Information Security in the Digital Age

Sali KaceliDirector, Educational Technology and Distance Learning, Cairn University

Email: skaceli@cairn.edu | Tel. (215) 702-4555

2

What is happening in

this field?

What can we do? Conclusion

Agenda

3

Current Headlines

I am OK, why worry?

2012 Sentinel Network: Fraud & Complaints

Source: ftc.gov http://www.ftc.gov/sentinel/reports/sentinel-annual-reports/sentinel-cy2012.pdf

369,132

How bad is it really?

The “cyber threat is one of the most serious economic and national security challenges we face as a nation” and that “America's economic prosperity in the 21st century will depend on cybersecurity.” -http://www.whitehouse.gov/cybersecurity

Other Key Findings

• In recent 5 years, 650% increase in attacks*• 2/3 of U.S. firms victim of cyber attacks*

* http://www.infosecisland.com/documentview/21249-DHS-National-Preparedness-Report-and-Cybersecurity.html

Top causes of data breaches in 2012How is it possible?

Source: http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v18_2012_21291018.en-us.pdf

To en

sure

accu

racy

& co

nsist

ency

of d

ata o

ver i

ts en

tire l

ifecy

cleData

&Servic

es

To ensure that information and

systems are available as needed

To ensure protection against unauthorized access to or use of confidential information

CIAof data

What is information security?

Data &

Services

The data is under attack from a variety of sources

VulnerabilitiesExploitsTookits

Social Networking

Mobile and cloud computing

Industrial espionage

Hactivism

Water hole attacks

Cyberwarfare

DDoS attacks

Phishing

Malware/Viruses

Three Approaches to System Security

What can we do organizationally

• Top-down approach with leadership as champions

• Resource allocation: expensive• Security starts at inception and design– Data ownership– Data custodian– Data users

• Policies and awareness

A comprehensive approach to data security

Image courtesy of: http://resources.arcgis.com/en/communities/enterprise-gis/01n200000030000000.htm

15

Technical Solutions to Info. Security

Firewall NAT Spam Control

Web Filtering IPS Protocol Control

What can we do individually?

• Security Basics– Update your Operating System– Update Common Applications– Think before you click

• General Security – Safeguard your password– Lock your computer (Win + L)– Use secure sites (https://)– Shred data you are disposing– Do not store sensitive data on removable media

http://www.microsoft.com/security/resources/videos.aspx#topofpage

Sample PDF Reader Exploit

Sample phishing email

End user solutions cont.

– Free means you do not have much control– Choose your friends wisely– Do not fall for phishing– Use two factor authentication whenever possible

Deter Threats: while on the Road

Avoid saving sensitive data on mobile device

Set a lock code for device

Connect securely

Avoid connecting to free WIFI networks

Do not login using public computers

Think before you click

Deter Threats: Identity Theft

Protect Social Security Numbers

Shred sensitive data

Use difficult passwords

Monitor transactions

Be on guard when using the Internet

Detect: Phishing Attempts and Fraud

• Microsoft Security Essentials, AVG Free, Avast• Malwarebytes and Spybot (Antispyware tools)• Windows Firewall, Home Router Firewall,

other…

Install and keep antivirus and firewall up

to date

• Check the links• Does it sound suspicious• Were you expecting it?

Phishing Attacks

• You search google.com and something else comes up

Redirecting to deceptive sites

Detect: Malware and Spyware

Symptoms include:

• Pop-ups• Computer running slower than

usual• Website redirection• Fake antivirus software• Cannot get to Windows Update

Picture credit: http://empireonline.com

Detect: Intrusions

Monitor account

access and transactions

Check system logs

Pay attention to file changes

Defend: Malware or Viruses

If you are a victim of:• Virus or Malware infection• Computer intrusion• Password theft• Unauthorized access

Contact your IT department immediately

Run a full system scan

Consider full computer reload

Locate a previous backup

Detect: Identity TheftSymptoms include:• Inaccurate information on credit

reports• Not receiving bills in the mail• Being denied credit• Calls or letters from debt collectors

What can you do?• Monitor Financial

Statements• Check credit reports

annually from http://freecreditreport.com

• Be cautious what you post online

Defend: Identity Theft

If you are a victim of

Identity TheftPlace a fraud alert on one of the three credit companies:: Equifax, Experian, Transunion

Close accounts and contact appropriate parties

File complaint with FTC (http://ftc.gov/idtheft)

File police report

Conclusion

1. Assume you are a target: Think before you click2. You can make a difference3. It takes a comprehensive multi-layered approach

Information security is the responsibility of everyone. It is going to get worse before getting any better!!!

Additional Resources

http://Intranet.cairn.edu/cla (this PowerPoint, videos etc.)

http://ftc.gov/idtheft

Antivirus: http://microsoft.com/security_essentials

Antimalware: Malwarebytes or Spybot Search and Destroy

Encryption: Truecrypt from http://truecrypt.org

Contact Information: Sali Kaceli | Email: skaceli@cairn.edu | Tel. (215) 702-4555

You can make a difference. Think before you click.

31

Questions? Comments?