SlideShare une entreprise Scribd logo
1  sur  41
IT Security Awareness
    October 26, 2010
    Madison College
       Chapter 1
Introduction to Security
Kit Kat
• The origins of the 'Kit Kat' brand
  stem back to 1911
• The original four-finger bar was
  developed after a worker at the
  Rowntree York Factory put a
  suggestion in a recommendation
  box for a snack that "a man could
  take to work in his pack up".
Kit Kat
Kit Kat bar launched on the 29th of August,
1939, under the title of 'Rowntree's Chocolate
Crisp' (priced at 2p), and was sold in London
and throughout Southern England.
The Hershey Company has a licence to
produce Kit Kat bars in the United States
which dates from 1969, when Hershey
executed a licensing agreement for both the
Kit Kat and the Rolo with Rowntree
Objectives

                  After completing this chapter, you should be able to
                  do the following:
                  •Describe the challenges of securing information
                  •Define information security and explain why it is
                  important
                  •Identify the types of attackers that are common
                  today
                  •List the basic steps of an attack
                  •Describe the steps in a defense and a
                  comprehensive defense strategy


Security Awareness, 3rd Edition                                  4
Challenges of Securing
                          Information
                  • No single simple solution to
                    protecting computers and securing
                    information
                  • Different types of attacks
                  • Difficulties in defending against
                    these attacks (Speed, Greater
                    Sophistication, Simplicity, Delays in
                    Patching, User Confusion)

Security Awareness, 3rd Edition                       5
Today’s Security Attacks
                                  • Typical monthly security newsletter
                                     – Malicious program was
                                       introduced in the manufacturing
                                       process of a popular brand of
                                       digital photo frames
                                     – E-mail claiming to be from the
                                       United Nations (U.N.) ‘‘Nigerian
                                       Government Reimbursement
                                       Committee’’ is sent to
                                       unsuspecting users
                                     – ‘‘Booby-trapped’’ Web pages are
                                       growing at an increasing rate
                                     – Mac computers can be the
Security Awareness, 3rd Edition        victim of attackers          6
Today’s Security Attacks
                  (cont’d.)
                  • Security statistics
                       – 45 million credit and debit card
                         numbers stolen
                       – Number of security breaches continues
                         to rise
                       – Recent report revealed that of 24
                         federal government agencies overall
                         grade was only ‘‘C-’’


Security Awareness, 3rd Edition                           7
Course Technology/Cengage Learning
                           Table 1-1 Selected security breaches involving
                           personal information in a three-month period
Security Awareness, 3rd Edition                                             8
Difficulties in Defending Against Attacks
                    • Speed of attacks
                    • Greater sophistication of attacks
                    • Simplicity of attack tools
                    • Quicker detection of vulnerabilities
                       – Zero day attack
                    • Delays in patching products
                    • Distributed attacks
                    • User confusion




  Security Awareness, 3rd Edition                            9
Difficulties in Defending
                  Against Attacks (cont’d.)




                    Figure 1-1 Increased sophistication of attack tools
                    Course Technology/Cengage Learning
Security Awareness, 3rd Edition                                           10
Difficulties in Defending
                  Against Attacks (cont’d.)




                    Figure 1-2 Menu of attack tools
                    Course Technology/Cengage Learning
Security Awareness, 3rd Edition                          11
Difficulties in Defending
                  Against Attacks (cont’d.)




              Table 1-2 Difficulties in defending against attacks




Security Awareness, 3rd Edition                                     12
What Is Information Security?
            • Understand what information
              security is
            • Why is information security
              important today?
            • Who are the attackers?




Security Awareness, 3rd Edition             13
Defining Information Security
                  • Security
                     – State of freedom from a danger or risk
                  • Information security
                     – Tasks of guarding information that is in a
                       digital format
                     – Ensures that protective measures are
                       properly implemented
                     – Protect information that has value to people
                       and organizations
                         • Value comes from the characteristics of
                           the information
Security Awareness, 3rd Edition                                 14
Defining Information
                  Security (cont’d.)
                  • Characteristics of information that must be
                    protected by information security
                     – Confidentiality
                     – Integrity
                     – Availability
                  • Achieved through a combination of three entities
                     – Products
                     – People
                     – Procedures


Security Awareness, 3rd Edition                                15
Defining Information
                  Security (cont’d.)




