SlideShare ist ein Scribd-Unternehmen logo

InformationSecurity

Als PPTX, PDF herunterladen
learnt
learnt
Bildung
1 von 40
Threats Security Controls Protecting Information System
What is Information Security? Known as InfoSec, which is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (electronic, physical, etc...)
Two major aspects of Information Security: I.T. Security: Sometimes referred to as computer security, Information Technology Security is information security applied to technology (most often some form of computer system). It is worthwhile to note that a computer does not necessarily mean a home desktop. A computer is any device with a processor and some memory.
IT security specialists are almost always found in any major enterprise/establishment due to the nature and value of the data within larger businesses. They are responsible for keeping all of the technology within the company secure from malicious cyber attacks that often attempt to breach into critical private information or gain control of the internal systems.
Two major aspects of information security: Information assurance: The act of ensuring that data is not lost when critical issues arise. These issues include but are not limited to: natural disasters, computer/server malfunction, physical theft, or any other instance where data has the potential of being lost.
• Since most information is stored on computers in our modern era, information assurance is typically dealt with by IT security specialists. • One of the most common methods of providing information assurance is to have an off-site backup of the data in case one of the mentioned issues arise.
Threats to Information System • There are many information security threats that we need to be constantly aware of and protect against in order to ensure our sensitive information remains secure.
Unauthorized Access – Enter at your own risk • The attempted or successful access of information or systems, without permission or rights to do so.  Ensure you have a properly configured firewall, up to date malware prevention software and all software has the latest security updates.  Protect all sensitive information, utilizing encryption where appropriate, and use strong passwords that are changed regularly.
Cyber Espionage – Hey, get off my network! • The act of spying through the use of computers, involving the covert access or ‘hacking’ of company or government networks to obtain sensitive information.  Be alert for social engineering attempts and verify all requests for sensitive information.  Ensure software has the latest security updates, your network is secure and monitor for unusual network behavior.
Malware – You installed what?! • A collective term for malicious software, such as viruses, worms and trojans; designed to infiltrate systems and information for criminal, commercial or destructive purposes.  Ensure you have a properly configured firewall, up to date malware prevention and all software has the latest security updates.  Do not click links or open attachments in emails from unknown senders, visit un-trusted websites or install dubious software.
Data Leakage – I seek what you leak. • The intentional or accidental loss, theft or exposure of sensitive company or personal information  Ensure all sensitive information stored on removable storage media, mobile devices or laptops is encrypted  Be mindful of what you post online, check email recipients before pressing send, and never email sensitive company information to personal email accounts
Mobile Device Attack – Lost, but not forgotten • The malicious attack on, or unauthorized access of mobile devices and the information stored or processed by them; performed wirelessly or through physical possession.  Keep devices with you at all times, encrypt all sensitive data and removable storage media, and use strong passwords.  Avoid connecting to insecure, un-trusted public wireless networks and ensure Bluetooth is in ‘undiscoverable’ mode.
Social Engineering – Go find some other mug • Tricking and manipulating others by phone, email, online or in-person, into divulging sensitive information, in order to access company information or systems.  Verify all requests for sensitive information, no matter how legitimate they may seem, and never share your passwords with anyone – not even the helpdesk.  Never part with sensitive information if in doubt, and report suspected social engineering attempts immediately.
Insiders – I see bad people • An employee or worker with malicious intent to steal sensitive company information, commit fraud or cause damage to company systems or information  Ensure access to sensitive information is restricted to only those that need it and revoke access when no longer required  Report all suspicious activity or workers immediately
Phishing – Think before you link • A form of social engineering, involving the sending of legitimate looking emails aimed at fraudulently extracting sensitive information from recipients, usually to gain access to systems or for identity theft. • Look out for emails containing unexpected or unsolicited requests for sensitive information, or contextually relevant emails from unknown senders. • Never click on suspicious looking links within emails, and report all suspected phishing attempts immediately.
System Compromise – Only the strong survive • A system that has been attacked and taken over by malicious individuals or ‘hackers’, usually through the exploitation of one or more vulnerabilities, and then often used for attacking other systems.  Plug vulnerable holes by ensuring software has the latest security updates and any internally developed software is adequately security reviewed.  Ensure systems are hardened and configured securely, and regularly scan them for vulnerabilities.
Spam – Email someone else • Unsolicited email sent in bulk to many individuals, usually for commercial gain, but increasingly for spreading malware.  Only give your email to those you trust and never post your address online for others to view.  Use a spam filter and never reply to spam emails or click links within them.
Denial of Service – Are you still there? • An intentional or unintentional attack on a system and the information stored on it, rendering the system unavailable and inaccessible to authorized users.  Securely configure and harden all networks and network equipment against known DoS attacks.  Monitor networks through log reviews and the use of intrusion detection or prevention systems
Identity Theft – You will never be me • The theft of an unknowing individual’s personal information, in order to fraudulently assume that individual’s identity to commit a crime, usually for financial gain. • Never provide personal information to un-trusted individuals or websites. • Ensure personal information is protected when stored and securely disposed of when no longer needed.
Protecting Information System 1. Data security is fundamental Data security is crucial to all academic, medical and business operations.  All existing and new business and data processes should include a data security review to be sure data is safe from loss and secured against unauthorized access.
