Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Mindset Lesson Introduction Why is cyber security important?

Published byBeverly Riley Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Mindset Lesson Introduction Why is cyber security important?"— Presentation transcript:

1 Security Mindset Lesson Introduction Why is cyber security important?
How do we understand cyber security? What needs to be done to address cyber security?

2 Why Cyber Security? We worry about security when...
...we have something of value and there is a risk it could be harmed.

3 Why Cyber Security? Individuals store a lot of sensitive data online
if stolen, criminals can profit from it Societies rely on the internet nefarious parties could profit by controlling it

4 Why Cyber Security? Smart Grids rely on cyber systems
whoever controls the grid controls the community infrastructure Business and government proprietary information is often stored on the internet unauthorized access could be economically or politically disasterous

5 Security Impact Quiz Home Depot Facebook Ebay Apple JP Morgan Chase
Each of these organizations suffered data breaches of more than 30,000 records. Check the companies that you have patronized: Home Depot Facebook Ebay Apple JP Morgan Chase Snapchat Anthem Target Twitter UPS Mozilla Nintendo

6 Cyber Assets at Risk How do we understand the risk to our online information and systems? We need to develop a security mindset What is the security mindset? Threats, vulnerabilities and attacks

7 Cyber Assets at Risk Threat source: who wants to do harm to us in our online lives Hacktivists: activists who do not like something you are or something you do. Cybercriminals: want to profit from our sensitive data for financial gain. Nation-states: Countries do it for political advantage or for espionage.

8 Vulnerabilities and Attacks
threat actors exploit vulnerabilities to launch attacks attacks lead to compromises or security breaches vulnerabilities can be found in software, networks, and humans.

9 Vulnerabilities and Attacks
Time to take a break!

10 Vulnerabilities and Attacks

11 Vulnerabilities and Attacks A few hours later...

12 Vulnerabilities and Attacks FAIL
Muahaha! FAIL

13 A Real World Example:

14 Black Market Prices Quiz
What is your hacked/stolen data worth on the Black Market (as of March 2015)? Enter dollar amounts in the boxes next to the data. 3 digit security code on your credit card Credit card information PayPal/Ebay account Health information 3-digit: $2 CC: $5-$45 Paypal: $27 Health: $10

15 Sony Pictures Quiz The threat source was:
With regards to the “The Interview” (2014) related hack, answer the following questions. Put the number of the correct answer in the box next to the question: The threat source was: [1] cybercriminals, [2] Hacktivists, or [3] Nation-State Goal of the attack was: [1] Monetize stolen information, [2] Stop Sony from releasing the movie “interview”), [3] Extort money from Sony What did the attack accomplish: [1] Disclosed sensitive data, [2] Destroyed Sony computers

16 Revisiting Threats, Vulnerabilities, Attacks, and Risk
Relationship of Key Cyber Security Concepts

17 What Should We do in Cyber Security?
Make threats go away (crime should not pay) Reduce vulnerabilities Strive to meet security requirements of sensitive information: Confidentiality Integrity Availability Other consequences (stuxnet, physical) CIA (not the intelligence agency)

18 What should the Good Guys Do?
Prevention Detection Response Recovery and remediation Policy (what) vs. mechanism (how)

19 How Do We Address Cyber Security?
Reduce vulnerabilities by following basic design principles for secure systems: Complexity is the enemy (economy of mechanism) Fail-safe defaults Complete mediation Open Design Least Privilege Psychological acceptability ......

20 Mindset Quiz #1 What is the estimated value of world-wide losses due to cybercrime? Less than $10 Billion (US) Close to $500 Billion (US) Trillions of US Dollars

21 Mindset Quiz #2 Data breaches violate which of the following security requirements? Integrity Availability Confidentiality

22 Mindset Quiz #3 What security weakness was exploited to enable Stuxnet malware to compromise Iran's nuclear plan networks? Out of date anti-virus system Disloyal employees or poor judgment by humans Weak security controls, such as easy to guess passwords

23 Security Mindset Lesson Summary Cyber Security:
HUGE problem for people, governments, companies, etc Enhance the level of assurance of systems Security mindset requires we know: threats actors/motivations how they successfully attack

Download ppt "Security Mindset Lesson Introduction Why is cyber security important?"

Similar presentations

Introduction and Overview of Digital Crime and Digital Terrorism

Introduction and Overview of Digital Crime and Digital Terrorism
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.

STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
Cyber Crime Game Players By Marharyta Abreu & Iwona Sornat.

Cyber Crime Game Players By Marharyta Abreu & Iwona Sornat.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center.

Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center.
OWASP Principles for GIS Data Security Keeping your GIS data secure.

OWASP Principles for GIS Data Security Keeping your GIS data secure.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.

Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.

Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.

April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
TRACs Security Awareness FY2009 Office of Information Technology Security 1.

TRACs Security Awareness FY2009 Office of Information Technology Security 1.
Maritime Cyber Risks – What is real, what is fiction?

Maritime Cyber Risks – What is real, what is fiction?
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security.

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Fundamentals of Information Systems Security.
PART THREE E-commerce in Action Norton University E-commerce in Action.

PART THREE E-commerce in Action Norton University E-commerce in Action.

Similar presentations

Ads by Google