Cyber Security Briefing
-
Upload
marshall-frett-jr -
Category
Documents
-
view
96 -
download
0
Transcript of Cyber Security Briefing
![Page 1: Cyber Security Briefing](https://reader036.fdocuments.us/reader036/viewer/2022062400/587bd50d1a28ab834d8b5037/html5/thumbnails/1.jpg)
CYBER SECURITY BRIEF
Marshall C. Frett Jr.Owner & Network Engineer
www.transcendent-it.net
![Page 2: Cyber Security Briefing](https://reader036.fdocuments.us/reader036/viewer/2022062400/587bd50d1a28ab834d8b5037/html5/thumbnails/2.jpg)
Objectives Cyber Security & Information
Assurance Triad Cyber threats/risks Vulnerabilities Countermeasures Safeguarding Promoting a culture of security
.
![Page 3: Cyber Security Briefing](https://reader036.fdocuments.us/reader036/viewer/2022062400/587bd50d1a28ab834d8b5037/html5/thumbnails/3.jpg)
Fundamental Concepts of Information Assurance• Information Assurance CIA Triad• Confidentiality (privacy)• Integrity (quality, accuracy,
relevance)• Availability (accessibility)
![Page 4: Cyber Security Briefing](https://reader036.fdocuments.us/reader036/viewer/2022062400/587bd50d1a28ab834d8b5037/html5/thumbnails/4.jpg)
4
What you don’t know can hurt!!
![Page 5: Cyber Security Briefing](https://reader036.fdocuments.us/reader036/viewer/2022062400/587bd50d1a28ab834d8b5037/html5/thumbnails/5.jpg)
Who & What is At Risk?• U.S. Economy• U.S. Defense• Transportation Departments• Medical Industry• U.S. Government• Telecommunications Industry• Energy Sector• U.S. Critical Infrastructure• Personal devices - Computers/Cable
TV/Phones/Games/tablets
.
![Page 6: Cyber Security Briefing](https://reader036.fdocuments.us/reader036/viewer/2022062400/587bd50d1a28ab834d8b5037/html5/thumbnails/6.jpg)
6
Cyber Security Terms
Asset – A computer, a server, an application, a database, etc. Vulnerability - A weakness that threatens the confidentiality, integrity,
or availability (CIA) of an asset. Risk – The probability of a threat exploiting a vulnerability. Threat – Something or someone that may result in harm to an asset.
Unintentional – Human errors like unsecure coding.Intentional – Spyware, Adware, Spam, Phishing
Exploit – A tool or technique that takes advantage of a vulnerability..
![Page 7: Cyber Security Briefing](https://reader036.fdocuments.us/reader036/viewer/2022062400/587bd50d1a28ab834d8b5037/html5/thumbnails/7.jpg)
Security Threat Categories Insider threats (intentional) - most common, difficult to recognize
• Includes sabotage and unauthorized disclosure of information
Social Engineering (mostly unintentional) - multiple techniques are used to gain information from authorized employees in hopes of using that info to carry out an attack
Dumpster Diving & Phishing - Personnel are often not aware of the value of information they have access to
Network & Computer System Exploitation & Attacks - Hacking
![Page 8: Cyber Security Briefing](https://reader036.fdocuments.us/reader036/viewer/2022062400/587bd50d1a28ab834d8b5037/html5/thumbnails/8.jpg)
Social Engineering
• Being fooled into giving someone access when the person has no business having the information.
![Page 9: Cyber Security Briefing](https://reader036.fdocuments.us/reader036/viewer/2022062400/587bd50d1a28ab834d8b5037/html5/thumbnails/9.jpg)
Dumpster Diving and Phishing
Dumpster Diving - rummaging through company’s garbage for discarded documents
Phishing - usually takes place through fraudulent emails requesting users to disclose personal or financial information. The e-mail appears to come from a legitimate organization ( like Bank of America or PayPal)
![Page 10: Cyber Security Briefing](https://reader036.fdocuments.us/reader036/viewer/2022062400/587bd50d1a28ab834d8b5037/html5/thumbnails/10.jpg)
05/01/2023 10
Phishing E-mail Example
![Page 11: Cyber Security Briefing](https://reader036.fdocuments.us/reader036/viewer/2022062400/587bd50d1a28ab834d8b5037/html5/thumbnails/11.jpg)
Personal PC Attacks
11
![Page 12: Cyber Security Briefing](https://reader036.fdocuments.us/reader036/viewer/2022062400/587bd50d1a28ab834d8b5037/html5/thumbnails/12.jpg)
12
Botnets
A network of hijacked computers that are controlled remotely—typically to launch spam or spyware. Also called software robots. Botnets are linked to a range of malicious activity, including identity theft and spam.