2. Plan ahead Create a plan to review your data security status and policies and create routine processes to access, handle and store the data safely as well as archive unneeded data.  Make sure you and your colleagues know how to respond if you have a data loss or data breach incident.
3. Know what data you have The first step to secure computing is knowing what data you have and what levels of protection are required to keep the data both confidential and safe from loss.
4. Scale down the data Keep only the data you need for routine current business, safely archive or destroy older data, and remove it from all computers and other devices (smart phones, laptops, flash drives, external hard disks).
5. Lock up! Physical security is the key to safe and confidential computing. All the passwords in the world won't get your laptop back if the computer itself is stolen. Back up the data to a safe place in the event of loss.
Information Security Controls Security is generally defined as the freedom from danger or as the condition of safety.  Computer security, specifically, is the protection of data in a system against unauthorized disclosure, modification, or destruction and protection of the computer system itself against unauthorized use, modification, or denial of service.
Physical Controls  It is the use of locks, security guards, badges, alarms, and similar measures to control access to computers, related equipment (including utilities), and the processing facility itself.  In addition, measures are required for protecting computers, related equipment, and their contents from espionage, theft, and destruction or damage by accident, fire, or natural disaster (e.g., floods and earthquakes).
Technical Controls Involves the use of safeguards incorporated in computer hardware, operations or applications software, communications hardware and software, and related devices.  Technical controls are sometimes referred to as logical controls.
Technical Controls  Preventive technical controls are used to prevent unauthorized personnel or programs from gaining remote access to computing resources. Examples of these controls include: o Access control software oAntivirus software oLibrary control systems oPasswords oSmart cards oEncryption oDial-up access control and callback systems
Administrative Controls  Consists of management constraints, operational procedures, accountability procedures, and supplemental administrative controls established to provide an acceptable level of protection for computing resources.  In addition, administrative controls include procedures established to ensure that all personnel who have access to computing resources have the required authorizations and appropriate security clearances.
Administrative Controls  Preventive administrative controls are personnel-oriented techniques for controlling people’s behavior to ensure the confidentiality, integrity, and availability of computing data and programs. Examples of preventive administrative controls include: o Security awareness and technical training o Separation of duties o Procedures for recruiting and terminating employees o Security policies and procedures o Supervision. o Disaster recovery, contingency, and emergency plans o User registration for computer access
Web 2.0  Sites that allow users to do more than just retrieve information.  Instead of merely reading, a user is invited to comment on published articles, or create a user account or profile on the site, which may enable increased participation.  By increasing emphasis on these already-extant capabilities, they encourage the user to rely more on their browser for user interface, application software and file storage facilities.
Web 2.0 This has been called "network as platform" computing. Major features of Web 2.0 include social networking sites, user created Web sites, self-publishing platforms, tagging, and social bookmarking. Users can provide the data that is on a Web 2.0 site and exercise some control over that data.
Web 2.0 Web 2.0 offers all users the same freedom to contribute. While this opens the possibility for serious debate and collaboration, it also increases the incidence of "spamming" and "trolling" by unscrupulous or misanthropic users.
Features of Web 2.0 Technologies  Folksonomy- free classification of information; allows users to collectively classify and find information (e.g. Tagging)  Rich User Experience- dynamic content; responsive to user input  User as a Contributor- information flows two ways between site owner and site user by means of evaluation, review, and commenting  Long tail- services offered on demand basis; profit is realized through monthly service subscriptions more than one-time purchases of goods over the network  User Participation - site users add content for others to see (e.g. Crowdsourcing)
Features of Web 2.0 Technologies  Software as a service - Web 2.0 sites developed API to allow automated usage, such as by an app or mashup  Basic Trust - contributions are available for the world to use, reuse, or re-purpose  Dispersion - content delivery uses multiple channels (e.g. file sharing, permalinks); digital resources and services are sought more than physical goods
Features of Web 2.0 Technologies Web 2.0 can be described in three parts:  Rich Internet application (RIA) — defines the experience brought from desktop to browser whether it is from a graphical point of view or usability point of view.  Web-oriented architecture (WOA) — is a key piece in Web 2.0, which defines how Web 2.0 applications expose their functionality so that other applications can leverage and integrate the functionality providing a set of much richer applications. Examples are feeds, RSS, Web Services, mash-ups.
Features of Web 2.0 Technologies Web 2.0 can be described in three parts: Social Web — defines how Web 2.0 tends to interact much more with the end user and make the end-user an integral part.
Categories of Web 2.0 1. Mashups - sites using existing technologies for an entirely new purpose...like WikiMapia.org.  It takes the functions of a wiki and overlays it with Google Maps for an entirely new kind of map. You can see ProgrammableWeb.com for more mashups. 2. Aggregators - A site or program that gathers data from multiple sources and organizes the information to present in a new, more streamlined or appropriate format. Examples: Digg.com is a top aggregator site. So is Slashdot for the more technical people. And of course our dearly beloved, Google (and any other search engine for that matter) are the mothers of all aggregators.
Categories of Web 2.0 3. Social Networking - Websites focusing on connecting people with other people directly like MySpace. 4. Social Media - User-generated content like blogs or Flickr. 5. Video - Online television such as YouTube. 6. Web Applications - online programs that can do virtually everything your existing software programs can do. Zoho for instance can replace your Microsoft Office programs.

