1 Introduction to Security Chapter 11 Information Technology (IT) Security.

Slides:

Advertisements

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Advertisements

Thank you to IT Training at Indiana University Computer Malware.

1 Computer and Internet Security JCCAA Presentation 03/14/2009 Yu-Min (Phillip) Hsieh Sr. System Administrator Information Technology Rice University.

1 MIS 2000 Class 22 System Security Update: Winter 2015.

Crime and Security in the Networked Economy Part 4.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Purdue University proudly presents Doug Couch & Nathan Heck, IT Security Analysts.

Chapter 8 Chapter 8 Digital Defense: Securing Your Data and Privacy

Computer Security and Risks 11.  2001 Prentice Hall11.2 Chapter Outline On-line Outlaws: Computer Crime Computer Security: Reducing Risks Security, Privacy,

Internet Safety Basics Never share names, schools, ages, phone numbers, or addresses. Never open an from a stranger – it may contain viruses that.

 ICT Security › If the firm is a victim of a computer crime, should they pursue prosecution of the criminals at all costs, should they maintain a low.

Security, Privacy, and Ethics Online Computer Crimes.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing that bites Paying for Privacy Pirates.

Threats To A Computer Network

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

McGraw-Hill © 2008 The McGraw-Hill Companies, Inc. All rights reserved. Chapter 8 Threats and Safeguards Chapter 8 PROTECTING PEOPLE AND INFORMATION Threats.

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 LO1 Describe information technologies that could be used in computer.

New Data Regulation Law 201 CMR TJX Video.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

The Office Procedures and Technology

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.

Protecting Yourself Online (Information Assurance)

THREATS TO MOBILE NETWORK SECURITY

CHAPTER 4 Information Security. Key Information Security Terms Information Security refers to all of the processes and policies designed to protect an.

Chapter 4.  Can technology alone provide the best security for your organization?

Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,

Staying Safe Online Keep your Information Secure.

Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?

You, Me & Technology. Overview Technology –Our relationship with technology Threats –What, Who, When, Where, Why & How Protection –What we can do to protect.

Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.

Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.

Staying Safe Online Aberdeen Grammar School. Things to do online Keep in touch with friends and family using , twitter and social networking sites.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

7 Information Security.

 A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. It is deliberately.

Here is a list of viruses Adware- or advertising-supported software-, is any software package which automatically plays, displays, or downloads advertisements.

Course code: ABI 204 Introduction to E-Commerce Chapter 5: Security Threats to Electronic Commerce AMA University 1.

Computer Crime crime accomplished through knowledge or use of computer technology. Computers are tools – we choose how to use / apply the technology.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

Topic 5: Basic Security.

Malicious Software.

Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.

SPYWARE Spyware, a new class of malicious programs, is just as dangerous as viruses but generally Is underreported. The issues are no longer those of privacy,

Security and Ethics Safeguards and Codes of Conduct.

CSCE 201 Identification and Authentication Fall 2015.

Cybersecurity Test Review Introduction to Digital Technology.

Digital Security Jesline James! 9cc. Contents  The CREATORS!!!! =] The CREATORS!!!! =]  What is Digital Security? What is Digital Security?  How does.

Mr C Johnston ICT Teacher BTEC IT Unit 09 - Lesson 11 Network Security.

By: Jasmin Smith  ability to control what information one reveals about one’s self over the Internet.

Computer Security Sample security policy Dr Alexei Vernitski.

Android and IOS Permissions Why are they here and what do they want from me?

SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.

Primary/secondary data sources Health and safety Security of Data Data Protection Act.

Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek

Trend Micro Antivirus + Security To Buy Visit : Or Contact : (855)

Staying safe on the internet

Internet Safety Vocabulary

Presentation transcript:

1 Introduction to Security Chapter 11 Information Technology (IT) Security

2 Information Technology Overview  This topic is very daunting for many security managers  FBI example – making upgrades to current equipment is akin to changing a tire on a speeding car – difficult to do, but you have no choice.  This example highlights the need for quality, fully integrated IT security.

3 New Technologies & Security  IP Video Surveillance – allows a company to use its existing network for video surveillance  Voice over Protocol (VoIP) – an underused technology that holds great promise  USB Technology – presents an easy way for people to steal data or engineer their way into corporate systems  Mesh Networks – a wireless communication system allowing both voice and data to be transmitted and received  CTI – allows interactions on a telephone and a PC to be integrated or coordinated

4 Common Equipment that Can Pose Security Threats  Laptops  Cell Phones  PDAs and smart phones  Fax machines  All other telecommunication devices

5 Tips for Information Asset Protection  Employees using equipment that can store info should sign a release any info on it is the employer’s property.  Use of mobile devices with cameras should be discouraged, especially around sensitive material and in locker rooms.

6 Tips for Information Asset Protection  Discourage employees from storing info such as social security numbers, credit card numbers, account numbers and passwords on any wireless device.  Be careful about posting cell numbers and addresses

7 Tips for Information Asset Protection  Consider locking your phone when not using it, or installing software that allows you to lock it, in the event of loss/theft.  Do not follow links in s or text messages.  Asset tag or engrave laptops  Be careful about logging onto wireless hotpots.

8 Other IT Security Threats:  Trojan horses install malicious software under the guise of doing something else  Viruses & worms An FBI survey revealed that despite protection programs, 82% of organizations have been infected by a virus.

9 Other IT Security Threats:  Spyware A dangerous, prolific code that logs a users activity and collects personnel information, which it then sends to a third party.  Adware A relative of spyware. Typically found with free software, they display advertisements when the program is running. They may also contain spyware.

10 Other IT Security Threats:  Bots A type of malware that allows an attacker to gain control over the infected computer (also called “zombie computers”) and allow them to use a company’s network to send spam, launch attacks and infect other computers.

11 Targets of attack Intellectual property Trade secrets Patented material Copyrighted Material

12 Piracy and Protection  $23 billion lost in 2004 as a result of digital piracy of music, movies, software and games  This piracy is accomplished through peer-to-peer sites, mass , FTP and Web sites.  These groups can be very difficult to penetrate and prosecute.

13 Piracy and Protection Protection:  DRM (Digital Rights Management) Antipiracy technology used by digital copyright owners to control who has access to their work  Watermark Technology An evolution of watermarks on currency, it helps companies by embedding these watermarks into pictures of their property that are invisible to the human eye.

14 Threats to Proprietary Information  Employees – often have unrestricted access as part of their job which puts them in an ideal position to steal information  Vendors  Visitors  Discarded information and paper in trash containers

Competitive Intelligence  What is competitive intelligence?  Non-disclosure agreements  Common targets of CI.  What is cloaking? 15

16 Basic Principles of Information Asset Protection  Classifying & Labeling Information Unrestricted Internal Use Restricted Highly Restricted  Protocols for Distribution  Security Awareness Training  Audits

17 3 Security Measures against IT Threats 1. Logical Controls 2. Physical Access Controls 3. Administrative Controls

18 1. Logical Controls  Special programs written into the software  Most common are those that require a password for access  Data encryption

19 2. Physical Controls  Restrict actual physical access to computer terminals, equipment and software  Key and key card controls, ID badges, or biometrics are imperative  Hardening access points such as vents, doors and windows

20 3. Administrative Controls  Comprehensive background checks on all new employees  Stressing of security during management meetings  Having managers assume responsibility for security

Recommendations for IT Security Program  Deploy HTTP Scanning methods  Block unnecessary protocols  Deploy vulnerability scanning software  Do not give out administrator privileges to all users  Deploy corporate spyware scanning  Educate users, enforce strict security policy within the netwoork 21