Presentation is loading. Please wait.

Presentation is loading. Please wait.

COMP2221 Networks in Organisations

Published byLaura Jepsen Modified over 5 years ago

Similar presentations

Presentation on theme: "COMP2221 Networks in Organisations"— Presentation transcript:

1 COMP2221 Networks in Organisations
Richard Henson March 2012

2 Protecting Organisational Data
By the end of this session you should be able to: explain why the internal network user is potentially a threat explain the importance of protecting entry to the network by outsiders suggest ways to identify vulnerabilities of the network, so action can be taken to reduce the risk

3 Network Management The network manager has two (conflicting?) responsibilities provide facilities and services that users need to do their jobs protect the network against abuse by naïve or malign users General perception (by users!)… network managers are more concerned with “protecting the network” than servicing the needs of its users

4 The “good insider”.. Threat (?)
Users: employees, who (generally) want to do their job, and do it well… Possible conflict with the “security-orientated” or “nanny-state” approach to network management Personal opinion: needs balance the network IS there for the benefit of the users… fulfill business objectives the network MUST be as secure as reasonably possible protect valuable company data

5 NOT Getting the balance right…
Worrying web page (BBC, 19/11/10): BBC’s own network users so frustrated about IT restrictions stopping them doing their jobs that many (typically 41% according to a CISCO survey) ignore the rules!

6 “unthinking” insiders
Employees who do stupid things on the network bring in viruses spread passwords around forward inappropriately engage with phishing s… etc…

7 Bad Insiders Could be disillusioned Could cause real damage
just plain corrupt maybe a temp? Could cause real damage bring network down put company out of business…

8 What to do about the Insider Threat?
A matter for organisational management Establish policy negotiated with users… Educate/train users Enable breaches of policy to be detected… Enforce policy!

9 What about Outsiders? Two types:
employees working “in the field” the rest of the world… Organisational management can’t enforce policy on the latter… network only protected through good, well-resourced network management

10 Firewalls: checking/blocking data coming in and out…
INTERNET Firewall Internal Network ...

11 Do we have a problem? Perceptions “from the inside” quite different from “outside looking in”

12 Should we find out…? Almost impossible to tell if the network is secure from within… could just hope so (!) could go outside, and try to penetrate defences better still, the organisation could get a benign expert to do it for them…

13 Here is one such expert…
Campbell Murray Highly experienced Penetration Tester

Download ppt "COMP2221 Networks in Organisations"

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
1.8 Malpractice and Crime In this section you must be able to: Explain the consequences of malpractice and crime on information systems. Describe the possible.

1.8 Malpractice and Crime In this section you must be able to: Explain the consequences of malpractice and crime on information systems. Describe the possible.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
COMP6005 An Introduction to Computing Session One: An Introduction to Computing Security Issues.

COMP6005 An Introduction to Computing Session One: An Introduction to Computing Security Issues.
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
Securing Your Networks Personal Safety Rules Apply Here Too. Corporate Identity Theft SPAM.

Securing Your Networks Personal Safety Rules Apply Here Too. Corporate Identity Theft SPAM.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.

Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.
Lesson 1: Understanding Browsers. This unit is a set of investigations into how to protect against digital threats, and how to detect digital crimes.

Lesson 1: Understanding Browsers. This unit is a set of investigations into how to protect against digital threats, and how to detect digital crimes.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Internet safety By Lydia Snowden.

Internet safety By Lydia Snowden.
BUS1MIS Management Information Systems Semester 1, 2012 Week 7 Lecture 1.

BUS1MIS Management Information Systems Semester 1, 2012 Week 7 Lecture 1.
BUSINESS B1 Information Security.

BUSINESS B1 Information Security.
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.

1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS). SELECT AND USE APPROPRIATE METHODS TO MINIMISE SECURITY RISK TO IT SYSTEMS AND DATA 1.1 I can describe.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS). SELECT AND USE APPROPRIATE METHODS TO MINIMISE SECURITY RISK TO IT SYSTEMS AND DATA 1.1 I can describe.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Year 9 Autumn Assessment Computer system/Information security-Planning, Communicating, Information. By Louis Smith-Lassey 9k 9Y1.

Year 9 Autumn Assessment Computer system/Information security-Planning, Communicating, Information. By Louis Smith-Lassey 9k 9Y1.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, 2014 -WITH THANKS TO.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
PROTECTION ON THE INTERNET NADIA SNOW VIRUS Is a file made to do harm or criminal activity there are many types: -worms -Trojan horse -Spyware How they.

PROTECTION ON THE INTERNET NADIA SNOW VIRUS Is a file made to do harm or criminal activity there are many types: -worms -Trojan horse -Spyware How they.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

Similar presentations

Ads by Google