What is information security?
is the protection of information assets.
* Specifically, organizations want to make sure that their information is:
– Available only to authorized personnel. (Confidentiality)
– Free from unauthorized alterations (integrity)
– Available when needed. (Availability)
* Anything that negatively impacts on these desired characteristics is viewed as a Threat.
Reasons systems Are Vulnerable?
– The Internet
– Malicious software
– Hackers and Cyber vandalism
– Computer Crime
– Cyber terrorism and Cyber warfare
– Employees
– Natural Disasters
– Software Vulnerabilities
Why Systems Are Vulnerable? The Internet
These days you can sit in the comfort of your home and hack into the banks computers.
* The Internet is a huge network of networks with no central authority. Anyone can connect anonymously from almost anywhere in the world.
* Launching physically remote attacks is much less risky for the attacker.
* Security was not a design goal during early ARPANET discussions. The ARPANET was primarily a networking experiment.
* The designers assumed that security would handled elsewhere and never foresaw that the ARPANET would grow to what it is today.
Why Systems Are Vulnerable? Hackers and Cyber vandals
- At one time hackers needed to have advanced computer skills. However, hacker tools now freely available on the Internet.
- At one time hackers would steal information or deface a web site purely for bragging rights. Military and high profile sites were their preferred playgrounds.
- Today hackers are part of organized crime gangs. Their intent is now to steal information for resale and extortion.
- They also use worms, trojans and viruses to create networks of “zombie computers”. They then rent these networks to spammers, terrorists and other organized crime gangs. * Hackers also use a technique called Phishing to steal peoples identities.
A hacker or cracker
is an individual who tries to gain unauthorized access to a computer system.
Why Systems Are Vulnerable? Computer Crime
- At one time there were few laws governing computer crime or cyber crime as it is sometimes called.
- Many countries have now enacted legislation making attempts to steal, destroy or deny use of computer information a crime.
- Cyber criminals can be external hackers or employees/contractors.
Why Systems Are Vulnerable? Cyberwar and Cyber terrorism
- Cyber war (Information Warfare ) deals with attacking the information assets of an enemy.
- Military Planners now realize that they can seriously harm or even cripple an enemy by attacking its information assets.
- Targets include the electricity grid, telephone networks and banking systems.
- These are often attacked before conventional military targets.
- In May 2007, Estonia accused Russia of launching cyber attacks against its parliament, ministries, banks, and media.
Why Systems Are Vulnerable? Malicious software
- Most of you should have been a victim of some form of malicious software, software designed to do you harm.
– Virus
– Worms
– Trojan Horse
– Spyware
Why Systems Are Vulnerable? Employees
- Employees and other authorized users can seriously damage information assets.
- Disgruntled employees often do this on purpose.
- Other employees do this by accident primarily because they have not been properly trained.
Why Systems Are Vulnerable Natural Causes
- Information assets can also be damaged by fire, flood and events like hurricanes and tornados.
- The events in Grenada, the Cayman Islands, New Orleans (and now New York!!!) should convince us that we should take these threats seriously.
Why Systems Are Vulnerable Software Vulnerabilities
- Thus many systems are released for sale with thousands of “bugs” still in place.
- These bugs can cause unexpected results or introduce vulnerabilities that can subsequently be exploited by hackers.
- Consequently corporations and users are advised to download and apply the latest bug fixes on a regular basis.
- Unfortunately, many companies do not do a good job of applying these patches and many of the disruptions you read about occur unpatched systems.
- Sometimes the vulnerabilities had been documented, and a patch released up to six months prior to the attack.
The Business Value of Security
Many organizations are now so dependent on their information processing infrastructure that a loss of function is regarded as a business disaster.
* Companies can loose millions of dollars a day if their systems fail to function. The market value of eBay shares temporarily declined by several BILLION dollars after their servers crashed several times in quick succession back in 1998/1999.
* While hardware and software can be replaced, data, if not backed up, is gone forever. Several companies have gone out of business after a security incident simply because they could not recover their operational data.
The Business Value of Security pt 2
- Security is also becoming more important as governments legislate minimum standards for information protection.
- Failure to conform to these standards can lead to fines and the negative publicity can damage brands.
- Imagine if your bank was fined for failing to meet basic security standards!! What would you do? * Cost of cleanup
The Business Value of Security * The US legislation that impacts on security standards include:
– The Health Insurance Portability and Accountability Act (HIPAA)
– The Financial Services Modernization Act (GrammLeach-Bliley Act)
– The Public Company Accounting Reform and Investor Protection Act (Sarbanes-Oxley)
The Business Value of Security * The TT legislation that impacts on security standards include:
– The Computer Misuse Act of 2001
– Electronic Transfer of Funds Crime Act (2000)
– The Electronic Transactions Act (2011) (Awaiting Proclamation)
– The Data Protection Act of 2011 (Awaiting Proclamation)
Information Security Policy
- In order to protect information assets, an organization must develop an information security policy.
- This policy states
– What assets need to be protected
– Who has access to these assets
– What resources are available/needed to protect these assets
– Who is responsible for protecting these assets.
Risk analysis
- Risk analysis in an important input to the information security development process.
- Risk analysis looks at the impact of a threat (financial loss, damage to reputation) as well as the likelihood of the threat occurring.
There are several technology tools available to protect information assets. These include:
– Access Control Systems
– Firewalls
– Intrusion Detection Systems
– Anti Virus Software
– Public Key Encryption
– Backup
Security Technologies Access Control-authorization
- Access control refers to all the policies, procedures and technologies used to control access to information assets
- Two access control concepts are authorization and authentication.
- Authorization determines who has access to what information. * Once of the primary principles of access control is that people should be given only enough access to do their jobs and no more.
- Authentication is the process whereby a user’s identity is verified before access granted. * User names and passwords are the simplest form of authentication technology.
Security Technologies Access Control-biometrics
- Unfortunately password are a weak form of authorization as people choose weak and easily guessable passwords, share their passwords or write them down.
- Stronger authentication systems include tokens as well as some forms of biometric identification.
- Biometric identification systems use finger prints, voice recognition and iris scans.
Security Technologies Firewalls
- A firewall is a specialized computer that monitors traffic traveling between two networks. * Firewalls administrators set up complex rules that the firewall uses to allow or reject traffic.
- The most common location for a firewall is between the Internet and a private network. However some companies place firewalls between departments.
Security Technologies Intrusion Detection Systems
- Intrusion detections systems are the electronic equivalent of tripwires.
- Special software agents monitor the state of files at critical locations on the network. These agents alert administrators via pager, alarms, etc is they detect an intrusion.
- Intrusion detection systems can also be programmed to shut down the system if it detects an attack.
Security Technologies Anti Virus Systems
- Anti Virus systems check primary and secondary memory to detect traces of computer viruses.
- Corporations now scan all email passing through their email server and quarantine any message carrying an attached virus.
- Anti virus software is not failsafe. There is normally a lag of a few hours between the release of a brand new virus and the release of updated AV software.
- Millions of computers can be infected during this lag.
Security Technologies Public Key Encryption
- Encryption systems convert “clear text” into scrambled “cipher text” so that even is a message is intercepted it will look like garbage text.
- Encryption systems rely on sophisticated algorithms to “scramble” clear text.
- A special numeric key (crypto variable) is by the algorithms to “lock” and “unlock” encrypted messages.
- The most widely used encryption system is based on two keys – a public key and a private key.
