Information_Security_Presentation.pptx

Full Transcript

QUESTION 1
(a) Define security and Explain why computer users should be concerned about security and privacy as they relate to;
computing devices, networks and the internet.
(b) Differentiate between unauthorized access and unauthorized use listing at least two clear examples in each.
(c) Explain five ways to protect against unauthorized access and five ways to protect against unauthorized use.

Group 1 Members:
Olivia Karimi-672483
Joyce Maya Gathoni-672403
Donata Niyonkuru-667126
Arnold Bale-672057
Sumiya Mohamed-672375
Garnaud Nsengiyimva-666427
 Introduction
In today's digital age, security and privacy are critical concerns for both
individuals and organizations. Safeguarding sensitive data from cyber threats is
essential for maintaining trust and integrity in digital interactions.
 Security refers to the measures and
protocols used to secure
information systems, data, and
resources from unauthorized
access, attacks, damage, or
tampering. It ensures
confidentiality, integrity, and
availability of information.
 Why should users be concerned about
security
understanding the Importance of Security measures in relation
to computing devices, internet and network

1. Computing Devices
Protects personal data and prevents identity theft.
Ensures device integrity and functionality.
Prevents theft and unauthorized physical access.

2.Internet
Identifies and mitigates cyber threats.
Ensures privacy and compliance with data protection laws.
Secures online financial transactions and e-commerce activities.

3.Network
Prevents unauthorized access through authentication and firewalls.
Maintains network integrity and availability.
Secures communication channels with encryption and secure protocols.
 cont
Computer crime is any illegal act involving a computer
Information privacy is the right of individuals and companies to
control how information about them is collected and used
HARDWARE LOSS, HARDWARE DAMAGE AND SYSTEM FAILURE
I. HARDWARE LOSS AND DAMAGE
Hardware loss can occur when a personal computer, USB flash
drive, smartphone is stolen or is lost by the owner
It can result from hardware damage and system failure
Hardware theft is a type of hardware loss
It is the theft of computer hardware
Hardware loss also occur when an individual misplaces or
otherwise losses a piece of hardware
Hardware can be damage by power fluctuations, heat, dust, static
electricity, water and abuse
 Cont
II. SYSTEM FAILURE AND OTHER DISASTER
System failure is the complete malfunction of a computer system
System failure can occur because of a hardware problems, a software
problems, or a computer sabotage
It can also occur because of nature disaster or terrorist attack
PROTECTING AGAINST HARDWARE LOSS, HARDWARE DAMAGE, AND SYSTEM
FAILURE
i. DOOR AND COMPUTER EQUIPMENT LOCKS
Locked doors and other access control methods can be simple deterrents
to hardware theft
Doors to facilities should be secured with door locks, alarm system to make
it difficult to gain access to the hardware that might be stolen. Employees
should be trained regarding the proper procedures for ensuring visitors
only have access to the part of facilities that they are authorized to access
Cable locks can be used to secure computers and other hardware toa table
 Cont
Security slot is a small opening built into a system unit, case
designed for computer locks
Laptop alarm software that emits a very loud alarm noise if the
computer is unplugged
Smartphone wireless tether system that tie the smartphone to a
key fob in order to sound an alarm and lock the smartphone
ii. ENCRYPTION AND SELF-ENCRYPTION HARD DRIVE
Encryption is the method of scrambling electronic content in order
to make it unreadable if an unauthorized user intercept it
Full disk encryption(FDE) is a technology that encrypts everything
stored on a storage medium automatically, without any user
interaction
Self-encrypting hard drive is a hard drive that uses full disk
encryption
Encryption can be used to protect data stored on removable
media, such as USB flash drive, strong password, a biometric
feature, or a pin number provides access to the data on the drive
 cont
iii. DEVICE TRACKING SOFTWARE AND ANTITHEFT TOOLS
Device tracking software is designed to locate lost or stolen hardware
Some can take video or photos with the device’s camera to help identify and
prosecute the theft
Some can display message on the screen when the device is reported lost or
stolen
iv. PROPER HARDWARE CARE
It help to prevent serious damage to the device
Protective case can be used to help protect portable device against minor
abuse
Laptop sleeves protect portable computers from scratches
Ruggedized devices are designed to withstand much more physical abuse
Semirugged are devices that can withstand dropped or submerged into water
Ultrarugged are devices that can withstand drops onto concrete, extreme
temperature variations
Surge suppressor is a device that protect hardware from damage due to
electrical fluctuations
Uninterruptible power supply(UPS) is a device containing a built-in battery
that provides continuous power to a computer and other connected
components when the electricity goes out
 cont
v. BACKUPS AND DISASTER RECOVERY PLANS
Continuous data protection(CDP) backup system backs up
data in real time as it changes so that data can be
recovered from any point in time with no data loss
Disaster recovery plan is a written plan that describes the
steps a company will take following the occurrence of a
disaster
It is also called business continuity plan
Cloud data recovery service are often used to provide the
alternative location with copies of backed up data when
disaster occur
Emergency mail system provider acts as a temporary mail
server if the company mail server is not functioning
Unauthorized Access vs. Unauthorized
Use