                         Figure1-3 Information security components
                         Course Technology/Cengage Learning

Security Awareness, 3rd Edition                                      16
Defining Information Security
(cont’d.)




           Table 1-3 Information security layers
           Course Technology/Cengage Learning




  Security Awareness, 3rd Edition                  17
Information Security Terminology
              • Asset
                 – Something that has a value
              • Threat
                 – Event or object that may defeat the security
                   measures in place and result in a loss
                 – By itself does not mean that security has
                   been compromised
              • Threat agent
                 – Person or thing that has the power to carry
                   out a threat




 Security Awareness, 3rd Edition                              18
Information Security Terminology
            (cont’d.)
                  • Vulnerability
                     – Weakness that allows a threat agent to
                       bypass security
                  • Exploiting the security weakness
                     – Taking advantage of the vulnerability
                  • Risk
                     – Likelihood that a threat agent will exploit a
                       vulnerability
                     – Some degree of risk must always be
                       assumed
                     – Three options for dealing with risk
Security Awareness, 3rd Edition                                   19
Information Security
                  Terminology (cont’d.)




                Table 1-4 Security information
                    terminology
Course Technology/Cengage Learning




Security Awareness, 3rd Edition                  20
Understanding the Importance of
     Information Security
                    • Preventing data theft
                        – Theft of data is one of the largest causes of
                             financial loss due to an attack
                        – Affects businesses and individuals
                    • Thwarting identity theft
                        – Identity theft
                               • Using someone’s personal information to
                                 establish bank or credit card accounts that
                                 are then left unpaid
                               • Leaves the victim with debts and ruins
                                 their credit rating
               rd       – Legislation continues to be enacted
Security Awareness, 3 Edition                                        21
Understanding the Importance of
 Information Security (cont’d.)
                 • Avoiding legal consequences
                      – Federal and state laws that protect the
                          privacy of electronic data
                            • The Health Insurance Portability and
                              Accountability Act of 1996 (HIPAA)
                            • The Sarbanes-Oxley Act of 2002
                              (Sarbox)
                            • The Gramm-Leach-Bliley Act (GLBA)
                            • USA Patriot Act (2001)
                            • The California Database Security
                              Breach Act (2003)
              rd            • Children’s Online Privacy Protection
Security Awareness, 3 Edition                                    22
                              Act of 1998 (COPPA)
Understanding the Importance of
Information Security (cont’d.)
                • Maintaining productivity
                   – Lost wages and productivity during an attack
                     and cleanup
                   – Unsolicited e-mail message security risk
                       • U.S. businesses forfeit $9 billion each year
                         restricting spam
                • Foiling cyberterrorism
                   – Could cripple a nation’s electronic and
                     commercial infrastructure
                   – ‘‘Information Security Problem’’
 Security Awareness, 3rd Edition                                 23
Who Are the Attackers?
                  • Divided into several categories
                       – Hackers
                       – Script kiddies
                       – Spies
                       – Employees
                       – Cybercriminals
                       – Cyberterrorists


Security Awareness, 3rd Edition                       24
Hackers
                  • Debated definition of hacker
                        – Identify anyone who illegally breaks
                          into or attempts to break into a
                          computer system
                        – Person who uses advanced computer
                          skills to attack computers only to
                          expose security flaws
                              • ‘‘White Hats’




Security Awareness, 3rd Edition                            25
Script Kiddies
                  • Unskilled users
                  • Use automated hacking software
                  • Do not understand the technology
                    behind what they are doing
                  • Often indiscriminately target a wide
                    range of computers



Security Awareness, 3rd Edition                      26
• Person who has been hired to break into a
Spies             computer and steal information
                • Do not randomly search for unsecured
                  computers
                • Hired to attack a specific computer or system
                • Goal
                   – Break into computer or system
                   – Take the information without drawing any
                     attention to their actions




 Security Awareness, 3rd Edition                                  28
Employees
                   • Reasons for attacks by employees
                         – Show company weakness in security
                         – Retaliation
                         – Money
                         – Blackmail
                         – Carelessness




 Security Awareness, 3rd Edition                          29
Cybercriminals
                    • Loose-knit network of attackers, identity
                      thieves, and financial fraudsters
                    • Motivated by money
                    • Financial cybercrime categories
                       – Stolen financial data
                       – Spam email to sell counterfeits and
                         pornography




  Security Awareness, 3rd Edition                                 30
Cybercriminals (cont’d.)




