Upload
imogene-nichols
View
216
Download
2
Embed Size (px)
Citation preview
Security and Assurance in IT organization
Name: Mai Hoang NguyenClass: INFO 609Professor: T. Rohm
Table of contents:Table of contents:
Attackers Classification of threats Defensive measures Security management framework Risk & incident management of Security
AttackersAttackers:
About 46% of companies and government agencies suffered security incident from 2007 until now.
Who are the attackers? + Thrill seekers who like the challenge of
defeating defense systems. + Other attackers who dislike their company and
intended to steal the company’s proprietary data, such as credit card numbers or other online payment.
Classification of threats:Classification of threats: Managers must understand the classification of threats: External Attacks: harm against computing infrastructure.
+E.g.: DoS-Denial of Service:
attackers send data packets
more rapidly than the target
machine can handle. Each
packet begins to be
authentic conversation
with the victim computer,
thus disable infrastructure
devices.
Classified threats:Classified threats:
Classification of threats:Classification of threats:
Intrusion: gain access to a company’s internal IT infrastructure by various methods. e.g. obtaining user names & passwords.
Intruders can use high-tech ways such as using “sniffer” software for LANs, or exploiting computer codes to gain access to systems.
Hackers can scan IP exploitable addresses to their master computer.
If a company does not know exactly about its system, customers & business partners will not trust security of data entrusted to the company.
Defensive Measures:Defensive Measures: To secure a company’s data, infrastructure
components, and reputation, managers must build 6 defenses:
1. Security Policies: related to people who has company account, passwords, security features,…
2. Firewalls: collection of software/hardware to prevent system assess
3. Authentication: host/network/data authentication to control assesses
4. Encryption: renders the e-transmission unreadable5. Patching and change management: change passwords regularly
or keep important data in computer’s files or “fingerprints”.6. Intrusion Detection and network monitoring: combine hardware
probes and software diagnostic system to help network administrators recognize when their infrastructure is under attack.
Network intrusion detection system:Network intrusion detection system:
Security management frame work:Security management frame work: Make Deliberate security decisions: Managers must not
allow public internet in company and educate themselves on security relation and decision.
Consider Security a Moving target: company must attack their own system and hire outside firm to audit, stay in source of CERT(Computer Emergency Response Team)
Practice Disciplined Management: for process changes Educate users: to understand the dangers of sharing
password and connection. Deploy Multilevel technical Measures: as may as needed
be. Use security at host & network levels.
Risk Management: Risk Management:
Managing before the incident: use sound infrastructure design, disciplined execution of operating procedure, careful documentation, established crisis management procedures and rehearsing incident response.
Managing during the incident: human decision makers have obstacles to deal with: confusion/denial/fear responses. Awareness of psychological traps helps decision makers to avoid them.
Managing after the incident: erase or rebuild parts of the infrastructure. Managers need to understand what incident happened, and connect with the company’s protecting entrusted information.