SlideShare ist ein Scribd-Unternehmen logo

Improve Cybersecurity with Deterrence, Awareness, Procedures & Logging

Als PPTX, PDF herunterladen
S
sommerville-videos

Discusses individual and organisational strategies to improve cybersecurity Accompanies YouTube video

Technologie
1 von 27
Making systems more secure • Strategies that can be used to improve cybersecurity Making systems more secure, 2013 Slide 1
Improving cybersecurity • Deterrence – • Increase the costs of making an attack on your systems Awareness – Improve awareness of all system users of security risks and types of attack Making systems more secure, 2013 Slide 2
Improving cybersecurity • Procedures – • Design realistic security procedures that can be followed by everyone in an organisation (including the boss) Monitoring and logging – Monitor and log all system operations Making systems more secure, 2013 Slide 3
Deterrence • It is impossible to develop a completely secure personal, business and government system. If an attacker has unlimited resources and motivation, it will always be possible to invoke some attacks on a given system. Making systems more secure, 2013 Slide 4
Deterrence • However, attackers NEVER have unlimited resources and motivation so, an aim of security is to increase the costs of making a successful attack to such an extent that attackers will (a) be deterred from attacking and (b) will abandon attempted attacks before they are successful Making systems more secure, 2013 Slide 5
Diverse authentication systems • Use strong passwords and multiple forms of authentication • Login/password + personal question or biometric • Attacker has to break two levels of authentication to gain access Making systems more secure, 2013 Slide 6
Firewalls Making systems more secure, 2013 Slide 7
Encryption • Use https protocol to encrypt information whilst in transit across the Internet • Encrypt confidential information stored on your system Making systems more secure, 2013 Slide 8
Password security Making systems more secure, 2013 Slide 9
Password security • Password strength measurement – https://passfault.appspot.com/password_stre ngth.html#menu • Calculates how long it would take to break a password using a brute force attack, using a standard PC Making systems more secure, 2013 Slide 10
Making systems more secure, 2013 Slide 11
Making systems more secure, 2013 Slide 12
Making systems more secure, 2013 Slide 13
Making systems more secure, 2013 Slide 14
Encryption • Encryption is the process of encoding information in such a way that it is not directly readable. A key is required to decrypt the information and understand it • A systematic transformation is applied to the information, based on the key, to transform it to a different form. • The original information can only be recovered if the reader has the key that can be used to reverse the transformation Making systems more secure, 2013 Slide 15
Example of encryption here Making systems more secure, 2013 Slide 16
• Used sensibly, encryption can contribute to cybersecurity improvement but is not an answer in itself – Security of encryption keys – Inconvenience of encryption leads to patchy utilisation and user frustration – Risk of key loss or corruption – information is completely lost (and backups don’t help) – Can make recovery more difficult Making systems more secure, 2013 Slide 17
Awareness • Educate users into the importance of cyber security and provide information that supports their secure use of computer systems • Be open about incidents that may have occurred Making systems more secure, 2013 Slide 18
Awareness • Take into account how people really are rather than how you might like them to be • People have human failings and inevitably will make mistakes Making systems more secure, 2013 Slide 19
• Bad security advice – Many security guidelines and rules are unrealistic and cannot be followed in practice by users – Use a different password for every website you visit Making systems more secure, 2013 Slide 20
• Good security advice – If you use the same password for everything, an attacker can get access to your accounts if they find that out – Use a different passwords for all online bank accounts and only reuse passwords when you don’t really care about the accounts Making systems more secure, 2013 Slide 21
Procedures • Businesses should design appropriate procedures based around the value of the assets that are being protected • If you simply apply the most secure procedures to all information, this will disrupt work and users are more likely to try to circumvent these procedures Making systems more secure, 2013 Slide 22
• If information is not confidential, then it often makes sense to make it public • This reduces the need for users to authenticate to access the information Making systems more secure, 2013 Slide 23
• Cybersecurity awareness procedures for all staff including the most senior management • Recognise reality – people will use phones and tablets and derive procedures for their safe use Making systems more secure, 2013 Slide 24
Monitoring and logging • Monitoring and logging means that you record all user actions and so keep track of all accesses to the system Making systems more secure, 2013 Slide 25
• Use tools to scan log frequently looking for anomalies • Can be an important deterrent to insider attacks if attackers know that they have a chance of being discovered through the logging system Making systems more secure, 2013 Slide 26
Summary • Improving cybersecurity depends on – Deterrence – Awareness – Effective procedures – Monitoring and logging Making systems more secure, 2013 Slide 27