  Table 1-6 Eastern European promotion of cybercriminals
  Course Technology/Cengage Learning




Security Awareness, 3rd Edition                            31
Cyberterrorists
                  • Motivated by ideology
                  • Sometimes considered attackers
                    that should be feared most




Security Awareness, 3rd Edition                      32
Attacks and Defenses
       • Same basic steps are used in most
         attacks
       • Protecting computers against these
         steps
             – Calls for five fundamental security
               principles




Security Awareness, 3rd Edition                      33
Steps of an Attack
         • Probe for information
         • Penetrate any defenses
         • Modify security settings
         • Circulate to other
           systems
         • Paralyze networks and
           devices


Security Awareness, 3rd Edition        34
Figure 1-5 Steps of an attack

Security Awareness, 3rd Edition                                   35
Defenses Against Attacks
                  • Layering
                     – If one layer is penetrated, several more layers
                       must still be breached
                     – Each layer is often more difficult or
                       complicated than the previous
                     – Useful in resisting a variety of attacks
                  • Limiting
                     – Limiting access to information reduces the
                       threat against it
                     – Technology-based and procedural methods

Security Awareness, 3rd Edition                                  36
Defenses Against Attacks
                  (cont’d.)
                  • Diversity
                     – Important that security layers are diverse
                     – Breaching one security layer does not
                       compromise the whole system
                  • Obscurity
                     – Avoiding clear patterns of behavior make
                       attacks from the outside much more difficult
                  • Simplicity
                     – Complex security systems can be hard to
                       understand, troubleshoot, and feel secure
                       about
Security Awareness, 3rd Edition                                 37
Building a Comprehensive
                  Security Strategy
                  • Block attacks
                       – Strong security perimeter
                             • Part of the computer network to which a
                               personal computer is attached
                       – Local security important too
                  • Update defenses
                       – Continually update defenses to protect
                         information against new types of
                         attacks
Security Awareness, 3rd Edition                                     38
Building a Comprehensive
                  Security Strategy (cont’d.)
                  • Minimize losses
                     – Realize that some attacks will get through
                       security perimeters and local defenses
                     – Make backup copies of important data
                     – Business recovery policy
                  • Send secure information
                     – ‘‘Scramble’’ data so that unauthorized eyes
                       cannot read it
                     – Establish a secure electronic link between the
                       sender and receiver

Security Awareness, 3rd Edition                                 39
Summary
                  • Attacks against information security have grown
                    exponentially in recent years
                  • Difficult to defend against today’s attacks
                  • Information security definition
                     – That which protects the
                       integrity, confidentiality, and availability of
                       information
                  • Main goals of information security
                     – Prevent data theft, thwart identity theft, avoid
                       the legal consequences of not securing
                       information, maintain productivity, and foil
                       cyberterrorism
Security Awareness, 3rd Edition                                   40
Summary (cont’d.)
                  • Several types of people are typically
                    behind computer attacks
                  • Five general steps that make up an
                    attack
                  • Practical, comprehensive security
                    strategy involves four key elements



Security Awareness, 3rd Edition                      41

Contenu connexe

Tendances

Css grade 11 week 3
Css grade 11 week 3Css grade 11 week 3
Css grade 11 week 3Danilo Anos
 
Understanding the Problem Space and Conceptualizing in HCI
Understanding the Problem Space and Conceptualizing  in HCIUnderstanding the Problem Space and Conceptualizing  in HCI
Understanding the Problem Space and Conceptualizing in HCIUm e Farwa
 
Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3MLG College of Learning, Inc
 
PC Assembly and Disassembly.pptx
PC Assembly and Disassembly.pptxPC Assembly and Disassembly.pptx
PC Assembly and Disassembly.pptxErwinIruma
 
Maintain Computer Systems and Network.ppt
Maintain Computer Systems and Network.pptMaintain Computer Systems and Network.ppt
Maintain Computer Systems and Network.pptJulius Alcaria
 
Advanced PC Maintenance and Troubleshooting
Advanced PC Maintenance and TroubleshootingAdvanced PC Maintenance and Troubleshooting
Advanced PC Maintenance and TroubleshootingNatan Mesfin
 
K to 12_entrep-based_pc_hardware_servicing_learning_module
K to 12_entrep-based_pc_hardware_servicing_learning_moduleK to 12_entrep-based_pc_hardware_servicing_learning_module
K to 12_entrep-based_pc_hardware_servicing_learning_moduleJohndion Ruloma
 
Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security Malachi Jones
 
An introduction to Computer Technology
An introduction to Computer TechnologyAn introduction to Computer Technology
An introduction to Computer TechnologySteven Heath
 
Ict 9 module 3 introduction
Ict 9 module 3 introductionIct 9 module 3 introduction
Ict 9 module 3 introductionYonel Cadapan
 
17. Computer System Configuration And Methods
17. Computer System   Configuration And Methods17. Computer System   Configuration And Methods
17. Computer System Configuration And MethodsNew Era University
 
Introduzione alla Sicurezza Informatica
Introduzione alla Sicurezza InformaticaIntroduzione alla Sicurezza Informatica
Introduzione alla Sicurezza InformaticaVincenzo Calabrò
 
System unit & its components
System unit & its componentsSystem unit & its components
System unit & its componentsadpafit
 

Tendances (20)

Css grade 11 week 3
Css grade 11 week 3Css grade 11 week 3
Css grade 11 week 3
 
Understanding the Problem Space and Conceptualizing in HCI
Understanding the Problem Space and Conceptualizing  in HCIUnderstanding the Problem Space and Conceptualizing  in HCI
Understanding the Problem Space and Conceptualizing in HCI
 
Professional bodies in it
Professional bodies in itProfessional bodies in it
Professional bodies in it
 
STRATEGIC INTERVENTION MATERIAL
STRATEGIC INTERVENTION MATERIALSTRATEGIC INTERVENTION MATERIAL
STRATEGIC INTERVENTION MATERIAL
 
Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3
 
PC Assembly and Disassembly.pptx
PC Assembly and Disassembly.pptxPC Assembly and Disassembly.pptx
PC Assembly and Disassembly.pptx
 
Maintain Computer Systems and Network.ppt
Maintain Computer Systems and Network.pptMaintain Computer Systems and Network.ppt
Maintain Computer Systems and Network.ppt
 
Advanced PC Maintenance and Troubleshooting
Advanced PC Maintenance and TroubleshootingAdvanced PC Maintenance and Troubleshooting
Advanced PC Maintenance and Troubleshooting
 
K to 12_entrep-based_pc_hardware_servicing_learning_module
K to 12_entrep-based_pc_hardware_servicing_learning_moduleK to 12_entrep-based_pc_hardware_servicing_learning_module
K to 12_entrep-based_pc_hardware_servicing_learning_module
 
Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security
 
An introduction to Computer Technology
An introduction to Computer TechnologyAn introduction to Computer Technology
An introduction to Computer Technology
 
Ict 9 module 3 introduction
Ict 9 module 3 introductionIct 9 module 3 introduction
Ict 9 module 3 introduction
 
17. Computer System Configuration And Methods
17. Computer System   Configuration And Methods17. Computer System   Configuration And Methods
17. Computer System Configuration And Methods
 
Introduzione alla Sicurezza Informatica
Introduzione alla Sicurezza InformaticaIntroduzione alla Sicurezza Informatica
Introduzione alla Sicurezza Informatica
 
Uc14 chap03
Uc14 chap03Uc14 chap03
Uc14 chap03
 
Lesson 2.2
Lesson 2.2Lesson 2.2
Lesson 2.2
 
Design final
Design finalDesign final
Design final
 
5 pc maintenance
5 pc maintenance5 pc maintenance
5 pc maintenance
 
System unit & its components
System unit & its componentsSystem unit & its components
System unit & its components
 
Information security threats
Information security threatsInformation security threats
Information security threats
 

Similaire à Describing the challenges of securing information

It Security Awareness Overview
It Security Awareness OverviewIt Security Awareness Overview
It Security Awareness OverviewNicholas Davis
 
It security awareness overview
It security awareness overviewIt security awareness overview
It security awareness overviewNicholas Davis
 
1_Introduction to security.pptx
1_Introduction to security.pptx1_Introduction to security.pptx
1_Introduction to security.pptxdiaa46
 
Lecture1 Introduction
Lecture1 Introduction Lecture1 Introduction
Lecture1 Introduction rajakhurram
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityElumalai Vasan
 
CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1Ian Sommerville
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a SciencePankaj Rane
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfUNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfVishwanathMahalle
 
60304756 whitman-ch01-1
60304756 whitman-ch01-160304756 whitman-ch01-1
60304756 whitman-ch01-1UDCNTT
 
