Information_Security_Presentation.pptx
Document Details
Uploaded by LogicalBowenite2662
Tags
Related
- Cyber Security and Information Systems Ethics (BT22103) PDF
- Lecture 1 - Part I(1) (2) - Cybersecurity Fundamentals PDF
- MCQ Questions - Mid PDF
- Comp 101: Introduction to Computing - Security and Privacy (PDF)
- Discovering Computers: Chapter 8 - Digital Security, Ethics, and Privacy PDF
- COMP 211 LO1 Student Notes PDF
Full Transcript
QUESTION 1 (a) Define security and Explain why computer users should be concerned about security and privacy as they relate to; computing devices, networks and the internet. (b) Differentiate between unauthorized access and unauthorized use listing at least two clear examples in each. (c) Explain fi...
QUESTION 1 (a) Define security and Explain why computer users should be concerned about security and privacy as they relate to; computing devices, networks and the internet. (b) Differentiate between unauthorized access and unauthorized use listing at least two clear examples in each. (c) Explain five ways to protect against unauthorized access and five ways to protect against unauthorized use. Group 1 Members: Olivia Karimi-672483 Joyce Maya Gathoni-672403 Donata Niyonkuru-667126 Arnold Bale-672057 Sumiya Mohamed-672375 Garnaud Nsengiyimva-666427 Introduction In today's digital age, security and privacy are critical concerns for both individuals and organizations. Safeguarding sensitive data from cyber threats is essential for maintaining trust and integrity in digital interactions. Security refers to the measures and protocols used to secure information systems, data, and resources from unauthorized access, attacks, damage, or tampering. It ensures confidentiality, integrity, and availability of information. Why should users be concerned about security understanding the Importance of Security measures in relation to computing devices, internet and network 1. Computing Devices Protects personal data and prevents identity theft. Ensures device integrity and functionality. Prevents theft and unauthorized physical access. 2.Internet Identifies and mitigates cyber threats. Ensures privacy and compliance with data protection laws. Secures online financial transactions and e-commerce activities. 3.Network Prevents unauthorized access through authentication and firewalls. Maintains network integrity and availability. Secures communication channels with encryption and secure protocols. cont Computer crime is any illegal act involving a computer Information privacy is the right of individuals and companies to control how information about them is collected and used HARDWARE LOSS, HARDWARE DAMAGE AND SYSTEM FAILURE I. HARDWARE LOSS AND DAMAGE Hardware loss can occur when a personal computer, USB flash drive, smartphone is stolen or is lost by the owner It can result from hardware damage and system failure Hardware theft is a type of hardware loss It is the theft of computer hardware Hardware loss also occur when an individual misplaces or otherwise losses a piece of hardware Hardware can be damage by power fluctuations, heat, dust, static electricity, water and abuse Cont II. SYSTEM FAILURE AND OTHER DISASTER System failure is the complete malfunction of a computer system System failure can occur because of a hardware problems, a software problems, or a computer sabotage It can also occur because of nature disaster or terrorist attack PROTECTING AGAINST HARDWARE LOSS, HARDWARE DAMAGE, AND SYSTEM FAILURE i. DOOR AND COMPUTER EQUIPMENT LOCKS Locked doors and other access control methods can be simple deterrents to hardware theft Doors to facilities should be secured with door locks, alarm system to make it difficult to gain access to the hardware that might be stolen. Employees should be trained regarding the proper procedures for ensuring visitors only have access to the part of facilities that they are authorized to access Cable locks can be used to secure computers and other hardware toa table Cont Security slot is a small opening built into a system unit, case designed for computer locks Laptop alarm software that emits a very loud alarm noise if the computer is unplugged Smartphone wireless tether system that tie the smartphone to a key fob in order to sound an alarm and lock the smartphone ii. ENCRYPTION AND SELF-ENCRYPTION HARD DRIVE Encryption is the method of scrambling electronic content in order to make it unreadable if an unauthorized user intercept it Full disk encryption(FDE) is a technology that encrypts everything stored on a storage medium automatically, without any user interaction Self-encrypting hard drive is a hard drive that uses full disk encryption Encryption can be used to protect data stored on removable media, such as USB flash drive, strong password, a biometric feature, or a pin number provides access to the data on the drive cont iii. DEVICE TRACKING SOFTWARE AND ANTITHEFT TOOLS Device tracking software is designed to locate lost or stolen hardware Some can take video or photos with the device’s camera to help identify and prosecute the theft Some can display message on the screen when the device is reported lost or stolen iv. PROPER HARDWARE CARE It help to prevent serious damage to the device Protective case can be used to help protect portable device against minor abuse Laptop sleeves protect portable computers from scratches Ruggedized devices are designed to withstand much more physical abuse Semirugged are devices that can withstand dropped or submerged into water Ultrarugged are devices that can withstand drops onto concrete, extreme temperature variations Surge suppressor is a device that protect hardware from damage due to electrical fluctuations Uninterruptible power supply(UPS) is a device containing a built-in battery that provides continuous power to a computer and other connected components when the electricity goes out cont v. BACKUPS AND DISASTER RECOVERY PLANS Continuous data protection(CDP) backup system backs up data in real time as it changes so that data can be recovered from any point in time with no data loss Disaster recovery plan is a written plan that describes the steps a company will take following the occurrence of a disaster It is also called business continuity plan Cloud data recovery service are often used to provide the alternative location with copies of backed up data when disaster occur Emergency mail system provider acts as a temporary mail server if the company mail server is not functioning Unauthorized Access vs. Unauthorized Use Unauthorized access: Gaining access to a computer, file, network or other computing resources without permission. Unauthorized use: Using a computing resource for unapproved activities Examples of Unauthorized Access 1. Using someone’s login credentials without permission. 