Empfohlen

Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecuritysommerville-videos
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issuesommerville-videos
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
System safety
System safetySystem safety
System safetysommerville-videos
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causessommerville-videos
 
Bl cybersecurity z_dooly
Bl cybersecurity z_doolyBl cybersecurity z_dooly
Bl cybersecurity z_doolyzdooly
 
Infrastructure resilience
Infrastructure resilienceInfrastructure resilience
Infrastructure resiliencesommerville-videos
 
Ics & computer security for nuclear facilities
Ics & computer security for nuclear facilitiesIcs & computer security for nuclear facilities
Ics & computer security for nuclear facilitiesomriyad
 

Empfohlen

Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecuritysommerville-videos
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issuesommerville-videos
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
System safety
System safetySystem safety
System safetysommerville-videos
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causessommerville-videos
 
Bl cybersecurity z_dooly
Bl cybersecurity z_doolyBl cybersecurity z_dooly
Bl cybersecurity z_doolyzdooly
 
Infrastructure resilience
Infrastructure resilienceInfrastructure resilience
Infrastructure resiliencesommerville-videos
 
Ics & computer security for nuclear facilities
Ics & computer security for nuclear facilitiesIcs & computer security for nuclear facilities
Ics & computer security for nuclear facilitiesomriyad
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 ChallengesLeandro Bennaton
 
Computer security
Computer securityComputer security
Computer securityabdulrehman1673
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesWAJAHAT IQBAL
 
Cyber security
Cyber securityCyber security
Cyber securityRavikantGautam8
 
Tonex Cybersecurity Fundamentals, Cybersecurity Training and Certification
Tonex Cybersecurity Fundamentals, Cybersecurity Training and CertificationTonex Cybersecurity Fundamentals, Cybersecurity Training and Certification
Tonex Cybersecurity Fundamentals, Cybersecurity Training and CertificationBryan Len
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityPECB
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Donald E. Hester
 
security and ethical challenges in information systems
security and ethical challenges in information systemssecurity and ethical challenges in information systems
security and ethical challenges in information systemshilal12
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environmentEvan Francen
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Cyber security-briefing-presentation
Cyber security-briefing-presentationCyber security-briefing-presentation
Cyber security-briefing-presentationsathiyamaha
 
Cat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsCat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsSimeon Ogao
 
An introduction to cyber security by cyber security infotech pvt ltd(csi)
An introduction to cyber security by cyber security infotech pvt ltd(csi)An introduction to cyber security by cyber security infotech pvt ltd(csi)
An introduction to cyber security by cyber security infotech pvt ltd(csi)Cyber Security Infotech
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
The Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsThe Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsMercury Solutions Limited
 
What every executive needs to know about information technology security
What every executive needs to know about information technology securityWhat every executive needs to know about information technology security
What every executive needs to know about information technology securityLegal Services National Technology Assistance Project (LSNTAP)
 
information security technology
information security technologyinformation security technology
information security technologygarimasagar
 
Critical systems intro
Critical systems introCritical systems intro
Critical systems introsommerville-videos
 
Maroochy water breach
Maroochy water breachMaroochy water breach
Maroochy water breachsommerville-videos
 
System security
System securitySystem security
System securitysommerville-videos
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 ChallengesLeandro Bennaton
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesWAJAHAT IQBAL
 
Tonex Cybersecurity Fundamentals, Cybersecurity Training and Certification
Tonex Cybersecurity Fundamentals, Cybersecurity Training and CertificationTonex Cybersecurity Fundamentals, Cybersecurity Training and Certification
Tonex Cybersecurity Fundamentals, Cybersecurity Training and CertificationBryan Len
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityPECB
 
Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Donald E. Hester
 
security and ethical challenges in information systems
security and ethical challenges in information systemssecurity and ethical challenges in information systems
security and ethical challenges in information systemshilal12
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environmentEvan Francen
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Cyber security-briefing-presentation
Cyber security-briefing-presentationCyber security-briefing-presentation
Cyber security-briefing-presentationsathiyamaha
 
Cat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsCat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsSimeon Ogao
 
An introduction to cyber security by cyber security infotech pvt ltd(csi)
An introduction to cyber security by cyber security infotech pvt ltd(csi)An introduction to cyber security by cyber security infotech pvt ltd(csi)
An introduction to cyber security by cyber security infotech pvt ltd(csi)Cyber Security Infotech
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
The Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsThe Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsMercury Solutions Limited
 
information security technology
information security technologyinformation security technology
information security technologygarimasagar
 

Was ist angesagt? (19)

Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
 
Computer security
Computer securityComputer security
Computer security
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practises
 
Cyber security
Cyber securityCyber security
Cyber security
 
Tonex Cybersecurity Fundamentals, Cybersecurity Training and Certification
Tonex Cybersecurity Fundamentals, Cybersecurity Training and CertificationTonex Cybersecurity Fundamentals, Cybersecurity Training and Certification
Tonex Cybersecurity Fundamentals, Cybersecurity Training and Certification
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information Security
 
Information security
Information securityInformation security
Information security
 
Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001
 
security and ethical challenges in information systems
security and ethical challenges in information systemssecurity and ethical challenges in information systems
security and ethical challenges in information systems
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Cyber security-briefing-presentation
Cyber security-briefing-presentationCyber security-briefing-presentation
Cyber security-briefing-presentation
 
Cat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsCat21:Development Mangement Information Systems
Cat21:Development Mangement Information Systems
 
An introduction to cyber security by cyber security infotech pvt ltd(csi)
An introduction to cyber security by cyber security infotech pvt ltd(csi)An introduction to cyber security by cyber security infotech pvt ltd(csi)
An introduction to cyber security by cyber security infotech pvt ltd(csi)
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
The Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsThe Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security Certifications
 
What every executive needs to know about information technology security
What every executive needs to know about information technology securityWhat every executive needs to know about information technology security
What every executive needs to know about information technology security
 
information security technology
information security technologyinformation security technology
information security technology
 

Andere mochten auch

Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causessommerville-videos
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issuesommerville-videos
 
Introduction to systems of systems
Introduction to systems of systemsIntroduction to systems of systems
Introduction to systems of systemssommerville-videos
 
Critical national infrastructure
Critical national infrastructureCritical national infrastructure
Critical national infrastructuresommerville-videos
 
Cybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurityCybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecuritysommerville-videos
 
System of systems classification
System of systems classificationSystem of systems classification
System of systems classificationsommerville-videos
 
Requirements engineering processes
Requirements engineering processesRequirements engineering processes
Requirements engineering processessommerville-videos
 

Andere mochten auch (20)

Critical systems intro
Critical systems introCritical systems intro
Critical systems intro
 
Maroochy water breach
Maroochy water breachMaroochy water breach
Maroochy water breach
 
System security
System securitySystem security
System security
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causes
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issue
 
Infrastructure dependability
Infrastructure dependabilityInfrastructure dependability
Infrastructure dependability
 
Infrastructure control
Infrastructure controlInfrastructure control
Infrastructure control
 
Introduction to systems of systems
Introduction to systems of systemsIntroduction to systems of systems
Introduction to systems of systems
 
Critical national infrastructure
Critical national infrastructureCritical national infrastructure
Critical national infrastructure
 
Cybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurityCybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurity
 
System success and failure
System success and failureSystem success and failure
System success and failure
 
Warsaw airbus accident
Warsaw airbus accidentWarsaw airbus accident
Warsaw airbus accident
 
Reuse landscape
Reuse landscapeReuse landscape
Reuse landscape
 
Intro to requirements eng.
Intro to requirements eng.Intro to requirements eng.
Intro to requirements eng.
 
Scada security
Scada securityScada security
Scada security
 
System of systems classification
System of systems classificationSystem of systems classification
System of systems classification
 
Cybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacksCybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacks
 
Scaling agile
Scaling agileScaling agile
Scaling agile
 
Requirements engineering processes
Requirements engineering processesRequirements engineering processes
Requirements engineering processes
 
System dependability
System dependabilitySystem dependability
System dependability
 

Ähnlich wie Improve Cybersecurity with Deterrence, Awareness, Procedures & Logging

Net essentials6e ch10
Net essentials6e ch10Net essentials6e ch10
Net essentials6e ch10APSU
 
Principles for Secure Design and Software Security
Principles for Secure Design and Software Security Principles for Secure Design and Software Security
Principles for Secure Design and Software Security Mona Rajput
 
1_Introduction to security.pptx
1_Introduction to security.pptx1_Introduction to security.pptx
1_Introduction to security.pptxdiaa46
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMuhammad Asim
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsAndrew S. Baker (ASB)
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineeringaizazhussain234
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptxPiyush Jain
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxLokNathRegmi1
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 
Engineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacyEngineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacysoftware-engineering-book
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...Robert Parker
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...Leif Davidsen
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principlesDivya Tiwari
 

Ähnlich wie Improve Cybersecurity with Deterrence, Awareness, Procedures & Logging (20)

