SlideShare ist ein Scribd-Unternehmen logo

Improve Cybersecurity with Deterrence, Awareness, Procedures & Logging

Als PPTX, PDF herunterladen
S
sommerville-videos

Discusses individual and organisational strategies to improve cybersecurity Accompanies YouTube video

Technologie
1 von 27
Making systems more secure • Strategies that can be used to improve cybersecurity Making systems more secure, 2013 Slide 1
Improving cybersecurity • Deterrence – • Increase the costs of making an attack on your systems Awareness – Improve awareness of all system users of security risks and types of attack Making systems more secure, 2013 Slide 2
Improving cybersecurity • Procedures – • Design realistic security procedures that can be followed by everyone in an organisation (including the boss) Monitoring and logging – Monitor and log all system operations Making systems more secure, 2013 Slide 3
Deterrence • It is impossible to develop a completely secure personal, business and government system. If an attacker has unlimited resources and motivation, it will always be possible to invoke some attacks on a given system. Making systems more secure, 2013 Slide 4
Deterrence • However, attackers NEVER have unlimited resources and motivation so, an aim of security is to increase the costs of making a successful attack to such an extent that attackers will (a) be deterred from attacking and (b) will abandon attempted attacks before they are successful Making systems more secure, 2013 Slide 5
Diverse authentication systems • Use strong passwords and multiple forms of authentication • Login/password + personal question or biometric • Attacker has to break two levels of authentication to gain access Making systems more secure, 2013 Slide 6
Firewalls Making systems more secure, 2013 Slide 7
Encryption • Use https protocol to encrypt information whilst in transit across the Internet • Encrypt confidential information stored on your system Making systems more secure, 2013 Slide 8
Password security Making systems more secure, 2013 Slide 9
Password security • Password strength measurement – https://passfault.appspot.com/password_stre ngth.html#menu • Calculates how long it would take to break a password using a brute force attack, using a standard PC Making systems more secure, 2013 Slide 10
Making systems more secure, 2013 Slide 11
Making systems more secure, 2013 Slide 12
Making systems more secure, 2013 Slide 13
Making systems more secure, 2013 Slide 14
Encryption • Encryption is the process of encoding information in such a way that it is not directly readable. A key is required to decrypt the information and understand it • A systematic transformation is applied to the information, based on the key, to transform it to a different form. • The original information can only be recovered if the reader has the key that can be used to reverse the transformation Making systems more secure, 2013 Slide 15
Example of encryption here Making systems more secure, 2013 Slide 16
• Used sensibly, encryption can contribute to cybersecurity improvement but is not an answer in itself – Security of encryption keys – Inconvenience of encryption leads to patchy utilisation and user frustration – Risk of key loss or corruption – information is completely lost (and backups don’t help) – Can make recovery more difficult Making systems more secure, 2013 Slide 17
Awareness • Educate users into the importance of cyber security and provide information that supports their secure use of computer systems • Be open about incidents that may have occurred Making systems more secure, 2013 Slide 18
Awareness • Take into account how people really are rather than how you might like them to be • People have human failings and inevitably will make mistakes Making systems more secure, 2013 Slide 19
• Bad security advice – Many security guidelines and rules are unrealistic and cannot be followed in practice by users – Use a different password for every website you visit Making systems more secure, 2013 Slide 20
• Good security advice – If you use the same password for everything, an attacker can get access to your accounts if they find that out – Use a different passwords for all online bank accounts and only reuse passwords when you don’t really care about the accounts Making systems more secure, 2013 Slide 21
Procedures • Businesses should design appropriate procedures based around the value of the assets that are being protected • If you simply apply the most secure procedures to all information, this will disrupt work and users are more likely to try to circumvent these procedures Making systems more secure, 2013 Slide 22
• If information is not confidential, then it often makes sense to make it public • This reduces the need for users to authenticate to access the information Making systems more secure, 2013 Slide 23
• Cybersecurity awareness procedures for all staff including the most senior management • Recognise reality – people will use phones and tablets and derive procedures for their safe use Making systems more secure, 2013 Slide 24
Monitoring and logging • Monitoring and logging means that you record all user actions and so keep track of all accesses to the system Making systems more secure, 2013 Slide 25
• Use tools to scan log frequently looking for anomalies • Can be an important deterrent to insider attacks if attackers know that they have a chance of being discovered through the logging system Making systems more secure, 2013 Slide 26
Summary • Improving cybersecurity depends on – Deterrence – Awareness – Effective procedures – Monitoring and logging Making systems more secure, 2013 Slide 27

