Upload
others
View
23
Download
1
Embed Size (px)
Citation preview
Goals
• Explainthevarioustypesofthreatstothesecurityofinformation
• Discussthedifferentcategorizationsofsecuritytechnologiesandsolutions
• Explainpasswords,firewalls,biometrics,encryption,virusprotection,andwirelesssecurity
• Discussthemainpurposesandcontentofsecuritypolicies
• Identifyriskmanagementoptions
© 2016 rjerz.com2
IntroductiontoInformationSecurity
• FiveFactorsContributingtoVulnerability• Today’sinterconnected,interdependent,wirelesslynetworkedbusinessenvironment
• Smaller,faster,cheapercomputers &storagedevices
• Decreasingskillsnecessarytobeacomputerhacker
• Internationalorganizedcrimetakingovercybercrime
• Lackofmanagementsupport
© 2016 rjerz.com3
WhyWorryAboutSecurity
• Threatscanrenderasysteminoperative• Threatscanmakedataunavailable• Threatscansteal yourmoney• Threatscanchangedata• Threatscanmakeyoulessproductive
• Threatscancostmoney!
• Balance thecostofathreatversusthecostofprotection
© 2016 rjerz.com4
InformationSecurityThreats
• Unauthorized access• Virusesandmalware• Emailthreats• Accidentallossofdata
• Securitythreatscaninvolvebothpeople andequipment
© 2016 rjerz.com5
UnauthorizedAccess
• Lockedareasorequipment• UserIDsandpasswords• Encryption• Securitycards• Biometrics
© 2016 rjerz.com6
Biometrics
• Fingerprintrecognition• Facialrecognition• Iris/retinarecognition• DNArecognition• Odorrecognition• Earrecognition• Signaturerecognition
© 2016 rjerz.com7
Firewalls
• Computerorarouterthatcontrols,orrestrictsaccess inandoutoftheorganization’snetworks
• Cannotprotectanorganizationfromavirus
• Cannotpreventhackersfromexploitinganunsecuredcomputer
• Shouldbeimplementedatdifferentlocationsintheorganization
AfirewallarchitectureforDefenseinDepth
© 2016 rjerz.com8
VirusesandOtherMalware
• Virusesaresentouttofindanyvictimtheycan
• Linesofcodethatmakeupaviruscanbeembeddedintootherfiles
• Thesignatureofthevirusistheparticularbitpatternsthatcanberecognized,whichishowvirusdetectionsoftwareknowsyourcomputerhascontractedavirus
• Canbeactive orpassive
© 2016 rjerz.com9
Rick’sComputers
OlderDellPC• NortonAntivirus• Malwarebytes• SpybotSearch&Destroy
VirtualWindows7PC• Microsoft’sAntivirus
Macintosh• Nothing!
© 2016 rjerz.com10
EmailAttacks
• Emailbombing:Sendingalargeamountofemailsdesignedtodisruptnormalfunctioning
• Smurfing:Whenhackerssometimesuseaninnocent3rd partytosendafloodofmessagestoanintendedtarget
• Spoofing:Forgedsenderaddress• Phishing:Masqueradingasatrustworthyentity
© 2016 rjerz.com11
CarefullyWatchYourEmail!
• Theemailisaddressed toyouusingyouremailaccount info
• Theemaildoesnothaveapersonalized salutation
• Whenyouhoverthemouseoverthehyperlink, thesitedoesnotseemtobefromthepropercompany
• Whenyouhoverthemouseoverthehyperlink, thesiteseemstobelocatedinanother country
• Theemailmakesyoufeelyourresponse isurgentorsomething badisgoingtohappen.
© 2016 rjerz.com12
AccidentalLossofData
• Haveagoodfilingsystem• Thinkabouttheftandfraud• Passwordprotectorencryptimportantinformation
• Backupyoursystemandfiles
• Becarefulaboutputtingdataon:• Cellphone• USBdrives• CDsandDVDs
© 2016 rjerz.com13
WirelessSecurity
• Bestprotectionforwirelessnetworksisencryption
• WEP,theWiredEquivalentPrivacyisanolderencryptionalgorithm,whichcanbeeasilycrackedwithinminutestoday
• WPA,theWi-FiProtectedAccess,isamorerecentandpowerfulencryptionalgorithmwidelyavailableinmostrouters
• Furtherprotectionforhomewirelessnetworksistodisablethebroadcastingofthenetwork’sID(SSID)
© 2016 rjerz.com14
YourWebServer
• Firewalls• Antivirus• WhitelistsandBlacklists• Encryption• VPN• SSL- SecureSocketLayer• EmployeeMonitoringSystems
• EmailSpam:
© 2016 rjerz.com15
RiskManagement
• Processofidentifying,assessingandprioritizingthesecurityrisksanorganizationmayface
• Analyzeandbalanceriskswiththeresourcesavailabletomitigatethem
• Managementdetermineswherethecompanywouldbemostvulnerableandhowlikelyitisthatariskwouldaffectit
© 2016 rjerz.com16