Net essentials6e ch10
Net essentials6e ch10Net essentials6e ch10
Net essentials6e ch10
 
Principles for Secure Design and Software Security
Principles for Secure Design and Software Security Principles for Secure Design and Software Security
Principles for Secure Design and Software Security
 
1_Introduction to security.pptx
1_Introduction to security.pptx1_Introduction to security.pptx
1_Introduction to security.pptx
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and Tools
 
02.security systems
02.security systems02.security systems
02.security systems
 
9780840024220 ppt ch05
9780840024220 ppt ch059780840024220 ppt ch05
9780840024220 ppt ch05
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
 
Security Design Principles.ppt
Security Design Principles.ppt Security Design Principles.ppt
Security Design Principles.ppt
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptx
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptx
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 
Engineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacyEngineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacy
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...
 
9780840024220 ppt ch01
9780840024220 ppt ch019780840024220 ppt ch01
9780840024220 ppt ch01
 
Security Design Concepts
Security Design ConceptsSecurity Design Concepts
Security Design Concepts
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principles
 
ppt ch18
ppt ch18ppt ch18
ppt ch18
 

Mehr von sommerville-videos

Architectural patterns for real-time systems
Architectural patterns for real-time systemsArchitectural patterns for real-time systems
Architectural patterns for real-time systemssommerville-videos
 
Introduction to real time software systems script
Introduction to real time software systems scriptIntroduction to real time software systems script
Introduction to real time software systems scriptsommerville-videos
 
Agile methods for large systems
Agile methods for large systemsAgile methods for large systems
Agile methods for large systemssommerville-videos
 
Agile and plan based development processes
Agile and plan based development processesAgile and plan based development processes
Agile and plan based development processessommerville-videos
 
Fundamental software engineering activities
Fundamental software engineering activitiesFundamental software engineering activities
Fundamental software engineering activitiessommerville-videos
 
Introducing Software Engineering
Introducing Software EngineeringIntroducing Software Engineering
Introducing Software Engineeringsommerville-videos
 
Stakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernsStakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernssommerville-videos
 
Requirements engineering challenges
Requirements engineering challengesRequirements engineering challenges
Requirements engineering challengessommerville-videos
 
Introducing sociotechnical systems
Introducing sociotechnical systemsIntroducing sociotechnical systems
Introducing sociotechnical systemssommerville-videos
 

Mehr von sommerville-videos (16)

Architectural patterns for real-time systems
Architectural patterns for real-time systemsArchitectural patterns for real-time systems
Architectural patterns for real-time systems
 
Introduction to real time software systems script
Introduction to real time software systems scriptIntroduction to real time software systems script
Introduction to real time software systems script
 
Agile methods for large systems
Agile methods for large systemsAgile methods for large systems
Agile methods for large systems
 
User stories
User storiesUser stories
User stories
 
Agile and plan based development processes
Agile and plan based development processesAgile and plan based development processes
Agile and plan based development processes
 
Fundamental software engineering activities
Fundamental software engineering activitiesFundamental software engineering activities
Fundamental software engineering activities
 
Introducing Software Engineering
Introducing Software EngineeringIntroducing Software Engineering
Introducing Software Engineering
 
Why se script
Why se scriptWhy se script
Why se script
 
Ariane 5 launcher failure
Ariane 5 launcher failure Ariane 5 launcher failure
Ariane 5 launcher failure
 
Airbus Flight Control System
Airbus Flight Control SystemAirbus Flight Control System
Airbus Flight Control System
 
Stakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernsStakeholders, viewpoints and concerns
Stakeholders, viewpoints and concerns
 
Requirements engineering challenges
Requirements engineering challengesRequirements engineering challenges
Requirements engineering challenges
 
Emergent properties
Emergent propertiesEmergent properties
Emergent properties
 
Introducing sociotechnical systems
Introducing sociotechnical systemsIntroducing sociotechnical systems
Introducing sociotechnical systems
 
Availability and reliability
Availability and reliabilityAvailability and reliability
Availability and reliability
 
Critical systems engineering
Critical systems engineeringCritical systems engineering
Critical systems engineering
 

Kürzlich hochgeladen

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Kürzlich hochgeladen (20)

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Improve Cybersecurity with Deterrence, Awareness, Procedures & Logging