Empfohlen

Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness SnapComms
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best PracticesEvolve IP
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness TrainingDenis kisina
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity AwarenessJoshuaWisniewski3
 

Empfohlen

Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness SnapComms
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best PracticesEvolve IP
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness TrainingDenis kisina
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity AwarenessJoshuaWisniewski3
 
Cyber security
Cyber securityCyber security
Cyber securityBhavin Shah
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness Net at Work
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security RaviPrashant5
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationJamie Proctor-Brassard
 
Basic Security Chapter 1
Basic Security Chapter 1Basic Security Chapter 1
Basic Security Chapter 1AfiqEfendy Zaen
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalAtlantic Training, LLC.
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & PrivacyNawanan Theera-Ampornpunt
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 
Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnKloudLearn
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee TrainingPaige Rasid
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness ProgramBill Gardner
 
Computer security and
Computer security andComputer security and
Computer security andRana Usman Sattar
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 

Weitere ähnliche Inhalte

Was ist angesagt?

Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness Net at Work
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security RaviPrashant5
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationJamie Proctor-Brassard
 
Basic Security Chapter 1
Basic Security Chapter 1Basic Security Chapter 1
Basic Security Chapter 1AfiqEfendy Zaen
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalAtlantic Training, LLC.
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 
Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnKloudLearn
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee TrainingPaige Rasid
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness ProgramBill Gardner
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 

Was ist angesagt? (20)

Cyber security
Cyber securityCyber security
Cyber security
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
Information security
Information securityInformation security
Information security
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training Open
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness Presentation
 
Basic Security Chapter 1
Basic Security Chapter 1Basic Security Chapter 1
Basic Security Chapter 1
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn Hospital
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & Privacy
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
 
Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - Kloudlearn
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness Program
 
Computer security and
Computer security andComputer security and
Computer security and
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 