![Page 13: Cyber Security Briefing](https://reader036.fdocuments.us/reader036/viewer/2022062400/587bd50d1a28ab834d8b5037/html5/thumbnails/13.jpg)
13
Adware
• Adware, or advertising-supported software, is any software package which automatically renders advertisements in order to generate revenue for its author. The advertisements may be in the user interface of the software or on a screen presented to the user during the installation process.
![Page 14: Cyber Security Briefing](https://reader036.fdocuments.us/reader036/viewer/2022062400/587bd50d1a28ab834d8b5037/html5/thumbnails/14.jpg)
14
Spyware
Spyware is software that aids in gathering information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge. Spyware" is mostly classified into four types: system monitors, trojans, adware, and tracking cookies.
![Page 15: Cyber Security Briefing](https://reader036.fdocuments.us/reader036/viewer/2022062400/587bd50d1a28ab834d8b5037/html5/thumbnails/15.jpg)
15
Spam
Electronic spamming is the use of electronic messaging systems to send unsolicited messages (spam), especially advertising, as well as sending messages repeatedly on the same site.
![Page 16: Cyber Security Briefing](https://reader036.fdocuments.us/reader036/viewer/2022062400/587bd50d1a28ab834d8b5037/html5/thumbnails/16.jpg)
Cyber Attacks
• How to Recognize a Cyber Attack Signs indicating a computer system is under attack may include:
Unusually sluggish or non-responsive applications. Unexpected changes in system behavior. Persistent pop-up messages. Missing or corrupt data.
• How to Prevent a Cyber Attack Use plug-ins to block ads (Ad-Block Plus). Use PGP for sender verification and encryption with e-mail. Ensure anti-virus is turned on.
![Page 17: Cyber Security Briefing](https://reader036.fdocuments.us/reader036/viewer/2022062400/587bd50d1a28ab834d8b5037/html5/thumbnails/17.jpg)
Company Network Attacks
17
![Page 18: Cyber Security Briefing](https://reader036.fdocuments.us/reader036/viewer/2022062400/587bd50d1a28ab834d8b5037/html5/thumbnails/18.jpg)
Types of Network Attacks DOD (Denial of Service): an attack on system availability, total
consumption of system resources Hack: to exploit a vulnerability to gain unauthorized access to the system Backdoor: An access method that bypasses the normal security of the
system Memory issues: Memory is not erased before given to another program Escalation of privileges: user exploits vulnerability to gain unauthorized
access Default settings: most OS ship with simplest configuration, security
disabled
![Page 19: Cyber Security Briefing](https://reader036.fdocuments.us/reader036/viewer/2022062400/587bd50d1a28ab834d8b5037/html5/thumbnails/19.jpg)
How to defend a NetworkPolicies & Procedures (P & P)
Acceptable use policy – specifies what actions users may perform while using company computers and\or assets
Employees sign an array of other policies upon being hired Personnel controls - need to know, separation of duties (Accounting vs.
Human Resources vs. Creatives Dept. etc.) Hiring and termination practices - background checks, orientation, exit
interviews, escorting procedures, etc. Technical Network Safeguards – anti-virus, Intrusion Detection Systems
(IDS), Encrypted e-mail system, etc. Security minded Practices – HIPAA and other compliance standards
Information handling practices
![Page 20: Cyber Security Briefing](https://reader036.fdocuments.us/reader036/viewer/2022062400/587bd50d1a28ab834d8b5037/html5/thumbnails/20.jpg)