps to securing a system: Risk management— Identify bad things that can happen to it Authentication, access control and accounting— Restrict who can legitimately use it Security policy— Plan of action tying it all together

Download ppt "Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security."

Similar presentations

Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
COMP6005 An Introduction to Computing Session One: An Introduction to Computing Security Issues.

COMP6005 An Introduction to Computing Session One: An Introduction to Computing Security Issues.
Class 11: Information Systems Ethics and Crime MIS 2101: Management Information Systems Based on material from Information Systems Today: Managing in the.

Class 11: Information Systems Ethics and Crime MIS 2101: Management Information Systems Based on material from Information Systems Today: Managing in the.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.

About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 1 Introduction to Security.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 1 Introduction to Security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Risks, Controls and Security Measures

Risks, Controls and Security Measures
Chapter 1 Introduction to Security

Chapter 1 Introduction to Security
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.

Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Threats and Attacks Principles of Information Security, 2nd Edition

Threats and Attacks Principles of Information Security, 2nd Edition

Similar presentations

Ads by Google