Andere mochten auch

Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDr. Loganathan R
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityGareth Davies
 
Information security
Information securityInformation security
Information securityLJ PROJECTS
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)Biswajit Bhattacharjee
 
Threats to information security
Threats to information securityThreats to information security
Threats to information securityswapneel07
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness PresentationCristian Mihai
 
Enterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorEnterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorCONFENIS 2012
 
Information system and security control
Information system and security controlInformation system and security control
Information system and security controlCheng Olayvar
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information systemOnline
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.pptDreamMalar
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Information security group presentation ppt
Information security group presentation pptInformation security group presentation ppt
Information security group presentation pptvaishalshah01
 
Understanding High Availability - Introducing the Theory and Concepts of High...
Understanding High Availability - Introducing the Theory and Concepts of High...Understanding High Availability - Introducing the Theory and Concepts of High...
Understanding High Availability - Introducing the Theory and Concepts of High...Astute Systems
 
Business information security requirements
Business information security requirementsBusiness information security requirements
Business information security requirementsgurneyhal
 

Andere mochten auch (20)

Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Information security
Information securityInformation security
Information security
 
Information security management system
Information security management systemInformation security management system
Information security management system
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
 
Threats to information security
Threats to information securityThreats to information security
Threats to information security
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness Presentation
 
Enterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorEnterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking Sector
 
Information system and security control
Information system and security controlInformation system and security control
Information system and security control
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 
Availability and Business Resiliency Strategies
Availability and Business Resiliency StrategiesAvailability and Business Resiliency Strategies
Availability and Business Resiliency Strategies
 
IS sum up 2011
IS sum up 2011IS sum up 2011
IS sum up 2011
 
Information security group presentation ppt
Information security group presentation pptInformation security group presentation ppt
Information security group presentation ppt
 
Understanding High Availability - Introducing the Theory and Concepts of High...
Understanding High Availability - Introducing the Theory and Concepts of High...Understanding High Availability - Introducing the Theory and Concepts of High...
Understanding High Availability - Introducing the Theory and Concepts of High...
 
Sharing of Information
Sharing of InformationSharing of Information
Sharing of Information
 
Business information security requirements
Business information security requirementsBusiness information security requirements
Business information security requirements
 

Ähnlich wie InformationSecurity

Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issuesHaseeb Ahmed Awan
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMANAND MURALI
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedBule Hora University
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)Zara Nawaz
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 
Information Security
Information Security Information Security
Information Security Dio Pratama
 
BCE L-3omputer security Basics.pptx
BCE L-3omputer security Basics.pptxBCE L-3omputer security Basics.pptx
BCE L-3omputer security Basics.pptxKirti Verma
 
20210629_104540Information Security L1.pdf
20210629_104540Information Security L1.pdf20210629_104540Information Security L1.pdf
20210629_104540Information Security L1.pdfShyma Jugesh
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securitySharath Raj
 
Module2_General_Security
Module2_General_SecurityModule2_General_Security
Module2_General_SecurityDulcey Whyte
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...David Menken
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityNcell
 
Computer Security.pptx
Computer Security.pptxComputer Security.pptx
Computer Security.pptxMeesanRaza
 
“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”tunzida045
 
“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”tunzida045
 
Computer security ppt for computer science student.pptx
Computer security ppt for computer science student.pptxComputer security ppt for computer science student.pptx
Computer security ppt for computer science student.pptxdagiabebe267
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsBilalMehmood44
 
BUILDING AWARENESS AND AWARENESS PROGRAM - Vasil Tsvimitidze
BUILDING AWARENESS AND AWARENESS PROGRAM - Vasil TsvimitidzeBUILDING AWARENESS AND AWARENESS PROGRAM - Vasil Tsvimitidze
BUILDING AWARENESS AND AWARENESS PROGRAM - Vasil TsvimitidzeDataExchangeAgency
 

Ähnlich wie InformationSecurity (20)

Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issues
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEM
 
IS Unit II.pptx
IS Unit II.pptxIS Unit II.pptx
IS Unit II.pptx
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganised
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
 
Information Security
Information Security Information Security
Information Security
 
