Understand mechanisms to control organisational IT security

Slides:



Advertisements
Similar presentations
GCSE ICT Networks & Security..
Advertisements

IT Security “Knowing the potential threat to YOU and your business” Ian McLachlan IT Manager.
4 Information Security.
Ethics, Privacy and Information Security
1 MIS 2000 Class 22 System Security Update: Winter 2015.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.
Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Security Week 10 Lecture 1. Why do we need security? Identify and authenticate people wanting to use the system Prevent unauthorised persons from accessing.
Controls for Information Security
Factors to be taken into account when designing ICT Security Policies
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
LECTURE16 NET 301. HOW TO SET UP A SECURE LOCAL NETWORK Step 1: Identify Your Networking Needs This is a very important step.the key considerations are:
Workplace Security for Employees. © Business & Legal Reports, Inc Session Objectives You will be able to: Understand the company’s security policy.
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
Data Security GCSE ICT.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj
1 Introduction to Security Chapter 11 Information Technology (IT) Security.
CHAPTER 4 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate.
Stuart Cunningham - Computer Platforms COMPUTER PLATFORMS Computer & Network Security & User Support & Training Week 11.
Kholoud AlSafadi Ethical Issues in Information Systems and the Internet.
The Role of People in Security
Chapter 4.  Can technology alone provide the best security for your organization?
BUSINESS B1 Information Security.
Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.
Information Systems Security Operations Security Domain #9.
UNIT 15 WEEK 3 CLASS 1 LESSON OVERVIEW Pete Lawrence BTEC National Diploma Organisational System Security.
Phishing scams Phishing is the fraudulent practice of sending s purporting to be from reputable companies in order to induce individuals to reveal.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Networked Information Systems Network Security. Network Physical Security File server failure can severely affect network users. Server security: Locked.
Note1 (Admi1) Overview of administering security.
Physical (Environmental) Security
Network Security & Accounting
P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Definition s a set of actions taken to prevent or minimize adverse consequences to assets an entity of importance a weakness in the security system to.
Cmpe 471: Personnel and Legal Issues. Personnel Crime is a human issue not a technological one Hiring On-going management Unauthorised access Redundancy.
Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008.
Lesson 4-General Security Concepts. The Role of People in Security  This presentation discusses: – The human element and the role that people play in.
Social Engineering By: Pete Guhl and Kurt Murrell.
ONLINE SAFETY AND SECURITY Computer Basics 1.5. INFAMOUS CYBER ATTACKS IN 2014 Sony Pictures: Attackers stole just about everything in the corporate network,
Physical security By Ola Abd el-latif Abbass Hassan.
Unit 32 – Networked Systems Security
Definition s a set of actions taken to prevent or minimize adverse consequences to assets an entity of importance a weakness in the security system to.
Access control Presented by: Pius T. S. : Christian C. : Gabes K. : Ismael I. H. : Paulus N.
Onsite CRM Security
CompTIA Security+ Study Guide (SY0-401)
Add video notes to lecture
Security and Compliance with Security Standards/ Boss's Day
Administrative Practices Outcome 1
The Role of People in Security
Network security threats
Business Risks of Insecure Networks
CHAPTER 4 Information Security.
CompTIA Security+ Study Guide (SY0-401)
CompTIA Security+ Study Guide (SY0-501)
ISMS Information Security Management System
Security of Data  
“There is a sucker born every minute”
Networking for Home and Small Businesses – Chapter 8
Module 2 OBJECTIVE 14: Compare various security mechanisms.
Networking for Home and Small Businesses – Chapter 8
Networking for Home and Small Businesses – Chapter 8
CSE 542: Operating Systems
G061 - Network Security.
Presentation transcript:

Understand mechanisms to control organisational IT security Unit 48 I.T. Security Management HND in Computing and Systems Development

Security perimeter Router (enforces encryption settings) Intrusion detection system (IDS) Firewall Wireless access points Public switched telephone network (PSTN) VOIP Modems insiders

Physical security Doors Windows Walls Floors Ceilings Location of Monitors Wireless access points Printers Sensitive equipment (TEMPEST) {Transient electromagnetic Pulse Emanation Standard} Actual site (proximity to roads, other buildings)

People = security problem The problem Social engineering ploys Make mistakes Easily fooled Easily led (misled) Want to help Desire to avoid confrontation Direct question: e.g. “Who is the I.T. manager?” Engage in conversation, evoke sympathy “I really need this information now, X is on the warpath…” Appeal to ego “I hear you did a great job for Y, that was really impressive, I wonder if you could do the same for me…” Intimidation “If you won’t give me this information I’m going to have to report you…” especially effective in eg military Insiders can be more effective: Stanley Mark Rifkin 1978, $10.2million, Conklin & White p68 https://www.ncjrs.gov/App/Publications/abstract.aspx?ID=79169

Social engineering task Find examples of a range of social engineering attacks. You could include the following; Phishing Spear phishing Whaling Vishing Spam (SPIM) Shoulder surfing Reverse social engineering hoaxes

Poor Security Practices Individuals Poor training/policies/procedures Password selection Piggybacking Dumpster diving Unauthorised hardware or software Physical access by non-employees Access by ill-intentioned insiders/contractors/consultants

Physical security task Describe and evaluate various procedures to restrict physical access to a facility. Include a cost-benefit evaluation for each procedure. Include both prevention and monitoring methods. You could include: Physical locks Biometrics Sign-in logs CCTV or video Security personnel Two-factor authentication Utility protection (HVAC, power) swipe cards, theft prevention Something you know Something you have Something unique about you Note your sources – make sure they are reputable and up-to-date!