OSAC/ISMA Conference The Changing Nature of Cyber Space Ryan W. Garvey.

Slides:



Advertisements
Similar presentations
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Advertisements

7 Effective Habits when using the Internet Philip O’Kane 1.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
1 MIS 2000 Class 22 System Security Update: Winter 2015.
Crime and Security in the Networked Economy Part 4.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Cyber X-Force-SMS alert system for threats.
2 An Overview of Telecommunications and Networks Telecommunications: the _________ transmission of signals for communications (home net) (home net)
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
CS691 Robin Kimzey Cell Phone Security a little computer in your pocket an easy target for malcontents.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.
Internet safety By Lydia Snowden.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Chapter 2 Information Security Overview The Executive Guide to Information Security manual.
Securing Information Systems
Information Security Technological Security Implementation and Privacy Protection.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Cyber Crimes.
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Information Security Standards Promoting Trust, Transparency, and Due Diligence E-Gov Washington Workshop.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
BUSINESS B1 Information Security.
1.1 System Performance Security Module 1 Version 5.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.
TECHNOLOGY GUIDE THREE Protecting Your Information Assets.
Information Systems Security Operations Security Domain #9.
Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.
Chapter 2 Securing Network Server and User Workstations.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Topic 5: Basic Security.
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
HO © 2012 Fluor. All rights reserved. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil.
Critical Security Controls & Effective Cyber Defense Hasain “The Wolf”
Cyber Security : Indian perspective. 22 Internet Infrastructure in INDIA.
Cybersecurity Test Review Introduction to Digital Technology.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Policies and Security for Internet Access
IS3220 Information Technology Infrastructure Security
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Information Security tools for records managers Frank Rankin.
Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.
E-Commerce & Bank Security By: Mark Reed COSC 480.
External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Working at a Small-to-Medium Business or ISP – Chapter 8
Critical Security Controls
Security Standard: “reasonable security”
Instructor Materials Chapter 7 Network Security
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Cyber Protections: First Step, Risk Assessment
Securing Information Systems
Cybersecurity Threat Assessment
Presentation transcript:

OSAC/ISMA Conference The Changing Nature of Cyber Space Ryan W. Garvey

OSAC/ISMA Conference Overview Smartphone’s Threats Protection Cyber threats Emerging Defense and mitigation Outlook Social media/networking Hacktivism

OSAC/ISMA Conference Architecture, technologies and capabilities of telecommunication networks and mobile phones have significantly changed BlackBerry and iPhone and third generation (3G) mobile networks Millions of people around the world can make calls from almost any place in the world True mobility in accessing internet and information “Anywhere, Anytime, any Device”

OSAC/ISMA Conference Popular usage of mobile phones and smartphone’s Company’s service (e.g. via RIM Blackberry or MS Mobile Outlook) Company’s calendar service (e.g. via MS Mobile Outlook and Microsoft Exchange) Shared file systems (e.g. Microsoft SharePoint) Customer Relationship Management (CRM) and Enterprise Resource Planning (ERP) systems Applications dedicated to mobile phones Mobile Sales Force Automation (SFA) SMS alerts and notifications Company’s internal network via Virtual Private Network (VPN) connections.

OSAC/ISMA Conference E-commerce and E-banking purposes User authentication via software tokens running on Smartphone’s Access to mobile banking applications to make money transfers Electronic transaction authentication Via one time passwords sent by bank to the users via SMSes Micropayments via SMS, USSD or interactive voice channel Premium content purchase (so called Premium SMS) Alerts and notifications Change of account balance, debit or credit card usage etc. Electronic signatures via online, native or SIM card applications Practical application of mobile phones and Smartphone's is almost endless

OSAC/ISMA Conference Realities Mobile malware is not a future threat but a current threat First mobile phone malware seen over 10 years ago In September 2009 – 100 known families – More than 500 modifications In today –Every month a new mobile malware was identified –March 2011 – 60 malicious apps found in Android Marketplace