BCE L-3omputer security Basics.pptx
BCE L-3omputer security Basics.pptxBCE L-3omputer security Basics.pptx
BCE L-3omputer security Basics.pptx
 
20210629_104540Information Security L1.pdf
20210629_104540Information Security L1.pdf20210629_104540Information Security L1.pdf
20210629_104540Information Security L1.pdf
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 
Module2_General_Security
Module2_General_SecurityModule2_General_Security
Module2_General_Security
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Computer Security.pptx
Computer Security.pptxComputer Security.pptx
Computer Security.pptx
 
“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”
 
“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”
 
Computer security ppt for computer science student.pptx
Computer security ppt for computer science student.pptxComputer security ppt for computer science student.pptx
Computer security ppt for computer science student.pptx
 
internet securityand cyber law Unit2
internet securityand cyber law Unit2internet securityand cyber law Unit2
internet securityand cyber law Unit2
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
 
BUILDING AWARENESS AND AWARENESS PROGRAM - Vasil Tsvimitidze
BUILDING AWARENESS AND AWARENESS PROGRAM - Vasil TsvimitidzeBUILDING AWARENESS AND AWARENESS PROGRAM - Vasil Tsvimitidze
BUILDING AWARENESS AND AWARENESS PROGRAM - Vasil Tsvimitidze
 

Mehr von learnt

Information System within the Organization
Information System within the OrganizationInformation System within the Organization
Information System within the Organizationlearnt
 
Quiz2FinalPeriod
Quiz2FinalPeriodQuiz2FinalPeriod
Quiz2FinalPeriodlearnt
 
Database Design
Database DesignDatabase Design
Database Designlearnt
 
Quiz1FinalsIS
Quiz1FinalsISQuiz1FinalsIS
Quiz1FinalsISlearnt
 
Gantt- Pert Chart Activities
Gantt- Pert Chart ActivitiesGantt- Pert Chart Activities
Gantt- Pert Chart Activitieslearnt
 
Quiz1FinalPeriod
Quiz1FinalPeriodQuiz1FinalPeriod
Quiz1FinalPeriodlearnt
 
PertGanttchart
PertGanttchartPertGanttchart
PertGanttchartlearnt
 
Feasible
FeasibleFeasible
Feasiblelearnt
 
Quiz1Finals
Quiz1FinalsQuiz1Finals
Quiz1Finalslearnt
 
KindsofSites
KindsofSitesKindsofSites
KindsofSiteslearnt
 
Quiz3midterm
Quiz3midtermQuiz3midterm
Quiz3midtermlearnt
 
modelingtools
modelingtoolsmodelingtools
modelingtoolslearnt
 
Decision exercises
Decision exercisesDecision exercises
Decision exerciseslearnt
 
Event handling in netbeans ide
Event handling in netbeans ideEvent handling in netbeans ide
Event handling in netbeans idelearnt
 
Kwiz2 midterm
Kwiz2 midtermKwiz2 midterm
Kwiz2 midtermlearnt
 
Modelingprogramstructure
ModelingprogramstructureModelingprogramstructure
Modelingprogramstructurelearnt
 
Quiz2 midterm
Quiz2 midtermQuiz2 midterm
Quiz2 midtermlearnt
 
Web browsers
Web browsersWeb browsers
Web browserslearnt
 

Mehr von learnt (20)

Information System within the Organization
Information System within the OrganizationInformation System within the Organization
Information System within the Organization
 
Quiz2FinalPeriod
Quiz2FinalPeriodQuiz2FinalPeriod
Quiz2FinalPeriod
 
Database Design
Database DesignDatabase Design
Database Design
 
Quiz1FinalsIS
Quiz1FinalsISQuiz1FinalsIS
Quiz1FinalsIS
 
EBuss
EBussEBuss
EBuss
 
Gantt- Pert Chart Activities
Gantt- Pert Chart ActivitiesGantt- Pert Chart Activities
Gantt- Pert Chart Activities
 
