Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 7: IT Security PAD 6710.

Published byEmory Pitts Modified over 6 years ago

Similar presentations

Presentation on theme: "Lecture 7: IT Security PAD 6710."— Presentation transcript:

1 Lecture 7: IT Security PAD 6710

2 IT Security Threats Security Threats Intrusion threats
External- Intrusion Threats Network- Technological Threats Internal- Organizational Threats Intrusion threats Hacking: Unauthorized access and use of sensitive information Compromising National security data Compromising Personnel data, e.g SSN, Credit cards Compromising Personal data Cyber crimes ID thefts: on the rise Carding Forums: Criminal websites dedicated to the sale of stolen personal and financial information

3 IT Security Threats Network threats
System vulnerabilities/ compromises Malicious software Viruses: Programs that attach to files, enabling them to spread from one computer to another; can damage hardware, software or files. Worms: Self-propagating viruses Spyware: Programs that are installed without user’s knowledge, and can potentially monitor activities or steal sensitive information Phishing: Legitimate looking s that tricks user into providing sensitive information Internet Piracy Online software scams that could potentially be a security threat [see: ] Wireless insecurities Wireless is more prone to security threats than wired connections Open wireless communities (e.g. Wi-FI hotspots in public places that do not require a password) are particularly vulnerable

4 IT Security Threats Internal organizational threats
Employee security—who is to guard the guard? Lax management – governments are extensive data repositories; lax management could compromise the data Problems of security threats Corruption of Information Disclosure of Information to unauthorized parties Theft of Service Denial-of-service to legitimate users

5 Need for IT security Authentication Confidentiality Integrity
Provides the assurance that the person affixing a signature to an electronic document is who he or she claims to be Confidentiality Access to the content of the document is limited to authorized persons Integrity Assurance that the message is whole, complete, and not changed in transmission Nonrepudiation Neither party to a transaction can later claim that the transaction did not take place, or that the signature is not valid

6 Processes of Network Attacks

7 Information Destruction
Vulnerabilities PERPETRATORS Operators Programmers Data Entry Internal Outside Intruders Physical Destruction Bombing Short circuits Information Destruction Erasing Disks Malicious software Via modem Data Diddling False data entry Theft of Services Theft as user Unauthorized action Browsing Theft of media Unauthorized access Theft of Information VULNERABILITIES

8 Attackers & Motivations

9 Containing Security Threats
Legislation and Executive Branch Actions Covers legal action against security threats Computer Security Act (1987) –security guidelines and standards for government computers Government Information Security Reform Act (GISRA – 2000) –complemented CSA Homeland Security Act (HSA – 2002): CIO authority for overseeing coordination and consolidation of data Fair and Accurate Credit Transactions Act (FACTA – 2003) Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act of 2003)

10 Containing Security Threats
SECURITY AUDIT AND VULNERABILITY ASSESSMENT Update software Install the latest software patches Install antivirus software with frequent updates Attack halting Stops the attack, whether it is a program or a hacker Attack blocking Closes the loop-hole through which the attacker gained access Attack alerting Either pop-up to an online admin, or or SMS to a remote admin Information collecting On what is done by the attack to the network, and from where the attack came - helps gather forensic evidence should a prosecution become necessary or possible Full reporting Learn from mistakes; prevent future problems

11 Containing Security Threats
Intrusion Detection Systems Firewalls Access limitations Super Power passwords CAPTCHAs (Completely Automated Turing Test To Tell Computers and Humans Apart) Multi level access control Discretionary access control (DAC) Mandatory access control (MAC) Role based access control Task based access control

12 Containing Security Threats
Fail-safe features Encryption of data to authenticate identity of individuals attempting to access the governmental computer systems In paper document, sender has written signature and seals the envelope; receiver checks document integrity by checking the seal Similarly, in electronic documents, sender puts an electronic signature and encrypts document; receiver performs decrypting (a message digest/hashing algorithm) to verify document

13 Containing security threats
Public Key Infrastructure (PKI) PKI is based upon Public Key Cryptography (PKC), an internationally accepted method for securing electronic communications PKC involves a pair of mathematically related keys (large prime numbers of 1024 characters in length) Public key: Distributed freely to anyone whom the public key owner wishes to communicate securely Private Key: Known only by the signer; used to sign a message that only the public key can verify PKI Process User gets certificate of authority Certificate creates a public key for the user Certificate also issues matching private key User can employ the private key to send messages Another user can decrypt messages by using the public key Federal ID Cards for federal employees and contractors (Smartcards) Virtual Private Network (VPN) tunneling through secure channels

14 Containing Security Threats
PENETRATION TESTS Agency-Level Security Policies Security governance and reporting Physical Security Systems Security Checks and Clearances Biometrics Configuration Management Secure System Design Red Teams – teams of experts Honey Pots – proactive security strategies

15 Containing Security Threats
Comprehensive Security Policy: Risk Management Structure Data Stewardship Risk Tracking Risk Notification Authentication Encryption Data Security Data Sharing Data Disposal 10. Security Training

Download ppt "Lecture 7: IT Security PAD 6710."

Similar presentations

What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.

What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Chapter 9: Privacy, Crime, and Security

Chapter 9: Privacy, Crime, and Security
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Internet safety By Lydia Snowden.

Internet safety By Lydia Snowden.
OV 11 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
IT Security Class 3 – April 6, 2012.

IT Security Class 3 – April 6, 2012.
Chapter 11 Security and Privacy: Computers and the Internet.

Chapter 11 Security and Privacy: Computers and the Internet.
Securing Information Systems

Securing Information Systems

Similar presentations

Ads by Google