Cory Bowers Harold Gray Brian Schneider Data Security.

Slides:

Advertisements

Similar presentations

Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.

Advertisements

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

POSSIBLE THREATS TO DATA

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

Crime and Security in the Networked Economy Part 4.

1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.

Computer Ethics Ms. Scales. Computer Ethics Ethics  the right thing to do Acceptable Use Policy  A set of rules and guidelines that are set up to regulate.

Is There a Security Problem in Computing? Network Security / G. Steffen1.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

Social Engineering Networks Reid Chapman Ciaran Hannigan.

Computer Viruses.

Defining Security Issues Chapter 8. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a.

1 An Overview of Computer Security computer security.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”

Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

Course ILT Security Unit objectives Configure operating system and file system security Install a fingerprint scanner and card reader Manage the human.

Data Security GCSE ICT.

Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

Program Objective Security Basics

Information Security Technological Security Implementation and Privacy Protection.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.

ISNE101 Dr. Ken Cosh Week 14. This Week  Challenges (still) facing Modern IS  Reliability  Security.

Defining Security Issues

Protecting Your Computer & Your Information

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies.

© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

The Utility Programs: The system programs which perform the general system support and maintenance tasks are known as utility programs. Tasks performed.

Understanding and Troubleshooting Your PC. Chapter 12: Maintenance and Troubleshooting Fundamentals2 Chapter Objectives  In this chapter, you will learn:

IT security By Tilly Gerlack.

ED 505 Educational Technology By James Moore.  What is the definition of Netiquette and how does it apply to social media sites? ◦ Netiquette is the.

1.2 Security. Computer security is a branch of technology known as information security, it is applied to computers and networks. It is used to protect.

IT internet security. The Internet The Internet - a physical collection of many networks worldwide which is referred to in two ways: The internet (lowercase.

Information Systems Security Operations Security Domain #9.

Trojan Horses on the Web. Definition: A Trojan horse a piece of software that allows the user think that it does a certain task, while actually does an.

Types of Electronic Infection

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Note1 (Admi1) Overview of administering security.

1 Computer Crime Often defies detection Amount stolen or diverted can be substantial Crime is “clean” and nonviolent Number of IT-related security incidents.

What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.

Attack and Malicious Code Andrew Anaruk. Security Threats Denial of Service (DoS) Attacks Spoofing Social Engineering Attacks on Encrypted Data Software.

Computer security By Isabelle Cooper.

Topic 5: Basic Security.

Computer Skills and Applications Computer Security.

n Just as a human virus is passed from person from person, a computer virus is passed from computer to computer. n A virus can be attached to any file.

IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.

Copyright © 2015 Cyberlight Global Associates Cyberlight GEORGIAN CYBER SECURITY & ICT INNOVATION EVENT 2015 Tbilisi, Georgia19-20 November 2015 Hardware.

Computer Security Threats CLICKTECHSOLUTION.COM. Computer Security Confidentiality –Data confidentiality –Privacy Integrity –Data integrity –System integrity.

Computer Security By Duncan Hall.

Security and Ethics Safeguards and Codes of Conduct.

Cybersecurity Test Review Introduction to Digital Technology.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

Computer Security Keeping you and your computer safe in the digital world.

Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.

SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.

Social Engineering Dr. X.

3.6 Fundamentals of cyber security

Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek

Social Engineering No class today! Dr. X.