Quiz1FinalPeriod
Quiz1FinalPeriodQuiz1FinalPeriod
Quiz1FinalPeriod
 
PertGanttchart
PertGanttchartPertGanttchart
PertGanttchart
 
Feasible
FeasibleFeasible
Feasible
 
Html1
Html1Html1
Html1
 
Quiz1Finals
Quiz1FinalsQuiz1Finals
Quiz1Finals
 
KindsofSites
KindsofSitesKindsofSites
KindsofSites
 
Quiz3midterm
Quiz3midtermQuiz3midterm
Quiz3midterm
 
modelingtools
modelingtoolsmodelingtools
modelingtools
 
Decision exercises
Decision exercisesDecision exercises
Decision exercises
 
Event handling in netbeans ide
Event handling in netbeans ideEvent handling in netbeans ide
Event handling in netbeans ide
 
Kwiz2 midterm
Kwiz2 midtermKwiz2 midterm
Kwiz2 midterm
 
Modelingprogramstructure
ModelingprogramstructureModelingprogramstructure
Modelingprogramstructure
 
Quiz2 midterm
Quiz2 midtermQuiz2 midterm
Quiz2 midterm
 
Web browsers
Web browsersWeb browsers
Web browsers
 

Kürzlich hochgeladen

Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomPooky Knightsmith
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxJisc
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsKarakKing
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxPooja Bhuva
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxDr. Ravikiran H M Gowda
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jisc
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxEsquimalt MFRC
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Pooja Bhuva
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxPooja Bhuva
 
Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxPlant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxUmeshTimilsina1
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - Englishneillewis46
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024Elizabeth Walsh
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxannathomasp01
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...Nguyen Thanh Tu Collection
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibitjbellavia9
 

Kürzlich hochgeladen (20)

Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxPlant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptx
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 