Unauthorized access: Gaining access to
a computer, file, network or other
computing resources without
permission.
Unauthorized use: Using a computing
resource for unapproved activities
Examples of Unauthorized Access

1. Using someone’s login credentials
without permission.
2. Using automated tools to guess
passwords or encryption keys (Brute
force attack).
Examples 1. Accessing a colleague’s
of computer with permission but
Unauthoriz sending malicious emails
under their identity.
ed Use
2. An employee stealing
customer information for
personal gain.
 HACKING
Refers to the act of breaking into a computer or
network
It is performed via the internet or another
network
The motivation of hacking is to steal data,
sabotage a computer system
Cyberterrorism is where terrorist launch attacks
via the internet
Hackers gain access via a wireless network
because wireless network are widely used and
they are easier to hack into than wired networks
 War driving and Wi-Fi
piggybacking
Wi-Fi finders are online mapping services and
smartphone apps that can show you the
available Wi-Fi hotspots for a particular
geographic area
War driving is driving around an area with a Wi-
Fi network in order to access and use it without
authorization
Wi-Fi piggybacking is accessing an unsecured
Wi-Fi network from your current location
without authorization
They can lead to illegal behavior
 Protecting against unauthorized
access and use
I. ACCESS CONRTOL SYSTEM
Used to control access to facilities, devices, computer
network, company database, web site accounts
Identification system verify that the person is trying to access
the facilities or system
Identity management(IDM) system manage user’s access to
enterprise system
i. POSSESSED KNOWLEDGE ACCESS SYSTEM
Is an access control system that uses information only an
individual should know to identify that individual
Password is a secrete combination of characters used to gain
access to a computing device, network, web site
Used in conjunction with username
Passwords are also called passphrases
Pins(personal identification numbers) or passcodes are
numerical password
 cont
ii. POSSESSED OBJECT ACCESS SYSTEMS
An access control system that uses a physical object an individual has in his
or her possession to identify that individual
Examples are smart cards, RFID-encoded badges, magnetic cards, USB
security tokens
They can be lost
iii. BIOMETRIC ACCESS SYSTEMS
An access control system that uses one unique physical characteristic of an
individual to identify and authenticate that individual
Examples are fingerprints, hand, face or iris, voice, signature
It can perform both identification and authentication
Used to control access to secure facilities
to log users on to computers, networks and secure web site
To punch employees in and out of work
To confirm individual’s identities5t at ATM machines
iv. CONTROLLING ACCESS TO WIRELESS NETWORK
Secure network router
WEP(Wired Equivalent Privacy) , WPA(Wi-Fi protected access) and WPA 2
standard
 Cont
II. FIREWALLS
Is a collection of hardware and software intended to protect a computer
or computer network from unauthorized access
It creates a barrier between a computer or a network and the internet
Are two-way hence they check all incoming and outgoing traffic and allow
only authorized traffic to pass through the firewall
Personal firewall are software programs designed to protect personal
computers from hackers attempting to access those computer through
their internet connections
They can be stand-alone programs like comodo firewall program
They are bult into many operating systems such as windows firewall
programs
Those designed to protect business networks can be software-based,
hardware-based, or a combination of the two
They work by closing down all external communications to unauthorized
computers and programs
Protecting Using stronger passwords: Set
Against complex passwords with
Unauthoriz uppercase, lowercase,
numbers, and symbols.
ed Access
 Password resets: Secure password
reset procedures.
Protecting Two-Factor Authentication: it is using
Against two different methods to authenticate
Unauthoriz a user. It uses a conventional
ed Access username or password combination in
(cont.) conjunction with possessed object or
biometric characteristic
 Encryption: is making data unreadable
to unauthorized individuals. They
temporary convert data into a form,
known as a cipher, which is unreadable
until it is decrypted(unscrambled). Used
Protecting with Wi-Fi networks and VPNs to secure
Against data that is transferred over those
Unauthoriz networks. Secure web page is transport
ed Access layer security(TLS) is a web page that
(cont.) uses encryption in order to protect
information transmitted via that web
page. Private key encryption(also called
symmetric key encryption) is a type of
encryption that uses a single key to
encrypt and decrypt the file or
message. Public key encryption(also
called asymmetric key encryption) is a
type of encryption that uses key pairs to
encrypt and decrypt the file or message
Network security measures: Using
WPA3 for Wi-Fi security.
Protecting Update your software and
Against system: Regular updates for
Unauthoriz security patches.
Least privilege principle:
ed Use
Grant minimum necessary
permissions.
Protecting User training and awareness:
Against Educate users about security
Unauthoriz risks and best practices.
ed Use
(cont.)
Protecting Role-Based Access Control
Against (RBAC): Restrict system
Unauthoriz access based on users’ roles.
Regular audits and
ed Use
monitoring: Detect unusual
(cont.)
patterns and flag suspicious
activities.
 Case Study: Marriott Data Breach

