Syllabus Review Key Points Unit deliverables Homework Tests Class Conduct Security+ Guide to Network Security Fundamentals, Third Edition
|
|
- Carmella Lewis
- 6 years ago
- Views:
Transcription
1 1 Introduction to Computer Security Concepts INFOTECH 260 Mr. Ken Foster 2 Introductions Introduce Yourself: First and Last Name How long you have been attending Heald Your level of computer experience Expectations for this class Syllabus Review Key Points Unit deliverables Homework Tests Class Conduct Security+ Guide to Network Security Fundamentals, Third Edition Chapter 1 Introduction to Security Learning Objectives Describe the challenges of securing information Define information security and explain it s importance Identify common types of attackers List the basic steps of an attack Describe the five steps in a defense Explore the different types of information security careers and how the Security+ fits into the framework Challenges of Securing Information No simple solutions Attacks come in many forms: Platform specific Blended Advanced Persistent Threat (APT) Each type required varying strategies for defense Attacks tend to evolve faster then solutions You can t patch users 1
2 Today s Security Attacks Cross-Site Scripting Launched through components on web pages Typically java code wrapped around page Ads Unknowing redirects users to malicious sites designed to injection Trojans and other malware onto the system Phishing / Spear Phishing s designed to invoke an immediate reaction Response causes further exploitation Nigerian scam IRS Refund Scam Today s Security Attacks (Cont.) Scareware Typically Java-based applets that are triggered when a user launches the page. They appear to be legitimate OS applications. Offer to clean your hard drive if you upgrade Often introduces backdoors Apple, Linux, and Smartphones are not immune Pwn2Own contest exposed Safari exploit owning the system in under 10 minutes Inqtana-A (MAC Virus) Java exploits are cross-platform exploitable 260,000 Android Smartphones impacted (March 2011) Today s Security Attacks (cont.) Typical warnings: (continued) The Anti-Phishing Working Group (APWG) reports that the number of unique phishing sites continues to increase Researchers at the University of Maryland attached four computers equipped with weak passwords to the Internet for 24 days to see what would happen These computers were hit by an intrusion attempt on average once every 39 seconds Today s Security Attacks (cont.) Security statistics bear witness to the continual success of attackers: TJX Companies, Inc. reported that over 45 million customer credit card and debit card numbers were stolen by attackers over an 18 month period from 2005 to 2007 The total average cost of a data breach in 2007 was $197 per record compromised Average cost in 2011 is now $214 per record A recent report revealed that of 24 federal government agencies, the overall grade was only C Difficulties Defending against Attacks Difficulties include the following: 2
3 Speed of attacks Greater sophistication of attacks Simplicity of attack tools More rapid exploitation of newly discovered attacks Delays in patching hardware and software products Most attacks are now distributed attacks, instead of coming from only one source User confusion User Apathy What Is Information Security? Knowing why information security is important today and who the attackers are is beneficial Defining Information Security Security can be considered as a state of freedom from a danger or risk This state or condition of freedom exists because protective measures are established and maintained Information security The tasks of guarding information that is in a digital format Ensures that protective measures are properly implemented Cannot completely prevent attacks or guarantee that a system is totally secure Defining Information Security (cont) Information security is intended to protect information that has value to people and organizations This value comes from the characteristics of the information: Confidentiality Integrity Availability Information security is achieved through a combination of three entities CIA Triad The Sides of the Triad are mutually supportive Applying these concepts to an Online Retaining Example: Confidentiality without Integrity can cause data errors A customer fails to input a zip code for shipping, which later causes order fulfillment application to crash when the order is processed. Integrity without Availability prevents normal operations Customers can not place orders because the web servers is down 3
4 19 Availability without Confidentiality allows for unauthorized access, which affects Integrity as well. Hackers have the ability to alter code on the server, redirecting customers to a malware site, harming sales and your reputation. Checkpoint: 1. ensures that only authorized parties can view the information. 2. ensures that data is accessible to authorized users ensures that data is only modified by authorized users. Defining Information Security (cont.) A more comprehensive definition of information security is: That which protects the integrity, confidentiality, and availability of information on the devices that store, manipulate, and transmit the information through products, people, and procedures Information Security Terminology Asset Something that has a value Threat An event or object that may defeat the security measures in place and result in a loss Threat agent A person or thing that has the power to carry out a threat Information Security Terminology (cont) Vulnerability Weakness that allows a threat agent to bypass security Risk The likelihood that a threat agent will exploit a vulnerability Realistically, risk cannot ever be entirely eliminated Information Security Terminology (cont) Information Security Terminology (cont) Understanding the Importance of Information Security Preventing data theft Security is often associated with theft prevention The theft of data is one of the largest causes of financial loss due to an attack Individuals are often victims of data thievery Thwarting identity theft Identity theft involves using someone s personal information to establish bank or credit card accounts 4