Empfohlen

Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecuritysommerville-videos
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issuesommerville-videos
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
System safety
System safetySystem safety
System safetysommerville-videos
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causessommerville-videos
 
Bl cybersecurity z_dooly
Bl cybersecurity z_doolyBl cybersecurity z_dooly
Bl cybersecurity z_doolyzdooly
 
Infrastructure resilience
Infrastructure resilienceInfrastructure resilience
Infrastructure resiliencesommerville-videos
 
Ics & computer security for nuclear facilities
Ics & computer security for nuclear facilitiesIcs & computer security for nuclear facilities
Ics & computer security for nuclear facilitiesomriyad
 

Empfohlen

Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecuritysommerville-videos
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issuesommerville-videos
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
System safety
System safetySystem safety
System safetysommerville-videos
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causessommerville-videos
 
Bl cybersecurity z_dooly
Bl cybersecurity z_doolyBl cybersecurity z_dooly
Bl cybersecurity z_doolyzdooly
 
Infrastructure resilience
Infrastructure resilienceInfrastructure resilience
Infrastructure resiliencesommerville-videos
 
Ics & computer security for nuclear facilities
Ics & computer security for nuclear facilitiesIcs & computer security for nuclear facilities
Ics & computer security for nuclear facilitiesomriyad
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 ChallengesLeandro Bennaton
 
Computer security
Computer securityComputer security
Computer securityabdulrehman1673
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesWAJAHAT IQBAL
 
Cyber security
Cyber securityCyber security
Cyber securityRavikantGautam8
 
Tonex Cybersecurity Fundamentals, Cybersecurity Training and Certification
Tonex Cybersecurity Fundamentals, Cybersecurity Training and CertificationTonex Cybersecurity Fundamentals, Cybersecurity Training and Certification
Tonex Cybersecurity Fundamentals, Cybersecurity Training and CertificationBryan Len
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityPECB
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Donald E. Hester
 
security and ethical challenges in information systems
security and ethical challenges in information systemssecurity and ethical challenges in information systems
security and ethical challenges in information systemshilal12
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environmentEvan Francen
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Cyber security-briefing-presentation
Cyber security-briefing-presentationCyber security-briefing-presentation
Cyber security-briefing-presentationsathiyamaha
 
Cat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsCat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsSimeon Ogao
 
An introduction to cyber security by cyber security infotech pvt ltd(csi)
An introduction to cyber security by cyber security infotech pvt ltd(csi)An introduction to cyber security by cyber security infotech pvt ltd(csi)
An introduction to cyber security by cyber security infotech pvt ltd(csi)Cyber Security Infotech
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
The Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsThe Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsMercury Solutions Limited
 
What every executive needs to know about information technology security
What every executive needs to know about information technology securityWhat every executive needs to know about information technology security
What every executive needs to know about information technology securityLegal Services National Technology Assistance Project (LSNTAP)
 
information security technology
information security technologyinformation security technology
information security technologygarimasagar
 
Critical systems intro
Critical systems introCritical systems intro
Critical systems introsommerville-videos
 
Maroochy water breach
Maroochy water breachMaroochy water breach
Maroochy water breachsommerville-videos
 
System security
System securitySystem security
System securitysommerville-videos
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 ChallengesLeandro Bennaton
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesWAJAHAT IQBAL
 
Tonex Cybersecurity Fundamentals, Cybersecurity Training and Certification
Tonex Cybersecurity Fundamentals, Cybersecurity Training and CertificationTonex Cybersecurity Fundamentals, Cybersecurity Training and Certification
Tonex Cybersecurity Fundamentals, Cybersecurity Training and CertificationBryan Len
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityPECB
 
Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Donald E. Hester
 
security and ethical challenges in information systems
security and ethical challenges in information systemssecurity and ethical challenges in information systems
security and ethical challenges in information systemshilal12
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environmentEvan Francen
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Cyber security-briefing-presentation
Cyber security-briefing-presentationCyber security-briefing-presentation
Cyber security-briefing-presentationsathiyamaha
 
Cat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsCat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsSimeon Ogao
 
An introduction to cyber security by cyber security infotech pvt ltd(csi)
An introduction to cyber security by cyber security infotech pvt ltd(csi)An introduction to cyber security by cyber security infotech pvt ltd(csi)
An introduction to cyber security by cyber security infotech pvt ltd(csi)Cyber Security Infotech
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
The Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsThe Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsMercury Solutions Limited
 
information security technology
information security technologyinformation security technology
information security technologygarimasagar
 

Was ist angesagt? (19)

Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
 
Computer security
Computer securityComputer security
Computer security
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practises
 
Cyber security
Cyber securityCyber security
Cyber security
 
Tonex Cybersecurity Fundamentals, Cybersecurity Training and Certification
Tonex Cybersecurity Fundamentals, Cybersecurity Training and CertificationTonex Cybersecurity Fundamentals, Cybersecurity Training and Certification
Tonex Cybersecurity Fundamentals, Cybersecurity Training and Certification
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information Security
 
Information security
Information securityInformation security
Information security
 
Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001
 
security and ethical challenges in information systems
security and ethical challenges in information systemssecurity and ethical challenges in information systems
security and ethical challenges in information systems
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Cyber security-briefing-presentation
Cyber security-briefing-presentationCyber security-briefing-presentation
Cyber security-briefing-presentation
 
Cat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsCat21:Development Mangement Information Systems
Cat21:Development Mangement Information Systems
 
An introduction to cyber security by cyber security infotech pvt ltd(csi)
An introduction to cyber security by cyber security infotech pvt ltd(csi)An introduction to cyber security by cyber security infotech pvt ltd(csi)
An introduction to cyber security by cyber security infotech pvt ltd(csi)
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
The Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsThe Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security Certifications
 
What every executive needs to know about information technology security
What every executive needs to know about information technology securityWhat every executive needs to know about information technology security
What every executive needs to know about information technology security
 
information security technology
information security technologyinformation security technology
information security technology
 

Andere mochten auch

Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causessommerville-videos
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issuesommerville-videos
 
Introduction to systems of systems
Introduction to systems of systemsIntroduction to systems of systems
Introduction to systems of systemssommerville-videos
 
Critical national infrastructure
Critical national infrastructureCritical national infrastructure
Critical national infrastructuresommerville-videos
 
Cybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurityCybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecuritysommerville-videos
 
System of systems classification
System of systems classificationSystem of systems classification
System of systems classificationsommerville-videos
 
Requirements engineering processes
Requirements engineering processesRequirements engineering processes
Requirements engineering processessommerville-videos
 

Andere mochten auch (20)

Critical systems intro
Critical systems introCritical systems intro
Critical systems intro
 
Maroochy water breach
Maroochy water breachMaroochy water breach
Maroochy water breach
 
System security
System securitySystem security
System security
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causes
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issue
 
Infrastructure dependability
Infrastructure dependabilityInfrastructure dependability
Infrastructure dependability
 
Infrastructure control
Infrastructure controlInfrastructure control
Infrastructure control
 
Introduction to systems of systems
Introduction to systems of systemsIntroduction to systems of systems
Introduction to systems of systems
 
Critical national infrastructure
Critical national infrastructureCritical national infrastructure
Critical national infrastructure
 
Cybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurityCybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurity
 
System success and failure
System success and failureSystem success and failure
System success and failure
 
Warsaw airbus accident
Warsaw airbus accidentWarsaw airbus accident
Warsaw airbus accident
 
Reuse landscape
Reuse landscapeReuse landscape
Reuse landscape
 
Intro to requirements eng.
Intro to requirements eng.Intro to requirements eng.
Intro to requirements eng.
 
Scada security
Scada securityScada security
Scada security
 
System of systems classification
System of systems classificationSystem of systems classification
System of systems classification
 
Cybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacksCybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacks
 
Scaling agile
Scaling agileScaling agile
Scaling agile
 
Requirements engineering processes
Requirements engineering processesRequirements engineering processes
Requirements engineering processes
 
System dependability
System dependabilitySystem dependability
System dependability
 

Ähnlich wie Improve Cybersecurity with Deterrence, Awareness, Procedures & Logging

Net essentials6e ch10
Net essentials6e ch10Net essentials6e ch10
Net essentials6e ch10APSU
 
Principles for Secure Design and Software Security
Principles for Secure Design and Software Security Principles for Secure Design and Software Security
Principles for Secure Design and Software Security Mona Rajput
 
1_Introduction to security.pptx
1_Introduction to security.pptx1_Introduction to security.pptx
1_Introduction to security.pptxdiaa46
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMuhammad Asim
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsAndrew S. Baker (ASB)
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineeringaizazhussain234
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptxPiyush Jain
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxLokNathRegmi1
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 
Engineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacyEngineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacysoftware-engineering-book
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...Robert Parker
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...Leif Davidsen
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principlesDivya Tiwari
 

Ähnlich wie Improve Cybersecurity with Deterrence, Awareness, Procedures & Logging (20)

