Presentation is loading. Please wait.

Presentation is loading. Please wait.

Understand mechanisms to control organisational IT security

Published byLynette Doyle Modified over 6 years ago

Similar presentations

Presentation on theme: "Understand mechanisms to control organisational IT security"— Presentation transcript:

1 Understand mechanisms to control organisational IT security
Unit 48 I.T. Security Management HND in Computing and Systems Development

2 Security perimeter Router (enforces encryption settings)
Intrusion detection system (IDS) Firewall Wireless access points Public switched telephone network (PSTN) VOIP Modems insiders

3 Physical security Doors Windows Walls Floors Ceilings Location of
Monitors Wireless access points Printers Sensitive equipment (TEMPEST) {Transient electromagnetic Pulse Emanation Standard} Actual site (proximity to roads, other buildings)

4 People = security problem
The problem Social engineering ploys Make mistakes Easily fooled Easily led (misled) Want to help Desire to avoid confrontation Direct question: e.g. “Who is the I.T. manager?” Engage in conversation, evoke sympathy “I really need this information now, X is on the warpath…” Appeal to ego “I hear you did a great job for Y, that was really impressive, I wonder if you could do the same for me…” Intimidation “If you won’t give me this information I’m going to have to report you…” especially effective in eg military Insiders can be more effective: Stanley Mark Rifkin 1978, $10.2million, Conklin & White p68

5 Social engineering task
Find examples of a range of social engineering attacks. You could include the following; Phishing Spear phishing Whaling Vishing Spam (SPIM) Shoulder surfing Reverse social engineering hoaxes

6 Poor Security Practices
Individuals Poor training/policies/procedures Password selection Piggybacking Dumpster diving Unauthorised hardware or software Physical access by non-employees Access by ill-intentioned insiders/contractors/consultants

7 Physical security task
Describe and evaluate various procedures to restrict physical access to a facility. Include a cost-benefit evaluation for each procedure. Include both prevention and monitoring methods. You could include: Physical locks Biometrics Sign-in logs CCTV or video Security personnel Two-factor authentication Utility protection (HVAC, power) swipe cards, theft prevention Something you know Something you have Something unique about you Note your sources – make sure they are reputable and up-to-date!

Download ppt "Understand mechanisms to control organisational IT security"

Similar presentations

GCSE ICT Networks & Security..

GCSE ICT Networks & Security..
IT Security “Knowing the potential threat to YOU and your business” Ian McLachlan IT Manager.

IT Security “Knowing the potential threat to YOU and your business” Ian McLachlan IT Manager.
4 Information Security.

4 Information Security.
Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”

PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.
Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.

Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Security Week 10 Lecture 1. Why do we need security? Identify and authenticate people wanting to use the system Prevent unauthorised persons from accessing.

Security Week 10 Lecture 1. Why do we need security? Identify and authenticate people wanting to use the system Prevent unauthorised persons from accessing.
Controls for Information Security

Controls for Information Security
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
LECTURE16 NET 301. HOW TO SET UP A SECURE LOCAL NETWORK Step 1: Identify Your Networking Needs This is a very important step.the key considerations are:

LECTURE16 NET 301. HOW TO SET UP A SECURE LOCAL NETWORK Step 1: Identify Your Networking Needs This is a very important step.the key considerations are:
Workplace Security for Employees. © Business & Legal Reports, Inc. 0606 Session Objectives You will be able to: Understand the company’s security policy.

Workplace Security for Employees. © Business & Legal Reports, Inc Session Objectives You will be able to: Understand the company’s security policy.
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.

Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
Data Security GCSE ICT.

Data Security GCSE ICT.

Similar presentations

Ads by Google