SlideShare ist ein Scribd-Unternehmen logo

Is6120 data security presentation

Als PPTX, PDF herunterladen
J
JamesDempsey1

In class presentation for Business Intelligence by students.

Bildung
1 von 33
Data Security Greg Ashe Ross Leahy Nicholas Hayes
What is Data Security • Some Definitions – the protecting of a database from destructive forces and unwanted actions of unauthorized users. • Some Problems associated with Data Security -Data Tampering -Eavesdropping and Data Theft -Falsifying User Identities -Password-Related Threats -Unauthorized Access to tables and Columns -Unauthorized Access to Data Rows -Lack of Accountability IS6120 Data Security 2
Evolution of Data Security – Internet impacts By Ross Leahy
• Open reel magnetic tape was introduced in the 1950’s, These tapes could store 5MB to 150MB of data and marked an evolutionary step in data storage and data protection. IS6120 Data Security 4
• Physical attacks on data can also be known as tampering • Tampering is a physical action type defined as unauthorized altering or interfering with the normal state or operation of an asset rather than, for instance, altering software or system settings. (Verizon 2011) • Still a Security Threat today due to: • Sensitive Data Left in Plain View Unlocked Accessible Computer Systems Data Loss • Data Cabling Accessible from Public Areas IS6120 Data Security 5
New Avenues to steal data • Network • E-mails • Applications • Thirty years ago, the first computer virus appeared. Since then, cybercriminals have created millions of viruses and other malware—email viruses, Trojans, Internet worms, spyware, keystroke loggers—some spreading worldwide and making headlines. • Internet is providing more opportunities for hackers to steal data – Increasing Data theft. IS6120 Data Security 6
Data Theft • Data theft is the deliberate theft of information, rather than its accidental loss. Data theft can take place both inside an organization (e.g., by a disgruntled employee), or by criminals outside the organization. • Examples • 2012- Belgian credit provider, Dexia, where demanded to make payment (blackmail) of €150,000 (US$197,000) to prevent hackers from publishing confidential information. • 2011- Sony Corp suffers breaches that place 100M customer accounts at risk, costing the company up to $2 billion. IS6120 Data Security 7
What types of threats exist? • A lot of viruses and other malware exist and can be seen here. • More than 403 million unique variants of malware detected by Symantec in 2011 • Malware • A drive-by download • Denial-of-service (DoS) attack • Trojan • Email hoax's – “Good Times” • Phishing • Spear-phishing • SQL Injection IS6120 Data Security 8
Definitions of Threats • A drive-by download is the infection of a computer with malware when a user visits a malicious website. Drive-by downloads occur without the knowledge of the user. Simply visiting an infected website may be sufficient for the malware to be downloaded and run on a computer. • SQL Injection is an attack technique used to exploit how web pages communicate with back-end databases. An attacker can issue commands (in the form of specially crafted SQL statements) to a database using input fields on a website. • Spearphishing is targeted phishing using spoof emails to persuade people within a company to reveal sensitive information or credentials. Unlike phishing, which involves mass-emailing, spearphishing is small-scale and well-targeted. IS6120 Data Security 9
Security software and hardware • Antivirus software • Firewalls • Device control • Network access control • Application control IS6120 Data Security 10
Threat prevention • Firewall acts as a barrier between networks or parts of a network, blocking malicious traffic or preventing hacking attempts. • Anti-malware software can defend you against viruses and other malware threats including Trojans, worms and, depending on the product, spyware. • Anti-spam programs can detect unwanted email and prevent it from reaching user inboxes. • Appliances are a combination of hardware and software security elements in one solution. This lets you plug appliances in rather than installing the software separately. • Intrusion prevention systems (IPS) monitor network and systems for malicious activity. • Network access control (NAC) A NAC solution protects your network and the information on it from the threats posed by users or devices accessing your network. IS6120 Data Security 11
Ensure data protection • Encrypt your computers, emails and other devices and use firewall • Use device and application control • Only allow compliant computers to access your network. • Implement outbound content controls • Disable AutoRun functionality- In February 2011 Microsoft automatically disabled AutoRun, preventing malware from copying itself to host computers and shared network drives from devices such as USB drives. • With more than 403 million unique variants of malware detected by Symantec in 2011, enterprises should be updating security virus and intrusion prevention definitions at least daily, if not multiple times a day. IS6120 Data Security 12
What is Mobile Computing? • A generic term used to refer to a variety of devices that allow people to access data and information from where ever they are • Mobile Computing embraces a host of portable technologies that makes internet access on the go not only possible, but integral to every day life • A recent Gartner report claimed that “Mobile Computing is the future” • Report also suggests that mobile phones will overtake PCs as the most common web access device worldwide IS6120 Data Security 13
Security Risks of Mobile Computing • Fishnet Security survey found that Mobile Computing is the top security concern for 18% organizations 35% Mobile Computing Social Networks • Of the professionals 20% Other surveyed: Cloud Computing  35% Mobile Computing 27%  27% Social Networks  20% Other  18% Cloud Computing IS6120 Data Security 14
Security Risks of Mobile Computing • The popularity of mobile computing is accelerating, as their sales reach a critical mass smartphones and tablets will become prime targets of malware attacks • There’s now more than 1 billion active Smartphones, that’s one for every seven people on the planet • As with any computing solution, tablet PC’s and Smartphones are exposed to software threats • However, Mobile brings additional risks like theft or accidental loss where sensitive data can be lost IS6120 Data Security 15
Bring Your Own Device (BYOD) • The idea behind BYOD is that users can use a personal device such as a Tablet or Smartphone for both personal and business use • This scenario of users bringing in their own devices to connect to a corporate network could result in malware spreading through the corporate network • BYOD multiplies the number of networks, applications, and end-points through which data is accessed • Moving data across different devices and networks is increasing security risks by opening sensitive corporate data to leaks and attacks • This has led to some people dubbing BYOD as “Bring Your Own Disaster” IS6120 Data Security 16
The Issue With Mobile Browsers • On Mobile Browsers, even experts have trouble determining the legitimacy of a website due to a lack of an icon that shows the browser is using Secure Sockets Layer (SSL) • These icons, which are present on almost all desktop browsers, quickly tells users if the site is secure and legitimate eg. The padlock icon • Once developers figure out a smart and consistent way to implement SSL, everyone will be more secure and better served IS6120 Data Security 17
Mobile Payments • Despite convenient and futuristic qualities, the mobile platform not designed as a secure application environment • Lots of sensitive data stored or entered in your Smartphone and because it is connected to the internet at all times, Smartphone at great risk for malware designed to grab sensitive information IS6120 Data Security 18
Example: NASA Data Security Breach • Last year, data breaches occurred in the space agency NASA as a result of the theft of 48 portable electronic devices • Among the data compromised were International Space Station command-and-control codes and employees’ personal information • As a result NASA has enacted new policies including mandatory full- disk encryption for NASA-issued computers that go off the premises • In addition, NASA will forbid employees from storing sensitive information on mobile devices such as Smartphones and Tablets IS6120 Data Security 19
Possible Steps to Minimise Security Risks • You’ll never eliminate all of the potential risks, but you can minimise the threats 1) Know your hardware and operating systems 2) Think before you store 3) Shop for Apps securely 4) Install updates IS6120 Data Security 20
Social Networks – Problems with Security & Data Privacy • Use of the internet is changing • Huge growth in the volume of personal information being shared on the web • Huge opportunities for businesses IS6120 Data Security 21
Issues with Social Networks • Personal Information • National incentives are ineffective IS6120 Data Security 22
Security Issues in the Future of Social Networking 1. Storage of personal data 2. Tools for managing personal data and how it is viewed 3. Access control to personal data based on credentials 4. Tools for finding out who has accessed personal data IS6120 Data Security 23
Examples of Social Networking Sites IS6120 Data Security 24
Examples of Social Networking Sites • “Just received a job offer. Hooray!” • “I’m tired of all the rain.” • “Looking forward to the family vacation next week at Disney World.” IS6120 Data Security 25
Clever Boy IS6120 Data Security 26
• “The boss just laid off 32 employees. I hear there may be more coming on Wednesday.” • “Rumor has it that the Acme Widgets acquisition fell through.” • “Working to troubleshoot a major software bug we just found.” • “I just posted a funny video of myself frying a rodent at the restaurant where I work.” IS6120 Data Security 27
Brad at it again IS6120 Data Security 28
How much will providers actually allow the export and open transfer of their data stores? • Social Networking is becoming the preferred way to manage personal data • Identity Theft & Authentication • Web of Trust Techniques IS6120 Data Security 29
IS6120 Data Security 30
Possible Steps 1. Each user is issued a token 2. Every time user A is accepted as a friend by a user, token given positive/negative trust training 3. User A suspects User B is not who they say they are 4. User A knows user B personally 5. Scores aggregated IS6120 Data Security 31
..continued 6. Tokens are visible 7. Tokens are transferable 8. Key can be extended Source: http://www.gfi.com/whitepapers/Social_Networking_and_Security_Risks.pdf IS6120 Data Security 32
Password Protection • Video explaining password protection: http://www.youtube.com/watch?v=FtqwXzNebeU • Thanks for listening IS6120 Data Security 33

Empfohlen

Data security
Data securityData security
Data securityAbdulBasit938
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber SecurityGeo Marian
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 
3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security3 Most Common Threats Of Information Security
3 Most Common Threats Of Information SecurityAna Meskovska
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - EnglishData Security
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Securitychauhankapil
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security pptVenkatesh Chary
 

Empfohlen

Data security
Data securityData security
Data securityAbdulBasit938
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber SecurityGeo Marian
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 
3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security3 Most Common Threats Of Information Security
3 Most Common Threats Of Information SecurityAna Meskovska
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - EnglishData Security
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Securitychauhankapil
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security pptVenkatesh Chary
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amosAmos Oyoo
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsToño Herrera
 
zero day exploits
zero day exploitszero day exploits
zero day exploitsAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
IT Security Presentation
IT Security PresentationIT Security Presentation
IT Security Presentationelihuwalker
 
Data security
Data securityData security
Data securityTapan Khilar
 
Data Security
Data SecurityData Security
Data SecurityAkNirojan
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMANAND MURALI
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 
Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Sarfaraz Chougule
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full pptShahbaz Khan
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation tomasztopa
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentationmlw32785
 

Weitere ähnliche Inhalte

Was ist angesagt?

Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amosAmos Oyoo
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsToño Herrera
 
IT Security Presentation
IT Security PresentationIT Security Presentation
IT Security Presentationelihuwalker
 
Data Security
Data SecurityData Security
Data SecurityAkNirojan
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMANAND MURALI
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 
Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Sarfaraz Chougule
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full pptShahbaz Khan
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation tomasztopa
 

Was ist angesagt? (20)

Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amos
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
Information security management system
Information security management systemInformation security management system
Information security management system
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
 
zero day exploits
zero day exploitszero day exploits
zero day exploits
 
IT Security Presentation
IT Security PresentationIT Security Presentation
IT Security Presentation
 
Data security
Data securityData security
Data security
 
Data Security
Data SecurityData Security
Data Security
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEM
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
 
Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full ppt
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and Attacks
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation
 

Andere mochten auch

Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentationmlw32785
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityJisc Scotland
 
Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Andrew Sharpe
 
Data protection act
Data protection act Data protection act
Data protection act Iqbal Bocus
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computingPrince Chandu
 
Data security strategies and drivers
Data security strategies and driversData security strategies and drivers
Data security strategies and driversFreeform Dynamics
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information PrivacyPerry Slack
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Actmrmwood
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Database Security
Database SecurityDatabase Security
Database Securityalraee
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacyrealpeterz
 
Presentatie de waarde van data - presentatie - 21 maart 2013 (the meti sfi...
Presentatie de waarde van data - presentatie - 21 maart 2013 (the meti sfi...Presentatie de waarde van data - presentatie - 21 maart 2013 (the meti sfi...
Presentatie de waarde van data - presentatie - 21 maart 2013 (the meti sfi...Ruud Alaerds
 
Computer information systems program power point
Computer information systems program power pointComputer information systems program power point
Computer information systems program power pointMoultrie Technical College
 
CSA Research: Mitigating Cloud Threats
CSA Research: Mitigating Cloud ThreatsCSA Research: Mitigating Cloud Threats
CSA Research: Mitigating Cloud ThreatsBitglass
 

Andere mochten auch (20)

Data protection ppt
Data protection pptData protection ppt
Data protection ppt
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentation
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information Security
 
Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Data Protection (Download for slideshow)
Data Protection (Download for slideshow)
 
Data protection act
Data protection act Data protection act
Data protection act
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computing
 
Data security strategies and drivers
Data security strategies and driversData security strategies and drivers
Data security strategies and drivers
 
Data Protection Presentation
Data Protection PresentationData Protection Presentation
Data Protection Presentation
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 
Network security
Network securityNetwork security
Network security
 
Database Security
Database SecurityDatabase Security
Database Security
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacy
 
Pengenalan network security ver 1
Pengenalan network security ver 1Pengenalan network security ver 1
Pengenalan network security ver 1
 
Presentatie de waarde van data - presentatie - 21 maart 2013 (the meti sfi...
Presentatie de waarde van data - presentatie - 21 maart 2013 (the meti sfi...Presentatie de waarde van data - presentatie - 21 maart 2013 (the meti sfi...
Presentatie de waarde van data - presentatie - 21 maart 2013 (the meti sfi...
 
Internet cookies
Internet cookiesInternet cookies
Internet cookies
 
Computer information systems program power point
Computer information systems program power pointComputer information systems program power point
Computer information systems program power point
 
CSA Research: Mitigating Cloud Threats
CSA Research: Mitigating Cloud ThreatsCSA Research: Mitigating Cloud Threats
CSA Research: Mitigating Cloud Threats
 
Cloud Security Overview
Cloud Security OverviewCloud Security Overview
Cloud Security Overview
 

Ähnlich wie Is6120 data security presentation

Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesPierluigi Paganini
 
IoT Devices Expanding Your Digital Footprint
IoT Devices Expanding Your Digital FootprintIoT Devices Expanding Your Digital Footprint
IoT Devices Expanding Your Digital FootprintSurfWatch Labs
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on reviewMiltonBiswas8
 
Rishabhcyber security.pptx
Rishabhcyber security.pptxRishabhcyber security.pptx
Rishabhcyber security.pptxRishabhDwivedi70
 
Cysec.pptx
Cysec.pptxCysec.pptx
Cysec.pptxjondon17
 
Presentation 10 (1).pdf
Presentation 10 (1).pdfPresentation 10 (1).pdf
Presentation 10 (1).pdfKARANSINGHD
 
Assign 1_8812814ctm.pptx
Assign 1_8812814ctm.pptxAssign 1_8812814ctm.pptx
Assign 1_8812814ctm.pptxpdevang
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptxMBRoman1
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptxAkshayKhade21
 
Considerazioni su ITC Security e sui Cyber Attacks
Considerazioni su ITC Security e sui Cyber Attacks Considerazioni su ITC Security e sui Cyber Attacks
Considerazioni su ITC Security e sui Cyber Attacks seeweb
 
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptxPradeeshSAI
 
Top 5 Cybersecurity Threats in Retail Industry
Top 5 Cybersecurity Threats in Retail IndustryTop 5 Cybersecurity Threats in Retail Industry
Top 5 Cybersecurity Threats in Retail IndustrySeqrite
 
Internet and Global Connectivity – Security Concerns
Internet and Global Connectivity – Security ConcernsInternet and Global Connectivity – Security Concerns
Internet and Global Connectivity – Security ConcernsAkshay Jain
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityBryCunal
 
Cysecc.pptx
Cysecc.pptxCysecc.pptx
Cysecc.pptxjondon17
 

Ähnlich wie Is6120 data security presentation (20)

Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
 
IoT Devices Expanding Your Digital Footprint
IoT Devices Expanding Your Digital FootprintIoT Devices Expanding Your Digital Footprint
IoT Devices Expanding Your Digital Footprint
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on review
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 
Rishabhcyber security.pptx
Rishabhcyber security.pptxRishabhcyber security.pptx
Rishabhcyber security.pptx
 
Cysec.pptx
Cysec.pptxCysec.pptx
Cysec.pptx
 
Presentation 10 (1).pdf
Presentation 10 (1).pdfPresentation 10 (1).pdf
Presentation 10 (1).pdf
 
Assign 1_8812814ctm.pptx
Assign 1_8812814ctm.pptxAssign 1_8812814ctm.pptx
Assign 1_8812814ctm.pptx
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Considerazioni su ITC Security e sui Cyber Attacks
Considerazioni su ITC Security e sui Cyber Attacks Considerazioni su ITC Security e sui Cyber Attacks
Considerazioni su ITC Security e sui Cyber Attacks
 
Class activity 4
Class activity 4 Class activity 4
Class activity 4
 
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
 
Top 5 Cybersecurity Threats in Retail Industry
Top 5 Cybersecurity Threats in Retail IndustryTop 5 Cybersecurity Threats in Retail Industry
Top 5 Cybersecurity Threats in Retail Industry
 
Unit-3.pptx
Unit-3.pptxUnit-3.pptx
Unit-3.pptx
 
Internet and Global Connectivity – Security Concerns
Internet and Global Connectivity – Security ConcernsInternet and Global Connectivity – Security Concerns
Internet and Global Connectivity – Security Concerns
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cysecc.pptx
Cysecc.pptxCysecc.pptx
Cysecc.pptx
 

Kürzlich hochgeladen

Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
Magic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptxMagic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptxdhanalakshmis0310
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxVishalSingh1417
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxPoojaSen20
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesCeline George
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17Celine George
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseAnaAcapella
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfSherif Taha
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSCeline George
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...pradhanghanshyam7136
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfNirmal Dwivedi
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibitjbellavia9
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 

Kürzlich hochgeladen (20)

Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Magic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptxMagic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptx
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 

Is6120 data security presentation

  • 1. Data Security Greg Ashe Ross Leahy Nicholas Hayes
  • 2. What is Data Security • Some Definitions – the protecting of a database from destructive forces and unwanted actions of unauthorized users. • Some Problems associated with Data Security -Data Tampering -Eavesdropping and Data Theft -Falsifying User Identities -Password-Related Threats -Unauthorized Access to tables and Columns -Unauthorized Access to Data Rows -Lack of Accountability IS6120 Data Security 2
  • 3. Evolution of Data Security – Internet impacts By Ross Leahy
  • 4. • Open reel magnetic tape was introduced in the 1950’s, These tapes could store 5MB to 150MB of data and marked an evolutionary step in data storage and data protection. IS6120 Data Security 4
  • 5. • Physical attacks on data can also be known as tampering • Tampering is a physical action type defined as unauthorized altering or interfering with the normal state or operation of an asset rather than, for instance, altering software or system settings. (Verizon 2011) • Still a Security Threat today due to: • Sensitive Data Left in Plain View Unlocked Accessible Computer Systems Data Loss • Data Cabling Accessible from Public Areas IS6120 Data Security 5
  • 6. New Avenues to steal data • Network • E-mails • Applications • Thirty years ago, the first computer virus appeared. Since then, cybercriminals have created millions of viruses and other malware—email viruses, Trojans, Internet worms, spyware, keystroke loggers—some spreading worldwide and making headlines. • Internet is providing more opportunities for hackers to steal data – Increasing Data theft. IS6120 Data Security 6
  • 7. Data Theft • Data theft is the deliberate theft of information, rather than its accidental loss. Data theft can take place both inside an organization (e.g., by a disgruntled employee), or by criminals outside the organization. • Examples • 2012- Belgian credit provider, Dexia, where demanded to make payment (blackmail) of €150,000 (US$197,000) to prevent hackers from publishing confidential information. • 2011- Sony Corp suffers breaches that place 100M customer accounts at risk, costing the company up to $2 billion. IS6120 Data Security 7
  • 8. What types of threats exist? • A lot of viruses and other malware exist and can be seen here. • More than 403 million unique variants of malware detected by Symantec in 2011 • Malware • A drive-by download • Denial-of-service (DoS) attack • Trojan • Email hoax's – “Good Times” • Phishing • Spear-phishing • SQL Injection IS6120 Data Security 8
  • 9. Definitions of Threats • A drive-by download is the infection of a computer with malware when a user visits a malicious website. Drive-by downloads occur without the knowledge of the user. Simply visiting an infected website may be sufficient for the malware to be downloaded and run on a computer. • SQL Injection is an attack technique used to exploit how web pages communicate with back-end databases. An attacker can issue commands (in the form of specially crafted SQL statements) to a database using input fields on a website. • Spearphishing is targeted phishing using spoof emails to persuade people within a company to reveal sensitive information or credentials. Unlike phishing, which involves mass-emailing, spearphishing is small-scale and well-targeted. IS6120 Data Security 9
  • 10. Security software and hardware • Antivirus software • Firewalls • Device control • Network access control • Application control IS6120 Data Security 10
  • 11. Threat prevention • Firewall acts as a barrier between networks or parts of a network, blocking malicious traffic or preventing hacking attempts. • Anti-malware software can defend you against viruses and other malware threats including Trojans, worms and, depending on the product, spyware. • Anti-spam programs can detect unwanted email and prevent it from reaching user inboxes. • Appliances are a combination of hardware and software security elements in one solution. This lets you plug appliances in rather than installing the software separately. • Intrusion prevention systems (IPS) monitor network and systems for malicious activity. • Network access control (NAC) A NAC solution protects your network and the information on it from the threats posed by users or devices accessing your network. IS6120 Data Security 11
  • 12. Ensure data protection • Encrypt your computers, emails and other devices and use firewall • Use device and application control • Only allow compliant computers to access your network. • Implement outbound content controls • Disable AutoRun functionality- In February 2011 Microsoft automatically disabled AutoRun, preventing malware from copying itself to host computers and shared network drives from devices such as USB drives. • With more than 403 million unique variants of malware detected by Symantec in 2011, enterprises should be updating security virus and intrusion prevention definitions at least daily, if not multiple times a day. IS6120 Data Security 12
  • 13. What is Mobile Computing? • A generic term used to refer to a variety of devices that allow people to access data and information from where ever they are • Mobile Computing embraces a host of portable technologies that makes internet access on the go not only possible, but integral to every day life • A recent Gartner report claimed that “Mobile Computing is the future” • Report also suggests that mobile phones will overtake PCs as the most common web access device worldwide IS6120 Data Security 13