IS-Intro.pdf
IS-Intro.pdfIS-Intro.pdf
IS-Intro.pdfwdwd10
 
ISYS 2394 Business Globalisation and Business IT.docx
ISYS 2394 Business Globalisation and Business IT.docxISYS 2394 Business Globalisation and Business IT.docx
ISYS 2394 Business Globalisation and Business IT.docxpriestmanmable
 
Intro to cybersecurity concepts 20210813
Intro to cybersecurity concepts 20210813Intro to cybersecurity concepts 20210813
Intro to cybersecurity concepts 20210813Kinetic Potential
 
Class4 Security
Class4 SecurityClass4 Security
Class4 SecurityRMS
 

Similaire à Describing the challenges of securing information (20)

It Security Awareness Overview
It Security Awareness OverviewIt Security Awareness Overview
It Security Awareness Overview
 
It security awareness overview
It security awareness overviewIt security awareness overview
It security awareness overview
 
Ch01
Ch01Ch01
Ch01
 
1_Introduction to security.pptx
1_Introduction to security.pptx1_Introduction to security.pptx
1_Introduction to security.pptx
 
Lecture1 Introduction
Lecture1 Introduction Lecture1 Introduction
Lecture1 Introduction
 
ISM Chapter 1.ppt
ISM Chapter 1.pptISM Chapter 1.ppt
ISM Chapter 1.ppt
 
Intro to Security
Intro to SecurityIntro to Security
Intro to Security
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a Science
 
Cyber Security in 2018
Cyber Security in 2018Cyber Security in 2018
Cyber Security in 2018
 
information security management
information security managementinformation security management
information security management
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfUNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
 
60304756 whitman-ch01-1
60304756 whitman-ch01-160304756 whitman-ch01-1
60304756 whitman-ch01-1
 
IS-Intro.pdf
IS-Intro.pdfIS-Intro.pdf
IS-Intro.pdf
 
ISYS 2394 Business Globalisation and Business IT.docx
ISYS 2394 Business Globalisation and Business IT.docxISYS 2394 Business Globalisation and Business IT.docx
ISYS 2394 Business Globalisation and Business IT.docx
 
Intro to cybersecurity concepts 20210813
Intro to cybersecurity concepts 20210813Intro to cybersecurity concepts 20210813
Intro to cybersecurity concepts 20210813
 
Untitled (1).pptx
Untitled (1).pptxUntitled (1).pptx
Untitled (1).pptx
 
Untitled (1).pptx
Untitled (1).pptxUntitled (1).pptx
Untitled (1).pptx
 
Class4 Security
Class4 SecurityClass4 Security
Class4 Security
 

Plus de Nicholas Davis

Conducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentConducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentNicholas Davis
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessNicholas Davis
 
UW-Madison, Information Systems 371 - Decision Support Systems
UW-Madison, Information Systems 371 - Decision Support SystemsUW-Madison, Information Systems 371 - Decision Support Systems
UW-Madison, Information Systems 371 - Decision Support SystemsNicholas Davis
 
Software Development Methodologies
Software Development MethodologiesSoftware Development Methodologies
Software Development MethodologiesNicholas Davis
 
Information systems 365 - Cloud and BYOD Security
Information systems 365 - Cloud and BYOD SecurityInformation systems 365 - Cloud and BYOD Security
Information systems 365 - Cloud and BYOD SecurityNicholas Davis
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Nicholas Davis
 
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...Nicholas Davis
 
Information Systems 371 -The Internet of Things Overview
Information Systems 371 -The Internet of Things OverviewInformation Systems 371 -The Internet of Things Overview
Information Systems 371 -The Internet of Things OverviewNicholas Davis
 
Cyberwar Gets Personal
Cyberwar Gets PersonalCyberwar Gets Personal
Cyberwar Gets PersonalNicholas Davis
 
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...Nicholas Davis
 
Bringing the Entire Information Security Semester Together With a Team Project
Bringing the Entire Information Security Semester Together With a Team ProjectBringing the Entire Information Security Semester Together With a Team Project
Bringing the Entire Information Security Semester Together With a Team ProjectNicholas Davis
 
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...Nicholas Davis
 
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...Nicholas Davis
 
Information Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up SummaryInformation Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up SummaryNicholas Davis
 
