Security and Assurance in IT organization

Name: Mai Hoang NguyenClass: INFO 609Professor: T. Rohm

Table of contents:Table of contents:

Attackers Classification of threats Defensive measures Security management framework Risk & incident management of Security

AttackersAttackers:

About 46% of companies and government agencies suffered security incident from 2007 until now.

Who are the attackers? + Thrill seekers who like the challenge of

defeating defense systems. + Other attackers who dislike their company and

intended to steal the company’s proprietary data, such as credit card numbers or other online payment.

Classification of threats:Classification of threats: Managers must understand the classification of threats: External Attacks: harm against computing infrastructure.

+E.g.: DoS-Denial of Service:

attackers send data packets

more rapidly than the target

machine can handle. Each

packet begins to be

authentic conversation

with the victim computer,

thus disable infrastructure

devices.

Classified threats:Classified threats:

Classification of threats:Classification of threats:

Intrusion: gain access to a company’s internal IT infrastructure by various methods. e.g. obtaining user names & passwords.

Intruders can use high-tech ways such as using “sniffer” software for LANs, or exploiting computer codes to gain access to systems.

Hackers can scan IP exploitable addresses to their master computer.

If a company does not know exactly about its system, customers & business partners will not trust security of data entrusted to the company.

Defensive Measures:Defensive Measures: To secure a company’s data, infrastructure

components, and reputation, managers must build 6 defenses:

1. Security Policies: related to people who has company account, passwords, security features,…

2. Firewalls: collection of software/hardware to prevent system assess

3. Authentication: host/network/data authentication to control assesses

4. Encryption: renders the e-transmission unreadable5. Patching and change management: change passwords regularly

or keep important data in computer’s files or “fingerprints”.6. Intrusion Detection and network monitoring: combine hardware

probes and software diagnostic system to help network administrators recognize when their infrastructure is under attack.

Network intrusion detection system:Network intrusion detection system:

Security management frame work:Security management frame work: Make Deliberate security decisions: Managers must not

allow public internet in company and educate themselves on security relation and decision.

Consider Security a Moving target: company must attack their own system and hire outside firm to audit, stay in source of CERT(Computer Emergency Response Team)

Practice Disciplined Management: for process changes Educate users: to understand the dangers of sharing

password and connection. Deploy Multilevel technical Measures: as may as needed

be. Use security at host & network levels.

Risk Management: Risk Management:

Managing before the incident: use sound infrastructure design, disciplined execution of operating procedure, careful documentation, established crisis management procedures and rehearsing incident response.

Managing during the incident: human decision makers have obstacles to deal with: confusion/denial/fear responses. Awareness of psychological traps helps decision makers to avoid them.

Managing after the incident: erase or rebuild parts of the infrastructure. Managers need to understand what incident happened, and connect with the company’s protecting entrusted information.