Computer Security Fundamentals

Slides:



Advertisements
Similar presentations
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Advertisements

UNIT 20 The ex-hacker.
Computer Fraud Chapter 5.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
1 UNIT 20 The ex-hacker Lecturer: Ghadah Aldehim.
Locking the Backdoor: Computer Security and Medical Office Practice Dr. Maury Pinsk, FRCPC University of Alberta Division of Pediatric Nephrology.
Chapter 10 Privacy and Security McGraw-Hill
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.
McGraw-Hill © 2008 The McGraw-Hill Companies, Inc. All rights reserved. Chapter 8 Threats and Safeguards Chapter 8 PROTECTING PEOPLE AND INFORMATION Threats.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
9 99 CHAPTER Privacy and Security. 9 © The McGraw-Hill Companies, Inc Objectives 1.Privacy 2.Security 3.Ergonomics 4.Environment.
Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.
Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.
Computer Security Fundamentals
CYBER CRIME AND SECURITY TRENDS
Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.
©2008 by Nelson, a division of Thomson Canada Limited 1 Management Second Canadian Edition Chuck Williams Alex Z. Kondra Conor Vibert Slides Prepared by:
Chapter 11 Security and Privacy: Computers and the Internet.
The Office Procedures and Technology
PART THREE E-commerce in Action Norton University E-commerce in Action.
McGraw-Hill Technology Education © 2006 by the McGraw-Hill Companies, Inc. All rights reserved CHAPTER PRIVACY AND SECURITY.
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.
Security and Privacy Strategic Global Partners, LLC.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
Objectives Overview Identify the qualities of valuable information Describe various information systems used in an enterprise Identify the components of.
©Holm Publications Security Awareness Presentation.
8.1 © 2007 by Prentice Hall Minggu ke 6 Chapter 8 Securing Information Systems Chapter 8 Securing Information Systems.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
McGraw-Hill Technology Education © 2006 by the McGraw-Hill Companies, Inc. All rights reserved CHAPTER PRIVACY AND SECURITY.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Computer Security Fundamentals by Chuck Easttom Chapter 13 Cyber Detective.
Eng. Hector M Lugo-Cordero, MS CIS4361 Department of Electrical Engineering and Computer Science February, 2012 University of Central Florida.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Trade Secrets Basics Victor H. Bouganim WCL, American University.
SCHOOLS FINANCE OFFICERS MEETINGS Records Management, “Paper-Lite” Environments and Procedures when a school closes Elizabeth Barber.
Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?
Computer Security Fundamentals by Chuck Easttom Chapter 11 Network Scanning and Vulnerability Scanning.
Engineering and Management of Secure Computer Networks School of Engineering © Steve Woodhead 2009 Corporate Governance and Information Security (InfoSec)
Cybersecurity Test Review Introduction to Digital Technology.
ONLINE COURSES - SIFS FORENSIC SCIENCE PROGRAMME - 2 Our online course instructors are working professionals handling real-life cases related to various.
By: Matthew Newsome.  The Internet was created so the US Department of Defense can share information between each other, which took place in the 1960’s.
Web Database Security Session 12 & 13 Matakuliah: Web Database Tahun: 2008.
Computer Security Sample security policy Dr Alexei Vernitski.
Argonne Office of Counterintelligence Intelligence Analysis Division Argonne National Laboratory.
Computer Security Keeping you and your computer safe in the digital world.
By: Taysha Johnson. What is an insider threat? 1.A current or former employee, contractor, or other business partner who has or had authorized access.
8 – Protecting Data and Security
Computer Security Fundamentals
Computer Security Fundamentals
IT Security  .
Computer Security Fundamentals
Objectives Overview Define the term, digital security risks, and briefly describe the types of cybercriminals Describe various types of Internet and network.
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
Computer Security Fundamentals
Security of Data  
INFS 452 – Computer Ethics & Society
What is keystroke logging?
Presentation transcript:

Computer Security Fundamentals by Chuck Easttom Chapter 7 Industrial Espionage in Cyberspace

Chapter 7 Objectives Know what is meant by industrial espionage Understand the low-technology methods used Understand how spyware is used Know how to protect a system Chapter 7 Objectives Know what is meant by industrial espionage. Understand the low-technology methods used to attempt industrial espionage. Be aware of how spyware is used in espionage. Know how to protect a system from espionage. © 2012 Pearson, Inc. Chapter 9 Industrial Espionage in Cyberspace

Introduction Espionage Is NOT: Its ultimate goal: Sophisticated glamour Exciting adventure Its ultimate goal: Collecting information Without fanfare Without knowledge of target Secrecy is prevalent, on the part of both the perpetrator and the target. © 2012 Pearson, Inc. Chapter 9 Industrial Espionage in Cyberspace

