Cyber Security Foundations Part 1. Cyber Security defined:  Protects computer base information and equipment  Deals with confidentiality of data  Protects.

Slides:



Advertisements
Similar presentations
ETHICAL HACKING A LICENCE TO HACK
Advertisements

Avoiding a Can of Worms: Basic Risk Management. Presenters Patricia McGlaughlin Extension Specialist 4-H Youth Development Sheri Seibold.
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Is There a Security Problem in Computing? Network Security / G. Steffen1.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.
Introducing Computer and Network Security
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Reliability and Security. Security How big a problem is security? Perfect security is unattainable Security in the context of a socio- technical system.
Lecture 11 Reliability and Security in IT infrastructure.
SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Prepared by: Dinesh Bajracharya Nepal Security and Control.
Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.
RISK MANAGEMENT. RISK IS INEVITABLE  From your research of local businesses, what Risk was unavoidable and why?  Speculative Vs. Pure Risk  Speculative=
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
Cyber Security Nevada Businesses Overview June, 2014.
What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.
Lesson 7-Managing Risk. Overview Defining risk. Identifying the risk to an organization. Measuring risk.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Topic 5: Basic Security.
What Can Go Wrong During a Pen-test? Effectively Engaging and Managing a Pen-test.
McGraw-Hill/Irwin © 2013 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 11 Computer Crime and Information Technology Security.
Chapter 16 Presented By: Stephen Lambert Disaster Recovery and Business Continuity.
Chap1: Is there a Security Problem in Computing?.
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
Information Warfare Playgrounds to Battlegrounds.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Ethical Hacking License to hack. OVERVIEW Ethical Hacking ? Why do ethical hackers hack? Ethical Hacking - Process Reporting Keeping It Legal.
Computer Security By Duncan Hall.
A global nonprofit: Focusing on IP Protection and Anti-Corruption Sharing leading practices based on insights from global companies, academics, organizations.
Web Security Introduction to Ethical Hacking, Ethics, and Legality.
Security Mindset Lesson Introduction Why is cyber security important?
Sources of Network Intrusion Security threats from network intruders can come from both internal and external sources.  External Threats - External threats.
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
DHS Publishes Report Saying Low but Persistent Risk of Cyber Attack on Energy Sector DHS REPORT ON ENERGY CYBERSECURITY April 6, 2016 | Ben Booker Source:
Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015.
Headquarters U.S. Air Force
Proactive Incident Response
Information Security Program
3.6 Fundamentals of cyber security
CS 450/650 Fundamentals of Integrated Computer Security
Teri Takai EXECUTIVE DIRECTOR, CENTER FOR DIGITAL GOVERNMENT.
Lecture 14: Business Information Systems - ICT Security
Securing Information Systems
Forensics Week 11.
Cyber defense management
Unit 7 – Organisational Systems Security
I have many checklists: how do I get started with cyber security?
Managing Change and Other Keys to Successful Implementation
Security Agility: Creating a Multi-Disciplinary Framework
Home Internet Vulnerabilities
Network Security Best Practices
Must cost less than possible Impact
Strategic threat assessment
LO1 - Know about aspects of cyber security
Cyber Security For Civil Engineering
Presentation transcript:

Cyber Security Foundations Part 1

Cyber Security defined:  Protects computer base information and equipment  Deals with confidentiality of data  Protects employees information: Social security numbers Financial information Address Health information

Cyber Security defines…  Network computer- connecting devices and computers  Information Technology-developing, implementing and maintaining computer systems  Cyber Systems-collaborating with computers and physical entities  Ex. Government background checks were hacked. They blamed China because that were information was sent.

Information should be…  Confidential  Honest  Available to employee or permitted personnel

What are we defining against?  Vulnerability –weaknesses that can be exploited  Threats- events that could have a negative impact on our organization  Risks-likeliness or chance a lost of information or threat could occur  Exploits-using vulnerabilities to attack  Threat source--- the actor behind the threat.  Watch YouTube video: The Office TV show Jim plays a Christmas joke on Dwight

Potential Threat Sources 1. Typical Hackers 2. State Sponsored Actors 3. Terrorist Groups 4. Organized Criminals 5. Insider Threats 6. Non-Human Threat Sources

Typical Hackers Goals:  Challenge  Financial Gain  Revenge  White Hat-the “Good Guy” I was able to do this and this… They provide heads up information regarding potential threats  Black Hat- the “Bad Guy” they are stealing information from individuals and businesses using computer/Internet. They have a bad reputation  Gray Hat- was previously a black hat hacker who is now doing good try to help business catch the bad guys.  Activity:  Ex. Watch YouTube video Hilton Hotel worldwide locks

State Sponsored Actors  Goals:  Financial Gain  Intellectual Property  Military Intelligence  Advantage: well-funded organization  Department of Home Security (DHS) requires that all hacking attacks be reported.

Terrorist Groups Goals:  Financial Chaos  Widespread Harm  Political or ideological statement  Is hacktivism as a legitimate form of protesting?  Is it a means of getting your point across using computers?

