Professional Documents
Culture Documents
Threats To Information Security & Logical Access
Threats To Information Security & Logical Access
Thursday, March 1, 12
Information
Intelligence News Fact Data
Thursday, March 1, 12
Security
Safety Surety Protection
Thursday, March 1, 12
Information Security
Very wide scope From developing policies to implementation
of user access to a new le
Thursday, March 1, 12
Secure
Improve
Security Policy
Monitor
Test
Thursday, March 1, 12
Organizational Security
Written Security Policy Framework for Implementing the Policy
Support from Senior Manager Security Awareness Program Report to Steering Committee Role of Business Unit in the Overall Security Process
Thursday, March 1, 12
Asset Classication
resource resource resource resource resource resource
Group
Group
Group
Thursday, March 1, 12
Personnel Security
Deals with people who work in the
organization.
Creating Job Desc. Performing Background checks. Helping in the recruitment process. User Training
Thursday, March 1, 12
Thursday, March 1, 12
Physical Security
CCTV Lighting Fence HVAC Backup Power
Thursday, March 1, 12
Thursday, March 1, 12
Access Control
Authentication Authorization
Thursday, March 1, 12
Thursday, March 1, 12
Compliance
Thursday, March 1, 12
Common Threats
Internal Threats External Threats 60%-80% network misuse comes from
inside enterprise
Thursday, March 1, 12
Thursday, March 1, 12
Availability
Integrity
Thursday, March 1, 12
Condentiality
Integrity
The action of safeguarding the accuracy and
completeness of information and processing methods.
Thursday, March 1, 12
Condentiality
Thursday, March 1, 12
Availability
Ensuring that authorized users have access
to information and associated assets when required.
Thursday, March 1, 12
Fault-Tolerant System
RAID (Redundant Array of Inexpensive
Disk)
Thursday, March 1, 12
Thursday, March 1, 12
3 Malicious Hacker
Hacker: Penetrate a system, look around
for possible things. destroy the data.
Thursday, March 1, 12
Hacker Methodologies
Reconnaissance Scanning Gaining Access Maintaining Access Covering Tracks
Thursday, March 1, 12
4 Malicious Code
Any code that is designed to make a system
perform any operation with the knowledge of the system owner.
Thursday, March 1, 12
5 Denial-of-Service
The attack makes sure thath no one gets
access to the network.
Thursday, March 1, 12
6 Social Engineering
Manipulates others into revealing
information that can be used to steal data, access to systems, access to cellular phones, money, or even your own identity.
Thursday, March 1, 12
Human nature
The desire to be helpful A tendency to trust people The fear of getting into trouble The willingness to cut corner
Thursday, March 1, 12
Solution
Thursday, March 1, 12
Require anyone there to perform service to show proper identication. Establish a standard that passwords are never to be spoken over the phone. Implement a standard that forbids passwords from being left lying about. Implement caller ID technology for the help desk and other support functions. Invest in shredders and have one on every oor.
Not contain standards or directives that may not be attainable Stress what can be done and stay away from what is not allowed as much as possible Be brief and concise Be reviewed on a regular basis and kept current Be easily attainable by the employees and available via the company intranet
Task
Find a Potential Breach in your Campus Determine the Potential Threats.
Thursday, March 1, 12