5 Cards are then left unpaid, leaving the victim with the debts and ruining their credit rating Understanding the Importance of Information Security (cont) Avoiding legal consequences A number of federal and state laws have been enacted to protect the privacy of electronic data The Health Insurance Portability and Accountability Act of 1996 (HIPAA) The Sarbanes-Oxley Act of 2002 (Sarbox) The Gramm-Leach-Bliley Act (GLBA) USA Patriot Act (2001) The California Database Security Breach Act (2003) Children s Online Privacy Protection Act of 1998 (COPPA) Understanding the Importance of Information Security (continued) Maintaining Productivity Cleaning up after an attack diverts resources such as time and money away from normal activities Understanding the Importance of Information Security (cont) Foiling Cyberterrorism Cyberterrorism Attacks by terrorist groups using computer technology and the Internet Utility, telecommunications, and financial services companies are considered prime targets of cyberterrorists Supervisory Control And Data Acquisition (SCADA) Systems It generally refers to industrial control systems: computer systems that monitor and control industrial, infrastructure, or facility-based processes Who Are the Attackers? The types of people behind computer attacks are generally divided into several categories: Hackers Script kiddies Spies Employees Cybercriminals Cyberterrorists Hackers Hacker Generic sense: anyone who illegally breaks into or attempts to break into a computer system Narrow sense: a person who uses advanced computer skills to attack computers only to expose security flaws Although breaking into another person s computer system is illegal 5
6 Some hackers believe it is ethical as long as they do not commit theft, vandalism, or breach any confidentiality Script Kiddies Script kiddies Want to break into computers to create damage Unskilled users Download automated hacking software (scripts) from Web sites and use it to break into computers Tend to lack coding expertise to build exploit tool They are sometimes considered more dangerous than hackers Script kiddies tend to be computer users who have almost unlimited amounts of leisure time, which they can use to attack systems Spies Computer Spy A person who has been hired to break into a computer and steal information Spies are hired to attack a specific computer or system that contains sensitive information Their goal is to break into that computer or system and take the information without drawing any attention to their actions Spies, like hackers, possess excellent computer skills Self Motivated Can be either Affiliation or Government Sponsored Employees One of the biggest information security threats to a business actually comes from its employees Also known as the Insider Threat Reasons: An employee might want to show the company a weakness in their security Circumvent security for personal knowledge / gain Disgruntled employees intent on retaliating against the company Industrial espionage Blackmailing Cybercriminals Cybercriminals A loose-knit network of attackers, identity thieves, and financial fraudsters More highly motivated, less risk-averse, better funded, and more tenacious than hackers Security experts believe that cybercriminals belong to organized gangs of young attackers from Europe and Asia Russian Business Network (RBN) 6
7 35 36 DarkMarket Avalanche Gang Cybercriminals have a more focused goal that can be summed up in a single word: money Cybercriminals (cont) Cybercriminals (cont) Cybercrime Targeted attacks against financial networks, unauthorized access to information, and the theft of personal information Financial cybercrime is often divided into two categories Trafficking in stolen credit card numbers and financial information Using spam to commit fraud Cyberterrorists Cyberterrorists Their motivation may be defined as ideology or attacking for the sake of their principles or beliefs Goals of a cyberattack: To deface electronic information, spread misinformation, and promote propaganda To deny service to legitimate computer users To commit unauthorized intrusions into systems and networks that result in critical infrastructure outages and corruption of vital data Attacks and Defenses Although there are a wide variety of attacks that can be launched against a computer or network, the same basic steps are used in most attacks Protecting computers against these steps in an attack calls for five fundamental security principles Steps of an Attack The five steps that make up an attack are: Probe for information Penetrate any defenses Modify security settings Circulate to other systems Paralyze networks and devices Defenses against Attacks Although multiple defenses may be necessary to withstand an attack These defenses should be based on five fundamental security principles: Protecting systems by layering 7
8 42 Limiting Diversity Obscurity Simplicity Layering Information security must be created in layers One defense mechanism may be relatively easy for an attacker to circumvent Instead, a security system must have layers, making it unlikely that an attacker has the tools and skills to break through all the layers of defenses A layered approach can also be useful in resisting a variety of attacks Layered security provides the most comprehensive protection This is referred to as Defense-in-Depth Limiting Limiting access to information reduces the threat against it Only those who must use data should have access to it In addition, the amount of access granted to someone should be limited to what that person needs to know Some ways to limit access are technology-based, while others are procedural View vs. Read or Write access Diversity Layers must be different (diverse) If attackers penetrate one layer, they cannot use the same