OSAC/ISMA Conference Possible crossover’s from PC to Mobile: –Redirect user’s web traffic through attacker’s proxy server or unauthorized access point Attacker may remotely change mobile browser and network configuration, Recording and sharing all web information sent from mobile device (e.g. all information from HTTP GET and POST) Modifying web browser (e.g. Firefox for iPhone, or Opera Mini) Replacing executable binaries on the phone, so all information sent to the Internet can be intercepted –Unauthorized remote use of phone’s personal area network capabilities (Bluetooth, Wi-Fi) Remotely attack another user and penetrate networks that are in the range of Smartphone, creating mobile Botnets Perform distributed denial of service attacks on any target via “regular” (e.g. Internet) or mobile (e.g. SMSes, MMSes etc.) communication channels

OSAC/ISMA Conference Two Android examples –Tap Snake In the Android Market Place Tracks and monitors user’s location - GPS Spy GPS data includes date and time of user’s location Physical access required to enable GPS Spy feature –Movie Player Not in Android Market Place SMS Trojan Poses as harmless media player application Sends SMS messages to premium-rate numbers Scam has only affected Android Smartphone users in Russia.

OSAC/ISMA Conference Impacts Loss of valuable data Loss of Intellectual Property Loss of productivity Negative impact on profits or stock price Brand damage Lawsuits Class actions

OSAC/ISMA Conference Cyber Threats

OSAC/ISMA Conference Types of Threats

OSAC/ISMA Conference Even More Threats Cybercrime, online fraud and the theft of confidential information Bots, Botnets and “modular” malicious code Web applications are increasingly become the focal point of attacks “Man-in-the-Middle” attacks that circumvent multi-factor authentication

OSAC/ISMA Conference Security Defense-in-Depth Adversaries attack the weakest link…where is yours? Risk assessment Security planning, policies, procedures Configuration management and control Contingency planning Incident response planning Security awareness and training Security in acquisitions Physical security Personnel security Security assessments and authorization Access control mechanisms Identification & authentication mechanisms (Biometrics, tokens, passwords) Audit mechanisms Encryption mechanisms Boundary and network protection devices (Firewalls, guards, routers, gateways) Intrusion protection/detection systems Security configuration settings Anti-viral, anti-spyware, anti-spam software Smart cards Continuous monitoring Links in the Security Chain: Management, Operational, and Technical Controls

OSAC/ISMA Conference Inventories of authorized and unauthorized devices and software –Don’t allow personal preferences –Don’t let outside connect flash drives or other devices to your network –Use software such as DeviceLock –Do not download software from the Internet, do not use outside CDs, DVDs Wireless device control Hardware and Software Inventories

OSAC/ISMA Conference Trust but Verify Maintenance, monitoring, and analysis of security audit logs Continuous vulnerability assessment and remediation System of sanctions for improper behavior Remote scanning from HQ Intrusion detection systems

OSAC/ISMA Conference Limit Access to Need Controlled Use of Administrative Privileges Should only be used for administrator duties Use “RunAs” command whenever possible Do not leave systems logged on Controlled access based on need to know Account monitoring and control

OSAC/ISMA Conference Application Software Security Be a good implementer No need to reinvent the wheel Patch quickly - organizations take twice as long to patch application vulnerabilities as they take to patch operating system vulnerabilities Use automated updates when possible

OSAC/ISMA Conference Malware Defenses Firewalls: Block most hacker tools and network worms. Antispyware: Blocks spyware, Trojans, network and worms, spyware, but not viruses. Antivirus: Blocks viruses and worms. Intrusion Prevention Software: Block viruses, worms and other malware by looking for the typical behavior of these attacks.

OSAC/ISMA Conference Data Loss Prevention Backups –Redundancy –Different schedules –Offsite backup Secure Network Engineering Penetration Tests and Red Team Exercises Incident Response Capability Data Recovery Capability

OSAC/ISMA Conference Education of Users Don’t download programs from the Internet Do not use outside CDs, DVDs Don’t attach outside devices Don’t open unfamiliar s, especially attachments Don’t surf sites not needed for work Scan all files before opening

OSAC/ISMA Conference Quick and Easy Protective Strategies

OSAC/ISMA Conference Security Program Minimums

OSAC/ISMA Conference Outlook Social Networking Continued growth Continued threats Hacktivism Anonymous DoS Reputation & other attacks Increased focus on Corporations?

OSAC/ISMA Conference Ryan W. Garvey Coordinator Information Security & Cyber Threats

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.