Organizational Phishing Education
Organizational Phishing EducationOrganizational Phishing Education
Organizational Phishing EducationNicholas Davis
 
Security Operations -- An Overview
Security Operations -- An OverviewSecurity Operations -- An Overview
Security Operations -- An OverviewNicholas Davis
 
Network Design, Common Network Terminology and Security Implications
Network Design, Common Network Terminology and Security ImplicationsNetwork Design, Common Network Terminology and Security Implications
Network Design, Common Network Terminology and Security ImplicationsNicholas Davis
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application SecurityNicholas Davis
 
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...
Information Security 365/765 Lecture 13 – Legal Regulations,  Industry Compli...Information Security 365/765 Lecture 13 – Legal Regulations,  Industry Compli...
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...Nicholas Davis
 

Plus de Nicholas Davis (20)

Conducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentConducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) Assessment
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your Business
 
UW-Madison, Information Systems 371 - Decision Support Systems
UW-Madison, Information Systems 371 - Decision Support SystemsUW-Madison, Information Systems 371 - Decision Support Systems
UW-Madison, Information Systems 371 - Decision Support Systems
 
Lecture blockchain
Lecture blockchainLecture blockchain
Lecture blockchain
 
Software Development Methodologies
Software Development MethodologiesSoftware Development Methodologies
Software Development Methodologies
 
Information systems 365 - Cloud and BYOD Security
Information systems 365 - Cloud and BYOD SecurityInformation systems 365 - Cloud and BYOD Security
Information systems 365 - Cloud and BYOD Security
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids
 
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
 
Information Systems 371 -The Internet of Things Overview
Information Systems 371 -The Internet of Things OverviewInformation Systems 371 -The Internet of Things Overview
Information Systems 371 -The Internet of Things Overview
 
Cyberwar Gets Personal
Cyberwar Gets PersonalCyberwar Gets Personal
Cyberwar Gets Personal
 
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
 
Bringing the Entire Information Security Semester Together With a Team Project
Bringing the Entire Information Security Semester Together With a Team ProjectBringing the Entire Information Security Semester Together With a Team Project
Bringing the Entire Information Security Semester Together With a Team Project
 
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
 
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
 
Information Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up SummaryInformation Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up Summary
 
Organizational Phishing Education
Organizational Phishing EducationOrganizational Phishing Education
Organizational Phishing Education
 
Security Operations -- An Overview
Security Operations -- An OverviewSecurity Operations -- An Overview
Security Operations -- An Overview
 
Network Design, Common Network Terminology and Security Implications
Network Design, Common Network Terminology and Security ImplicationsNetwork Design, Common Network Terminology and Security Implications
Network Design, Common Network Terminology and Security Implications
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
 
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...
Information Security 365/765 Lecture 13 – Legal Regulations,  Industry Compli...Information Security 365/765 Lecture 13 – Legal Regulations,  Industry Compli...
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...
 

Dernier

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine  KG and Vector search for  enhanced R...Workshop - Best of Both Worlds_ Combine  KG and Vector search for  enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Dernier (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine  KG and Vector search for  enhanced R...Workshop - Best of Both Worlds_ Combine  KG and Vector search for  enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Describing the challenges of securing information

