Documente Academic
Documente Profesional
Documente Cultură
Objectives of IT Security
-
Confidentiality
Integrity
Availability
- Confidentiality, integrity, and availability (CIA) is a model
designed to guide policies for information security within an
organization.
In this context,
- Confidentiality is a set of rules that limits access to
information,
- Integrity is the assurance that the information is
trustworthy and accurate, and
- Availability is a guarantee of ready access to the
information by authorized people.
The model is sometimes known as the CIA triad.
Three Foundations of
IT Security
People
who we are
Process
what we do
CCTV Cameras
Clock in systems / Biometrics
Environmental management Systems: Humidity Control, Ventilation ,
Air Conditioning, Fire Control systems
Electricity / Power backup
Access devices:
Desktop computers
Laptops, ultra-mobile laptops and PDAs
Digital cameras, Printers, Scanners, Photocopier etc.
Technology .
Network Infrastructure:
Application software:
Challenges
Globalization and Jurisdiction issues on Cyber crime
- There are no borders, no need for Visas
- Conflicting or Non-existing regulations
- cultural differences and varying degrees of technological maturity
The Threats
People
Process
Technology
Insider threats: perhaps the most difficult category of threats, since the
perpetrators are already inside the organization. For example a
disgruntled employee could sell Companys clients database to the
Competition. Includes as well outsourcing vendors, employees
introducing malware.
The Threats
People
Process
Technology
Security is a chain, and People are the weakest link in the chain
The Threats
People
Process
Technology
Rootkits: refers generally to any software that hides the presence and
activity of malicious software.
Zero Day Attacks: A zero day vulnerability occurs when a flaw in software
code has been discovered and exploits of the flaw appear before a fix or
patch is available. Once a working exploit of the vulnerability is released
into the wild, users of the affected software will be compromised until a
software patch is available or some form of mitigation is taken by the user.
2. SQL Injection:
Injections, particularly SQL injections, are common in web applications. Injections
are possible due to intermingling of user supplied data within dynamic queries or
within poorly constructed stored procedures
Cross-Site Scripting
Click Fraud: Online advertising networks offer the ability for a web site
operator to host third-party advertisements and collect payment for every
Security is a chain, and People are the weakest link in the chain
time a user clicks on an advertisement. Click fraud refers to various
schemes in which the number of clicks is artificially inflated..
Bluetooth,
which
isPeople
becoming
widely
used
and highend smart phones. Some of these are listed below:
- Bluebugging - Refers to hacking into a Bluetooth device and using the
commands of that device without notifying or alerting the user. By blue
bugging, a hacker could eavesdrop on phone conversations, place phone
calls, send and receive text messages, and even connect to the Internet.
- Bluejacking - A kind of practical joke played out between Bluetoothenabled devices, bluejacking takes advantage of a loophole in the
technology's messaging options that allows a user to send unsolicited
messages to other nearby Bluetooth. (Similar to doorbell ditching)