techniques to break through all other layers Using diverse layers of defense means that breaching one security layer does not compromise the whole system 45 Traditionally, a mature Defense in Depth approach attempted to use different vender solutions at each level to prevent a vender-wide flaw from compromising your entire solution. Example: Firewall: Cisco; IPS: MacAfee; AV: Symantec; Host-based Intrusion prevention: CA networks; Network Access Control: Bluecoat Obscurity Reducing or preventing information about your systems or layered protections being exposed to unauthorized persons. This information includes: Type of computer Operating system Network Topography / Connections Software Limiting the attackers success in the probing phase by collecting this information increases the attackers chance of detection in the penetration phase. Obscuring information can be an important way to protect information 8
9 46 47 Simplicity Information security is by its very nature complex Complex security systems can be hard to understand, troubleshoot, and feel secure about As much as possible, a secure system should be simple for those on the inside to understand and use Complex security schemes are often compromised to make them easier for trusted users to work with Keeping a system simple from the inside but complex on the outside can sometimes be difficult but reaps a major benefit Surveying Information Security Careers Security+ Certification Today, government and private sector businesses are moving towards requiring employees to process certifications Security + demonstrates the individual is familiar with computer security practices Demonstrates a level of competence that is noteworthy among their peers Many organizations use the CompTIA Security+ certification to verify security competency Types of Information Security Jobs Information Assurance (IA) A superset of information security including security issues that do not involve computers Covers a broader area than just basic technology defense tools and tactics Also includes reliability, strategic risk management, and corporate governance issues such as privacy, compliance, audits, business continuity, and disaster recovery Is interdisciplinary; individuals who are employed in it may come from different fields of study Information Security Jobs (cont) Information security, also called computer security Involves the tools and tactics to defend against computer attacks Does not include security issues that do not involve computers Two broad categories of information security positions: Information security managerial position Information security technical position Sample Salaries Comparisons CompTIA Security+ Certification The CompTIA Security+ (2008 Edition) Certification is the premiere vendor-neutral credential The Security+ exam is an internationally recognized validation of foundation-level 9
10 security skills and knowledge Used by organizations and security professionals around the world The skills and knowledge measured by the Security+ exam are derived from an industrywide Job Task Analysis (JTA) CompTIA Security+ Certification (cont) The six domains covered by the Security+ exam: Systems Security Network Infrastructure Access Control Assessments and Audits Cryptography Organizational Security Summary Attacks against information security have grown exponentially in recent years There are several reasons why it is difficult to defend against today s attacks Information security may be defined as that which protects the integrity, confidentiality, and availability of information on the devices that store, manipulate, and transmit the information through products, people, and procedures Summary (cont) The main goals of information security are to prevent data theft, thwart identity theft, avoid the legal consequences of not securing information, maintain productivity, and foil cyberterrorism The types of people behind computer attacks are generally divided into several categories 56 There are five general steps that make up an attack: probe for information, penetrate any defenses, modify security settings, circulate to other systems, and paralyze networks and devices Summary (cont) The demand for IT professionals who know how to secure networks and computers from attacks is at an all-time high 10
Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 1 Introduction to Security
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 1 Introduction to Security Objectives Describe the challenges of securing information Define information security and explain why
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 1 Introduction to Security
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 1 Introduction to Security Objectives Describe the challenges of securing information Define information security and explain why
More informationSecurity+ Guide to Network Security Fundamentals, Fifth Edition. Chapter 1 INTRODUCTION TO SECURITY
Security+ Guide to Network Security Fundamentals, Fifth Edition Chapter 1 INTRODUCTION TO SECURITY Objectives Describe the challenges of securing information Define information security and explain why
More informationIntroduction to Ethical Hacking. Chapter 1
Introduction to Ethical Hacking Chapter 1 Definition of a Penetration Tester Sometimes called ethical hackers though label is less preferred Pen testers are: People who assess security of a target Specially
More informationChapter 12. Information Security Management
Chapter 12 Information Security Management We Have to Design It for Privacy... and Security. Tension between Maggie and Ajit regarding terminology to use with Dr. Flores. Overly technical communication
More informationSecuring Information Systems
Chapter 7 Securing Information Systems 7.1 2007 by Prentice Hall STUDENT OBJECTIVES Analyze why information systems need special protection from destruction, error, and abuse. Assess the business value
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationWhat is Penetration Testing?
