COMP2221 Networks in Organisations

Slides:



Advertisements
Similar presentations
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Advertisements

1.8 Malpractice and Crime In this section you must be able to: Explain the consequences of malpractice and crime on information systems. Describe the possible.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
COMP6005 An Introduction to Computing Session One: An Introduction to Computing Security Issues.
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
Securing Your Networks Personal Safety Rules Apply Here Too. Corporate Identity Theft SPAM.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.
Lesson 1: Understanding Browsers. This unit is a set of investigations into how to protect against digital threats, and how to detect digital crimes.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Internet safety By Lydia Snowden.
BUS1MIS Management Information Systems Semester 1, 2012 Week 7 Lecture 1.
BUSINESS B1 Information Security.
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS). SELECT AND USE APPROPRIATE METHODS TO MINIMISE SECURITY RISK TO IT SYSTEMS AND DATA 1.1 I can describe.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Year 9 Autumn Assessment Computer system/Information security-Planning, Communicating, Information. By Louis Smith-Lassey 9k 9Y1.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
PROTECTION ON THE INTERNET NADIA SNOW VIRUS Is a file made to do harm or criminal activity there are many types: -worms -Trojan horse -Spyware How they.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
COMP1321 Networks in Organisations Richard Henson March 2014.
IS Network and Telecommunications Risks Chapter Six.
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
Note1 (Admi1) Overview of administering security.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Kamran Didcote.
Small Business Security Keith Slagle April 24, 2007.
McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.
Network Security & Accounting
Information Systems, Security, and e-Commerce* ACCT7320, Controllership C. Bailey *Ch in Controllership : The Work of the Managerial Accountant,
Computer Security By Duncan Hall.
BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.
CPT 123 Internet Skills Class Notes Internet Security Session B.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Cryptography and Network Security
8 – Protecting Data and Security
Advanced Endpoint Security Data Connectors-Charlotte January 2016
3.6 Fundamentals of cyber security
Insiders are Today’s Biggest Security Threat
COMP3357 Managing Cyber Risk
Unit 32 – Networked Systems Security
Systems Security Keywords Protecting Systems
Secure Software Confidentiality Integrity Data Security Authentication
COMP3357 Managing Cyber Risk
Lesson Objectives Aims You should be able to:
How to build a good reputation online
Lecture 14: Business Information Systems - ICT Security
Richard Henson University of Worcester September 2016
Cyber Attacks on Businesses 43% of cyber attacks target small business Only 14% of small business rate their ability to mitigate cyber risk highly.
Introduction to Networking
All That You need To Know About Treatments For Inhalants
Steps to Fix "TeamViewer Blocked by Norton Antivirus" Issue.
Securing Information Systems
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
Dumps4download Exam Dumps With PDF Study Material
Unit 1.6 Systems security Lesson 3
By: Dr. Visavnath, Lecturer Comp. Engg. Deptt.
Strong Security for Your Weak Link:
VPN What, where, who, why when?.
Network Security Best Practices
Understand Risks to IT Security
PREPARED BY: KAMELI BATIWETI
Firewalls Jiang Long Spring 2002.
Fire-wall.
AbbottLink™ - IP Address Overview
By: Dr. Visavnath, Lecturer Comp. Engg. Deptt.
TECHNOLOGY PROTECTION
Georgia Institute of Technology
Anuj Dube Jimmy Lambert Michael McClendon
Communicating in the IT Industry
Presentation transcript:

COMP2221 Networks in Organisations Richard Henson March 2012

Protecting Organisational Data By the end of this session you should be able to: explain why the internal network user is potentially a threat explain the importance of protecting entry to the network by outsiders suggest ways to identify vulnerabilities of the network, so action can be taken to reduce the risk

Network Management The network manager has two (conflicting?) responsibilities provide facilities and services that users need to do their jobs protect the network against abuse by naïve or malign users General perception (by users!)… network managers are more concerned with “protecting the network” than servicing the needs of its users

The “good insider”.. Threat (?) Users: employees, who (generally) want to do their job, and do it well… Possible conflict with the “security-orientated” or “nanny-state” approach to network management Personal opinion: needs balance the network IS there for the benefit of the users… fulfill business objectives the network MUST be as secure as reasonably possible protect valuable company data

NOT Getting the balance right… Worrying web page (BBC, 19/11/10): http://www.bbc.co.uk/news/business-11793436 BBC’s own network users so frustrated about IT restrictions stopping them doing their jobs that many (typically 41% according to a CISCO survey) ignore the rules!

“unthinking” insiders Employees who do stupid things on the network bring in viruses spread passwords around forward email inappropriately engage with phishing emails… etc…

Bad Insiders Could be disillusioned Could cause real damage just plain corrupt maybe a temp? Could cause real damage bring network down put company out of business…

What to do about the Insider Threat? A matter for organisational management Establish policy negotiated with users… Educate/train users Enable breaches of policy to be detected… Enforce policy!

What about Outsiders? Two types: employees working “in the field” the rest of the world… Organisational management can’t enforce policy on the latter… network only protected through good, well-resourced network management

Firewalls: checking/blocking data coming in and out… INTERNET Firewall Internal Network ...

Do we have a problem? Perceptions “from the inside” quite different from “outside looking in”

Should we find out…? Almost impossible to tell if the network is secure from within… could just hope so (!) could go outside, and try to penetrate defences better still, the organisation could get a benign expert to do it for them…

Here is one such expert… Campbell Murray Highly experienced Penetration Tester

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.