Organized Criminals Goals:  Financial  Business Secrets  Intellectual Property  Use Cyber extortion to hold data as hostage  Ex. Russian mafia

Insider Threat The Biggest Threat of all  Character expose vulnerabilities as a member of organizations Types  1. Unsuspected Insider  2. Carless Insider  3. Target Insider  4. Malicious Insider-seeking financial gain

Non-Human Threat  Natural Disaster---Hurricane, flood etc.  Activity: Research natural disasters and their effects on computers

Risk Management  What are the threat sources doing? 1. Performing Reconnaissance (military term observation of a region to locate an enemy-looking for patterns 2. Affecting Exploits 3. Executing missions---The Attack! 4. Covering Tracks 5. *We need to learn defensive hacking so we can protect our computers and mobile devices, etc.

What are Defenders doing?  Preparing the defense  Monitoring for an Exploit  Triage and Situation Assessment  After Plan-revising defense strategy to become better and faster at identifying threats

Questions to consider?  What are the problems with the current defense strategy?  What are the weak links?  How can we close the gaps?

How do we address this problem? 1. Threat Assessments-identify events and current circumstances in different organizations 2. Vulnerability Assessments-pinpoint threats in an organization’s system 3. Impact Assessments-analyze what you can 4. Risk Assessments-Release information regarding potential outcomes 5. Ask yourself as a defensive hacker: If there is a change XYZ can occur????

What is Risk Management Conceptual term  It states what organizations uses to assess, respond and monitor risk information

Risk Framework Operational Term  Outlines procedures and structures that identify how organizations manage risk System characteristics Tools and Techniques Roles and Responsibilities Risk Assumption

How do we assess system characteristics  Who are the system security experts?  What are the computer systems used for?

Monitoring Tools and Techniques  How often do you upgrade?  What defense is used?  Where are backups stored?

Risk strategy ask…  How do we create risk framework?  Who is the contact for system management?  Who will monitor tools?  Who decides and reports activities to take to reduce risks?  What do we use to respond to risks?

How do we create Risk Framework for schools? 1. Decrease mobile devices 2. Determine supportive school resources 3. Create integrity policy (students cheating) 4. Consider computers as a distraction to learning  Accepting Risks- allowing students to bring computers to school  Sharing Risks-if student bring computer must sign contract..” I will not use computer to cheat  Transferring Risks-Insurance Waiver if the computer is damage parents will be responsible  Avoiding Risks-Eliminate when students can bring computers—close computer labs during school breaks

References  Address&oe=&safe=active&gws_rd=ssl&um=1&ie=UTF- 8&hl=en&tbm=isch&source=og&sa=N&tab=wi&ei=F1z4Va_TCsu1-AH3j7- ABQ#gws_rd=ssl&imgrc=AnFHNifwpvPFRM%3A Address&oe=&safe=active&gws_rd=ssl&um=1&ie=UTF- 8&hl=en&tbm=isch&source=og&sa=N&tab=wi&ei=F1z4Va_TCsu1-AH3j7- ABQ#gws_rd=ssl&imgrc=AnFHNifwpvPFRM%3A  SearchBox&source=lnms&tbm=isch&sa=X&ved=0CAgQ_AUoAWoVChMI4pCLken7xwIVgW8- Ch2vZgBb&biw=1600&bih=907#imgrc=WqUF5bnprNFLeM%3A SearchBox&source=lnms&tbm=isch&sa=X&ved=0CAgQ_AUoAWoVChMI4pCLken7xwIVgW8- Ch2vZgBb&biw=1600&bih=907#imgrc=WqUF5bnprNFLeM%3A  US:IE-Address&source=lnms&tbm=isch&sa=X&ved=0CAkQ_AUoAmoVChMIm6v-6en7xwIVCXM- Ch0a2gLu&biw=1600&bih=907#imgdii=BSHoUHmO8EBlvM%3A%3BBSHoUHmO8EBlvM%3A%3BOHBou7r_2 cAy9M%3A&imgrc=BSHoUHmO8EBlvM%3A  Address&source=lnms&tbm=isch&sa=X&ved=0CAkQ_AUoAmoVChMI5YrguOv7xwIVBnQ- Ch1WJAvW&biw=1600&bih=907#imgrc=8mkFKOUKVqZF7M%3A Address&source=lnms&tbm=isch&sa=X&ved=0CAkQ_AUoAmoVChMI5YrguOv7xwIVBnQ- Ch1WJAvW&biw=1600&bih=907#imgrc=8mkFKOUKVqZF7M%3A  US:IE-Address&source=lnms&tbm=isch&sa=X&ved=0CAgQ_AUoAWoVChMItf7fguz7xwIVwm0-Ch11- QSN&biw=1600&bih=907#imgrc=7qbT9LbXtKc-IM%3A US:IE-Address&source=lnms&tbm=isch&sa=X&ved=0CAgQ_AUoAWoVChMItf7fguz7xwIVwm0-Ch11- QSN&biw=1600&bih=907#imgrc=7qbT9LbXtKc-IM%3A  US:IE-Address&source=lnms&tbm=isch&sa=X&ved=0CAkQ_AUoAmoVChMIw5_2pe37xwIVwmk- Ch0S7QlQ&biw=1600&bih=907#imgrc=fFfeojFWAAeSpM%3A

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.