(c) 2006 Carnegie Mellon University95752:1-1 95-752 Introduction to Information Security Management Tim Shimeall, Ph.D. 412-268-7611 Office.

Slides:



Advertisements
Similar presentations
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Advertisements

Computer Security and Authentication CS 5352 Spring 06.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Is There a Security Problem in Computing? Network Security / G. Steffen1.
CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA SEI is sponsored by the U.S. Department of Defense ©
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL.
EXAMINING CYBER/COMPUTER LAW BUSINESS LAW. EXPLAIN CYBER LAW AND THE VARIOUS TYPES OF CYBER CRIMES.
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
Information Security Policies and Standards
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
Security+ Guide to Network Security Fundamentals
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.
1 An Overview of Computer Security computer security.
Chapter 1 Introduction to Security
95752: Introduction to Information Security Management Tim Shimeall, Ph.D Office Hours by Appointment Course website:
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Information Technology for the Health Professions, 2/e By Lillian Burke and Barbara Weill ©2005 Pearson Education, Inc. Pearson Prentice Hall Upper Saddle.
Lecture 11 Reliability and Security in IT infrastructure.
Introduction (Pendahuluan)  Information Security.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.
Chapter 5 Freedom of Expression
Network security policy: best practices
Brandon Hall CSC 540.  The US Government first attempted to filter the Internet in the early 90’s.  This was an attempt to protect minors against the.
Defining Security Issues
Cyber Crimes.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
What does “secure” mean? Protecting Valuables
Bootcamp 2009 Porn, Predators, and the Pressure to Police Jennifer Stisa Granick, Civil Liberties Director.
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.
Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,
Unethical use of Computers and Networks
Privacy, Confidentiality, Security, and Integrity of Electronic Data
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
John Carpenter & lecture & Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals.
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
Educational Computing David Goldschmidt, Ph.D. Computer Science The College of Saint Rose CIS 204 Spring 2009.
CptS 401 Adam Carter. Quiz Question 7 Obscene speech is protected by the First Amendment. A. True B. False 2.
Lesson 2 Computer Security Incidents Taxonomy. Need an accepted taxonomy because... Provides a common frame of reference If no taxonomy, then we: Can’t.
October 21, 2008 Jennifer Q.; Loriane M., Michelle E., Charles H. Internet Safety.
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
1 Policy Types l Program l Issue Specific l System l Overall l Most Generic User Policies should be publicized l Internal Operations Policies should be.
Topic 5: Basic Security.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Chap1: Is there a Security Problem in Computing?.
IT Security Policy: Case Study March 2008 Copyright , All Rights Reserved.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Introduction to Computer Security
1 TMK 264: COMPUTER SECURITY CHAPTER ONE: AN OVERVIEW OF COMPUTER SECURITY.
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.
Computer Security Incidents
Add video notes to lecture
Educause/Internet 2 Computer and Network Security Task Force
Michael Spiegel, Esq Timothy Shimeall, Ph.D.
Security
Threats By Dr. Shadi Masadeh.
Five Unethical Uses of Computers
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
Computer Security and Authentication
INFORMATION SYSTEMS SECURITY and CONTROL
Computer Security Incidents
Mohammad Alauthman Computer Security Mohammad Alauthman
Presentation transcript:

(c) 2006 Carnegie Mellon University95752: Introduction to Information Security Management Tim Shimeall, Ph.D Office Hours by Appointment Course website:

(c) 2006 Carnegie Mellon University95752:1-2 Course Covers Introduction/Definitions Physical security Access control Data security Operating system security Application security Network security

(c) 2006 Carnegie Mellon University95752:1-3 Student Expectations Grading: –2 Homeworks –Midterm –Paper/project All submitted work is sole effort of student Students are interested in subject area Students have varied backgrounds

(c) 2006 Carnegie Mellon University95752:1-4 Why Should You Be Concerned Personal data Credit information Medical information Purchasing history Corporate information Political information Societal infrastructure

(c) 2006 Carnegie Mellon University95752:1-5 A Different Internet Armies may cease to march Stock may lose a hundred points Businesses may be bankrupted Individuals may lose their social identity Threats not from novice teenagers, but purposeful military, political, and criminal organizations

(c) 2006 Carnegie Mellon University95752:1-6 Computer Terms (1) Computer – A collection of the following: Central Processing Unit (CPU): Instruction- processing Memory(RAM) : Transient storage for data Disk: More permanent storage for data Monitor: Display device Printer: Hard copy production Network card: communication circuitry

(c) 2006 Carnegie Mellon University95752:1-7 Computer Terms (2) Software: Instructions for a computer Operating System: interaction among components of computer Application software: common tasks (e.g., , word processing, program construction, etc.) API/Libraries: Support for common tasks

(c) 2006 Carnegie Mellon University95752:1-8 Vulnerability (2001) Out-of-the-box Linux PC hooked to Internet, not announced: [30 seconds] First service probes/scans detected [1 hour] First compromise attempts detected [12 hours] PC fully compromised: – Administrative access obtained – Event logging selectively disabled – System software modified to suit intruder – Attack software installed – PC actively probing for new hosts to intrude Clear the disk and try again!

