Scribd Logo
Upload

Welcome to Scribd!

  • Threats To Information Security & Logical Access

    Uploaded by

    jeypop
    25 views35 pages
    The document discusses various aspects of information security including security policies, organizational security, asset classification, access control, and threats to information security such as internal and external threats. It also covers the information security triad of integrity, confidentiality and availability and common security threats such as errors and omissions, fraud and theft, malicious hackers, malicious code, denial-of-service attacks, and social engineering.

    Original Description:

    IMT

    Original Title

    Week 2

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses various aspects of information security including security policies, organizational security, asset classification, access control, and threats to information security such as internal and external threats. It also covers the information security triad of integrity, confidentiality and availability and common security threats such as errors and omissions, fraud and theft, malicious hackers, malicious code, denial-of-service attacks, and social engineering.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    25 views35 pages

    Threats To Information Security & Logical Access

    Uploaded by

    jeypop
    The document discusses various aspects of information security including security policies, organizational security, asset classification, access control, and threats to information security such as internal and external threats. It also covers the information security triad of integrity, confidentiality and availability and common security threats such as errors and omissions, fraud and theft, malicious hackers, malicious code, denial-of-service attacks, and social engineering.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 35

    Threats to Information Security & Logical Access

    Information Security Management - Week 2 -

    Thursday, March 1, 12

    Information
    Intelligence News Fact Data
    Thursday, March 1, 12

    Security
    Safety Surety Protection

    Thursday, March 1, 12

    Information Security
    Very wide scope From developing policies to implementation
    of user access to a new le

    Thursday, March 1, 12

    Aspects in Information Security


    Security Policy Organizational Security Asset Classication Personnel Security Physical Security
    Thursday, March 1, 12

    Aspects in Information Security


    Communication & Operation Management Access Control System Development & Maintenance Business Continuity Planning Compliance
    Thursday, March 1, 12

    Secure

    Improve

    Security Policy

    Monitor

    Test

    Thursday, March 1, 12

    Organizational Security
    Written Security Policy Framework for Implementing the Policy

    Support from Senior Manager Security Awareness Program Report to Steering Committee Role of Business Unit in the Overall Security Process

    Thursday, March 1, 12

    Asset Classication
    resource resource resource resource resource resource

    Group

    Group

    Group

    Thursday, March 1, 12

    Personnel Security
    Deals with people who work in the
    organization.

    Creating Job Desc. Performing Background checks. Helping in the recruitment process. User Training
    Thursday, March 1, 12

    Thursday, March 1, 12

    Physical Security
    CCTV Lighting Fence HVAC Backup Power
    Thursday, March 1, 12

    Communication & Operation Management


    Ensuring no one has the ability to commit
    and cover up a crime

    Making sure the development system are


    kept separate from production system disposed in a secure manner

    Making sure that systems that are being

    Thursday, March 1, 12

    Access Control
    Authentication Authorization

    Routers Firewalls Desktop operating system File server Applications


    Thursday, March 1, 12

    System Development & Maintenance


    Patch management Checking for security holes and proper
    coding practices

    Thursday, March 1, 12

    Business Continuity Planning


    Keep the systems running in the event of a
    disaster

    A formal plan must be written, tested, and


    revised regularly

    Thursday, March 1, 12

    Compliance

    Reviewing and testing an information

    system for completeness and adequacy

    Thursday, March 1, 12

    Common Threats
    Internal Threats External Threats 60%-80% network misuse comes from
    inside enterprise

    Thursday, March 1, 12

    Information Security Triad


    Integrity Condentiality Availability

    Thursday, March 1, 12

    Availability

    Integrity
    Thursday, March 1, 12

    Condentiality

    Integrity
    The action of safeguarding the accuracy and
    completeness of information and processing methods.

    Thursday, March 1, 12

    Condentiality

    Ensuring that information is accessible only


    to those authorized to have access to it.

    Thursday, March 1, 12

    Availability
    Ensuring that authorized users have access
    to information and associated assets when required.

    Thursday, March 1, 12

    Fault-Tolerant System
    RAID (Redundant Array of Inexpensive
    Disk)

    Stripping & Mirroring

    Thursday, March 1, 12

    1 Errors & Omissions


    Attack Integrity Component. Solution: Least Privilege. need add support staff Solution: Adequate & Frequent Backup.
    Thursday, March 1, 12

    2 Fraud & Theft


    Attack Integrity Component. Solution: Well-dened Policies Solution: MD5 algorithm

    Thursday, March 1, 12

    3 Malicious Hacker
    Hacker: Penetrate a system, look around
    for possible things. destroy the data.

    Cracker: Penetrate a system, damage/ Phreaks: Penetrate a phone system, use


    organization phone.

    Thursday, March 1, 12

    Hacker Methodologies
    Reconnaissance Scanning Gaining Access Maintaining Access Covering Tracks
    Thursday, March 1, 12

    4 Malicious Code
    Any code that is designed to make a system
    perform any operation with the knowledge of the system owner.

    Virus, Worm, Trojan Horse, Logic Bomb.

    Thursday, March 1, 12

    5 Denial-of-Service
    The attack makes sure thath no one gets
    access to the network.

    Ex: Flooding the system

    Thursday, March 1, 12

    6 Social Engineering
    Manipulates others into revealing

    information that can be used to steal data, access to systems, access to cellular phones, money, or even your own identity.

    Thursday, March 1, 12

    Human nature
    The desire to be helpful A tendency to trust people The fear of getting into trouble The willingness to cut corner
    Thursday, March 1, 12

    Solution

    Thursday, March 1, 12

    Require anyone there to perform service to show proper identication. Establish a standard that passwords are never to be spoken over the phone. Implement a standard that forbids passwords from being left lying about. Implement caller ID technology for the help desk and other support functions. Invest in shredders and have one on every oor.

    A Policy should be:



    Thursday, March 1, 12

    Not contain standards or directives that may not be attainable Stress what can be done and stay away from what is not allowed as much as possible Be brief and concise Be reviewed on a regular basis and kept current Be easily attainable by the employees and available via the company intranet

    Task
    Find a Potential Breach in your Campus Determine the Potential Threats.

    Thursday, March 1, 12

    You might also like