InformationSecurity

  • 1. Threats Security Controls Protecting Information System
  • 2. What is Information Security? Known as InfoSec, which is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (electronic, physical, etc...)
  • 3. Two major aspects of Information Security: I.T. Security: Sometimes referred to as computer security, Information Technology Security is information security applied to technology (most often some form of computer system). It is worthwhile to note that a computer does not necessarily mean a home desktop. A computer is any device with a processor and some memory.
  • 4. IT security specialists are almost always found in any major enterprise/establishment due to the nature and value of the data within larger businesses. They are responsible for keeping all of the technology within the company secure from malicious cyber attacks that often attempt to breach into critical private information or gain control of the internal systems.
  • 5. Two major aspects of information security: Information assurance: The act of ensuring that data is not lost when critical issues arise. These issues include but are not limited to: natural disasters, computer/server malfunction, physical theft, or any other instance where data has the potential of being lost.
  • 6. • Since most information is stored on computers in our modern era, information assurance is typically dealt with by IT security specialists. • One of the most common methods of providing information assurance is to have an off-site backup of the data in case one of the mentioned issues arise.
  • 7. Threats to Information System • There are many information security threats that we need to be constantly aware of and protect against in order to ensure our sensitive information remains secure.
  • 8. Unauthorized Access – Enter at your own risk • The attempted or successful access of information or systems, without permission or rights to do so.  Ensure you have a properly configured firewall, up to date malware prevention software and all software has the latest security updates.  Protect all sensitive information, utilizing encryption where appropriate, and use strong passwords that are changed regularly.
  • 9. Cyber Espionage – Hey, get off my network! • The act of spying through the use of computers, involving the covert access or ‘hacking’ of company or government networks to obtain sensitive information.  Be alert for social engineering attempts and verify all requests for sensitive information.  Ensure software has the latest security updates, your network is secure and monitor for unusual network behavior.
  • 10. Malware – You installed what?! • A collective term for malicious software, such as viruses, worms and trojans; designed to infiltrate systems and information for criminal, commercial or destructive purposes.  Ensure you have a properly configured firewall, up to date malware prevention and all software has the latest security updates.  Do not click links or open attachments in emails from unknown senders, visit un-trusted websites or install dubious software.
  • 11. Data Leakage – I seek what you leak. • The intentional or accidental loss, theft or exposure of sensitive company or personal information  Ensure all sensitive information stored on removable storage media, mobile devices or laptops is encrypted  Be mindful of what you post online, check email recipients before pressing send, and never email sensitive company information to personal email accounts
  • 12. Mobile Device Attack – Lost, but not forgotten • The malicious attack on, or unauthorized access of mobile devices and the information stored or processed by them; performed wirelessly or through physical possession.  Keep devices with you at all times, encrypt all sensitive data and removable storage media, and use strong passwords.  Avoid connecting to insecure, un-trusted public wireless networks and ensure Bluetooth is in ‘undiscoverable’ mode.
  • 13. Social Engineering – Go find some other mug • Tricking and manipulating others by phone, email, online or in-person, into divulging sensitive information, in order to access company information or systems.  Verify all requests for sensitive information, no matter how legitimate they may seem, and never share your passwords with anyone – not even the helpdesk.  Never part with sensitive information if in doubt, and report suspected social engineering attempts immediately.
  • 14. Insiders – I see bad people • An employee or worker with malicious intent to steal sensitive company information, commit fraud or cause damage to company systems or information  Ensure access to sensitive information is restricted to only those that need it and revoke access when no longer required  Report all suspicious activity or workers immediately
  • 15. Phishing – Think before you link • A form of social engineering, involving the sending of legitimate looking emails aimed at fraudulently extracting sensitive information from recipients, usually to gain access to systems or for identity theft. • Look out for emails containing unexpected or unsolicited requests for sensitive information, or contextually relevant emails from unknown senders. • Never click on suspicious looking links within emails, and report all suspected phishing attempts immediately.
  • 16. System Compromise – Only the strong survive • A system that has been attacked and taken over by malicious individuals or ‘hackers’, usually through the exploitation of one or more vulnerabilities, and then often used for attacking other systems.  Plug vulnerable holes by ensuring software has the latest security updates and any internally developed software is adequately security reviewed.  Ensure systems are hardened and configured securely, and regularly scan them for vulnerabilities.
  • 17. Spam – Email someone else • Unsolicited email sent in bulk to many individuals, usually for commercial gain, but increasingly for spreading malware.  Only give your email to those you trust and never post your address online for others to view.  Use a spam filter and never reply to spam emails or click links within them.
  • 18. Denial of Service – Are you still there? • An intentional or unintentional attack on a system and the information stored on it, rendering the system unavailable and inaccessible to authorized users.  Securely configure and harden all networks and network equipment against known DoS attacks.  Monitor networks through log reviews and the use of intrusion detection or prevention systems
  • 19. Identity Theft – You will never be me • The theft of an unknowing individual’s personal information, in order to fraudulently assume that individual’s identity to commit a crime, usually for financial gain. • Never provide personal information to un-trusted individuals or websites. • Ensure personal information is protected when stored and securely disposed of when no longer needed.
  • 20. Protecting Information System 1. Data security is fundamental Data security is crucial to all academic, medical and business operations.  All existing and new business and data processes should include a data security review to be sure data is safe from loss and secured against unauthorized access.
