Presentation is loading. Please wait.

Presentation is loading. Please wait.

About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.

Published byAlaina Laura Foster Modified over 9 years ago

Similar presentations

Presentation on theme: "About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning."— Presentation transcript:

1 About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning of each presentation. You may customize the presentations to fit your class needs. Some figures from the chapters are included. A complete set of images from the book can be found on the Instructor Resources disc.

2 Security Awareness Chapter 1 Introduction to Security

3 Security Awareness, 3 rd Edition3 Objectives After completing this chapter, you should be able to do the following: Describe the challenges of securing information Define information security and explain why it is important Identify the types of attackers that are common today List the basic steps of an attack Describe the steps in a defense and a comprehensive defense strategy

4 Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks Difficulties in defending against these attacks Security Awareness, 3 rd Edition4

5 Today’s Security Attacks Typical monthly security newsletter –Malicious program was introduced in the manufacturing process of a popular brand of digital photo frames –E-mail claiming to be from the United Nations (U.N.) ‘‘Nigerian Government Reimbursement Committee’’ is sent to unsuspecting users –‘‘Booby-trapped’’ Web pages are growing at an increasing rate –Mac computers can be the victim of attackers Security Awareness, 3 rd Edition5

6 Today’s Security Attacks (cont’d.) Security statistics –45 million credit and debit card numbers stolen –Number of security breaches continues to rise –Recent report revealed that of 24 federal government agencies overall grade was only ‘‘C-’’ Security Awareness, 3 rd Edition6

7 7 Table 1-1 Selected security breaches involving personal information in a three-month period Course Technology/Cengage Learning

8 Difficulties in Defending Against Attacks Speed of attacks Greater sophistication of attacks Simplicity of attack tools Quicker detection of vulnerabilities –Zero day attack Delays in patching products Distributed attacks User confusion Security Awareness, 3 rd Edition8

9 Difficulties in Defending Against Attacks (cont’d.) Security Awareness, 3 rd Edition9 Figure 1-1 Increased sophistication of attack tools Course Technology/Cengage Learning

10 Difficulties in Defending Against Attacks (cont’d.) Security Awareness, 3 rd Edition10 Figure 1-2 Menu of attack tools Course Technology/Cengage Learning

11 Difficulties in Defending Against Attacks (cont’d.) Security Awareness, 3 rd Edition11 Table 1-2 Difficulties in defending against attacks Course Technology/Cengage Learning

12 What Is Information Security? Understand what information security is Why is information security important today? Who are the attackers? Security Awareness, 3 rd Edition12

13 Defining Information Security Security –State of freedom from a danger or risk Information security –Tasks of guarding information that is in a digital format –Ensures that protective measures are properly implemented –Protect information that has value to people and organizations Value comes from the characteristics of the information Security Awareness, 3 rd Edition13

14 Defining Information Security (cont’d.) Characteristics of information that must be protected by information security –Confidentiality –Integrity –Availability Achieved through a combination of three entities –Products –People –Procedures Security Awareness, 3 rd Edition14

15 Defining Information Security (cont’d.) Security Awareness, 3 rd Edition15 Figure1-3 Information security components Course Technology/Cengage Learning

16 Defining Information Security (cont’d.) Security Awareness, 3 rd Edition16 Table 1-3 Information security layers Course Technology/Cengage Learning

17 Information Security Terminology Asset –Something that has a value Threat –Event or object that may defeat the security measures in place and result in a loss –By itself does not mean that security has been compromised Threat agent –Person or thing that has the power to carry out a threat Security Awareness, 3 rd Edition17

18 Information Security Terminology (cont’d.) Vulnerability –Weakness that allows a threat agent to bypass security Exploiting the security weakness –Taking advantage of the vulnerability Risk –Likelihood that a threat agent will exploit a vulnerability –Some degree of risk must always be assumed –Three options for dealing with risk Security Awareness, 3 rd Edition18

19 Information Security Terminology (cont’d.) Table 1-4 Security information terminology Security Awareness, 3 rd Edition19 Course Technology/Cengage Learning

20 Understanding the Importance of Information Security Preventing data theft –Theft of data is one of the largest causes of financial loss due to an attack –Affects businesses and individuals Thwarting identity theft –Identity theft Using someone’s personal information to establish bank or credit card accounts that are then left unpaid Leaves the victim with debts and ruins their credit rating –Legislation continues to be enacted Security Awareness, 3 rd Edition20

21 Understanding the Importance of Information Security (cont’d.) Avoiding legal consequences –Federal and state laws that protect the privacy of electronic data The Health Insurance Portability and Accountability Act of 1996 (HIPAA) The Sarbanes-Oxley Act of 2002 (Sarbox) The Gramm-Leach-Bliley Act (GLBA) USA Patriot Act (2001) The California Database Security Breach Act (2003) Children’s Online Privacy Protection Act of 1998 (COPPA) Security Awareness, 3 rd Edition21

