Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security Fundamentals

Published byAlyson Manning Modified over 9 years ago

Similar presentations

Presentation on theme: "Computer Security Fundamentals"— Presentation transcript:

1 Computer Security Fundamentals
by Chuck Easttom Chapter 7 Industrial Espionage in Cyberspace

2 Chapter 7 Objectives Know what is meant by industrial espionage
Understand the low-technology methods used Understand how spyware is used Know how to protect a system Chapter 7 Objectives Know what is meant by industrial espionage. Understand the low-technology methods used to attempt industrial espionage. Be aware of how spyware is used in espionage. Know how to protect a system from espionage. © 2012 Pearson, Inc Chapter 9 Industrial Espionage in Cyberspace

3 Introduction Espionage Is NOT: Its ultimate goal:
Sophisticated glamour Exciting adventure Its ultimate goal: Collecting information Without fanfare Without knowledge of target Secrecy is prevalent, on the part of both the perpetrator and the target. © 2012 Pearson, Inc Chapter 9 Industrial Espionage in Cyberspace

4 Introduction (cont.) Espionage
NOT done only by governments and terrorists Spies for political and military goals Also done by private companies Industrial espionage. Billions of dollars. Companies fear to reveal they are targets. © 2012 Pearson, Inc Chapter 9 Industrial Espionage in Cyberspace

5 What Is Industrial Espionage?
Spying to find out valuable information: Competitor’s projects, client list, research data While the goal is different than military espionage, the means are the same: Electronic monitoring, photocopying files Industrial Espionage The use of spying techniques to find out key information that is of economic value: A competitor’s newest project, their client list, or research data Although the end is different than that of military espionage, the means are the same: Electronic monitoring, photocopying files, and so forth. Former intelligence officers are found in corporate espionage. Fortunately, former intelligence officers are also found in corporate security. © 2012 Pearson, Inc Chapter 9 Industrial Espionage in Cyberspace

6 Information as an Asset
Information can be a real asset. Billions are spent on research and development. How to value your information: VI = C + VG Information can be a real asset. Companies spend billions on research and development. VI (value of information) = C (cost to produce) + VG (value gained) $200,000 of salaries plus benefits and overhead + $1,000,000 in anticipated revenue from result = $1,200,000 VI Obviously, VG will be magnified in a court case. In everyday commerce, does your company value its information assets enough to protect them adequately? © 2012 Pearson, Inc Chapter 9 Industrial Espionage in Cyberspace

7 Information as an Asset (cont.)
Information is as much an asset as anything else. Worth more than the hardware and software that houses it. Much more difficult to replace. For example, a college degree is a single piece of paper. You paid more for the degree than the paper cost. You paid for the information you received. Doctors, lawyers, and engineers are all consultants for their expert information. Information is a valuable commodity. © 2012 Pearson, Inc Chapter 9 Industrial Espionage in Cyberspace

8 Information as an Asset (cont.)
Data has value for two reasons: Time and effort spent to create and analyze it. Data often has intrinsic value. A proprietary process, invention, or algorithm A competitive edge Data stored in computer systems has value for two reasons: 1. Much time and effort is spent to create and analyze the data. 2. Data often has intrinsic value. A proprietary process, invention, or algorithm has obvious value. Data that provides a competitive edge is also inherently valuable. Copyrights, trade secrets, and patents must be protected. They can be the foundation upon which a company is built—for example, pharmaceutical companies, Coca Cola, and so forth. © 2012 Pearson, Inc Chapter 9 Industrial Espionage in Cyberspace

9 Information as an Asset (cont.)
Asset identification Listing the organization’s assets Tutorial covering information security considerations Most technicians will go to work in a smaller corporation, not IBM or General Motors. We need to know how to scale for the small- to mid-size company. This is a helpful tool. © 2012 Pearson, Inc Chapter 9 Industrial Espionage in Cyberspace

10 How Does Espionage Occur?
Espionage can occur in two ways Easy low-tech way Employees simply take the data. Social engineering. Technology-oriented method Spyware Cookies and key loggers © 2012 Pearson, Inc Chapter 9 Industrial Espionage in Cyberspace

11 How Does Espionage Occur? (cont.)
Espionage can occur in two ways: Easy low-tech way Employees divulge sensitive data. Disgruntled employees. Motives vary. Easy low-tech way: Employees (existing or former) may knowingly or unknowingly divulge sensitive data. Disgruntled employees are the greatest security risk to an organization. The motives vary. © 2012 Pearson, Inc Chapter 9 Industrial Espionage in Cyberspace

12 How Does Espionage Occur? (cont.)
Espionage can occur in two ways: Easy low-tech way Information is portable. CDs, flash drives Social engineering. . Just because a person is wearing some kind of badge—visitor or vendor— does not mean they are who they appear to be or their briefcase contains nothing of yours. Memory drives can be concealed in pens. Social engineering is low tech and often successful. © 2012 Pearson, Inc Chapter 9 Industrial Espionage in Cyberspace

13 How Does Espionage Occur? (cont.)
Espionage can occur in two ways Technology-oriented method. Any monitoring software can be used. Spyware Keystroke loggers Capturing screenshots Espionage can occur in two ways: Technology-oriented method: Any monitoring software can be used in corporate espionage, for example, spyware and keystroke loggers. Capturing screenshots of sensitive information or logon information is easier today than ever before. That 32M pen drive can hold a key logger. © 2012 Pearson, Inc Chapter 9 Industrial Espionage in Cyberspace

14 Protecting Against Industrial Espionage
Cannot make system totally secure Employ antispyware software. Use firewalls and intrusion-detection systems. Implement security policies. Encrypt all transmissions. Of no use against internal sabotage What steps can I take to alleviate the danger? Nothing can make the system completely secure. Eighty percent of your problems will be internal. © 2012 Pearson, Inc Chapter 9 Industrial Espionage in Cyberspace

