Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Society Security Risks.  Attacks  Origin  Consequences RISKS...

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Society Security Risks.  Attacks  Origin  Consequences RISKS..."— Presentation transcript:

1 Information Society Security Risks

2

3  Attacks  Origin  Consequences RISKS...

4 The Attacks  Availability  Integrity  Confidentiality

5 The Origin ACCIDENTS  Physical Accidents Breakdowns  Loss of essentialservice Force majeure ERRORS  Operational, conceptual or implementation errors MALEVOLENCY  Theft - Sabotage Fraud  Logical Attacks Dispersion

6 The Consequences Direct and indirect losses Material and immaterial losses Supplementary Expenses and operational losses Losses of assets ( goods, money ) Civil responsibility Sabotage of the enterprise operations Injure the business image Damage the competitive capability

7 Risk Management  Prevention  Protection  Detection  After incident recovery  Transfer to insurance  Repression

8 The RISKS Major  Dead or alive  unacceptable  insurance inadequate Minor  probability of incident x severity  temporary acceptable  prevention and/or insurance

9 Types of Problems  Intrusion  Viruses  Quality of information  Confidentiality  Intellectual rights  Criminality - security

10  Who is responsible ?  Who is the organizer ?  How identify the actors ?  Law applicable ? Questions

11 Intrusion  Alteration  Destruction  Access - theft  data  programs  Theft of resources

12  Who can use the INTERNET ?  What can they do on the INTERNET ?  Who authorizes ?  How can it be controlled? INTERNET Usage Politics

13 Protection against Intrusion Barriers (firewalls) Access Control –identification –authentication   signature –authorization   classification Cost calculation Access Journalisation

14 Methods of Violation  CLASSIC  pass-word attacks  brute force  encryption and comparisons  social engineering

15 Methods of Violation (cont)  MODERN  interception of data  Ethernet sniffing  Keyboard Logging  Monitoring X-Windows  Modified Utilities (login, in.telnetd, in.ftpd, finger,...)  Attacks based on protocols  Encapsulated or wrong configured utilities (NIS, NFS, TELNET, FTP, WWW, R-commands, Sendmail, …)

16 FIREWALLS  Everything that is not permitted is forbidden ?  Everything that is not forbidden is allowed ? All the incoming and outgoing traffic should pass the firewall !

17 Limitations of FIREWALLS  Session-jacking  of a connected and authorized user  Tunnel  interfere with an authorized traffic  Circumvention  usage of an alternative access  Weaknesses of certain applications

18 Problems with FIREWALLS  Reduction of the network throughput  Recovery in case of breakdowns  Not 100 % reliable  Generate a blind confidence  Insufficient Installation Tests  Permanent Upgrades required  The danger is not only external  Logs control work  Static defense

19 Protection against Alteration Seal (electronic seal) Protection against destruction Safety copies

20 VIRUSES  Impossible to avoid  The ideal antidote does not exists  The viruses grow in number and complexity  Decontamination is a highly specialized job

21 QUALITY of INFORMATION Newspapers have degenerated. They may now be absolutely relied upon. Oscar Wilde (1856-1900).

22 Data Reliability

23  Access Control  Encryption  symmetric keys  asymmetric keys

24 Encryption Individual Society Legal Status of encryption ?

25 INFORMATION BATTLE  Espionage  Industrial Espionage  Criminality  Terrorism

26 Information Highway and Society Cost of access and usage Info-poors and info-riches Contents surveillance Impose access restrictions

27  Code of conduct  Censure ?  Regulation ‘sensitive Information’ via the information highway

28 Protection of intellectual rights  Serial number  Copyright registration  Encryption  Product marks

29 Private life protection

30 ELECTRONIC COMMERCE  PARTY AUTHENTICATION  AUTHORIZATION  CONFIDENTIALITY  INTEGRITY - NON ALTERATION  JOURNALISATION  NON REFUSION at EMISSION and at RECEPTION

31 SECURITY is and will always be in the first place a HUMAN PROBLEM!

32 Not connecting is the only 100 % security

Download ppt "Information Society Security Risks.  Attacks  Origin  Consequences RISKS..."

Similar presentations

© Ravi Sandhu www.list.gmu.edu Introduction to Information Security Ravi Sandhu.

© Ravi Sandhu Introduction to Information Security Ravi Sandhu.
Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
File Transfer Methods : A Security Perspective. What is FTP FTP refers to the File Transfer Protocol, one of the protocols within the TCP/IP protocol.

File Transfer Methods : A Security Perspective. What is FTP FTP refers to the File Transfer Protocol, one of the protocols within the TCP/IP protocol.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
Risks, Controls and Security Measures

Risks, Controls and Security Measures
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Chapter 13 Network Security. Contents Definition of information security Role of network security Vulnerabilities, threats and controls Network security.

Chapter 13 Network Security. Contents Definition of information security Role of network security Vulnerabilities, threats and controls Network security.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj

Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj

Similar presentations

Ads by Google