SECURITY EVALUATION OF AN ORGANIZATION TA Md Morshedul Islam.

Slides:

Advertisements

Similar presentations

Security and Systems. Three tenets of security Confidentiality Integrity Availability.

Advertisements

Is There a Security Problem in Computing? Network Security / G. Steffen1.

Mr C Johnston ICT Teacher

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

1 Network Security Ola Flygt Växjö University

Lecture 1: Overview modified from slides of Lawrie Brown.

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

Lesson 1-What Is Information Security?. Overview History of security. Security as a process.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.

SEC835 Database and Web application security Information Security Architecture.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Storage Security and Management: Security Framework

BUSINESS B1 Information Security.

By Hafez Barghouthi. Agenda Today Attack. Security policy. Measuring Security. Standard. Assest. Vulnerability. Threat. Risk and Risk Mitigation.

What does “secure” mean? Protecting Valuables

Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.

Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,

Securing Wired Local Area Networks(LANs)

What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

Information Systems Security Operations Security Domain #9.

AASSA Conference 2012 Quito, Ecuador March 16 th 2012 All the rights reserved.Instructor: Francisco Bolaños, Ing. InterAmerican Academy Ethical Hacking.

CHAPTER 3 Classes of Attack. INTRODUCTION Network attacks come from both inside and outside firewall. Kinds of attacks: 1. Denial-of-service 2. Information.

APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.

. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.

Note1 (Admi1) Overview of administering security.

Information Security What is Information Security?

1 Pertemuan 03 Ancaman dan Serangan Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,

Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.

Attack and Malicious Code Andrew Anaruk. Security Threats Denial of Service (DoS) Attacks Spoofing Social Engineering Attacks on Encrypted Data Software.

Small Business Security Keith Slagle April 24, 2007.

Intrusion Detection Reuven, Dan A. Wei, Li Patel, Rinku H.

1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.

Topic 5: Basic Security.

Introduction to Information Security

Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.

Quality of Information System (IS) reflecting local correctness and reliability of the operating system; the logical completeness of the hardware and software.

Definition s a set of actions taken to prevent or minimize adverse consequences to assets an entity of importance a weakness in the security system to.

Chap1: Is there a Security Problem in Computing?.

Csci5233 computer security & integrity 1 An Overview of Computer Security.

Ingredients of Security

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Introduction to Security Dr. John P. Abraham Professor UTPA.

Computer Security By Duncan Hall.

E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.

THE NEED FOR NETWORK SECURITY Hunar & Nawzad & Kovan & Abdulla & Aram.

Mr C Johnston ICT Teacher BTEC IT Unit 09 - Lesson 11 Network Security.

Definition s a set of actions taken to prevent or minimize adverse consequences to assets an entity of importance a weakness in the security system to.

Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University

By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

CompTIA Security+ Study Guide (SY0-401) Chapter 9: Malware, Vulnerabilities, and Threats.

Network security Vlasov Illia

Risk management.

ISSeG Integrated Site Security for Grids WP2 - Methodology

CNET334 - Network Security

INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.

Answer the questions to reveal the blocks and guess the picture.

Security in Networking

IT & Security Training Skills.

Network Security Ola Flygt Växjö University

Cybersecurity Threat Assessment

Chapter # 3 COMPUTER AND INTERNET CRIME

Presentation transcript:

SECURITY EVALUATION OF AN ORGANIZATION TA Md Morshedul Islam

Process of Security Evaluation Identify the security goal Perform a threat assessment Do a security analysis

Identify the security goal It directly related with integrity, confidentiality and availability of the resources(assets) Assents of an organization: Hardware: computer system, data storage, data communication devices Software: Operating system, application program Data: file, database, password file Communication and network facility: Local communication, global communication, router and so on

Identify the security goal Security goal of U of C- 1. Student’s point of view: Keep result private (confidentiality) No one can alter or temper my assignment(integrity) I like to see my result from my home (availability) ………………………………………….. 2. TA’s point of view: Instructor’s point of view …………………………………………… In Administrator points of view All are related with- 1.Confidentiality 2.Integrity 3.Availability

Perform a threat assessment What is threat?: In computer security a threat is a possible danger that might exploit a vulnerability to breach security and thus cause possible harm. Example: Vulnerability: A weakness of system’s design, implementation or operation that could be exploited to violate the system policy and increase risk. Example: System Policy: Risk:

Perform a threat assessment We need t find out the answer of those following question- Whom am I trying to protect against?(adversary) How they motivated?(curiosity, revenge, financial gain) What capability and adversary have? (tool, skill, knowledge, etc.) What threat might I face?

Security analysis What kind of attack is possible? Active attack: : Denial-of-service attack, Spoofing, Network: Man in the middle, ARP poisoning, Ping flood, Ping of death, Smurf attack Host: Buffer overflow, Heap overflow,Stack overflow,Format string attack Passive attack: Passive Network : wiretapping, Port scanner, Idle scan Origin of the attack Inside attack Outside attack

Security, Access & Accounts of UofC Latest Threats & Vulnerabilities Information Security Policies Anti-Virus Protection Access Management Security Awareness Program Systems Security Security Advisories Vulnerability Assessment Program SecurID More Details

Information Security Awareness Program of UofC

Some Observation….. Select a password for your system and then justify your selection. What can you do to protect your laptop? How to identify a pirated software? How can you avoid spam? Give an example of identity theft. Give some examples of Malware. Which kind of information is highly confidential for UofC? What kind of the social networking technique you can use to know the id of your classmate? What is the most potential threat to your smart phone? Consider, some of your resources are in security risk. What kind of initiative you have to take to protect them?