1 Introduction to Security Chapter 11 Information Technology
(IT) Security
Slide 3
2 Information Technology Overview This topic is very daunting
for many security managers FBI example making upgrades to current
equipment is akin to changing a tire on a speeding car difficult to
do, but you have no choice. This example highlights the need for
quality, fully integrated IT security.
Slide 4
3 New Technologies & Security IP Video Surveillance allows
a company to use its existing network for video surveillance Voice
over Protocol (VoIP) an underused technology that holds great
promise USB Technology presents an easy way for people to steal
data or engineer their way into corporate systems Mesh Networks a
wireless communication system allowing both voice and data to be
transmitted and received CTI allows interactions on a telephone and
a PC to be integrated or coordinated
Slide 5
4 Common Equipment that Can Pose Security Threats Laptops Cell
Phones PDAs and smart phones Fax machines All other
telecommunication devices
Slide 6
5 Tips for Information Asset Protection Employees using
equipment that can store info should sign a release any info on it
is the employers property. Use of mobile devices with cameras
should be discouraged, especially around sensitive material and in
locker rooms.
Slide 7
6 Tips for Information Asset Protection Discourage employees
from storing info such as social security numbers, credit card
numbers, account numbers and passwords on any wireless device. Be
careful about posting cell numbers and email addresses
Slide 8
7 Tips for Information Asset Protection Consider locking your
phone when not using it, or installing software that allows you to
lock it, in the event of loss/theft. Do not follow links in emails
or text messages. Asset tag or engrave laptops Be careful about
logging onto wireless hotpots.
Slide 9
8 Other IT Security Threats: Trojan horses install malicious
software under the guise of doing something else Viruses &
worms An FBI survey revealed that despite protection programs, 82%
of organizations have been infected by a virus.
Slide 10
9 Other IT Security Threats: Spyware A dangerous, prolific code
that logs a users activity and collects personnel information,
which it then sends to a third party. Adware A relative of spyware.
Typically found with free software, they display advertisements
when the program is running. They may also contain spyware.
Slide 11
10 Other IT Security Threats: Bots A type of malware that
allows an attacker to gain control over the infected computer (also
called zombie computers) and allow them to use a companys network
to send spam, launch attacks and infect other computers.
Slide 12
11 Targets of attack Intellectual property Trade secrets
Patented material Copyrighted Material
Slide 13
12 Piracy and Protection $23 billion lost in 2004 as a result
of digital piracy of music, movies, software and games This piracy
is accomplished through peer-to-peer sites, mass email, FTP and Web
sites. These groups can be very difficult to penetrate and
prosecute.
Slide 14
13 Piracy and Protection Protection: DRM (Digital Rights
Management) Antipiracy technology used by digital copyright owners
to control who has access to their work Watermark Technology An
evolution of watermarks on currency, it helps companies by
embedding these watermarks into pictures of their property that are
invisible to the human eye.
Slide 15
14 Threats to Proprietary Information Employees often have
unrestricted access as part of their job which puts them in an
ideal position to steal information Vendors Visitors Discarded
information and paper in trash containers
Slide 16
Competitive Intelligence What is competitive intelligence?
Non-disclosure agreements Common targets of CI. What is cloaking?
15
Slide 17
16 Basic Principles of Information Asset Protection Classifying
& Labeling Information Unrestricted Internal Use Restricted
Highly Restricted Protocols for Distribution Security Awareness
Training Audits
Slide 18
17 3 Security Measures against IT Threats 1. Logical Controls
2. Physical Access Controls 3. Administrative Controls
Slide 19
18 1. Logical Controls Special programs written into the
software Most common are those that require a password for access
Data encryption
Slide 20
19 2. Physical Controls Restrict actual physical access to
computer terminals, equipment and software Key and key card
controls, ID badges, or biometrics are imperative Hardening access
points such as vents, doors and windows
Slide 21
20 3. Administrative Controls Comprehensive background checks
on all new employees Stressing of security during management
meetings Having managers assume responsibility for security
Slide 22
Recommendations for IT Security Program Deploy HTTP Scanning
methods Block unnecessary protocols Deploy vulnerability scanning
software Do not give out administrator privileges to all users
Deploy corporate spyware scanning Educate users, enforce strict
security policy within the netwoork 21