15 Protecting Against Industrial Espionage (cont.)
How to lessen risk of internal espionage Give out data on a “need-to-know” basis. Ensure no one person has control over all critical data at one time. Limit portable storage media and cell phones. How to lessen risks of internal espionage: Do previously mentioned steps. Give out data on a “need-to-know” basis. For key personnel, use a rotation system or dual control so no one person has control over all critical data at one time. Limit portable storage media and cell phones. Have cell phones and other hardware checked at the front security desk. © 2012 Pearson, Inc Chapter 9 Industrial Espionage in Cyberspace

16 Protecting Against Industrial Espionage (cont.)
How to lessen risk of internal espionage: No documents/media leave the building. Do employee background checks. Scan PCs of departing employees. Lock up tape backups, documents, and other media. Encrypt hard drives of portable computers. How to lessen risk of internal espionage: Prohibit documents/media leaving the building. Do employee background checks. When employees leave the company, scan their PC for any inappropriate data. Keep tape backups, documents, and other media under lock and key. If portable computers are used, encrypt the hard drives. Check employee references. Too often, this is not done. Check on any college credits and certifications. HR often does not follow up on this, and as a result, many job seekers falsify their resumes. Any prospective employee who does this cannot be trusted. © 2012 Pearson, Inc Chapter 9 Industrial Espionage in Cyberspace

17 Protecting Against Industrial Espionage (cont.)
How to lessen risks of internal espionage Encryption software © 2012 Pearson, Inc Chapter 9 Industrial Espionage in Cyberspace

18 Real-World Examples of Industrial Espionage
VIA technology Employee of VIA goes to work for D-Link. Remains on the payroll of VIA. Leaves D-Link to return to VIA. D-Link proprietary information is found posted on a VIA FTP server. The VIA owners were involved in another IP theft scandal. © 2012 Pearson, Inc Chapter 9 Industrial Espionage in Cyberspace

19 Real-World Examples of Industrial Espionage (cont.)
General Motors GM alleges that eight former employees transferred proprietary information to Volkswagen. GM sued in criminal court under RICO. GM sued in civil court for damages. Industrial espionage not restricted to technology companies. Racketeer Influenced and Corrupt Organizations Act (RICO) © 2012 Pearson, Inc Chapter 9 Industrial Espionage in Cyberspace

20 Real-World Examples of Industrial Espionage (cont.)
Interactive Television Technologies, Inc. A break-in resulted in theft of data. Years of research and substantial financial investment Other companies shortly came out with competing products. A search for the company on the web revealed nothing. They appear to be out of business. © 2012 Pearson, Inc Chapter 9 Industrial Espionage in Cyberspace

21 Real-World Examples of Industrial Espionage (cont.)
Bloomberg, Inc. BI provided services to a Kazakhstan. company; gave them software needed to use BI’s services. A KS employee, Oleg Zezev, illegally entered BI’s computer system. He sent an to Michael Bloomberg threatening extortion. View the whole story here: © 2012 Pearson, Inc Chapter 9 Industrial Espionage in Cyberspace

22 Real-World Examples of Industrial Espionage (cont.)
Avant Software Charged with attempting to steal secrets from a competitor. A former consultant for Avant took a job with Cadence. There were allegations on both sides. The criminal case was pled out. View the whole story here: © 2012 Pearson, Inc Chapter 9 Industrial Espionage in Cyberspace

23 Industrial Espionage and You
Most companies decline to discuss the issue. Larry Ellison, CEO of Oracle Corporation, has openly defended his hiring of a private detective to dumpster-dive at Microsoft. View the whole story here: © 2012 Pearson, Inc Chapter 9 Industrial Espionage in Cyberspace

24 Summary Industrial espionage exists and will grow into an even larger problem. There are a variety of methods by which espionage can take place. An employee revealing information is the most common. Compromising information systems is an increasingly popular method of espionage. © 2012 Pearson, Inc Chapter 9 Industrial Espionage in Cyberspace

Download ppt "Computer Security Fundamentals"

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
UNIT 20 The ex-hacker.

UNIT 20 The ex-hacker.
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”

PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 

11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
1 UNIT 20 The ex-hacker Lecturer: Ghadah Aldehim.

1 UNIT 20 The ex-hacker Lecturer: Ghadah Aldehim.
Locking the Backdoor: Computer Security and Medical Office Practice Dr. Maury Pinsk, FRCPC University of Alberta Division of Pediatric Nephrology.

Locking the Backdoor: Computer Security and Medical Office Practice Dr. Maury Pinsk, FRCPC University of Alberta Division of Pediatric Nephrology.
Chapter 10 Privacy and Security McGraw-Hill

Chapter 10 Privacy and Security McGraw-Hill
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
McGraw-Hill © 2008 The McGraw-Hill Companies, Inc. All rights reserved. Chapter 8 Threats and Safeguards Chapter 8 PROTECTING PEOPLE AND INFORMATION Threats.

McGraw-Hill © 2008 The McGraw-Hill Companies, Inc. All rights reserved. Chapter 8 Threats and Safeguards Chapter 8 PROTECTING PEOPLE AND INFORMATION Threats.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
9 99 CHAPTER Privacy and Security. 9 © The McGraw-Hill Companies, Inc. 2002 Objectives 1.Privacy 2.Security 3.Ergonomics 4.Environment.

9 99 CHAPTER Privacy and Security. 9 © The McGraw-Hill Companies, Inc Objectives 1.Privacy 2.Security 3.Ergonomics 4.Environment.
Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.
Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.

Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.

Similar presentations

Ads by Google