Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Threats and Attacks!! - University of New Mexico

advertisement 
University of New Mexico
Anderson School of
Management
Trade offs in information
security.
Finding the balance between
efficiency and effectiveness.
Introduction
• What is information security?
• Why is information security important
today?
• Does information security only apply to
organizations?
• The history and evolution of information
security.
History
• WWII – need for communication code
breaking
• 1960’s – ARPANET program developed
• 1970’s & 80’s – development of MUTLICS
and the microprocessor
• 1990’s – Rise of the internet
• 2000 to Present – the internet now
dominates every aspect of daily life
What is Information Security?
Information security is the practice of
defending information from unauthorized
access, use, disclosure, disruption,
modification, inspection, recording or
destruction.
Information security is the ongoing process
of defending and maintaining our
information system as individuals and
organizations.
What is Information Security?
•
•
•
•
•
Information security ensures:
Integrity
Availability
Accessibility
Utility
Confidentiality
Information System
• Hardware – routers, computers, servers,
etc
• Software – programs & operating system
• Network – LAN, WAN, Internet, etc
• Data – stored, processed, communicated
• People
• Policy and procedures
What are we defending our information
system from?
Threats and Attacks!!
• Deliberate software attacks
– Malicious code, viruses, worms, Trojan horses, etc
• Deviations in quality of service – denial of service
attack,
• Trespassing/Espionage - hackers
• Forces of Nature – fire, flood, or any natural
disaster
• Human error/sabotage/vandalism
Target Data Breach
• Up to 70 million individuals personal
information was stolen
• Names, address, phone numbers , credit
card numbers
• Malicious software on system
• Extended credit monitoring and identity
theft protection to all guests
NSA Data Breach
• Snowden accessed unauthorized data
• Released confidential information
• Internal breach – lack of policy and
procedures, maybe poor oversight
Anonymous Hacking Group
• Attacks governments, businesses, non
profits and anybody on their agenda
• Denial service attacks
• Stolen data
• Lost revenues, reputation implications,
service disruption, national security etc
Recent Threat and Attack Against APD
By Anonymous
• Hacktivist group Anonymous had stated
that they were going to attack APD’s
online presence.
• Denial of Service Attack (shutting down
their site for a few hours)
• Planned it for Sunday night (the least busy
night)
• Stole data, high ranking APD official’s
home addresses and released to public
• Incited protestors to take to the streets
Small Scale Attack
Survey Results
• Many had learned something about
information security
• Most realize the importance of keeping
passwords secure
• Many realize that there are online
predators looking to get information and
are good about not giving it out.
Speed VS Security
Network only as strong as its
weakest link
Password Security
How are these machines used by
Police in the field
BCSO
• Bernalillo County Sherriff's Office
– What systems are they using?
– What security measures are in place?
– Are they achieving their information security
goals?
– What do users think of the measures?
– Can they do something different?
• Deputies are Dispatched to calls through
these machines
• The internal GPS relays their coordinates
to dispatchers as well as giving them
directions to calls
• Run plates through governmental sites
• Looking up individuals to see if they have
outstanding warrants
• Write reports
What Security is in place
•
•
•
•
•
Saved passwords to log onto a machine
Verizon air card placed in a secure tunnel
Dual authentication key generator
Secure Virtual Private Network (VPN)
Login to separate applications using other
passwords
• Automatic logout times
Drawbacks
• Login time (3-5 min)
• The amount of passwords
• With so many passwords, some can be
forgotten
• Long login process can lead to
accidentally messing up in process and
locking the user out
• Frustrated users
Thoughts?
• What do you think?
• Is it too much security, not enough?
Security Need
• Ability to see location of deputies and
other first responders in live time
• Ability to access entire country’s network
• Mobility of laptop increases threat of
unauthorized access due to theft or loss
• State and Federal guidelines require
minimum security standards
Achieving the balance
• It is the job of everyone involved in
information security to determine the trade
offs
• Weigh the pros and cons and evaluate the
importance of each
• The users and the system need to be
evaluated together, to ensure that
thorough analysis occurs. Should not
evaluate separately.
Large Scale Attack
Pop Quiz (5 Questions)
Related documents
Access Controls Presentation
Access Controls Presentation
Homework 3 Solutions
Homework 3 Solutions
AIS-IN01_Raj_Bharaj_Computer_Crime
AIS-IN01_Raj_Bharaj_Computer_Crime
Antisocial Personality Disorder Outline
Antisocial Personality Disorder Outline
Access Control Systems
Access Control Systems
here - cvhsportal
here - cvhsportal
Cryptography and Network Security Chapter 1
Cryptography and Network Security Chapter 1
Technology does not end harassment
Technology does not end harassment
The Independent Agent*s Guide to Systems Security
The Independent Agent*s Guide to Systems Security
Download
advertisement