Chapter # 3 COMPUTER AND INTERNET CRIME

Presentation transcript:

Cory Bowers Harold Gray Brian Schneider Data Security

Security Security is all about trust in protection and authenticity No matter how much you patch or secure your systems, weakest link in security chain is the natural human willingness to accept someone at their own word

Why? Hacker’s motivation: Pride Commit fraud Identity Theft Espionage Disrupt Administrator’s motivation: Protect company data Protect resources Protect company reputation

Threats Social Engineering Manipulating people to get access to confidential data Malware Worms Trojan Horses Rootkits Keylogger

Social Engineering Physical By Phone – call up a company and gradually get information Dumpster Diving – phone books, org charts, calendars, old paperwork, internal technical documentation, old hardware Online – most users use the same password, exploit through phishing sites and spam Psychological Impersonation – repairman, IT support, manager, trusted third party Ingratiation – using a position of power to get somebody to perform an unauthorized action Conformity – everybody else has given us this info, Diffusion of responsibility – alleviate the stress on the employee Friendliness – most people want to help, just have to be believable Reverse Social Engineering – sabotage, advertising, and assisting Kevin Mitnick – most famous, raised the issue of computer security in the US

Malware Worms – actively transmits itself over a network to infect other computers, possibly carrying a malicious payload Virus – a piece of software that infects a piece of software through a security hole allowing itself to run malicious code or propogate Trojan Horses – a piece of malware that masquerades as a good piece of software, but has a harmful payload, opens a backdoor to the system usually Rootkits – help malicious programs avoid detection on the system Keylogger – monitor user keystrokes and report them back to attacker

Good Security Policies Applicable to any variable inside of a system including hardware, software and people We are familiar with the practice of good policies in regard to hardware and software, but the policy of people within the system is most important.

Simple common policy Complex passwords Don’t share passwords Don’t write passwords down

Policy for paper documents First, what are you going to allow your employees to print? Where are they stored in between usage? ‘Who’ can take ‘what’, ‘where’? Time to shred? Who is responsible? Should the policy require in-house shredding or is it acceptable to transport the documents first? What degree of shredding is necessary? Is the policy the same for all documents?

Human Policy The human policy can apply to every aspect such as cameras, access cards, restricted area access, physical access to machines, direct physical access to certain machines, etc… On a basic level, policy helps prevent negligence attachments/USB drives/”Screensavers”/lost corporate devices Beyond that, a user can be educated to a policy that would help the system defend against social engineering

[Virtual] Protection Standard network protection, password protection, etc… Select which data is worth backing up and how often. Protection policies must be aware of budgets! Make offline (separate) copies Encrypt those copies

[Real] Protection Physical data threats Vandalism Theft Natural Disaster Fire/Water/Climate Control Power surge/Lightning EMP Terrorism

Backups Housing for the backups must be secure. In instances where a system is backed up to a remote location, part of the policy is to keep the location secret. Some mediums degrade over time and became unreliable Rewriteable mediums degrade relative to use

Tools to prevent unauthorized physical access: various physical identifications systems cameras alarms logging of physical access

Reasons for destroying data Data Remanence Tendency of data to remain on the medium after deletion Removal of equipment Might donate old equipment to charities, other organizations

Proper ways to delete data Deletion ‘Soft’ delete by marking files for deletion OS generally keeps file in holding area for easy recover if user made a mistake When deletion is confirmed, the file’s entry is just removed from the file system. Reasons not to do it Even after deletion, the data is still there. Can be recovered through file recovery utilities Can also be retrieved by reading disk sectors directly. Sterilization

Involves complete destruction of data Clearing Writing over deleted files with dummy data. Typically all 0’s, but patterns of alternating 1’s and 0’s are better. Can only be used on media that can be rewritten Purging Destruction of the magnetic domains of the media by exposure to a strong magnetic field. For high security application, specially made degaussers are used. Destroying Done via disintegration, pulverization, melting, incineration, or shredding. Ultimately, the only way to assure destruction of data.

Destroying optical or other media Optical Disks Cannot be deleted, cleared, or purged. Must be destroyed. Must be shredded via a crosscut shredder, burned, or pulverized. Magnetic Disks May have any of the above done, based on importance of data being destroyed. Equipment If applicable, may be cleared or purged, but can always be destroyed. Paper Shredding via a crosscut shredder Size varies by importance of paperwork Disintegration into pulp by water and a fine screen.