Cyber Security and Information Systems Security PDF

Information Systems CYBER SECURITY AND INFORMATION SYSTEMS SECURITY 1 What is Cyber Security? Is the practice of protecting systems, networks, and data from digital attacks and unauthorized access It encompasses a wide range of measures to safeguard information and technology assets. Key objectives: confidentiality, integrity, and availability of data. 2 Cybersecurity Our Shared Responsibility Shared Responsibility You can build the Great Wall of China –But it only takes one person to open the gate and let the enemy in Key Concepts in Cyber Security Threat: Any potential danger that can exploit a vulnerability to breach security. Vulnerability: Weaknesses in a system that could be exploited by a threat. Risk: The likelihood of a threat exploiting a vulnerability, resulting in potential harm. Attack: Deliberate actions taken by adversaries to compromise the security of a system. Defense: Countermeasures and strategies to protect against threats. 6 Quick Training Don’t pick up random USB sticks and plug them in to your computer – You wouldn’t randomly eat gum off the street, right? – That’s how Stuxnet ruined 1/5th of Iran’s nuclear centrifuges. Preparing for Battle Identify your Cyber Security Team – Not solely the IT person’s responsibility Confidence gap in protecting against threats – National Association of State CIOs survey says 60% of State Officials are Extremely Confident 24% of State Security Officers are Extremely Confident – Improve communication Utilize outside resources – NACO, MS-ISAC, SANS, DHS Preparing for Battle State of Iowa provides SANS “Securing the Human” program at no charge. This is an excellent self paced training program comprised of 4 to 5 minute training videos. Contact Alison Radl with DAS at [email protected] Know When to Fight Resources are limited – Time – Money Easy to implement and highly effective security – Center for Internet Security Cyber Hygiene Campaign Know what is connected to your network Implement key security settings (password policy) Limit and manage admin privileges Keep operating systems and applications up to date Repeat! Find your most critical assets and protect them first Know What to Fight What is valuable to the enemy? Not only can they try and steal your data but they can encrypt your files so you lose your data(Ransomware). Know What to Fight Social Engineering Attacks – Baiting-irritate or taunt someone into a response – Phishing-trick you into giving up information – Pretexting-a lie based on research to get data from you – Quid Pro Quo- a scam where the bad guy “helps” you with an issue but gains access to your data – Tailgating- Gaining physical access to an area by following someone into the facility How to Handle your (Inferior) Forces In the Cybersecurity war, we have inferior forces – No agency can protect at 100% – Cyber criminals only need 1 win to get your data Requires everyone working together Requires everyone to stay safe online Criminals are usually lazy and attack the “low hanging fruit” Provide Capacity and Don’t Interfere Internally – Budget for Cybersecurity initiatives – Listen to your Cybersecurity TEAM – Follow the policies and procedures that have been established to keep you safe Externally – Be cautious with vendors Don’t give them anytime remote access with full admin privileges for their convenience Demand better security from them The People and Process Gap Why Cyber Security Matters Increasing dependence on digital technologies. Proliferation of cyber threats: malware, ransomware, phishing, etc. Data breaches can lead to financial losses, reputation damage, and legal consequences. Protection of critical infrastructure (e.g., power grids, water supply, healthcare). 16 Current Trending Issues in Cyber Security Remote Work Security: Addressing the vulnerabilities of remote work environments. Cloud Security: Protecting data and applications hosted in the cloud. IoT Security: Securing the growing number of interconnected devices. AI and Machine Learning in Cybersecurity: Enhancing threat detection and response. Zero-Day Exploits: Dealing with vulnerabilities that are exploited before they are known. 17 Remote Work Security Increased reliance on remote work due to global events. Challenges: Secure connections, access control, and data protection. Solutions: VPNs, multi-factor authentication (MFA), employee training. 18 Cloud Security Data and applications hosted on remote servers. Security considerations: Data encryption, access control, compliance. Service models: IaaS, PaaS, SaaS. Leading cloud service providers (e.g., AWS, Azure, Google Cloud) invest heavily in security. 19 IoT Security IoT devices are increasingly integrated into our daily lives. Challenges: Limited resources for security, vulnerability to attacks. Solutions: Regular updates, network segmentation, authentication. 20 AI and Machine Learning in Cybersecurity Leveraging AI and ML for threat detection and response. Predictive analytics to identify patterns and anomalies. Automating incident response. Adversarial AI: Threats and countermeasures. 21 Zero-Day Exploits Zero-day vulnerabilities: Unknown to the software vendor. Zero-day exploits: Attacks targeting these vulnerabilities. Importance of vulnerability disclosure and patch management. Importance of a proactive security posture. 22 Conclusion Cybersecurity is crucial in the digital age. Stay informed about evolving threats and security best practices. Protect your organization's data and systems. 23 THANK YOU 24

Cyber Security and Information Systems Security PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue