Security on Web 2.0 Krasznay Csaba. Google Search Trends.

Slides:

Advertisements

Similar presentations

OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.

Advertisements

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

Possible Threats To Data. Objectives To understand: Types of threats Importance of security Preventative and remedial actions Personal safety This will.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.

Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Page 1 Presented Insp. Amos Sylvester Trinidad and Tobago Police Service.

Cyber X-Force-SMS alert system for threats.

7.1 © 2007 by Prentice Hall 7 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

E-Commerce Security and Fraud Issues and Protections

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

CYBER CRIME AND SECURITY TRENDS

Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.

Bank Crime Investigation Techniques by means of Forensic IT

CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.

CJ © 2011 Cengage Learning Chapter 17 Cyber Crime and The Future of Criminal Justice.

Norman SecureSurf Protect your users when surfing the Internet.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.

INTRODUCTION Coined in 1996 by computer hackers. Hackers use to fish the internet hoping to hook users into supplying them the logins, passwords.

Securing Information Systems

7.1 © 2007 by Prentice Hall 10 Chapter Securing Information Systems.

Computer Crime and Information Technology Security

Social Media Jeevan Kaur, Michael Mai, Jing Jiang.

7.1 © 2007 by Prentice Hall 7 Chapter Securing Information Systems.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Copyright 2009 Trend Micro Inc. Classification 9/9/ Corporate End User Study Employee Online Behavior.

Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.

Prepared by: Dinesh Bajracharya Nepal Security and Control.

1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.

C8- Securing Information Systems

8.1 © 2007 by Prentice Hall Minggu ke 6 Chapter 8 Securing Information Systems Chapter 8 Securing Information Systems.

ED 505 Educational Technology By James Moore.  What is the definition of Netiquette and how does it apply to social media sites? ◦ Netiquette is the.

By: Tina Hill.  This is the unwritten rules of the different media sites on the internet.

What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Web Attacks— Offense… The Whole Story Yuri & The Cheeseheads Mark Glubisz, Jason Kemble, Yuri Serdyuk, Kandyce Giordano.

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

The Microsoft Computing Safety Index 1. Background Microsoft’s objective: Quantify consumer perceptions of Internet safety, security and privacy Construct.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

McGraw-Hill/Irwin © 2013 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 11 Computer Crime and Information Technology Security.

T.A 2013/2014. Wake Up Call! Malware hijacks your , sends death threats. Found in Japan (Oct 2012) Standford University Recent Network Hack May Cost.

Territory Insurance Conference, resilient future Mr Ralph Bönig, Special Counsel, Finlaysons Cyber Times and the Insurance Industry Territory Insurance.

Digital Citizen Project By: Frances Murphey Technology and Education.

Engineering and Management of Secure Computer Networks School of Engineering © Steve Woodhead 2009 Corporate Governance and Information Security (InfoSec)

Web Application (In)security Note: Unless noted differently, all scanned figures were from the textbook, Stuttard & Pinto, 2011.

Session 13 Cyber-security and cybercrime. Contents  What’s the issue?  Why should we care?  What are the risks?  How do they do it?  How do we protect.

Chapter 10: Ethics, Privacy, and Security Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall Chapter

Safe’n’Sec IT security solutions for enterprises of any size.

Information Systems Week 7 Securing Information Systems.

THE NEED FOR NETWORK SECURITY Hunar & Nawzad & Kovan & Abdulla & Aram.

Chapter 11 Implementing Social Commerce Systems. Learning Objectives 1.Describe the major issues in the social commerce implementation landscape. 2.Discuss.

Computer Security Mike Asoodeh & Ray Dejean Office of Technology Southeastern Louisiana University.

Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.

Securing Information Systems

Securing Information Systems

Cyber Security Zafar Sadik

Risk management.

INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.

Securing Information Systems

Risk of the Internet At Home

Week 7 Securing Information Systems

SECURITY MECHANISM & E-COMMERCE

Presentation transcript:

Security on Web 2.0 Krasznay Csaba

Google Search Trends

Press Trends

malware deface data breach gossip phishing death lynching anti-privacy child porn data retention Media Image of Web 2.0

What really is Web 2.0?

ThreatsexploitVulnerabilitiescauseIncidentsdamageAssetshaveImpactsonOwner Risk Assessment

Hacker attack Malware infection Data loss No traces Copyright violation Software errors Data leaks Infection and downtime Data leaks Legal prosecution Productivity loss Resource waste Reputation damage Botnets Financial losses Identity theft Harassment Age verification threats Spam Hiding of origin Resource consumption Information fraud Inaccuracies of data Web 2.0 threats

Injection Attacks Cross-Site scripting Cross-Domain Attacks Malicious scripts Framework vulnerabilities Access, Authentication, Authorisation Development Process Issues Knowledge and Information Management vulnerabilities End-user Related problems General Software and Scripting Vulnerabilities Web 2.0 vulnerabilities

Target: the Person Think about Cyber-bullying and cyber-stalking Threats: Identity theft, Harassment, Age verification threats Vulnerabilities: Access, Authentication, Authorization; End-user Related problems Incident:the story of Megan Meier And think about what happened with Lori Drew… Asset: Private information, personal reputation, Physical security Impact: lethal…

Target: the Company Think about the Twitter account hacks Threats: Identity theft, Harassment, Spam, Information fraud Vulnerabilities: : Access, Authentication, Authorization; Knowledge and Information Management vulnerabilities Incident: celebrity Twitter hacks Asset: Corporate and personal reputation, Corporate secrets Impact: high

Target: the Country Think about WikiLeaks Threat: Data leak Vulnerabilities: Access, Authentication, Authorisation; Development Process Issues; Knowledge and Information Management vulnerabilities; End-user Related problems; General Software and Scripting Vulnerabilities Incident: Afghan War Diary Impact: high (maybe lethal?)

Target: the Computer Think about the Web 2.0 worms Threats: Botnets, Financial losses, Identity theft, Spam, Hiding of origin, Resource consumption Vulnerabilities: Access, Authentication, Authorisation; Development Process Issues; End-user Related problems; General Software and Scripting Vulnerabilities Incident: the KOOBFACE worm Impact: high

Conclusions Nothing has changed in our behavior for centuries, but we have new tools and broader audience Web 2.0 services are generally more secure in traditional technical aspect than other type of web services, but preventive controls are not enough We have to deal with the problem between the keyboard and the chair…

Maslow's hierarchy of needs Web 2.0 realizes three layers of human needs So people needs safety and security – but maybe we didn’t realize it yet If Web 2.0 can be lethal, do we also need the physiological layer?

Countermeasures Technical countermeasures: – Preventive controls focusing on information (DLP) – Detective controls (log management) – Secure applications (WAF, application controls) Administrative countermeasures – New security policy approach – New legal background – Broad awareness training – Communication, communication, communication Mathematical countermeasures – The more information we have the less value they have

THANK YOU! Web: Facebook: Twitter: