Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 1 Introduction to Security

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 1 Introduction to Security"— Presentation transcript:

1 Chapter 1 Introduction to Security
Security Awareness:  Applying Practical Security in Your World, Second Edition Chapter 1 Introduction to Security

2 Objectives List the challenges of defending against attacks
Explain why information security is important Describe the different types of attackers List the general principles for defending against attacks Security Awareness: Applying Practical Security in Your World, 2e

3 Challenges of Security
Last six months of 2004 Organizations faced average of 13.6 attacks per day versus 10.6 the previous six months During second quarter of 2005 422 Internet security vulnerabilities were discovered During first six months of 2005 Over 46.5 million Americans had their privacy breached Security Awareness: Applying Practical Security in Your World, 2e

4 Security Awareness: Applying Practical Security in Your World, 2e

5 Today’s Security Attacks
Department of Defense Records over 60,000 attempted intrusions annually against their unclassified networks Companies worldwide Will spend almost $13 billion on computer security in 2005 Number of Internet fraud complaints Rose from 6,087 in 2000 to 48,252 in 2002 and 207,449 in 2004 Security Awareness: Applying Practical Security in Your World, 2e

6 Security Awareness: Applying Practical Security in Your World, 2e

7 Security Awareness: Applying Practical Security in Your World, 2e

8 Difficulties in Defending Against Attackers
Why security is becoming increasingly difficult Speed of attacks Greater sophistication of attacks Attackers detect weaknesses faster and can quickly exploit these vulnerabilities Increasing number of zero day attacks Distributed attacks User confusion Security Awareness: Applying Practical Security in Your World, 2e

9 Security Awareness: Applying Practical Security in Your World, 2e

10 What is Information Security?
Describes task of guarding information that is in a digital format Ensures that protective measures are properly implemented Intended to protect information that has high value to people and organizations Security Awareness: Applying Practical Security in Your World, 2e

11 Characteristics of Information
Confidentiality Ensures that only authorized parties can view the information Integrity Ensures that information is correct Availability Secure computer must make data immediately available to authorized users Security Awareness: Applying Practical Security in Your World, 2e

12 What is Information Security? (continued)
Protects the characteristics of information on Devices that store, manipulate, and transmit information Achieved through a combination of three entities Proper use of products People Procedures Security Awareness: Applying Practical Security in Your World, 2e

13 Security Awareness: Applying Practical Security in Your World, 2e

14 Information Security Terminology
Asset Something that has value Threat Event or object that may defeat the security measures in place and result in a loss Threat agent Person or thing that has power to carry out a threat Security Awareness: Applying Practical Security in Your World, 2e

15 Information Security Terminology (continued)
Vulnerability Weakness that allows threat agent to bypass security Risk Likelihood that threat agent will exploit a vulnerability Security Awareness: Applying Practical Security in Your World, 2e

16 Security Awareness: Applying Practical Security in Your World, 2e

17 Understanding the Importance of Information Security
Information security is important to businesses and individuals Prevent data theft Thwart identify theft Avoid legal consequences of not securing information Maintain productivity Foil cyberterrorism Security Awareness: Applying Practical Security in Your World, 2e

18 Preventing Data Theft Security Data theft
Often associated with theft prevention Data theft Single largest cause of financial loss due to a security breach Individuals can be victims Security Awareness: Applying Practical Security in Your World, 2e

19 Thwarting Identity Theft
Involves using someone’s personal information to establish bank or credit card accounts According to the Federal Trade Commission (FTC) Number of identity theft victims increased 152% from Cost of identity theft for 2004 exceeded $52 billion Age group that suffered the most identity theft Adults years of age Security Awareness: Applying Practical Security in Your World, 2e

20 Avoiding Legal Consequences
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Healthcare enterprises must guard protected health information The Sarbanes-Oxley Act of 2002 (Sarbox) Attempts to fight corporate corruption Security Awareness: Applying Practical Security in Your World, 2e

21 Avoiding Legal Consequences (continued)
The Gramm-Leach-Bliley Act (GLBA) Protects private data USA Patriot Act of 2001 Broadens surveillance of law enforcement agencies Security Awareness: Applying Practical Security in Your World, 2e