2. Using automated tools to guess passwords or encryption keys (Brute force attack). Examples 1. Accessing a colleague’s of computer with permission but Unauthoriz sending malicious emails under their identity. ed Use 2. An employee stealing customer information for personal gain. HACKING Refers to the act of breaking into a computer or network It is performed via the internet or another network The motivation of hacking is to steal data, sabotage a computer system Cyberterrorism is where terrorist launch attacks via the internet Hackers gain access via a wireless network because wireless network are widely used and they are easier to hack into than wired networks War driving and Wi-Fi piggybacking Wi-Fi finders are online mapping services and smartphone apps that can show you the available Wi-Fi hotspots for a particular geographic area War driving is driving around an area with a Wi- Fi network in order to access and use it without authorization Wi-Fi piggybacking is accessing an unsecured Wi-Fi network from your current location without authorization They can lead to illegal behavior Protecting against unauthorized access and use I. ACCESS CONRTOL SYSTEM Used to control access to facilities, devices, computer network, company database, web site accounts Identification system verify that the person is trying to access the facilities or system Identity management(IDM) system manage user’s access to enterprise system i. POSSESSED KNOWLEDGE ACCESS SYSTEM Is an access control system that uses information only an individual should know to identify that individual Password is a secrete combination of characters used to gain access to a computing device, network, web site Used in conjunction with username Passwords are also called passphrases Pins(personal identification numbers) or passcodes are numerical password cont ii. POSSESSED OBJECT ACCESS SYSTEMS An access control system that uses a physical object an individual has in his or her possession to identify that individual Examples are smart cards, RFID-encoded badges, magnetic cards, USB security tokens They can be lost iii. BIOMETRIC ACCESS SYSTEMS An access control system that uses one unique physical characteristic of an individual to identify and authenticate that individual Examples are fingerprints, hand, face or iris, voice, signature It can perform both identification and authentication Used to control access to secure facilities to log users on to computers, networks and secure web site To punch employees in and out of work To confirm individual’s identities5t at ATM machines iv. CONTROLLING ACCESS TO WIRELESS NETWORK Secure network router WEP(Wired Equivalent Privacy) , WPA(Wi-Fi protected access) and WPA 2 standard Cont II. FIREWALLS Is a collection of hardware and software intended to protect a computer or computer network from unauthorized access It creates a barrier between a computer or a network and the internet Are two-way hence they check all incoming and outgoing traffic and allow only authorized traffic to pass through the firewall Personal firewall are software programs designed to protect personal computers from hackers attempting to access those computer through their internet connections They can be stand-alone programs like comodo firewall program They are bult into many operating systems such as windows firewall programs Those designed to protect business networks can be software-based, hardware-based, or a combination of the two They work by closing down all external communications to unauthorized computers and programs Protecting Using stronger passwords: Set Against complex passwords with Unauthoriz uppercase, lowercase, numbers, and symbols. ed Access Password resets: Secure password reset procedures. Protecting Two-Factor Authentication: it is using Against two different methods to authenticate Unauthoriz a user. It uses a conventional ed Access username or password combination in (cont.) conjunction with possessed object or biometric characteristic Encryption: is making data unreadable to unauthorized individuals. They temporary convert data into a form, known as a cipher, which is unreadable until it is decrypted(unscrambled). Used Protecting with Wi-Fi networks and VPNs to secure Against data that is transferred over those Unauthoriz networks. Secure web page is transport ed Access layer security(TLS) is a web page that (cont.) uses encryption in order to protect information transmitted via that web page. Private key encryption(also called symmetric key encryption) is a type of encryption that uses a single key to encrypt and decrypt the file or message. Public key encryption(also called asymmetric key encryption) is a type of encryption that uses key pairs to encrypt and decrypt the file or message Network security measures: Using WPA3 for Wi-Fi security. Protecting Update your software and Against system: Regular updates for Unauthoriz security patches. Least privilege principle: ed Use Grant minimum necessary permissions. Protecting User training and awareness: Against Educate users about security Unauthoriz risks and best practices. ed Use (cont.) Protecting Role-Based Access Control Against (RBAC): Restrict system Unauthoriz access based on users’ roles. Regular audits and ed Use monitoring: Detect unusual (cont.) patterns and flag suspicious activities. Case Study: Marriott Data Breach In 2018, Marriott revealed that hundreds of millions of client details were exposed due to an intrusion into its reservation systems. The breach included credit card and passport numbers. Case Study: Marriott Data Breach (cont.) Impacts: Potentially catastrophic, compromising credit card details and passports. Lessons: Importance of securing encryption keys and regular security monitoring. Case Study: Sony Hack In 2014, Sony Pictures' network was compromised. Terabytes of confidential data were stolen, including unreleased films and private emails. Case Study: Sony Hack (cont.) Impacts: Public exposure of private information, financial losses, and reputational damage. Lessons: Importance of robust cybersecurity measures and employee training. Best Practices for Security General advice: Use strong passwords, enable two-factor authentication, regularly update software, and educate users about security risks. Future of Security and Privacy Trends: Increasing importance of AI and machine learning in cybersecurity, growing threats from IoT devices, and the need for continuous adaptation to evolving threats. Conclusion Summary: Security and privacy are critical in the digital age. Implementing robust security measures and staying informed about threats are essential for protection. Q&A Questions from the audience. References Bakhaver N. (2024). Marriott Data Breach: How did it happen and what was the impact? CSO Online. Fruhlinger J. (2020). Guide to computer network security. Springer. Lee T. B. (2014). The Sony Hack: How it happened, Who is Responsible, and What We've Learned. Vox. Sandhu R. C. (1996). Role-Based access control models. Computer, 29(2), 38-47. Sasse M. (2001). Transforming the weakest link. BT Technology Journal, 19(3), 122-131.