1. Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm

2. Table of contents: Attackers Classification of threats Defensive measures Security management framework Risk & incident management of Security

3. Attackers Attackers: About 46% of companies and government agencies suffered security incident from 2007 until now. Who are the attackers? + Thrill seekers who like the challenge of defeating defense systems. + Other attackers who dislike their company and intended to steal the company’s proprietary data, such as credit card numbers or other online payment.

4. Classification of threats: Managers must understand the classification of threats: External Attacks: harm against computing infrastructure. +E.g.: DoS-Denial of Service: attackers send data packets more rapidly than the target machine can handle. Each packet begins to be authentic conversation with the victim computer, thus disable infrastructure devices.

5. Classified threats:

6. Classification of threats: Intrusion: gain access to a company’s internal IT infrastructure by various methods. e.g. obtaining user names & passwords. Intruders can use high-tech ways such as using “sniffer” software for LANs, or exploiting computer codes to gain access to systems. Hackers can scan IP exploitable addresses to their master computer. If a company does not know exactly about its system, customers & business partners will not trust security of data entrusted to the company.

7. Defensive Measures: To secure a company’s data, infrastructure components, and reputation, managers must build 6 defenses: 1. Security Policies: related to people who has company account, passwords, security features,… 2. Firewalls: collection of software/hardware to prevent system assess 3. Authentication: host/network/data authentication to control assesses 4. Encryption: renders the e-transmission unreadable 5. Patching and change management: change passwords regularly or keep important data in computer’s files or “fingerprints”. 6. Intrusion Detection and network monitoring: combine hardware probes and software diagnostic system to help network administrators recognize when their infrastructure is under attack.

8. Network intrusion detection system:

9. Security management frame work: Make Deliberate security decisions: Managers must not allow public internet in company and educate themselves on security relation and decision. Consider Security a Moving target: company must attack their own system and hire outside firm to audit, stay in source of CERT(Computer Emergency Response Team) Practice Disciplined Management: for process changes Educate users: to understand the dangers of sharing password and connection. Deploy Multilevel technical Measures: as may as needed be. Use security at host & network levels.

10. Risk Management: Managing before the incident: use sound infrastructure design, disciplined execution of operating procedure, careful documentation, established crisis management procedures and rehearsing incident response. Managing during the incident: human decision makers have obstacles to deal with: confusion/denial/fear responses. Awareness of psychological traps helps decision makers to avoid them. Managing after the incident: erase or rebuild parts of the infrastructure. Managers need to understand what incident happened, and connect with the company’s protecting entrusted information.