What is Penetration Testing? March 2016 Table of Contents What is Penetration Testing?... 3 Why Perform Penetration Testing?... 4 How Often Should You Perform Penetration Testing?... 4 How Can You Benefit
More informationCybersecurity and Hospitals: A Board Perspective
Cybersecurity and Hospitals: A Board Perspective Cybersecurity is an important issue for both the public and private sector. At a time when so many of our activities depend on information systems and technology,
More informationService. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution
Service SM Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Product Protecting sensitive data is critical to being
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationWhitepaper on AuthShield Two Factor Authentication with SAP
Whitepaper on AuthShield Two Factor Authentication with SAP By AuthShield Labs Pvt. Ltd Table of Contents Table of Contents...2 1.Overview...4 2. Threats to account passwords...5 2.1 Social Engineering
More informationChapter 6 Network and Internet Security and Privacy
Chapter 6 Network and Internet Security and Privacy Learning Objectives LO6.1: Explain network and Internet security concerns LO6.2: Identify online threats LO6.3: Describe cyberstalking and other personal
More informationSecurity Audit What Why
What A systematic, measurable technical assessment of how the organization's security policy is employed at a specific site Physical configuration, environment, software, information handling processes,
More informationTroubleshooting and Cyber Protection Josh Wheeler
May 4, 2016 Troubleshooting and Cyber Protection Josh Wheeler Network Security Network Security Risks Video Network Security Risks Article Network Security Risks Data stealing or disruption of network
More informationEC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led
EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led Certification: Certified Network Defender Exam: 312-38 Course Description This course is a vendor-neutral, hands-on,
More informationIS Today: Managing in a Digital World 9/17/12
IS Today: Managing in a Digital World Chapter 10 Securing Information Systems Worldwide losses due to software piracy in 2005 exceeded $34 billion. Business Software Alliance, 2006 Accessories for war
More informationProvide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any
OWASP Top 10 Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any tester can (and should) do security testing
More informationCSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More informationIBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.
IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats. Enhancing cost to serve and pricing maturity Keeping up with quickly evolving ` Internet threats
More informationFTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.
FTA 2017 SEATTLE Cybersecurity and the State Tax Threat Environment 1 Agenda Cybersecurity Trends By the Numbers Attack Trends Defensive Trends State and Local Intelligence What Can You Do? 2 2016: Who
More informationInsider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm
Insider Threat Program: Protecting the Crown Jewels Monday, March 2, 2:15 pm - 3:15 pm Take Away Identify your critical information Recognize potential insider threats What happens after your critical
More informationPanda Security 2010 Page 1
Panda Security 2010 Page 1 Executive Summary The malware economy is flourishing and affecting both consumers and businesses of all sizes. The reality is that cybercrime is growing exponentially in frequency
More informationGuide to Network Security First Edition. Chapter One Introduction to Information Security
Guide to Network Security First Edition Chapter One Introduction to Information Security About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter
More informationComputer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers
Computer Information Systems (CIS) CIS 101 Introduction to Computers This course provides an overview of the computing field and its typical applications. Key terminology and components of computer hardware,
More informationBalancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld
Balancing Compliance and Operational Security Demands Nov 2015 Steve Winterfeld What is more important? Compliance with laws / regulations Following industry best practices Developing a operational practice
More informationCyber Fraud What can you do about it?