22 Understanding the Importance of Information Security (cont’d.) Maintaining productivity –Lost wages and productivity during an attack and cleanup –Unsolicited e-mail message security risk U.S. businesses forfeit $9 billion each year restricting spam Foiling cyberterrorism –Could cripple a nation’s electronic and commercial infrastructure –‘‘Information Security Problem’’ Security Awareness, 3 rd Edition22

23 Who Are the Attackers? Divided into several categories –Hackers –Script kiddies –Spies –Employees –Cybercriminals –Cyberterrorists Security Awareness, 3 rd Edition23

24 Hackers Debated definition of hacker –Identify anyone who illegally breaks into or attempts to break into a computer system –Person who uses advanced computer skills to attack computers only to expose security flaws ‘‘White Hats’ Security Awareness, 3 rd Edition24

25 Script Kiddies Unskilled users Use automated hacking software Do not understand the technology behind what they are doing Often indiscriminately target a wide range of computers Security Awareness, 3 rd Edition25

26 Spies Person who has been hired to break into a computer and steal information Do not randomly search for unsecured computers Hired to attack a specific computer or system Goal –Break into computer or system –Take the information without drawing any attention to their actions Security Awareness, 3 rd Edition26

27 Employees Reasons for attacks by employees –Show company weakness in security –Retaliation –Money –Blackmail –Carelessness Security Awareness, 3 rd Edition27

28 Cybercriminals Loose-knit network of attackers, identity thieves, and financial fraudsters Motivated by money Financial cybercrime categories –Stolen financial data –Spam email to sell counterfeits and pornography Security Awareness, 3 rd Edition28

29 Cybercriminals (cont’d.) Security Awareness, 3 rd Edition29 Table 1-6 Eastern European promotion of cybercriminals Course Technology/Cengage Learning

30 Cyberterrorists Motivated by ideology Sometimes considered attackers that should be feared most Security Awareness, 3 rd Edition30

31 Attacks and Defenses Same basic steps are used in most attacks Protecting computers against these steps –Calls for five fundamental security principles Security Awareness, 3 rd Edition31

32 Steps of an Attack Probe for information Penetrate any defenses Modify security settings Circulate to other systems Paralyze networks and devices Security Awareness, 3 rd Edition32

33 Figure 1-5 Steps of an attack Security Awareness, 3 rd Edition33 Course Technology/Cengage Learning

34 Defenses Against Attacks Layering –If one layer is penetrated, several more layers must still be breached –Each layer is often more difficult or complicated than the previous –Useful in resisting a variety of attacks Limiting –Limiting access to information reduces the threat against it –Technology-based and procedural methods Security Awareness, 3 rd Edition34

35 Defenses Against Attacks (cont’d.) Diversity –Important that security layers are diverse –Breaching one security layer does not compromise the whole system Obscurity –Avoiding clear patterns of behavior make attacks from the outside much more difficult Simplicity –Complex security systems can be hard to understand, troubleshoot, and feel secure about Security Awareness, 3 rd Edition35

36 Building a Comprehensive Security Strategy Block attacks –Strong security perimeter Part of the computer network to which a personal computer is attached –Local security important too Update defenses –Continually update defenses to protect information against new types of attacks Security Awareness, 3 rd Edition36

37 Building a Comprehensive Security Strategy (cont’d.) Minimize losses –Realize that some attacks will get through security perimeters and local defenses –Make backup copies of important data –Business recovery policy Send secure information –‘‘Scramble’’ data so that unauthorized eyes cannot read it –Establish a secure electronic link between the sender and receiver Security Awareness, 3 rd Edition37

38 Summary Attacks against information security have grown exponentially in recent years Difficult to defend against today’s attacks Information security definition –That which protects the integrity, confidentiality, and availability of information Main goals of information security –Prevent data theft, thwart identity theft, avoid the legal consequences of not securing information, maintain productivity, and foil cyberterrorism Security Awareness, 3 rd Edition38

39 Summary (cont’d.) Several types of people are typically behind computer attacks Five general steps that make up an attack Practical, comprehensive security strategy involves four key elements Security Awareness, 3 rd Edition39

Download ppt "About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Helping you protect your customers against fraud Division of Finance and Corporate Securities.

Helping you protect your customers against fraud Division of Finance and Corporate Securities.
11 Section D: SQL  SQL Basics  Adding Records  Searching for Information  Updating Fields  Joining Tables Chapter 11: Databases1.

11 Section D: SQL  SQL Basics  Adding Records  Searching for Information  Updating Fields  Joining Tables Chapter 11: Databases1.
Information Security Jim Cusson, CISSP. Largest Breaches 110,000 2009-11-27 NorthgateArinso, Verity Trustees 6,400 2009-11-25 Aurora St. Luke's Medical.

Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.

Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.

Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing Email that bites Paying for Privacy Pirates.

MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing that bites Paying for Privacy Pirates.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 1 Introduction to Security.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 1 Introduction to Security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Chapter 1 Introduction to Security

Chapter 1 Introduction to Security
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
CYBER CRIME AND SECURITY TRENDS

CYBER CRIME AND SECURITY TRENDS
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Similar presentations

Ads by Google