  • 1. IT Security Awareness October 26, 2010 Madison College Chapter 1 Introduction to Security
  • 2. Kit Kat • The origins of the 'Kit Kat' brand stem back to 1911 • The original four-finger bar was developed after a worker at the Rowntree York Factory put a suggestion in a recommendation box for a snack that "a man could take to work in his pack up".
  • 3. Kit Kat Kit Kat bar launched on the 29th of August, 1939, under the title of 'Rowntree's Chocolate Crisp' (priced at 2p), and was sold in London and throughout Southern England. The Hershey Company has a licence to produce Kit Kat bars in the United States which dates from 1969, when Hershey executed a licensing agreement for both the Kit Kat and the Rolo with Rowntree
  • 4. Objectives After completing this chapter, you should be able to do the following: •Describe the challenges of securing information •Define information security and explain why it is important •Identify the types of attackers that are common today •List the basic steps of an attack •Describe the steps in a defense and a comprehensive defense strategy Security Awareness, 3rd Edition 4
  • 5. Challenges of Securing Information • No single simple solution to protecting computers and securing information • Different types of attacks • Difficulties in defending against these attacks (Speed, Greater Sophistication, Simplicity, Delays in Patching, User Confusion) Security Awareness, 3rd Edition 5
  • 6. Today’s Security Attacks • Typical monthly security newsletter – Malicious program was introduced in the manufacturing process of a popular brand of digital photo frames – E-mail claiming to be from the United Nations (U.N.) ‘‘Nigerian Government Reimbursement Committee’’ is sent to unsuspecting users – ‘‘Booby-trapped’’ Web pages are growing at an increasing rate – Mac computers can be the Security Awareness, 3rd Edition victim of attackers 6
  • 7. Today’s Security Attacks (cont’d.) • Security statistics – 45 million credit and debit card numbers stolen – Number of security breaches continues to rise – Recent report revealed that of 24 federal government agencies overall grade was only ‘‘C-’’ Security Awareness, 3rd Edition 7
  • 8. Course Technology/Cengage Learning Table 1-1 Selected security breaches involving personal information in a three-month period Security Awareness, 3rd Edition 8
  • 9. Difficulties in Defending Against Attacks • Speed of attacks • Greater sophistication of attacks • Simplicity of attack tools • Quicker detection of vulnerabilities – Zero day attack • Delays in patching products • Distributed attacks • User confusion Security Awareness, 3rd Edition 9
  • 10. Difficulties in Defending Against Attacks (cont’d.) Figure 1-1 Increased sophistication of attack tools Course Technology/Cengage Learning Security Awareness, 3rd Edition 10
  • 11. Difficulties in Defending Against Attacks (cont’d.) Figure 1-2 Menu of attack tools Course Technology/Cengage Learning Security Awareness, 3rd Edition 11
  • 12. Difficulties in Defending Against Attacks (cont’d.) Table 1-2 Difficulties in defending against attacks Security Awareness, 3rd Edition 12
  • 13. What Is Information Security? • Understand what information security is • Why is information security important today? • Who are the attackers? Security Awareness, 3rd Edition 13
  • 14. Defining Information Security • Security – State of freedom from a danger or risk • Information security – Tasks of guarding information that is in a digital format – Ensures that protective measures are properly implemented – Protect information that has value to people and organizations • Value comes from the characteristics of the information Security Awareness, 3rd Edition 14
  • 15. Defining Information Security (cont’d.) • Characteristics of information that must be protected by information security – Confidentiality – Integrity – Availability • Achieved through a combination of three entities – Products – People – Procedures Security Awareness, 3rd Edition 15
  • 16. Defining Information Security (cont’d.) Figure1-3 Information security components Course Technology/Cengage Learning Security Awareness, 3rd Edition 16
  • 17. Defining Information Security (cont’d.) Table 1-3 Information security layers Course Technology/Cengage Learning Security Awareness, 3rd Edition 17
  • 18. Information Security Terminology • Asset – Something that has a value • Threat – Event or object that may defeat the security measures in place and result in a loss – By itself does not mean that security has been compromised • Threat agent – Person or thing that has the power to carry out a threat Security Awareness, 3rd Edition 18
  • 19. Information Security Terminology (cont’d.) • Vulnerability – Weakness that allows a threat agent to bypass security • Exploiting the security weakness – Taking advantage of the vulnerability • Risk – Likelihood that a threat agent will exploit a vulnerability – Some degree of risk must always be assumed – Three options for dealing with risk Security Awareness, 3rd Edition 19
  • 20. Information Security Terminology (cont’d.) Table 1-4 Security information terminology Course Technology/Cengage Learning Security Awareness, 3rd Edition 20
  • 21. Understanding the Importance of Information Security • Preventing data theft – Theft of data is one of the largest causes of financial loss due to an attack – Affects businesses and individuals • Thwarting identity theft – Identity theft • Using someone’s personal information to establish bank or credit card accounts that are then left unpaid • Leaves the victim with debts and ruins their credit rating rd – Legislation continues to be enacted Security Awareness, 3 Edition 21
