Download presentation
Presentation is loading. Please wait.
1
Securing and Protecting Citizens' Data
Greg Moore Cisco Systems Engineer
2
Threats Viruses Subversion Sabotage Spoofing Spamming Eavesdropping
Identity Theft Phishing Pharming Phreaking Fuzzing Notice that 7 out of 11 involve financial gain
3
“If Only Computer Security Did Not Have to Involve People”
According to the Oct 2002 Edition of “The Economist”: 2/3 of commuters at a London train station revealed their computer password in exchange for a ball point pen Nearly half used their name, family name or pet name as password
4
More Recently … At RSA 2007 a Major U.S. Bank Shared This:
After extensive user training on password sensitivity in 2006 Sent an to 200 random employees asking for an “example of a complex password” They got 75 responses of which 23 sent their actual password! Cisco Confidential
5
SpyBot example Extortion - Encrypted hard drive virus – give me $$ in exchange for the keys – Repudiation
6
Phishing and Pharming Attacks
Site looked very authentic 800 number, Click to Chat, etc. Gone two days later
7
In many fonts an upper ‘i’ and a lower ‘L’ look the same
In many fonts an upper ‘i’ and a lower ‘L’ look the same. In this example, PayPaI is actually PayPaI
8
Security Must Be a Mindset
Improved security means implementing policies dealing with human factors, cultural norms and managing risks Security requires the cooperation and support of senior management We tend to worry about the wrong things (viruses, hackers) Instead of more realistic threats (disgruntled employees, links to supposedly trusted partners, theft of laptops, insecure Wi-Fi APs, etc.)
9
What Needs to be Protected?
Constituent information – tax records, health records, court records, etc. May be public but integrity needs to be maintained Governance – HIPPA, PCI Privileged or confidential information – employee info, government secrets, etc. Voice / Video / Data – all forms of data Physical security – public, employees, assets
10
Securing Information Hardening Isolation Privacy Integrity
Authentication Encryption
11
Security Technology OS Patches & Hotfixes HIPS / AV / NAC
Firewalls & ACLs Application Layer Gateways NIDS / IPS Access Control Content & Reputation Filtering VPN
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.