  • 14. Security Risks of Mobile Computing • Fishnet Security survey found that Mobile Computing is the top security concern for 18% organizations 35% Mobile Computing Social Networks • Of the professionals 20% Other surveyed: Cloud Computing  35% Mobile Computing 27%  27% Social Networks  20% Other  18% Cloud Computing IS6120 Data Security 14
  • 15. Security Risks of Mobile Computing • The popularity of mobile computing is accelerating, as their sales reach a critical mass smartphones and tablets will become prime targets of malware attacks • There’s now more than 1 billion active Smartphones, that’s one for every seven people on the planet • As with any computing solution, tablet PC’s and Smartphones are exposed to software threats • However, Mobile brings additional risks like theft or accidental loss where sensitive data can be lost IS6120 Data Security 15
  • 16. Bring Your Own Device (BYOD) • The idea behind BYOD is that users can use a personal device such as a Tablet or Smartphone for both personal and business use • This scenario of users bringing in their own devices to connect to a corporate network could result in malware spreading through the corporate network • BYOD multiplies the number of networks, applications, and end-points through which data is accessed • Moving data across different devices and networks is increasing security risks by opening sensitive corporate data to leaks and attacks • This has led to some people dubbing BYOD as “Bring Your Own Disaster” IS6120 Data Security 16
  • 17. The Issue With Mobile Browsers • On Mobile Browsers, even experts have trouble determining the legitimacy of a website due to a lack of an icon that shows the browser is using Secure Sockets Layer (SSL) • These icons, which are present on almost all desktop browsers, quickly tells users if the site is secure and legitimate eg. The padlock icon • Once developers figure out a smart and consistent way to implement SSL, everyone will be more secure and better served IS6120 Data Security 17
  • 18. Mobile Payments • Despite convenient and futuristic qualities, the mobile platform not designed as a secure application environment • Lots of sensitive data stored or entered in your Smartphone and because it is connected to the internet at all times, Smartphone at great risk for malware designed to grab sensitive information IS6120 Data Security 18
  • 19. Example: NASA Data Security Breach • Last year, data breaches occurred in the space agency NASA as a result of the theft of 48 portable electronic devices • Among the data compromised were International Space Station command-and-control codes and employees’ personal information • As a result NASA has enacted new policies including mandatory full- disk encryption for NASA-issued computers that go off the premises • In addition, NASA will forbid employees from storing sensitive information on mobile devices such as Smartphones and Tablets IS6120 Data Security 19
  • 20. Possible Steps to Minimise Security Risks • You’ll never eliminate all of the potential risks, but you can minimise the threats 1) Know your hardware and operating systems 2) Think before you store 3) Shop for Apps securely 4) Install updates IS6120 Data Security 20
  • 21. Social Networks – Problems with Security & Data Privacy • Use of the internet is changing • Huge growth in the volume of personal information being shared on the web • Huge opportunities for businesses IS6120 Data Security 21
  • 22. Issues with Social Networks • Personal Information • National incentives are ineffective IS6120 Data Security 22
  • 23. Security Issues in the Future of Social Networking 1. Storage of personal data 2. Tools for managing personal data and how it is viewed 3. Access control to personal data based on credentials 4. Tools for finding out who has accessed personal data IS6120 Data Security 23
  • 24. Examples of Social Networking Sites IS6120 Data Security 24
  • 25. Examples of Social Networking Sites • “Just received a job offer. Hooray!” • “I’m tired of all the rain.” • “Looking forward to the family vacation next week at Disney World.” IS6120 Data Security 25
  • 26. Clever Boy IS6120 Data Security 26
  • 27. • “The boss just laid off 32 employees. I hear there may be more coming on Wednesday.” • “Rumor has it that the Acme Widgets acquisition fell through.” • “Working to troubleshoot a major software bug we just found.” • “I just posted a funny video of myself frying a rodent at the restaurant where I work.” IS6120 Data Security 27
  • 28. Brad at it again IS6120 Data Security 28
  • 29. How much will providers actually allow the export and open transfer of their data stores? • Social Networking is becoming the preferred way to manage personal data • Identity Theft & Authentication • Web of Trust Techniques IS6120 Data Security 29
  • 31. Possible Steps 1. Each user is issued a token 2. Every time user A is accepted as a friend by a user, token given positive/negative trust training 3. User A suspects User B is not who they say they are 4. User A knows user B personally 5. Scores aggregated IS6120 Data Security 31
  • 32. ..continued 6. Tokens are visible 7. Tokens are transferable 8. Key can be extended Source: http://www.gfi.com/whitepapers/Social_Networking_and_Security_Risks.pdf IS6120 Data Security 32
  • 33. Password Protection • Video explaining password protection: http://www.youtube.com/watch?v=FtqwXzNebeU • Thanks for listening IS6120 Data Security 33