  • 22. Understanding the Importance of Information Security (cont’d.) • Avoiding legal consequences – Federal and state laws that protect the privacy of electronic data • The Health Insurance Portability and Accountability Act of 1996 (HIPAA) • The Sarbanes-Oxley Act of 2002 (Sarbox) • The Gramm-Leach-Bliley Act (GLBA) • USA Patriot Act (2001) • The California Database Security Breach Act (2003) rd • Children’s Online Privacy Protection Security Awareness, 3 Edition 22 Act of 1998 (COPPA)
  • 23. Understanding the Importance of Information Security (cont’d.) • Maintaining productivity – Lost wages and productivity during an attack and cleanup – Unsolicited e-mail message security risk • U.S. businesses forfeit $9 billion each year restricting spam • Foiling cyberterrorism – Could cripple a nation’s electronic and commercial infrastructure – ‘‘Information Security Problem’’ Security Awareness, 3rd Edition 23
  • 24. Who Are the Attackers? • Divided into several categories – Hackers – Script kiddies – Spies – Employees – Cybercriminals – Cyberterrorists Security Awareness, 3rd Edition 24
  • 25. Hackers • Debated definition of hacker – Identify anyone who illegally breaks into or attempts to break into a computer system – Person who uses advanced computer skills to attack computers only to expose security flaws • ‘‘White Hats’ Security Awareness, 3rd Edition 25
  • 26. Script Kiddies • Unskilled users • Use automated hacking software • Do not understand the technology behind what they are doing • Often indiscriminately target a wide range of computers Security Awareness, 3rd Edition 26
  • 27.
  • 28. • Person who has been hired to break into a Spies computer and steal information • Do not randomly search for unsecured computers • Hired to attack a specific computer or system • Goal – Break into computer or system – Take the information without drawing any attention to their actions Security Awareness, 3rd Edition 28
  • 29. Employees • Reasons for attacks by employees – Show company weakness in security – Retaliation – Money – Blackmail – Carelessness Security Awareness, 3rd Edition 29
  • 30. Cybercriminals • Loose-knit network of attackers, identity thieves, and financial fraudsters • Motivated by money • Financial cybercrime categories – Stolen financial data – Spam email to sell counterfeits and pornography Security Awareness, 3rd Edition 30
  • 31. Cybercriminals (cont’d.) Table 1-6 Eastern European promotion of cybercriminals Course Technology/Cengage Learning Security Awareness, 3rd Edition 31
  • 32. Cyberterrorists • Motivated by ideology • Sometimes considered attackers that should be feared most Security Awareness, 3rd Edition 32
  • 33. Attacks and Defenses • Same basic steps are used in most attacks • Protecting computers against these steps – Calls for five fundamental security principles Security Awareness, 3rd Edition 33
  • 34. Steps of an Attack • Probe for information • Penetrate any defenses • Modify security settings • Circulate to other systems • Paralyze networks and devices Security Awareness, 3rd Edition 34
  • 35. Figure 1-5 Steps of an attack Security Awareness, 3rd Edition 35
  • 36. Defenses Against Attacks • Layering – If one layer is penetrated, several more layers must still be breached – Each layer is often more difficult or complicated than the previous – Useful in resisting a variety of attacks • Limiting – Limiting access to information reduces the threat against it – Technology-based and procedural methods Security Awareness, 3rd Edition 36
  • 37. Defenses Against Attacks (cont’d.) • Diversity – Important that security layers are diverse – Breaching one security layer does not compromise the whole system • Obscurity – Avoiding clear patterns of behavior make attacks from the outside much more difficult • Simplicity – Complex security systems can be hard to understand, troubleshoot, and feel secure about Security Awareness, 3rd Edition 37
  • 38. Building a Comprehensive Security Strategy • Block attacks – Strong security perimeter • Part of the computer network to which a personal computer is attached – Local security important too • Update defenses – Continually update defenses to protect information against new types of attacks Security Awareness, 3rd Edition 38
  • 39. Building a Comprehensive Security Strategy (cont’d.) • Minimize losses – Realize that some attacks will get through security perimeters and local defenses – Make backup copies of important data – Business recovery policy • Send secure information – ‘‘Scramble’’ data so that unauthorized eyes cannot read it – Establish a secure electronic link between the sender and receiver Security Awareness, 3rd Edition 39
  • 40. Summary • Attacks against information security have grown exponentially in recent years • Difficult to defend against today’s attacks • Information security definition – That which protects the integrity, confidentiality, and availability of information • Main goals of information security – Prevent data theft, thwart identity theft, avoid the legal consequences of not securing information, maintain productivity, and foil cyberterrorism Security Awareness, 3rd Edition 40
  • 41. Summary (cont’d.) • Several types of people are typically behind computer attacks • Five general steps that make up an attack • Practical, comprehensive security strategy involves four key elements Security Awareness, 3rd Edition 41