  • 21. 2. Plan ahead Create a plan to review your data security status and policies and create routine processes to access, handle and store the data safely as well as archive unneeded data.  Make sure you and your colleagues know how to respond if you have a data loss or data breach incident.
  • 22. 3. Know what data you have The first step to secure computing is knowing what data you have and what levels of protection are required to keep the data both confidential and safe from loss.
  • 23. 4. Scale down the data Keep only the data you need for routine current business, safely archive or destroy older data, and remove it from all computers and other devices (smart phones, laptops, flash drives, external hard disks).
  • 24. 5. Lock up! Physical security is the key to safe and confidential computing. All the passwords in the world won't get your laptop back if the computer itself is stolen. Back up the data to a safe place in the event of loss.
  • 25. Information Security Controls Security is generally defined as the freedom from danger or as the condition of safety.  Computer security, specifically, is the protection of data in a system against unauthorized disclosure, modification, or destruction and protection of the computer system itself against unauthorized use, modification, or denial of service.
  • 26. Physical Controls  It is the use of locks, security guards, badges, alarms, and similar measures to control access to computers, related equipment (including utilities), and the processing facility itself.  In addition, measures are required for protecting computers, related equipment, and their contents from espionage, theft, and destruction or damage by accident, fire, or natural disaster (e.g., floods and earthquakes).
  • 27. Technical Controls Involves the use of safeguards incorporated in computer hardware, operations or applications software, communications hardware and software, and related devices.  Technical controls are sometimes referred to as logical controls.
  • 28. Technical Controls  Preventive technical controls are used to prevent unauthorized personnel or programs from gaining remote access to computing resources. Examples of these controls include: o Access control software oAntivirus software oLibrary control systems oPasswords oSmart cards oEncryption oDial-up access control and callback systems
  • 29. Administrative Controls  Consists of management constraints, operational procedures, accountability procedures, and supplemental administrative controls established to provide an acceptable level of protection for computing resources.  In addition, administrative controls include procedures established to ensure that all personnel who have access to computing resources have the required authorizations and appropriate security clearances.
  • 30. Administrative Controls  Preventive administrative controls are personnel-oriented techniques for controlling people’s behavior to ensure the confidentiality, integrity, and availability of computing data and programs. Examples of preventive administrative controls include: o Security awareness and technical training o Separation of duties o Procedures for recruiting and terminating employees o Security policies and procedures o Supervision. o Disaster recovery, contingency, and emergency plans o User registration for computer access
  • 31.
  • 32. Web 2.0  Sites that allow users to do more than just retrieve information.  Instead of merely reading, a user is invited to comment on published articles, or create a user account or profile on the site, which may enable increased participation.  By increasing emphasis on these already-extant capabilities, they encourage the user to rely more on their browser for user interface, application software and file storage facilities.
  • 33. Web 2.0 This has been called "network as platform" computing. Major features of Web 2.0 include social networking sites, user created Web sites, self-publishing platforms, tagging, and social bookmarking. Users can provide the data that is on a Web 2.0 site and exercise some control over that data.
  • 34. Web 2.0 Web 2.0 offers all users the same freedom to contribute. While this opens the possibility for serious debate and collaboration, it also increases the incidence of "spamming" and "trolling" by unscrupulous or misanthropic users.
  • 35. Features of Web 2.0 Technologies  Folksonomy- free classification of information; allows users to collectively classify and find information (e.g. Tagging)  Rich User Experience- dynamic content; responsive to user input  User as a Contributor- information flows two ways between site owner and site user by means of evaluation, review, and commenting  Long tail- services offered on demand basis; profit is realized through monthly service subscriptions more than one-time purchases of goods over the network  User Participation - site users add content for others to see (e.g. Crowdsourcing)
  • 36. Features of Web 2.0 Technologies  Software as a service - Web 2.0 sites developed API to allow automated usage, such as by an app or mashup  Basic Trust - contributions are available for the world to use, reuse, or re-purpose  Dispersion - content delivery uses multiple channels (e.g. file sharing, permalinks); digital resources and services are sought more than physical goods
  • 37. Features of Web 2.0 Technologies Web 2.0 can be described in three parts:  Rich Internet application (RIA) — defines the experience brought from desktop to browser whether it is from a graphical point of view or usability point of view.  Web-oriented architecture (WOA) — is a key piece in Web 2.0, which defines how Web 2.0 applications expose their functionality so that other applications can leverage and integrate the functionality providing a set of much richer applications. Examples are feeds, RSS, Web Services, mash-ups.
  • 38. Features of Web 2.0 Technologies Web 2.0 can be described in three parts: Social Web — defines how Web 2.0 tends to interact much more with the end user and make the end-user an integral part.
  • 39. Categories of Web 2.0 1. Mashups - sites using existing technologies for an entirely new purpose...like WikiMapia.org.  It takes the functions of a wiki and overlays it with Google Maps for an entirely new kind of map. You can see ProgrammableWeb.com for more mashups. 2. Aggregators - A site or program that gathers data from multiple sources and organizes the information to present in a new, more streamlined or appropriate format. Examples: Digg.com is a top aggregator site. So is Slashdot for the more technical people. And of course our dearly beloved, Google (and any other search engine for that matter) are the mothers of all aggregators.
  • 40. Categories of Web 2.0 3. Social Networking - Websites focusing on connecting people with other people directly like MySpace. 4. Social Media - User-generated content like blogs or Flickr. 5. Video - Online television such as YouTube. 6. Web Applications - online programs that can do virtually everything your existing software programs can do. Zoho for instance can replace your Microsoft Office programs.