Cyber Fraud What can you do about it? Eric Wright Shareholder June 10, 2014 What is Cyber Fraud? NetLingo definition: Cyber fraud refers to any type of deliberate deception for unfair or unlawful gain
More informationIntroduction Privacy, Security and Risk Management. What Healthcare Organizations Need to Know
Introduction Privacy, Security and Risk Management What Healthcare Organizations Need to Know Agenda I. Privacy, Security and Confidentiality Definitions in a Healthcare Context Patient Privacy concerns
More informationCYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018
CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018 Cyber fraud attacks happen; they can t all be stopped. The higher order question must be how can we, as fraud examiners and assurance professionals,
More information90% of data breaches are caused by software vulnerabilities.
90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) www.ce.ucf.edu/ssd Offered in partnership with
More informationIntegrated Access Management Solutions. Access Televentures
Integrated Access Management Solutions Access Televentures Table of Contents OVERCOMING THE AUTHENTICATION CHALLENGE... 2 1 EXECUTIVE SUMMARY... 2 2 Challenges to Providing Users Secure Access... 2 2.1
More informationOperational Network Security
Tim Boerner April 25, 2013 CS598 Network Security Operational Network Security or how I learned that the purpose of network security has little to do with actually securing the network Introduction Thinking
More informationOA Cyber Security Plan FY 2018 (Abridged)
OA Cyber Security Plan FY 2018 (Abridged) 1 Table of Contents Vision... 3 Goals, Strategies, and Tactics... 5 Goal #1: Create a Culture that Fosters the Adoption of Cyber Security Best Practices... 5 1.1
More informationQuestion 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1:
Cybercrime Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1: Organizations can prevent cybercrime from occurring through the proper use of personnel, resources,
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationIs Your z/os System Secure?
Ray Overby Key Resources, Inc. Info@kr-inc.com (312) KRI-0007 A complete z/os audit will: Evaluate your z/os system Identify vulnerabilities Generate exploits if necessary Require installation remediation
More informationINSIDE. Integrated Security: Creating the Secure Enterprise. Symantec Enterprise Security
Symantec Enterprise Security WHITE PAPER Integrated Security: Creating the Secure Enterprise INSIDE Evolving IT and business environments The impact of network attacks on business The logical solution
More informationStandard Course Outline IS 656 Information Systems Security and Assurance
Standard Course Outline IS 656 Information Systems Security and Assurance I. General Information s Course number: IS 656 s Title: Information Systems Security and Assurance s Units: 3 s Prerequisites:
More information4 Information Security
4 Information Security 1. Identify the five factors that contribute to the increasing vulnerability of information resources, and provide a specific example of each one. 2. Compare and contrast human mistakes
More informationCHAPTER 3. Information Systems: Ethics, Privacy, and Security
CHAPTER 3 Information Systems: Ethics, Privacy, and Security CHAPTER OUTLINE 3.1 Ethical Issues 3.2 Threats to Information Security 3.3 Protecting Information Resources LEARNING OBJECTIVES n Describe the
More informationCybersecurity It Matters to SMB
Cybersecurity It Matters to SMB Kim Bilderback GSEC, CISSP Senior Director AT&T Cybersecurity Services Theft & Loss of Brand Value Federal Sentencing Guidelines Criminal Negligence Prudent Man Rule Due
More informationSecurity Solutions. Overview. Business Needs
Security Solutions Overview Information security is not a one time event. The dynamic nature of computer networks mandates that examining and ensuring information security be a constant and vigilant effort.
More informationInstructor: Eric Rettke Phone: (every few days)
Instructor: Eric Rettke Phone: 818 364-7775 email: rettkeeg@lamission.edu (every few days) Fall 2016 Computer Science 411 - Principles of Cyber Security 1 Please keep a copy of the syllabus handy for the
More informationCertified Cyber Security Analyst VS-1160
VS-1160 Certified Cyber Security Analyst Certification Code VS-1160 Vskills certification for Cyber Security Analyst assesses the candidate as per the company s need for cyber security and forensics. The
More informationA GUIDE TO CYBERSECURITY METRICS YOUR VENDORS (AND YOU) SHOULD BE WATCHING
A GUIDE TO 12 CYBERSECURITY METRICS YOUR VENDORS (AND YOU) SHOULD BE WATCHING There is a major difference between perceived and actual security. Perceived security is what you believe to be in place at
More informationReview Kaspersky Internet Security - multi-device 2015 online software downloader ]
Review Kaspersky Internet Security - multi-device 2015 online software downloader ] Description: Benefits Protecting all your connected devices the one-licence, easy-touse solution Kaspersky Internet Security
More informationBuilding a Business Case for Cyber Threat Intelligence. 5Reasons Your. Organization Needs a Risk-Based 5Approach to Cybersecurity
Building a Business Case for Cyber Threat Intelligence 5Reasons Your Organization Needs a Risk-Based 5Approach to Cybersecurity 5 Reasons for a Risk-Based Approach to Cybersecurity The Bad Guys are Winning
More informationTo Audit Your IAM Program
Top Five Reasons To Audit Your IAM Program Best-in-class organizations are auditing their IAM programs - are you? focal-point.com Introduction Stolen credentials are the bread and butter of today s hacker.
