Академический Документы
Профессиональный Документы
Культура Документы
Insight to IT Security
Security Highlight
Presidential Election – US
Zero Day Attack
Conclusion
Providing users with information that can be used to help make their
technology environment more secure is a win-win situation
Simplification
• Scale
• Cost
• Staffing
These Issues Are • Integration and systems management
Common
Application and
Service Optimization
to the Computer • Enablers
• Awareness
• App management
and Network • Performance/optimization
• Resilience
Layers Security
• Threats
• Theft
• Loss
• Response time
The average annual lost reported in this year’s survey shot up to $350,424
from $168,000 the previous year. Not since the 2004 report have average
losses been this high.
Almost one-fifth (18%) of those respondents who suffered one or more kinds
of security incident further said they’d suffered a “targeted attack”, defined as
malware attack aimed exclusively at their organization.
Main Entry : se cu ri ty
Pronounciation : si-’kyur-&-tE
2.
a: Something given, deposited, or pledged to make certain the
fulfillment of an obligation: SURETY
4.
a: something that secures: PROTECTION
b:
• i: measures taken to guard against espionage or
sabotage, crime, attack or escape
• ii: an organization or department whose task is
security
Worst Case
Production banner goes down and never comes back
Liability = Responsibility
State and federal guidelines for IT data, systems and security
• What would be the legal ramifications if somebody broke in and stole
all the client info? Email addresses for spam?
Worst Case
System insecurity leads to a leak of confidential information which
results in a very big lawsuit
Worst Case
NST/Star front page article deriding you, your department and
company
Individual
Computer
Regulatory compliance
BNM GPIS 1, HIPPA, Graham Leach Bliley (GLB), Sarbanes Oxley (SOX),
Basel II, EPA
Integrity
Assures accuracy and reliability of data and systems, ensuring neither is modified
in an unauthorized manner
Availability
Ensures the system or data is available and executes in a predictable manner with
an acceptable level of performance
Confidentiality
5. Insider Attacks
Mistakes include:
Missing the first ‘.’ delimiter: wwwmittromney.com
Missing a character in the name (t) www.mitromney.com
Hitting a surrounding character (r) www.mitrromney.com
Adding an additional character (t) www.mitttromney.com
Reversing two characters (im) www.imttromney.com
World Events
Patriotism
Nation States
N.Korea / China (for example)
Physical
Lowest paid employees have greatest accessibility to our systems
Social
People tend to trust people
Network
What you can’t see can hurt you
Attack
People paid to look the other way, theft
• >$120 billion loss in employee fraud for 2000
Disgruntled ex-employee/spouse
Defend
Encrypt the system and laptops
Attack
Giving false credentials to reset password
Defend
Do not give passwords over the phone
Attack
Eavesdropping
Data modification
Identity spoofing
Man-in-the-middle
Wireless cracking
Sniffer attack
Defend
Do not allow non-job/untrusted applications
Security
Is like an onion
The more layers a hacker is required to peel, the more they’re liable
to cry & move on