Anderson School of Management University of New Mexico.
-
Upload
alvin-curtis -
Category
Documents
-
view
216 -
download
0
Transcript of Anderson School of Management University of New Mexico.
Introduction
• What is information security?• Why is information security important
today?• Does information security only apply to
organizations?• The history and evolution of information
security.
History
• WWII – need for communication code breaking
• 1960’s – ARPANET program developed• 1970’s & 80’s – development of MUTLICS
and the microprocessor• 1990’s – Rise of the internet• 2000 to Present – the internet now
dominates every aspect of daily life
What is Information Security?
Information security is the practice of defending information from unauthorized
access, use, disclosure, disruption, modification, inspection, recording or
destruction.
Information security is the ongoing process of defending and maintaining our
information system as individuals and organizations.
What is Information Security?
Information security ensures:• Integrity• Availability• Accessibility• Utility• Confidentiality
Information System
• Hardware – routers, computers, servers, etc
• Software – programs & operating system• Network – LAN, WAN, Internet, etc• Data – stored, processed, communicated • People • Policy and procedures
What are we defending our information system from?
Threats and Attacks!!• Deliberate software attacks
– Malicious code, viruses, worms, Trojan horses, etc• Deviations in quality of service – denial of service
attack, • Trespassing/Espionage - hackers• Forces of Nature – fire, flood, or any natural disaster• Human error/sabotage/vandalism
Target Data Breach• Up to 70 million individuals personal
information was stolen• Names, address, phone numbers , credit
card numbers• Malicious software on system• Extended credit monitoring and identity
theft protection to all guests
NSA Data Breach
• Snowden accessed unauthorized data• Released confidential information• Internal breach – lack of policy and
procedures, maybe poor oversight
Anonymous Hacking Group
• Attacks governments, businesses, non profits and anybody on their agenda
• Denial service attacks• Stolen data• Lost revenues, reputation implications,
service disruption, national security etc
Recent Threat and Attack Against APD By Anonymous
• Hacktivist group Anonymous had stated that they were going to attack APD’s online presence.
• Denial of Service Attack (shutting down their site for a few hours)
• Planned it for Sunday night (the least busy night)
• Stole data, high ranking APD official’s home addresses and released to public
• Incited protestors to take to the streets
Survey Results
• Many had learned something about information security
• Most realize the importance of keeping passwords secure
• Many realize that there are online predators looking to get information and are good about not giving it out.
BCSO• Bernalillo County Sherriff's Office
– What systems are they using?– What security measures are in place?– Are they achieving their information security
goals?– What do users think of the measures?– Can they do something different?
• Deputies are Dispatched to calls through these machines
• The internal GPS relays their coordinates to dispatchers as well as giving them directions to calls
• Run plates through governmental sites• Looking up individuals to see if they have
outstanding warrants• Write reports
What Security is in place• Saved passwords to log onto a machine• Verizon air card placed in a secure tunnel• Dual authentication key generator• Secure Virtual Private Network (VPN)• Login to separate applications using other
passwords• Automatic logout times
Drawbacks
• Login time (3-5 min)• The amount of passwords • With so many passwords, some can be
forgotten • Long login process can lead to
accidentally messing up in process and locking the user out
• Frustrated users
Security Need
• Ability to see location of deputies and other first responders in live time
• Ability to access entire country’s network• Mobility of laptop increases threat of
unauthorized access due to theft or loss• State and Federal guidelines require
minimum security standards
Achieving the balance
• It is the job of everyone involved in information security to determine the trade offs
• Weigh the pros and cons and evaluate the importance of each
• The users and the system need to be evaluated together, to ensure that thorough analysis occurs. Should not evaluate separately.