Introduction (cont.) Espionage NOT done only by governments and terrorists Spies for political and military goals Also done by private companies Industrial espionage. Billions of dollars. Companies fear to reveal they are targets. © 2012 Pearson, Inc. Chapter 9 Industrial Espionage in Cyberspace

What Is Industrial Espionage? Spying to find out valuable information: Competitor’s projects, client list, research data While the goal is different than military espionage, the means are the same: Electronic monitoring, photocopying files Industrial Espionage The use of spying techniques to find out key information that is of economic value: A competitor’s newest project, their client list, or research data Although the end is different than that of military espionage, the means are the same: Electronic monitoring, photocopying files, and so forth. Former intelligence officers are found in corporate espionage. Fortunately, former intelligence officers are also found in corporate security. © 2012 Pearson, Inc. Chapter 9 Industrial Espionage in Cyberspace

Information as an Asset Information can be a real asset. Billions are spent on research and development. How to value your information: VI = C + VG Information can be a real asset. Companies spend billions on research and development. VI (value of information) = C (cost to produce) + VG (value gained) $200,000 of salaries plus benefits and overhead + $1,000,000 in anticipated revenue from result = $1,200,000 VI Obviously, VG will be magnified in a court case. In everyday commerce, does your company value its information assets enough to protect them adequately? © 2012 Pearson, Inc. Chapter 9 Industrial Espionage in Cyberspace

Information as an Asset (cont.) Information is as much an asset as anything else. Worth more than the hardware and software that houses it. Much more difficult to replace. For example, a college degree is a single piece of paper. You paid more for the degree than the paper cost. You paid for the information you received. Doctors, lawyers, and engineers are all consultants for their expert information. Information is a valuable commodity. © 2012 Pearson, Inc. Chapter 9 Industrial Espionage in Cyberspace

Information as an Asset (cont.) Data has value for two reasons: Time and effort spent to create and analyze it. Data often has intrinsic value. A proprietary process, invention, or algorithm A competitive edge Data stored in computer systems has value for two reasons: 1. Much time and effort is spent to create and analyze the data. 2. Data often has intrinsic value. A proprietary process, invention, or algorithm has obvious value. Data that provides a competitive edge is also inherently valuable. Copyrights, trade secrets, and patents must be protected. They can be the foundation upon which a company is built—for example, pharmaceutical companies, Coca Cola, and so forth. © 2012 Pearson, Inc. Chapter 9 Industrial Espionage in Cyberspace

Information as an Asset (cont.) Asset identification Listing the organization’s assets www.cert.org/archive/pdf/tutorial-workbook.pdf Tutorial covering information security considerations Most technicians will go to work in a smaller corporation, not IBM or General Motors. We need to know how to scale for the small- to mid-size company. This is a helpful tool. © 2012 Pearson, Inc. Chapter 9 Industrial Espionage in Cyberspace

How Does Espionage Occur? Espionage can occur in two ways Easy low-tech way Employees simply take the data. Social engineering. Technology-oriented method Spyware Cookies and key loggers © 2012 Pearson, Inc. Chapter 9 Industrial Espionage in Cyberspace

How Does Espionage Occur? (cont.) Espionage can occur in two ways: Easy low-tech way Employees divulge sensitive data. Disgruntled employees. Motives vary. Easy low-tech way: Employees (existing or former) may knowingly or unknowingly divulge sensitive data. Disgruntled employees are the greatest security risk to an organization. The motives vary. © 2012 Pearson, Inc. Chapter 9 Industrial Espionage in Cyberspace

How Does Espionage Occur? (cont.) Espionage can occur in two ways: Easy low-tech way Information is portable. CDs, flash drives Social engineering. E-mail. Just because a person is wearing some kind of badge—visitor or vendor— does not mean they are who they appear to be or their briefcase contains nothing of yours. Memory drives can be concealed in pens. Social engineering is low tech and often successful. © 2012 Pearson, Inc. Chapter 9 Industrial Espionage in Cyberspace

How Does Espionage Occur? (cont.) Espionage can occur in two ways Technology-oriented method. Any monitoring software can be used. Spyware Keystroke loggers Capturing screenshots Espionage can occur in two ways: Technology-oriented method: Any monitoring software can be used in corporate espionage, for example, spyware and keystroke loggers. Capturing screenshots of sensitive information or logon information is easier today than ever before. That 32M pen drive can hold a key logger. © 2012 Pearson, Inc. Chapter 9 Industrial Espionage in Cyberspace

