OWASP Principles for GIS Data Security Keeping your GIS data secure.

Slides:

Advertisements

Similar presentations

Ethics, Privacy and Information Security

Advertisements

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

Crime and Security in the Networked Economy Part 4.

Chapter 9 Information Systems Ethics, Computer Crime, and Security.

Chapter 9 Information Systems Ethics, Computer Crime, and Security

Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.

Module 4: Implementing User, Group, and Computer Accounts

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Chapter 9 Information Systems Ethics, Computer Crime, and Security

Introduction To Windows NT ® Server And Internet Information Server.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Website Hardening HUIT IT Security | Sep

PART THREE E-commerce in Action Norton University E-commerce in Action.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.

Lesson 2- Protecting Yourself Online. Determine the strength of passwords Evaluate online threats Protect against malware/hacking Protect against identity.

Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.

Internet of Things Top Ten. Agenda -Introduction -Misconception -Considerations -The OWASP Internet of Things Top 10 Project -The Top 10 Walkthrough.

Protecting the Player– Information Security Concerns Gus March 21, 2014.

Chapter 10 Security and Encryption. Objectives Explain the nature of a threat model Be able to construct a threat model Be aware of common threats to.

Types of Electronic Infection

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

Analysis of SQL injection prevention using a filtering proxy server By: David Rowe Supervisor: Barry Irwin.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

Chap1: Is there a Security Problem in Computing?.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.

Security Mindset Lesson Introduction Why is cyber security important?

Woodland Hills School District Computer Network Acceptable Use Policy.

(2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers Image from this Site Presenters: Aron Eisold, Matt Mickelson, Bryce Nelson,

1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.

Module 7: Designing Security for Accounts and Services.

External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.

Cyber Security: Today’s Threats and Mitigations Jonathan Homer, Cyber Security Analyst Idaho National Laboratory.

Information Management System Ali Saeed Khan 29 th April, 2016.

Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Security on Peer-to-Peer Networks.

7 Tips To Improve Your Website Security. Introduction Use of Content management systems like WordPress, Joomla & Drupal, utilization of various tools,

Information Technology Security Office of the Vice President for Information Technology New Employee Orientation II.

Security Risks Todays Lesson Security Risks Security Precautions

Presented by: SBS CyberSecurity © SBS CyberSecurity, LLC

Securing Information Systems

Cybersecurity - What’s Next? June 2017

Chapter One: Mastering the Basics of Security

Chapter 17 Risks, Security and Disaster Recovery

Objectives Overview Define the term, digital security risks, and briefly describe the types of cybercriminals Describe various types of Internet and network.

Dissecting the Cyber Security Threat Landscape

Lesson 2- Protecting Yourself Online

Cybersecurity Awareness

Computer Crime and Security Measures

INFORMATION SYSTEMS SECURITY and CONTROL

Information Security Awareness

Considerations for Cybersecurity and Data Security in Today’s World

Lesson 2- Protecting Yourself Online

Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Preventing Privilege Escalation

Company Name | Phone Number | Website | Address

Woodland Hills School District

Presentation transcript:

OWASP Principles for GIS Data Security Keeping your GIS data secure

What is OWASP?  Open Web Application Security Project  A worldwide not-for-profit charitable organization focused on improving the security of software.  Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.  OWASP Cheat Sheets:

Hacking, malware, and other internet crime is:  Not limited to isolated criminals or thrill seeking teens  It is state sponsored, and backed by organized crime  Corporate espionage by businesses seeking advantage  It is NOT decreasing, but increasing

People’s Liberation Army (PLA)

People’s Liberation Army Unit Lessons:  Mandiant (IT security consulting firm) found that:  More than 110 prominent companies compromised were American  Industries ranged from telecommunications to aerospace  Businesses and governments attacked  Prevalent mode of attack: “spear-phishing” via to gain account credentials  Billions of dollars of economic harm and theft have resulted  Their attacks have been going on for years

GIS Data Security  Spatial data of a sensitive nature is more readily available today than any time in the past  More and more, GIS data is an investment in intellectual, commercial and scientific property  The Internet is the predominant mode of transmitting GIS data

OWASP  Open Web Application Security Project selected recommendations:  Defense in depth (layers of security)  Positive security model (start with “deny all”, then allow)  Fail securely (hide error codes)  Run least privileges as a basis, then add “allow”  Don’t trust services (such as relying on third party partners) See more at:

OWASP: Passwords  Passwords less than 10 characters are weak  Passphrases less than 20 characters are weak  Maximum password length: 128 or no limit  Password complexity, at least the following:  One upper case  One lower case  One digit (0-9)  One special characters (including spaces!)  Not more than 2 identical characters in a row (e.g. 111 not allowed)

Passwords: Assume the worst  In any organization, assume that user account information will someday become compromised  Implement monitoring and other mechanisms to detect, and mitigate damage  Log monitoring  Data backups  Account lock-outs  Some data is too sensitive to expose, do not make internet accessible

Other recommendations:  Use “out of band” or “side channel” verification  sent to verify account creation  /text message to verify access to sensitive resources  Use SSL certificates  Keep systems patched!!!!  User accounts: owners identity and authority must be verified  When transmitting sensitive GIS data, use:  Encryption with compression  Archive file password protection

Big to do!  Educate your users  Educate your coworkers  Visit the OWASP Cheat Sheets:

Questions? The End