Net essentials6e ch10
Net essentials6e ch10Net essentials6e ch10
Net essentials6e ch10
 
Principles for Secure Design and Software Security
Principles for Secure Design and Software Security Principles for Secure Design and Software Security
Principles for Secure Design and Software Security
 
1_Introduction to security.pptx
1_Introduction to security.pptx1_Introduction to security.pptx
1_Introduction to security.pptx
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and Tools
 
02.security systems
02.security systems02.security systems
02.security systems
 
9780840024220 ppt ch05
9780840024220 ppt ch059780840024220 ppt ch05
9780840024220 ppt ch05
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
 
Security Design Principles.ppt
Security Design Principles.ppt Security Design Principles.ppt
Security Design Principles.ppt
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptx
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptx
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 
Engineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacyEngineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacy
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...
 
9780840024220 ppt ch01
9780840024220 ppt ch019780840024220 ppt ch01
9780840024220 ppt ch01
 
Security Design Concepts
Security Design ConceptsSecurity Design Concepts
Security Design Concepts
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principles
 
ppt ch18
ppt ch18ppt ch18
ppt ch18
 

Mehr von sommerville-videos

Architectural patterns for real-time systems
Architectural patterns for real-time systemsArchitectural patterns for real-time systems
Architectural patterns for real-time systemssommerville-videos
 
Introduction to real time software systems script
Introduction to real time software systems scriptIntroduction to real time software systems script
Introduction to real time software systems scriptsommerville-videos
 
Agile methods for large systems
Agile methods for large systemsAgile methods for large systems
Agile methods for large systemssommerville-videos
 
Agile and plan based development processes
Agile and plan based development processesAgile and plan based development processes
Agile and plan based development processessommerville-videos
 
Fundamental software engineering activities
Fundamental software engineering activitiesFundamental software engineering activities
Fundamental software engineering activitiessommerville-videos
 
Introducing Software Engineering
Introducing Software EngineeringIntroducing Software Engineering
Introducing Software Engineeringsommerville-videos
 
Stakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernsStakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernssommerville-videos
 
Requirements engineering challenges
Requirements engineering challengesRequirements engineering challenges
Requirements engineering challengessommerville-videos
 
Introducing sociotechnical systems
Introducing sociotechnical systemsIntroducing sociotechnical systems
Introducing sociotechnical systemssommerville-videos
 

Mehr von sommerville-videos (16)

Architectural patterns for real-time systems
Architectural patterns for real-time systemsArchitectural patterns for real-time systems
Architectural patterns for real-time systems
 
Introduction to real time software systems script
Introduction to real time software systems scriptIntroduction to real time software systems script
Introduction to real time software systems script
 
Agile methods for large systems
Agile methods for large systemsAgile methods for large systems
Agile methods for large systems
 
User stories
User storiesUser stories
User stories
 
Agile and plan based development processes
Agile and plan based development processesAgile and plan based development processes
Agile and plan based development processes
 
Fundamental software engineering activities
Fundamental software engineering activitiesFundamental software engineering activities
Fundamental software engineering activities
 
Introducing Software Engineering
Introducing Software EngineeringIntroducing Software Engineering
Introducing Software Engineering
 
Why se script
Why se scriptWhy se script
Why se script
 
Ariane 5 launcher failure
Ariane 5 launcher failure Ariane 5 launcher failure
Ariane 5 launcher failure
 
Airbus Flight Control System
Airbus Flight Control SystemAirbus Flight Control System
Airbus Flight Control System
 
Stakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernsStakeholders, viewpoints and concerns
Stakeholders, viewpoints and concerns
 
Requirements engineering challenges
Requirements engineering challengesRequirements engineering challenges
Requirements engineering challenges
 
Emergent properties
Emergent propertiesEmergent properties
Emergent properties
 
Introducing sociotechnical systems
Introducing sociotechnical systemsIntroducing sociotechnical systems
Introducing sociotechnical systems
 
Availability and reliability
Availability and reliabilityAvailability and reliability
Availability and reliability
 
Critical systems engineering
Critical systems engineeringCritical systems engineering
Critical systems engineering
 

Kürzlich hochgeladen

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 

Kürzlich hochgeladen (20)