  • 1. Making systems more secure • Strategies that can be used to improve cybersecurity Making systems more secure, 2013 Slide 1
  • 2. Improving cybersecurity • Deterrence – • Increase the costs of making an attack on your systems Awareness – Improve awareness of all system users of security risks and types of attack Making systems more secure, 2013 Slide 2
  • 3. Improving cybersecurity • Procedures – • Design realistic security procedures that can be followed by everyone in an organisation (including the boss) Monitoring and logging – Monitor and log all system operations Making systems more secure, 2013 Slide 3
  • 4. Deterrence • It is impossible to develop a completely secure personal, business and government system. If an attacker has unlimited resources and motivation, it will always be possible to invoke some attacks on a given system. Making systems more secure, 2013 Slide 4
  • 5. Deterrence • However, attackers NEVER have unlimited resources and motivation so, an aim of security is to increase the costs of making a successful attack to such an extent that attackers will (a) be deterred from attacking and (b) will abandon attempted attacks before they are successful Making systems more secure, 2013 Slide 5
  • 6. Diverse authentication systems • Use strong passwords and multiple forms of authentication • Login/password + personal question or biometric • Attacker has to break two levels of authentication to gain access Making systems more secure, 2013 Slide 6
  • 7. Firewalls Making systems more secure, 2013 Slide 7
  • 8. Encryption • Use https protocol to encrypt information whilst in transit across the Internet • Encrypt confidential information stored on your system Making systems more secure, 2013 Slide 8
  • 9. Password security Making systems more secure, 2013 Slide 9
  • 10. Password security • Password strength measurement – https://passfault.appspot.com/password_stre ngth.html#menu • Calculates how long it would take to break a password using a brute force attack, using a standard PC Making systems more secure, 2013 Slide 10
  • 11. Making systems more secure, 2013 Slide 11
  • 12. Making systems more secure, 2013 Slide 12
  • 13. Making systems more secure, 2013 Slide 13
  • 14. Making systems more secure, 2013 Slide 14
  • 15. Encryption • Encryption is the process of encoding information in such a way that it is not directly readable. A key is required to decrypt the information and understand it • A systematic transformation is applied to the information, based on the key, to transform it to a different form. • The original information can only be recovered if the reader has the key that can be used to reverse the transformation Making systems more secure, 2013 Slide 15
  • 16. Example of encryption here Making systems more secure, 2013 Slide 16
  • 17. • Used sensibly, encryption can contribute to cybersecurity improvement but is not an answer in itself – Security of encryption keys – Inconvenience of encryption leads to patchy utilisation and user frustration – Risk of key loss or corruption – information is completely lost (and backups don’t help) – Can make recovery more difficult Making systems more secure, 2013 Slide 17
  • 18. Awareness • Educate users into the importance of cyber security and provide information that supports their secure use of computer systems • Be open about incidents that may have occurred Making systems more secure, 2013 Slide 18
  • 19. Awareness • Take into account how people really are rather than how you might like them to be • People have human failings and inevitably will make mistakes Making systems more secure, 2013 Slide 19
  • 20. • Bad security advice – Many security guidelines and rules are unrealistic and cannot be followed in practice by users – Use a different password for every website you visit Making systems more secure, 2013 Slide 20
  • 21. • Good security advice – If you use the same password for everything, an attacker can get access to your accounts if they find that out – Use a different passwords for all online bank accounts and only reuse passwords when you don’t really care about the accounts Making systems more secure, 2013 Slide 21
  • 22. Procedures • Businesses should design appropriate procedures based around the value of the assets that are being protected • If you simply apply the most secure procedures to all information, this will disrupt work and users are more likely to try to circumvent these procedures Making systems more secure, 2013 Slide 22
  • 23. • If information is not confidential, then it often makes sense to make it public • This reduces the need for users to authenticate to access the information Making systems more secure, 2013 Slide 23
  • 24. • Cybersecurity awareness procedures for all staff including the most senior management • Recognise reality – people will use phones and tablets and derive procedures for their safe use Making systems more secure, 2013 Slide 24
  • 25. Monitoring and logging • Monitoring and logging means that you record all user actions and so keep track of all accesses to the system Making systems more secure, 2013 Slide 25
  • 26. • Use tools to scan log frequently looking for anomalies • Can be an important deterrent to insider attacks if attackers know that they have a chance of being discovered through the logging system Making systems more secure, 2013 Slide 26
  • 27. Summary • Improving cybersecurity depends on – Deterrence – Awareness – Effective procedures – Monitoring and logging Making systems more secure, 2013 Slide 27

Hinweis der Redaktion

  1. Mystery why some organisations limit length of passwords and do not allow characters apart from letters and numbersSay you live at 15 south street so make up a password you can remember:SO51street Cracked in < 1 daySO_51_street Cracked in 23 years