Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Figure 11-7: Mobilizing Users User Training  Security Awareness  Accountability Training  Self-Defense Training Social engineering threats and correct.

Published byTheresa Knight Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Figure 11-7: Mobilizing Users User Training  Security Awareness  Accountability Training  Self-Defense Training Social engineering threats and correct."— Presentation transcript:

1

2 1 Figure 11-7: Mobilizing Users User Training  Security Awareness  Accountability Training  Self-Defense Training Social engineering threats and correct responses Make users early warning scouts who know whom to inform if breach suspected In general, mobilize as partners

3 2 Figure 11-7: Mobilizing Users Authentication  Nontechnical Problems in Providing Access Permissions Who may submit people for usernames and passwords? Limit it Human resources know when people are hired and fired

4 3 Figure 11-7: Mobilizing Users Authentication  Nontechnical Problems in Providing Access Permissions But on specific servers, many people might submit needs to sys admin  Project managers for projects on the server  For many people: Individual employees, contractors, consultants, temp hires

5 4 Figure 11-7: Mobilizing Users Authentication  Terminating Authentication Credentials People often do not have their permissions terminated when they no longer need them Person who requests their permissions should have to periodically review them for continuation

6 5 Figure 11-8: Vulnerability Testing Vulnerability Testing Technology  Using Attacker Technology Designed to do damage  Using Commercial Vulnerability Testing Tools Not as up-to-date as attacker tools Less likely to do damage as side effect Focus on reporting

7 6 Figure 11-8: Vulnerability Testing Vulnerability Testing Technology  Reporting and Follow-Up Tools Reports should clearly list vulnerabilities and suggested fixes Follow-up report should document which vulnerabilities fixed, not fixed

8 7 Figure 11-8: Vulnerability Testing Vulnerability Testing Contracts  Need a contract before the testing begins to cover everyone involved  What Will Be Tested: Specifics  How It Will Be Tested: Specifics  Hold Blameless for Side Effects

9 8 Figure 11-8: Vulnerability Testing Reducing False Positives with Tuning  Avoid meaningless tests, for instance, Apache threat on Microsoft Windows Server

10 9 Figure 11-8: Vulnerability Testing Who Should Do Vulnerability Testing?  Outside Firms Expertise Use of reformed hackers?  The IT or Security Department Has good knowledge of internal systems If IT staff is the attacker, can hide wrongdoing

11 10 Figure 11-8: Vulnerability Testing Who Should Do Vulnerability Testing?  IT Auditing Departments Trained to audit whether standards and procedures are being followed Have to upgrade their specific vulnerability testing skills  ================================== Art of Deception by Kevin Mitnick

Download ppt "1 Figure 11-7: Mobilizing Users User Training  Security Awareness  Accountability Training  Self-Defense Training Social engineering threats and correct."

Similar presentations

The World of Access Controls

The World of Access Controls
Department of Revenue Lessons for Management by Department of Revenue Internal Audit.

Department of Revenue Lessons for Management by Department of Revenue Internal Audit.
Secure SharePoint mobile connectivity

Secure SharePoint mobile connectivity
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Hands-On Ethical Hacking and Network Defense

Hands-On Ethical Hacking and Network Defense
Welcome to New Hire Orientation Information Security

Welcome to New Hire Orientation Information Security
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Computer Security Fundamentals

Computer Security Fundamentals
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.

© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Network security policy: best practices

Network security policy: best practices
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,

Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Sam Cook April 18, 2013. Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.

Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.
OV 11 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Chapter 8 Hardening Your SQL Server Instance. Hardening  Hardening The process of making your SQL Server Instance more secure  New features Policy based.

Chapter 8 Hardening Your SQL Server Instance. Hardening  Hardening The process of making your SQL Server Instance more secure  New features Policy based.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.

1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.

Similar presentations

Ads by Google