Information Security in the Digital A ge
description
Transcript of Information Security in the Digital A ge
Information Security in the Digital Age
Sali KaceliDirector, Educational Technology and Distance Learning, Cairn University
Email: [email protected] | Tel. (215) 702-4555
2
What is happening in
this field?
What can we do? Conclusion
Agenda
3
Current Headlines
I am OK, why worry?
2012 Sentinel Network: Fraud & Complaints
Source: ftc.gov http://www.ftc.gov/sentinel/reports/sentinel-annual-reports/sentinel-cy2012.pdf
369,132
How bad is it really?
The “cyber threat is one of the most serious economic and national security challenges we face as a nation” and that “America's economic prosperity in the 21st century will depend on cybersecurity.” -http://www.whitehouse.gov/cybersecurity
Other Key Findings
• In recent 5 years, 650% increase in attacks*• 2/3 of U.S. firms victim of cyber attacks*
* http://www.infosecisland.com/documentview/21249-DHS-National-Preparedness-Report-and-Cybersecurity.html
Top causes of data breaches in 2012How is it possible?
Source: http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v18_2012_21291018.en-us.pdf
To en
sure
accu
racy
& co
nsist
ency
of d
ata o
ver i
ts en
tire l
ifecy
cleData
&Servic
es
To ensure that information and
systems are available as needed
To ensure protection against unauthorized access to or use of confidential information
CIAof data
What is information security?
Data &
Services
The data is under attack from a variety of sources
VulnerabilitiesExploitsTookits
Social Networking
Mobile and cloud computing
Industrial espionage
Hactivism
Water hole attacks
Cyberwarfare
DDoS attacks
Phishing
Malware/Viruses
Three Approaches to System Security
What can we do organizationally
• Top-down approach with leadership as champions
• Resource allocation: expensive• Security starts at inception and design– Data ownership– Data custodian– Data users
• Policies and awareness
A comprehensive approach to data security
Image courtesy of: http://resources.arcgis.com/en/communities/enterprise-gis/01n200000030000000.htm
15
Technical Solutions to Info. Security
Firewall NAT Spam Control
Web Filtering IPS Protocol Control
What can we do individually?
• Security Basics– Update your Operating System– Update Common Applications– Think before you click
• General Security – Safeguard your password– Lock your computer (Win + L)– Use secure sites (https://)– Shred data you are disposing– Do not store sensitive data on removable media
http://www.microsoft.com/security/resources/videos.aspx#topofpage
Sample PDF Reader Exploit
Sample phishing email
End user solutions cont.
– Free means you do not have much control– Choose your friends wisely– Do not fall for phishing– Use two factor authentication whenever possible
Deter Threats: while on the Road
Avoid saving sensitive data on mobile device
Set a lock code for device
Connect securely
Avoid connecting to free WIFI networks
Do not login using public computers
Think before you click
Deter Threats: Identity Theft
Protect Social Security Numbers
Shred sensitive data
Use difficult passwords
Monitor transactions
Be on guard when using the Internet
Detect: Phishing Attempts and Fraud
• Microsoft Security Essentials, AVG Free, Avast• Malwarebytes and Spybot (Antispyware tools)• Windows Firewall, Home Router Firewall,
other…
Install and keep antivirus and firewall up
to date
• Check the links• Does it sound suspicious• Were you expecting it?
Phishing Attacks
• You search google.com and something else comes up
Redirecting to deceptive sites
Detect: Malware and Spyware
Symptoms include:
• Pop-ups• Computer running slower than
usual• Website redirection• Fake antivirus software• Cannot get to Windows Update
Picture credit: http://empireonline.com
Detect: Intrusions
Monitor account
access and transactions
Check system logs
Pay attention to file changes
Defend: Malware or Viruses
If you are a victim of:• Virus or Malware infection• Computer intrusion• Password theft• Unauthorized access
Contact your IT department immediately
Run a full system scan
Consider full computer reload
Locate a previous backup
Detect: Identity TheftSymptoms include:• Inaccurate information on credit
reports• Not receiving bills in the mail• Being denied credit• Calls or letters from debt collectors
What can you do?• Monitor Financial
Statements• Check credit reports
annually from http://freecreditreport.com
• Be cautious what you post online
Defend: Identity Theft
If you are a victim of
Identity TheftPlace a fraud alert on one of the three credit companies:: Equifax, Experian, Transunion
Close accounts and contact appropriate parties
File complaint with FTC (http://ftc.gov/idtheft)
File police report
Conclusion
1. Assume you are a target: Think before you click2. You can make a difference3. It takes a comprehensive multi-layered approach
Information security is the responsibility of everyone. It is going to get worse before getting any better!!!
Additional Resources
http://Intranet.cairn.edu/cla (this PowerPoint, videos etc.)
http://ftc.gov/idtheft
Antivirus: http://microsoft.com/security_essentials
Antimalware: Malwarebytes or Spybot Search and Destroy
Encryption: Truecrypt from http://truecrypt.org
Contact Information: Sali Kaceli | Email: [email protected] | Tel. (215) 702-4555
You can make a difference. Think before you click.
31
Questions? Comments?