Presentation is loading. Please wait.

Presentation is loading. Please wait.

Department of Revenue Lessons for Management by Department of Revenue Internal Audit.

Published byFelicity Stackhouse Modified over 9 years ago

Similar presentations

Presentation on theme: "Department of Revenue Lessons for Management by Department of Revenue Internal Audit."— Presentation transcript:

1

2 Department of Revenue H@¢king! Lessons for Management by Department of Revenue Internal Audit

3 Presentation Objectives b Identify Electronic Intruders b Demonstrate their methods b Propose a plan of defense

4 Systems involved b Unix/Linux Systems b Microsoft NT Networks b Novell Network b Mainframe Systems

5 Protection Methods b Login ID and Password. b Encryption b Secure transmission

6 Why secure systems/data? b Maintain Data Integrity by preventing: unauthorized modificationsunauthorized modifications data corruption (viruses, etc)data corruption (viruses, etc) b Prevent Theft privacy violationprivacy violation information theft (SS#, credit card#, etc)information theft (SS#, credit card#, etc) b Maintain Service

7 How is data accessible? b Internet b Dialup Access b Physical Connection (Network Outlet)

8 Identifying the Electronic Intruders b Disgruntled employees b Contractors b Hackers b Insufficiently trained employees

9 Forms of Attack b Sniffing b Password cracking b Syncflood b Ping of Death b “Feature” Exploitation b Port Scanning b Social Engineering

10 Demonstrations

11 Vulnerabilities b Passwords too short/simple/obvious b Login accounts of people no longer in the organization being left activated b Lack of Data Encryption b Lack of system monitoring tools b Insufficiently trained security/audit personnel

12 Vulnerabilities (continued) b Shared login accounts (passwords) b Dialup login password is a general password b Not using screen savers

13 Prevention: Management Perspective b Tone at the top b Organizational structure b Budgeting b External Review (Penetration Tests) b Recovery Plan

14 Prevention: Technical Perspective b Reliable data backup (including testing the backed-up data) b Hardware redundancy/clustering b System monitoring/sniffing b Diligent maintenance of accounts (user, admin, and system accounts) b Physically restrict core systems

15 Conclusion There is no such thing as 100% secure. However, it is important that we at least not carelessly “leave doors unlocked.” The greater importance is not how to keep an intruder out, but is to assume that an intruder can get in. Efforts should be focused on addressing all possible damages that an intruder can inflict. We need to develop an “Insurance Policy” that can restore anything lost or damaged. Then, we need to be able to say that we took reasonable precautions.

16 Thank you This has been a presentation by the Department of Revenue’s Internal Audit Section. We hope you found this presentation educational and insightful. Surf and be safe…

Download ppt "Department of Revenue Lessons for Management by Department of Revenue Internal Audit."

Similar presentations

Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
David Assee BBA, MCSE Florida International University

David Assee BBA, MCSE Florida International University
Security and Systems. Three tenets of security Confidentiality Integrity Availability.

Security and Systems. Three tenets of security Confidentiality Integrity Availability.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.

Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
INFORMATION WARFARE Written by: Larry Druffel Presented by: Frank Dang TCOM 614 Introduction to Telecommunication University of Redlands.

INFORMATION WARFARE Written by: Larry Druffel Presented by: Frank Dang TCOM 614 Introduction to Telecommunication University of Redlands.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Controls for Information Security

Controls for Information Security
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Similar presentations

Ads by Google