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationWho We Are! Natalie Timpone
Who We Are! Natalie Timpone Manager of Security Business Management Office Enterprise Security Awareness Manager Carmelo Walsh Security, Risk, and Compliance Security Awareness Subject Matter Expert Who
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationKeys to a more secure data environment
Keys to a more secure data environment A holistic approach to data infrastructure security The current fraud and regulatory landscape makes it clear that every firm needs a comprehensive strategy for protecting
More informationSecuring Today s Mobile Workforce
WHITE PAPER Securing Today s Mobile Workforce Secure and Manage Mobile Devices and Users with Total Defense Mobile Security Table of Contents Executive Summary..................................................................................
More informationSecurity Policies and Procedures Principles and Practices
Security Policies and Procedures Principles and Practices by Sari Stern Greene Chapter 3: Information Security Framework Objectives Plan the protection of the confidentiality, integrity and availability
More informationDeMystifying Data Breaches and Information Security Compliance
May 22-25, 2016 Los Angeles Convention Center Los Angeles, California DeMystifying Data Breaches and Information Security Compliance Presented by James Harrison OM32 5/25/2016 3:00 PM - 4:15 PM The handouts
More informationEthics and Information Security. 10 주차 - 경영정보론 Spring 2014
Ethics and Information Security 10 주차 - 경영정보론 Spring 2014 Ethical issue in using ICT? Learning Outcomes E-policies in an organization relationships and differences between hackers and viruses relationship
More informationExam : Title : ASAM Advanced Security for Account Managers Exam. Version : Demo
Exam : 646-578 Title : ASAM Advanced Security for Account Managers Exam Version : Demo 1. When do you align customer business requirements with the needed solution functionality? A. when preparing for
More informationIBM Security Network Protection Solutions
Systems IBM Security IBM Security Network Protection Solutions Pre-emptive protection to keep you Ahead of the Threat Tanmay Shah Product Lead Network Protection Appliances IBM Security Systems 1 IBM Security
More informationDiscovering Computers Living in a Digital World
Discovering Computers 2010 Living in a Digital World Objectives Overview Define the term, computer security risks, and briefly describe the types of cybercrime perpetrators Describe various types of Internet
More informationIT Audit Process Prof. Liang Yao Week Two IT Audit Function
Week Two IT Audit Function Why we need IT audit A Case Study What You Can Learn about Risk Management from Societe Generale? https://www.cio.com/article/2436790/security0/what-you-can-learn-about-risk-management-fromsociete-generale.html
More informationProtect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com
Protect Your Endpoint, Keep Your Business Safe. White Paper Exosphere, Inc. getexosphere.com White Paper Today s Threat Landscape Cyber attacks today are increasingly sophisticated and widespread, rendering
More informationEntertaining & Effective Security Awareness Training
Entertaining & Effective Security Awareness Training www.digitaldefense.com Technology Isn t Enough Improve Security with a Fun Training Program that Works! Social engineering, system issues and employee
More informationElectronic Identity Theft and Basic Security
Electronic Identity Theft and Basic Security Prepared for DACS By Philip Chen CCSP, NSA infosec Professional 10-2-2007 Pchen@hi-link.com Agenda Introduction Examples Effective Security Defenses for Enterprises
More informationSecurity. Protect your business from security threats with Pearl Technology. The Connection That Matters Most
Security Protect your business from security threats with Pearl Technology The Connection That Matters Most Committed to Your Future When it comes to your business, security can mean many things. But to
More informationPenetration testing.
