Understand Core Security Principles

Slides:

Advertisements

Similar presentations

Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.

Advertisements

Chapter 1 We’ve Got Problems…. Four Horsemen  … of the electronic apocalypse  Spam --- unsolicited bulk o Over 70% of traffic  Bugs ---

OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.

Lecture 1: Overview modified from slides of Lawrie Brown.

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.

1 An Overview of Computer Security computer security.

Introducing Computer and Network Security

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Lecture 11 Reliability and Security in IT infrastructure.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Information Security Technological Security Implementation and Privacy Protection.

Computer Crime and Information Technology Security

Chapter 4.  Can technology alone provide the best security for your organization?

CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.

Information Security Rabie A. Ramadan GUC, Cairo Room C Lecture 2.

Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.

Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.

Security Architecture

Information Systems Security Operational Control for Information Security.

What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.

Trojan Virus By Forbes and Mark. What is a Trojan virus Trojans are malicious programs that perform actions that have not been authorised by the user.

Chapter 01: Introduction to Network Security. Network  A Network is the inter-connection of communications media, connectivity equipment, and electronic.

Lesson 7-Managing Risk. Overview Defining risk. Identifying the risk to an organization. Measuring risk.

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.

Topic 5: Basic Security.

McGraw-Hill/Irwin © 2013 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 11 Computer Crime and Information Technology Security.

Chap1: Is there a Security Problem in Computing?.

Csci5233 computer security & integrity 1 An Overview of Computer Security.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

Computer Security By Duncan Hall.

14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.

INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.

Computer threats, Attacks and Assets upasana pandit T.E comp.

C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP

Copyright © 2013 – Curt Hill Computer Security An Overview.

Module 7: Designing Security for Accounts and Services.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.

By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

INSIDER THREATS BY: DENZEL GAY COSC 356. ROAD MAP What makes the insider threat important Types of Threats Logic bombs Ways to prevent.

Information Systems Security

Chapter 40 Internet Security.

CS457 Introduction to Information Security Systems

Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.

CMSC 345 Defensive Programming Practices from Software Engineering 6th Edition by Ian Sommerville.

Issues and Protections

Cybersecurity First Principles

Network Security Basics: Malware and Attacks

Instructor Materials Chapter 7 Network Security

Unit 32 – Networked Systems Security

Answer the questions to reveal the blocks and guess the picture.

Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek

Risk of the Internet At Home

Threat Landscape for Data Security

Unit 1.6 Systems security Lesson 2

Brute force attacks, DDOS, Botnet, Exploit, SQL injection

How to Mitigate the Consequences What are the Countermeasures?

Faculty of Science IT Department By Raz Dara MA.

Computer Security By: Muhammed Anwar.

Chapter # 3 COMPUTER AND INTERNET CRIME

Test 3 review FTP & Cybersecurity

CMGT/431 INFORMATION SYSTEMS SECURITY The Latest Version // uopcourse.com

CMGT 431 CMGT431 cmgt 431 cmgt431 Entire Course // uopstudy.com

Presentation transcript:

Understand Core Security Principles LESSON 1.1 98-367 Security Fundamentals Understand Core Security Principles

Lesson Overview In this lesson, you will learn: To identify the difference between computer security and information security To define information security To outline the phases of the security systems development cycle

IT Infrastructure Threat Model Identify threats that could affect their organizations’ IT infrastructures. Discover and mitigate design and implementation issues that could put IT infrastructures at risk. Prioritize budget and planning efforts to address the most significant threats. Conduct security efforts for both new and existing IT infrastructure components in a more proactive and cost-effective manner. On a sheet of paper, list as many “network attacks and threats” that you can think of. Separate into two columns.

Terms and Concepts to Know CIA triangle (confidentiality, integrity, availability) Principle of least privilege Social engineering Threat and risk principles

Confidentiality The prevention of unauthorized disclosure of information. This can be the result of poor security measures or information leaks by personnel. An example of poor security measures would be to allow anonymous access to sensitive information. .

Integrity The prevention of erroneous modification of information. Authorized users are probably the biggest cause of errors and omissions and the alteration of data. Storing incorrect data within the system can be as bad as losing data. Malicious attackers also can modify, delete, or corrupt information that is vital to the correct operation of business functions.

Availability The prevention of unauthorized withholding of information or resources. This does not apply just to personnel withholding information. Information should be as freely available as possible to authorized users. Examples of ways to target the availability include: -Distributed Denial Of Service (DDOS) attacks. -Abusing user lockout policies to prevent legitimate users from accessing the system.

Principle of Least Privilege Anyone who has been a victim of viruses, worms, and other malicious software (malware) will appreciate the security principle of “least privilege.” If all processes ran with the smallest set of privileges needed to perform the user's tasks, it would be more difficult for malicious and annoying software to infect a machine and propagate to other machines.

IT Infrastructure Threat Model

How to Protect Insiders from Social Engineering Threats To attack your organization, social engineering hackers exploit the credulity, laziness, good manners, or even enthusiasm of your staff. Therefore it is difficult to defend against a socially engineered attack, because the targets may not realize that they have been duped, or may prefer not to admit it to other people. The goals of a social engineering hacker—someone who tries to gain unauthorized access to your computer systems—are similar to those of any other hacker: they want your company’s money, information, or IT resources.

Class Activity Create a timeline/flowchart explaining the history of computer security and how it evolved into information security Make sure to include important information security developments during each decade beginning with the 1960s through today Download Timeline from www.microsoft.com. http://office.microsoft.com/en-us/templates/TC010162661033.aspx

Lesson Review What do you think is the most important date in information security and why? Have you, or family or friends, ever been a victim of social engineering? Explain to the class how it happened. This is the last slide of the presentation. Explain the business need for information security. Conclude that a successful IS program is the responsibility of an organization's management and IT staff. It may be helpful to think of examples of software security programs the students are familiar with, and use those to point out differences between them. Find examples that your students can recognize and associate with.