In 2018, Marriott revealed that
hundreds of millions of client details
were exposed due to an intrusion into
its reservation systems. The breach
included credit card and passport
numbers.
 Case Study: Marriott Data Breach
(cont.)

Impacts: Potentially catastrophic,
compromising credit card details and
passports. Lessons: Importance of
securing encryption keys and regular
security monitoring.
 Case Study: Sony Hack

In 2014, Sony Pictures' network was
compromised. Terabytes of confidential
data were stolen, including unreleased
films and private emails.
 Case Study: Sony Hack (cont.)

Impacts: Public exposure of private
information, financial losses, and
reputational damage. Lessons:
Importance of robust cybersecurity
measures and employee training.
 Best Practices for Security

General advice: Use strong passwords,
enable two-factor authentication,
regularly update software, and educate
users about security risks.
 Future of Security and Privacy

Trends: Increasing importance of AI and
machine learning in cybersecurity,
growing threats from IoT devices, and
the need for continuous adaptation to
evolving threats.
 Conclusion
Summary: Security and privacy are
critical in the digital age.
Implementing robust security
measures and staying informed
about threats are essential for
protection.
 Q&A
Questions from the audience.
 References
Bakhaver N. (2024). Marriott Data Breach: How
did it happen and what was the impact? CSO
Online.
Fruhlinger J. (2020). Guide to computer network
security. Springer.
Lee T. B. (2014). The Sony Hack: How it
happened, Who is Responsible, and What
We've Learned. Vox.
Sandhu R. C. (1996). Role-Based access control
models. Computer, 29(2), 38-47.
Sasse M. (2001). Transforming the weakest link.
BT Technology Journal, 19(3), 122-131.