22 Avoiding Legal Consequences (continued)
The California Database Security Breach Act of 2003 Businesses should inform residents within 48 hours if breach of personal information occurs Children’s Online Privacy Protection Act of 1998 (COPPA) Web sites designed for children under 13 should obtain parental consent prior to the Collection, use, disclosure, or display of child’s personal information Security Awareness: Applying Practical Security in Your World, 2e

23 Maintaining Productivity
Computer Crime and Security Survey indicate that Virus attacks alone cost more than $42 million Spam Unsolicited messages Almost 230 million spam messages are sent each day (67% of total transmitted) Security Awareness: Applying Practical Security in Your World, 2e

24 Security Awareness: Applying Practical Security in Your World, 2e

25 Foiling Cyberterrorism
Attacks by terrorist groups using computer technology and the Internet Challenges Many prime targets are not owned and managed by federal government Security Awareness: Applying Practical Security in Your World, 2e

26 Who are the Attackers? Hacker Cracker Script kiddies
Someone who attacks computers Cracker Person who violates system security with malicious intent Script kiddies Want to break into computers to create damage Download automated hacking software (scripts) Lack the technical skills of crackers Security Awareness: Applying Practical Security in Your World, 2e

27 Who are the Attackers? (continued)
Spies Hired to break into a computer and steal information Thieves Search for any unprotected computer and Attempt to steal credit card numbers, banking passwords, or similar information Employees May want to show the company a security weakness Security Awareness: Applying Practical Security in Your World, 2e

28 Cyberterrorists May attack because of ideology Goals of a cyberattack
To deface electronic information To deny service to legitimate computer users To commit unauthorized intrusions into systems and networks Security Awareness: Applying Practical Security in Your World, 2e

29 Defending Against Attacks
Layering Creates a barrier of multiple defenses that can be coordinated to thwart a variety of attacks Limiting Limiting access to information reduces the threat against it Diversity Breaching one security layer does not compromise the whole system Security Awareness: Applying Practical Security in Your World, 2e

30 Defending Against Attacks (continued)
Obscurity Avoiding clear patterns of behavior make attacks from the outside much more difficult Simplicity Creating a system that is simple from the inside but complex on the outside reaps a major benefit Security Awareness: Applying Practical Security in Your World, 2e

31 Building a Comprehensive Security Strategy
Block attacks If attacks are blocked by network security perimeter Then attacker cannot reach personal computers on which data is stored Security devices can be added to computer network To block unauthorized or malicious traffic Security Awareness: Applying Practical Security in Your World, 2e

32 Building a Comprehensive Security Strategy (continued)
Update defenses Involves updating defensive hardware and software Involves applying operating system patches on a regular basis Minimize losses May involve keeping backup copies of important data in a safe place Send secure information May involve “scrambling” data so that unauthorized eyes cannot read it Security Awareness: Applying Practical Security in Your World, 2e

33 Summary Several difficulties in keeping computers and the information on them secure Why information security is becoming more difficult Speed and sophistication of attack Vulnerabilities User confusion Information security protects integrity, confidentiality, and availability of information Security Awareness: Applying Practical Security in Your World, 2e

34 Summary (continued) Information security has its own set of terminology Preventing theft of information Most important reason for protecting data Hacker Possesses advanced computer skills Basic principles for creating a secure environment Layering, limiting, diversity Obscurity, and simplicity Security Awareness: Applying Practical Security in Your World, 2e

Download ppt "Chapter 1 Introduction to Security"

Similar presentations

Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Deter, Detect, Defend: The FTC’s Program on Identity Theft.

Deter, Detect, Defend: The FTC’s Program on Identity Theft.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.

Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
BUSINESS PLUG-IN B6 Information Security.

BUSINESS PLUG-IN B6 Information Security.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.

Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing Email that bites Paying for Privacy Pirates.

MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing that bites Paying for Privacy Pirates.
About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.

About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 1 Introduction to Security.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 1 Introduction to Security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Similar presentations

Ads by Google