Upload File

it security_awareness & training

prev
next
out of 13
Download IT Security_Awareness & Training

Upload: aymard777

Post on 10-Apr-2018

219 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • 8/8/2019 IT Security_Awareness & Training

    1/13

    Prepared by: Aymard

  • 8/8/2019 IT Security_Awareness & Training

    2/13

    Awareness Importance of Information Security in todays world

    Social engineering

    Hacking

    Security controls [risk mitigation lattice]

    Hands-on practices Managing passwords (Office applications)

    PDF conversion Encryption

  • 8/8/2019 IT Security_Awareness & Training

    3/13

    Importance of Information Security in todays worldImportance of Information Security in todays world

    Why Security?

    Evolution of technology focused on ease of use

    Increased network environment and network-basedapplications

    Decreasing skill level needed for exploit

    Direct impact of security breach on corporate asset base

    and goodwill Increasing complexity of computer infrastructure

    administration and management

  • 8/8/2019 IT Security_Awareness & Training

    4/13

    Essential TerminologiesEssential Terminologies

    Risk - The quantifiable likelihood of a threat taking advantage ofvulnerability in a system, or the probability that a threat will exploita vulnerability

    Threat - An action or event that might compromise security. Athreat is a potential violation of security. OR Something that is asource of danger; capabilities, intentions, and attack methods ofadversaries that can exploit or cause harm to a system

    Vulnerability - Existence of a weakness, design or implementation

    error that can lead to an unexpected and undesirable eventcompromising the security of the system.

    Attack - An assault on the system security that is derived fromintelligent threat.

    Exploit - A defined way to breach the security of an IT System viavulnerability

  • 8/8/2019 IT Security_Awareness & Training

    5/13

    Essential Terminologies (Contd)Essential Terminologies (Contd)

    Exposure - The potential compromise associated with an attackexploiting a corresponding vulnerability

    Counterm

    easure

    Action of reducing the impact of an attack,detecting the occurrence of an attack, and/or assisting in therecovery from an attack

    Subject - Generally a person, process, or device that causesinformation to flow among objects.

    Object - A passive entity containing or receiving information;

    Access to an object usually implies access to the information that itcontains

  • 8/8/2019 IT Security_Awareness & Training

    6/13

  • 8/8/2019 IT Security_Awareness & Training

    7/13

    Security ElementsSecurity Elements Commonly based on CIA (Confidentiality, Integrity &

    Availability)

    CIA + adds other elements: Identity, Privacy, Authentication,

    Authorization, Accounting.

  • 8/8/2019 IT Security_Awareness & Training

    8/13

    Security, Functionality, Ease of use TriangleSecurity, Functionality, Ease of use Triangle

    The number of exploits is minimized when the number of weaknesses isreduced = Great Security

    The more Security the less Functionality

    Moving the ball toward security

    Functionality

    Security Ease of use

  • 8/8/2019 IT Security_Awareness & Training

    9/13

    Attack Phases (I

    T System

    s)Attack Phases (I

    T System

    s)Reconnaissance

    Passive: acquire informationwithout directly interactingwith the target

    Active: Involves interactingwith the target directly by any

    means

  • 8/8/2019 IT Security_Awareness & Training

    10/13

    Social EngineeringSocial Engineering Concept:Concept:

    Social engineering is the tactic or trick of gainingsensitive information by exploiting the basichuman nature such as: Trust Fear Desire to help

    Social engineers attempt to gather information such as: Sensitive information

    Authorization details Access details

  • 8/8/2019 IT Security_Awareness & Training

    11/13

    Social Engineering (Contd)Social Engineering (Contd) Categories:Categories:

    Human-based: Gathers sensitive information by interaction

    Exploits trust, fear, helping nature of humans

    Computer-based:

    Social engineering is carried out with the aid ofcomputers

  • 8/8/2019 IT Security_Awareness & Training

    12/13

    More on HumanMore on Human--based Social Engineeringbased Social Engineering Eavesdropping or unauthorized listening of

    conversations or reading of messages Interception of any form such as audio, video,

    orwritten Shoulder surfing Dumpster Diving:

    Trash-bins

    Printer trash-bins User desk for sticky notesDumpster diving targets: Phones bills Contact information

    Financial information, etc.

  • 8/8/2019 IT Security_Awareness & Training

    13/13

    More on HumanMore on Human--based Social Engineeringbased Social Engineering

    Tailgating An unauthorized person with a fake ID badge

    Piggybacking Authorized person provides access to an unauthorized

    person by keeping the secured door open.

    Reverse Social engineering The attacker creates a persona that appears to be in a

    position to be in a position of authority so that employees

    will ask him for information, rather than the other wayaround

    Reverse social engineering attack involves:

    Sabotage

    Marketing

    Providing support


Central Unit of IT Training Training Manualpharma.asu.edu.eg/uploads/pharma/201408119925.pdf · Central Unit of IT Training Training Manual 3 Training Tracks Basic Track: Code Course

6 months it training

it training mag

IT Staff training

SSI Training for DHS Stakeholders - University Programs · Know It… Mark It… Share It… Lock It… Shred It… 1 SSI Training for Aviation Stakeholders ... SSI Training for DHS

IT Skills Training Mbabane

It Used In Training

Training Manual IT

It security training

Professional Training Solutions IT Training · PDF fileProfessional Training Solutions IT Training Brochure ... • Training Course Development ... Professional Training Solutions

GRUNDIG AKADEMIE IT-Training

IT COURSE TRAINING

IT Functional Training

IT TECHNICAL TRAINING

Apple® IT Training

IT Training Programs

MicroTrain : IT Career Training

IIHT- IT Training Solution

Jobreport Wbs Training It

Vista IT Training

SKANS IT TRAINING COURSES

Important MCQS - IT training

Excel 2016 - IT Training

Cornwall IT Services Training Prospectus · 2 days ago · Welcome to the Cornwall IT Services IT Training Prospectus. This brings together the current offerings from your IT Training

It courses online training

It training dsf 2015

Computer Science Training,IT Training,CS Training,Computer Training Institute,

IT Staffing Training Manual

Corporate IT Training and Educational Services€¦ · Corporate IT Training and Educational Services December 2018. 2 Corporate IT Training and ... delivered only in conjunction

Corpus of IT Training Strategy reports for SMEs - Analysis of “IT training strategies” -Recommendations to set-up Regional IT Training strategy reports

Healthcare IT Training

SBCUSD – IT Training Program

Health IT Training � Health IT Certification | ASHIM

Endnote X4 Training Managing your References Garry Storer IT Training Co-Ordinator IT Services

IT Validation Training