Penetration testing Penetration testing is a globally recognized security measure that can help provide assurances that a company s critical business infrastructure is protected from internal or external
More informationSecuring Information Systems
Introduction to Information Management IIM, NCKU System Vulnerability and Abuse (1/6) Securing Information Systems Based on Chapter 8 of Laudon and Laudon (2010). Management Information Systems: Managing
More informationIT SECURITY FOR NONPROFITS
IT SECURITY FOR NONPROFITS COMMUNITY IT INNOVATORS PLAYBOOK April 2016 Community IT Innovators 1101 14th Street NW, Suite 830 Washington, DC 20005 The challenge for a nonprofit organization is to develop
More informationCybersecurity Conference Presentation North Bay Business Journal. September 27, 2016
Cybersecurity Conference Presentation North Bay Business Journal September 27, 2016 1 PRESENTER Francis Tam, CPA, CISM, CISA, CITP, CRISC, PCI QSA Partner Information Security and Infrastructure Practice
More informationThreat analysis. Tuomas Aura CS-C3130 Information security. Aalto University, autumn 2017
Threat analysis Tuomas Aura CS-C3130 Information security Aalto University, autumn 2017 Outline What is security Threat analysis Threat modeling example Systematic threat modeling 2 WHAT IS SECURITY 3
More informationCombating Cyber Risk in the Supply Chain
SESSION ID: CIN-W10 Combating Cyber Risk in the Supply Chain Ashok Sankar Senior Director Cyber Strategy Raytheon Websense @ashoksankar Introduction The velocity of data breaches is accelerating at an
More informationSecurity Awareness. Chapter 2 Personal Security
Security Awareness Chapter 2 Personal Security Objectives After completing this chapter, you should be able to do the following: Define what makes a weak password Describe the attacks against passwords
More informationCybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016
Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco
More informationA Review Paper on Network Security Attacks and Defences
EUROPEAN ACADEMIC RESEARCH Vol. IV, Issue 12/ March 2017 ISSN 2286-4822 www.euacademic.org Impact Factor: 3.4546 (UIF) DRJI Value: 5.9 (B+) A Review Paper on Network Security Attacks and ALLYSA ASHLEY
More informationOffice 365 Buyers Guide: Best Practices for Securing Office 365
Office 365 Buyers Guide: Best Practices for Securing Office 365 Microsoft Office 365 has become the standard productivity platform for the majority of organizations, large and small, around the world.
More informationM.S. IN INFORMATION ASSURANCE MAJOR: CYBERSECURITY. Graduate Program
Detroit Mercy s Master of Science in Information Assurance with a major in Cybersecurity is a multi-disciplinary 30-credit-hour graduate degree. It is designed to produce a comprehensively knowledgeable
More information5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief
5 Trends That Will Impact Your IT Planning in 2012 Layered Security Executive Brief a QuinStreet Excutive Brief. 2011 Layered Security Many of the IT trends that your organization will tackle in 2012 aren
More informationManagement of IT Infrastructure Security by Establishing Separate Functional Area with Spiral Security Model
Management of IT Infrastructure Security by Establishing Separate Functional Area with Spiral Security Model Abhijit Vitthal Sathe Modern Institute of Business Management, Shivajinagar, Pune 411 005 abhijit_sathe@hotmail.com
More informationEmployee Security Awareness Training
Employee Security Awareness Training September 2016 Purpose Employees have access to sensitive data through the work they perform for York. Examples of sensitive data include social security numbers, medical
More informationJune 2 nd, 2016 Security Awareness
June 2 nd, 2016 Security Awareness Security is the degree of resistance to, or protection from, harm. if security breaks down, technology breaks down Protecting People, Property and Business Assets Goal
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationWhy you MUST protect your customer data
Why you MUST protect your customer data If you think you re exempt from compliance with customer data security and privacy laws because you re a small business, think again. Businesses of all sizes are
More informationCISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline
CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker Learn to find security vulnerabilities before the bad guys do! The Certified Ethical Hacker (CEH) class immerses students in an interactive environment
More informationIs your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner
Is your privacy secure? HIPAA Compliance Workshop September 2008 Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner Agenda Have you secured your key operational, competitive and financial
More informationManaging an Active Incident Response Case. Paul Underwood, COO
Managing an Active Incident Response Case Paul Underwood, COO 2 About Us Paul Underwood - COO Emagined Security is a leading professional services firm for Information Security, Privacy & Compliance solutions.