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 

Improve Cybersecurity with Deterrence, Awareness, Procedures & Logging

  • 1. Making systems more secure • Strategies that can be used to improve cybersecurity Making systems more secure, 2013 Slide 1
  • 2. Improving cybersecurity • Deterrence – • Increase the costs of making an attack on your systems Awareness – Improve awareness of all system users of security risks and types of attack Making systems more secure, 2013 Slide 2
  • 3. Improving cybersecurity • Procedures – • Design realistic security procedures that can be followed by everyone in an organisation (including the boss) Monitoring and logging – Monitor and log all system operations Making systems more secure, 2013 Slide 3
  • 4. Deterrence • It is impossible to develop a completely secure personal, business and government system. If an attacker has unlimited resources and motivation, it will always be possible to invoke some attacks on a given system. Making systems more secure, 2013 Slide 4
  • 5. Deterrence • However, attackers NEVER have unlimited resources and motivation so, an aim of security is to increase the costs of making a successful attack to such an extent that attackers will (a) be deterred from attacking and (b) will abandon attempted attacks before they are successful Making systems more secure, 2013 Slide 5
  • 6. Diverse authentication systems • Use strong passwords and multiple forms of authentication • Login/password + personal question or biometric • Attacker has to break two levels of authentication to gain access Making systems more secure, 2013 Slide 6
  • 7. Firewalls Making systems more secure, 2013 Slide 7
  • 8. Encryption • Use https protocol to encrypt information whilst in transit across the Internet • Encrypt confidential information stored on your system Making systems more secure, 2013 Slide 8
  • 9. Password security Making systems more secure, 2013 Slide 9
  • 10. Password security • Password strength measurement – https://passfault.appspot.com/password_stre ngth.html#menu • Calculates how long it would take to break a password using a brute force attack, using a standard PC Making systems more secure, 2013 Slide 10
  • 11. Making systems more secure, 2013 Slide 11
  • 12. Making systems more secure, 2013 Slide 12
  • 13. Making systems more secure, 2013 Slide 13
  • 14. Making systems more secure, 2013 Slide 14
  • 15. Encryption • Encryption is the process of encoding information in such a way that it is not directly readable. A key is required to decrypt the information and understand it • A systematic transformation is applied to the information, based on the key, to transform it to a different form. • The original information can only be recovered if the reader has the key that can be used to reverse the transformation Making systems more secure, 2013 Slide 15
  • 16. Example of encryption here Making systems more secure, 2013 Slide 16
  • 17. • Used sensibly, encryption can contribute to cybersecurity improvement but is not an answer in itself – Security of encryption keys – Inconvenience of encryption leads to patchy utilisation and user frustration – Risk of key loss or corruption – information is completely lost (and backups don’t help) – Can make recovery more difficult Making systems more secure, 2013 Slide 17
  • 18. Awareness • Educate users into the importance of cyber security and provide information that supports their secure use of computer systems • Be open about incidents that may have occurred Making systems more secure, 2013 Slide 18
  • 19. Awareness • Take into account how people really are rather than how you might like them to be • People have human failings and inevitably will make mistakes Making systems more secure, 2013 Slide 19
  • 20. • Bad security advice – Many security guidelines and rules are unrealistic and cannot be followed in practice by users – Use a different password for every website you visit Making systems more secure, 2013 Slide 20
  • 21. • Good security advice – If you use the same password for everything, an attacker can get access to your accounts if they find that out – Use a different passwords for all online bank accounts and only reuse passwords when you don’t really care about the accounts Making systems more secure, 2013 Slide 21
  • 22. Procedures • Businesses should design appropriate procedures based around the value of the assets that are being protected • If you simply apply the most secure procedures to all information, this will disrupt work and users are more likely to try to circumvent these procedures Making systems more secure, 2013 Slide 22
  • 23. • If information is not confidential, then it often makes sense to make it public • This reduces the need for users to authenticate to access the information Making systems more secure, 2013 Slide 23
  • 24. • Cybersecurity awareness procedures for all staff including the most senior management • Recognise reality – people will use phones and tablets and derive procedures for their safe use Making systems more secure, 2013 Slide 24
  • 25. Monitoring and logging • Monitoring and logging means that you record all user actions and so keep track of all accesses to the system Making systems more secure, 2013 Slide 25
  • 26. • Use tools to scan log frequently looking for anomalies • Can be an important deterrent to insider attacks if attackers know that they have a chance of being discovered through the logging system Making systems more secure, 2013 Slide 26
  • 27. Summary • Improving cybersecurity depends on – Deterrence – Awareness – Effective procedures – Monitoring and logging Making systems more secure, 2013 Slide 27

Hinweis der Redaktion

  1. Mystery why some organisations limit length of passwords and do not allow characters apart from letters and numbersSay you live at 15 south street so make up a password you can remember:SO51street Cracked in < 1 daySO_51_street Cracked in 23 years