(c) 2006 Carnegie Mellon University95752:1-9 Why is Security Difficult Managers unaware of value of computing resources Damage to public image Legal definitions often vague or non- existent Legal prosecution is difficult Many subtle technical issues

(c) 2006 Carnegie Mellon University95752:1-10 Objectives of Security Privacy – Information only available to authorized users Integrity – Information retains intended content and semantics Availability – Information retains access and presence Importance of these is shifting, depends on organization

(c) 2006 Carnegie Mellon University95752:1-11 Security Terms Exposure - “actual harm or possible harm” Vulnerability - “weakness that may be exploited” Attack - “human originated perpetration” Threat - “potential for exposure” Control - “preventative measure”

(c) 2006 Carnegie Mellon University95752:1-12 Classes of Threat Interception Modification Masquerade Interruption Most Security Problems Are People Related

(c) 2006 Carnegie Mellon University95752:1-13 Software Security Concerns Theft Modification Deletion Misplacement

(c) 2006 Carnegie Mellon University95752:1-14 Data Security Concerns Vector for attack Modification Disclosure Deletion “If you have a $50 head, buy a $50 helmet”

(c) 2006 Carnegie Mellon University95752:1-15 Network Security Concerns Basis for Attack Publicity Theft of Service Theft of Information Network is only as strong as its weakest link Problems multiply with number of nodes

(c) 2006 Carnegie Mellon University95752:1-16 Motivations to Violate Security Ego Curiosity Greed Revenge Competition Political/Idiological

(c) 2006 Carnegie Mellon University95752:1-17 People and Computer Crime Most damage not due to attacks “Oops!” “What was that?” No clear profile of computer criminal Law and ethics may be unclear “Attempting to apply established law in the fast developing world of the Internet is somewhat like trying to board a moving bus” (Second Circuit, US Court of Appeals, 1997)

(c) 2006 Carnegie Mellon University95752:1-18 Types of Attackers Script Kiddies Old-line hackers Disgruntled Employees Organized Crime Corporate Espionage Foreign Espionage Terrorists

(c) 2006 Carnegie Mellon University95752:1-19 Theory of Technology Law Jurisdiction: –subject matter – power to hear a type of case –Personal – power to enforce a judgment on a defendant Between states: Federal subject matter Within state: State/local subject matter Criminal or Civil –Privacy/obscenity covered now –intellectual property covered later

(c) 2006 Carnegie Mellon University95752:1-20 Privacy Law Common law: –Person’s name or likeness –Intrusion –Disclosure –False light State/Local law: Most states have computer crime laws, varying content International law: patchy, varying content

(c) 2006 Carnegie Mellon University95752:1-21 Federal Privacy Statutes ECPA (communication) Privacy Act of 1974 (Federal collection/use) Family Educational Rights & Privacy Act (school records) Fair Credit Reporting Act (credit information) Federal Cable Communications Privacy Act (cable subscriber info) Video Privacy Act (video rental information) HIPAA (health cared information) Sarbanes-Oxley Act (corporate accounting) Patriot Act (counter-terrorism)

(c) 2006 Carnegie Mellon University95752:1-22 Federal Obscenity Statues Miller tests (Miller v. California, 1973): –Average person applying contemporary community standards find appeals prurient interest –Sexual content –Lack of literary, artistic, political or scientific value Statues: –Communications Decency Act (struck down) –Child Online Protection Act (struck down) –Child Pornography Protection Act (struck down – virtual child porn; live children still protected)

(c) 2006 Carnegie Mellon University95752:1-23 Indian Trust Funds Large, developing, case: Cobell vs. Norton – Insecure handling of entrusted funds Legal Internet disruption Criminal contempt proceedings Judicial overstepping

(c) 2006 Carnegie Mellon University95752:1-24 Methods of Defense Overlapping controls –Authentication –Encryption –Integrity control –Firewalls –Network configuration –Application configuration –Policy

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.