Protecting Against Industrial Espionage Cannot make system totally secure Employ antispyware software. Use firewalls and intrusion-detection systems. Implement security policies. Encrypt all transmissions. Of no use against internal sabotage What steps can I take to alleviate the danger? Nothing can make the system completely secure. Eighty percent of your problems will be internal. © 2012 Pearson, Inc. Chapter 9 Industrial Espionage in Cyberspace

Protecting Against Industrial Espionage (cont.) How to lessen risk of internal espionage Give out data on a “need-to-know” basis. Ensure no one person has control over all critical data at one time. Limit portable storage media and cell phones. How to lessen risks of internal espionage: Do previously mentioned steps. Give out data on a “need-to-know” basis. For key personnel, use a rotation system or dual control so no one person has control over all critical data at one time. Limit portable storage media and cell phones. Have cell phones and other hardware checked at the front security desk. © 2012 Pearson, Inc. Chapter 9 Industrial Espionage in Cyberspace

Protecting Against Industrial Espionage (cont.) How to lessen risk of internal espionage: No documents/media leave the building. Do employee background checks. Scan PCs of departing employees. Lock up tape backups, documents, and other media. Encrypt hard drives of portable computers. How to lessen risk of internal espionage: Prohibit documents/media leaving the building. Do employee background checks. When employees leave the company, scan their PC for any inappropriate data. Keep tape backups, documents, and other media under lock and key. If portable computers are used, encrypt the hard drives. Check employee references. Too often, this is not done. Check on any college credits and certifications. HR often does not follow up on this, and as a result, many job seekers falsify their resumes. Any prospective employee who does this cannot be trusted. © 2012 Pearson, Inc. Chapter 9 Industrial Espionage in Cyberspace

Protecting Against Industrial Espionage (cont.) How to lessen risks of internal espionage Encryption software www.navastream.com www.secure-messaging.com/products/cgfolder/index.htm www.smart-cardsys.com/security/ © 2012 Pearson, Inc. Chapter 9 Industrial Espionage in Cyberspace

Real-World Examples of Industrial Espionage VIA technology Employee of VIA goes to work for D-Link. Remains on the payroll of VIA. Leaves D-Link to return to VIA. D-Link proprietary information is found posted on a VIA FTP server. The VIA owners were involved in another IP theft scandal. © 2012 Pearson, Inc. Chapter 9 Industrial Espionage in Cyberspace

Real-World Examples of Industrial Espionage (cont.) General Motors GM alleges that eight former employees transferred proprietary information to Volkswagen. GM sued in criminal court under RICO. GM sued in civil court for damages. Industrial espionage not restricted to technology companies. Racketeer Influenced and Corrupt Organizations Act (RICO) © 2012 Pearson, Inc. Chapter 9 Industrial Espionage in Cyberspace

Real-World Examples of Industrial Espionage (cont.) Interactive Television Technologies, Inc. A break-in resulted in theft of data. Years of research and substantial financial investment Other companies shortly came out with competing products. A search for the company on the web revealed nothing. They appear to be out of business. © 2012 Pearson, Inc. Chapter 9 Industrial Espionage in Cyberspace

Real-World Examples of Industrial Espionage (cont.) Bloomberg, Inc. BI provided services to a Kazakhstan. company; gave them software needed to use BI’s services. A KS employee, Oleg Zezev, illegally entered BI’s computer system. He sent an e-mail to Michael Bloomberg threatening extortion. View the whole story here: http://www.usdoj.gov/criminal/cybercrime/zezevConvict.htm © 2012 Pearson, Inc. Chapter 9 Industrial Espionage in Cyberspace

Real-World Examples of Industrial Espionage (cont.) Avant Software Charged with attempting to steal secrets from a competitor. A former consultant for Avant took a job with Cadence. There were allegations on both sides. The criminal case was pled out. View the whole story here: http://news.com.com/2100-1023-206536.html?legacy=cnet © 2012 Pearson, Inc. Chapter 9 Industrial Espionage in Cyberspace

Industrial Espionage and You Most companies decline to discuss the issue. Larry Ellison, CEO of Oracle Corporation, has openly defended his hiring of a private detective to dumpster-dive at Microsoft. View the whole story here: http://www.wired.com/news/antitrust/0,1551,37278,00.html © 2012 Pearson, Inc. Chapter 9 Industrial Espionage in Cyberspace

Summary Industrial espionage exists and will grow into an even larger problem. There are a variety of methods by which espionage can take place. An employee revealing information is the most common. Compromising information systems is an increasingly popular method of espionage. © 2012 Pearson, Inc. Chapter 9 Industrial Espionage in Cyberspace

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.