More informationCERTIFIED SECURE COMPUTER USER COURSE OUTLINE
CERTIFIED SECURE COMPUTER USER COURSE OUTLINE Page 1 TABLE OF CONTENT 1 COURSE DESCRIPTION... 3 2 MODULE-1: INTRODUCTION TO DATA SECURITY... 4 3 MODULE-2: SECURING OPERATING SYSTEMS... 6 4 MODULE-3: MALWARE
More information716 West Ave Austin, TX USA
Fundamentals of Computer and Internet Fraud GLOBAL Headquarters the gregor building 716 West Ave Austin, TX 78701-2727 USA TABLE OF CONTENTS I. INTRODUCTION What Is Computer Crime?... 2 Computer Fraud
More informationHIPAA Privacy & Security Training. Privacy and Security of Protected Health Information
HIPAA Privacy & Security Training Privacy and Security of Protected Health Information Course Competencies: This training module addresses the essential elements of maintaining the HIPAA Privacy and Security
More informationCompliance in 5 Steps
Email Compliance in 5 Steps Introduction For most businesses, email is a vital communication resource. Used to perform essential business functions, many organizations rely on email to send sensitive confidential
More informationManaging IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services
Managing IT Risk: What Now and What to Look For Presented By Tina Bode IT Assurance Services Agenda 1 2 WHAT TOP TEN IT SECURITY RISKS YOU CAN DO 3 QUESTIONS 2 IT S ALL CONNECTED Introduction All of our
More informationmhealth SECURITY: STATS AND SOLUTIONS
mhealth SECURITY: STATS AND SOLUTIONS www.eset.com WHAT IS mhealth? mhealth (also written as m-health) is an abbreviation for mobile health, a term used for the practice of medicine and public health supported
More informationVulnerability Management
Vulnerability Management Service Definition Table of Contents 1 INTRODUCTION... 2 2 SERVICE OFFERINGS VULNERABILITY MANAGEMENT... 2 3 SOLUTION PURPOSE... 3 4 HOW IT WORKS... 3 5 WHAT S INCLUDED... 4 6
More informationCOUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017
COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE Presented by Paul R. Hales, J.D. May 8, 2017 1 HIPAA Rules Combat Cyber Crime HIPAA Rules A Blueprint to Combat Cyber Crime 2 HIPAA Rules Combat Cyber Crime
More informationUnique Phishing Attacks (2008 vs in thousands)
The process of attempting to acquire sensitive information, such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. In the 2 nd half
More informationHEALTH CARE AND CYBER SECURITY:
HEALTH CARE AND CYBER SECURITY: Increasing Threats Require Increased Capabilities kpmg.com 1 HEALTH CARE AND CYBER SECURITY EXECUTIVE SUMMARY Four-fifths of executives at healthcare providers and payers
More informationKnowBe4 is the world s largest integrated platform for awareness training combined with simulated phishing attacks.
KnowBe4 is the world s largest integrated platform for awareness training combined with simulated phishing attacks. About Us The world s most popular integrated Security Awareness Training and Simulated
More informationBuilding a Case for Mainframe Security
Building a Case for Mainframe Security Dr. Paul Rohmeyer, Ph.D. Stevens Institute of Technology Hoboken, New Jersey June 13-15, 2010 1 AGENDA - Problem Statement - Defining Security - Understanding Mainframe
More informationitexamdump 최고이자최신인 IT 인증시험덤프 일년무료업데이트서비스제공
itexamdump 최고이자최신인 IT 인증시험덤프 http://www.itexamdump.com 일년무료업데이트서비스제공 Exam : CISA Title : Certified Information Systems Auditor Vendor : ISACA Version : DEMO Get Latest & Valid CISA Exam's Question and
More informationEC-Council C EH. Certified Ethical Hacker. Program Brochure
EC-Council TM H Program Brochure Course Description The (CEH) program is the core of the most desired information security training system any information security professional will ever want to be in.
More informationSMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE
SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE Small business cybersecurity survival guide By Stephen Cobb, ESET Senior Security Researcher Computers and the internet bring many benefits to small businesses,
More information