27
Making systems more secure, 2013 Slide 1 Making systems more secure Strategies that can be used to improve cybersecurity

Cybersecurity 5 improving cybersecurity

Embed Size (px)

DESCRIPTION

Discusses individual and organisational strategies to improve cybersecurity Accompanies YouTube video

Citation preview

Page 1: Cybersecurity 5 improving cybersecurity

Making systems more secure, 2013 Slide 1

Making systems more secure

• Strategies that can be used to improve cybersecurity

Page 2: Cybersecurity 5 improving cybersecurity

Making systems more secure, 2013 Slide 2

Improving cybersecurity• Deterrence

– Increase the costs of making an attack on your systems

• Awareness– Improve awareness of all system users of security

risks and types of attack

Page 3: Cybersecurity 5 improving cybersecurity

Making systems more secure, 2013 Slide 3

Improving cybersecurity• Procedures

– Design realistic security procedures that can be followed by everyone in an organisation (including the boss)

• Monitoring and logging– Monitor and log all system operations

Page 4: Cybersecurity 5 improving cybersecurity

Making systems more secure, 2013 Slide 4

Deterrence• It is impossible to develop a completely secure

personal, business and government system. If an attacker has unlimited resources and motivation, it will always be possible to invoke some attacks on a given system.

Page 5: Cybersecurity 5 improving cybersecurity

Making systems more secure, 2013 Slide 5

Deterrence• However, attackers NEVER have unlimited

resources and motivation so, an aim of security is to increase the costs of making a successful attack to such an extent that attackers will (a) be deterred from attacking and (b) will abandon attempted attacks before they are successful

Page 6: Cybersecurity 5 improving cybersecurity

Making systems more secure, 2013 Slide 6

Diverse authentication systems

• Use strong passwords and multiple forms of authentication

• Login/password + personal question or biometric

• Attacker has to break two levels of authentication to gain access

Page 7: Cybersecurity 5 improving cybersecurity

Making systems more secure, 2013 Slide 7

Firewalls

Page 8: Cybersecurity 5 improving cybersecurity

Making systems more secure, 2013 Slide 8

Encryption

• Use https protocol to encrypt information whilst in transit across the Internet

• Encrypt confidential information stored on your system

Page 9: Cybersecurity 5 improving cybersecurity

Making systems more secure, 2013 Slide 9

Password security

Page 10: Cybersecurity 5 improving cybersecurity

Making systems more secure, 2013 Slide 10

Password security

• Password strength measurement– https://passfault.appspot.com/password

_strength.html#menu

• Calculates how long it would take to break a password using a brute force attack, using a standard PC

Page 11: Cybersecurity 5 improving cybersecurity

Making systems more secure, 2013 Slide 11

Page 12: Cybersecurity 5 improving cybersecurity

Making systems more secure, 2013 Slide 12

Page 13: Cybersecurity 5 improving cybersecurity

Making systems more secure, 2013 Slide 13

Page 14: Cybersecurity 5 improving cybersecurity

Making systems more secure, 2013 Slide 14

Page 15: Cybersecurity 5 improving cybersecurity

Making systems more secure, 2013 Slide 15

Encryption• Encryption is the process of encoding information in

such a way that it is not directly readable. A key is required to decrypt the information and understand it

• A systematic transformation is applied to the information, based on the key, to transform it to a different form.

• The original information can only be recovered if the reader has the key that can be used to reverse the transformation

Page 16: Cybersecurity 5 improving cybersecurity

Making systems more secure, 2013 Slide 16

Example of encryption here

Page 17: Cybersecurity 5 improving cybersecurity

Making systems more secure, 2013 Slide 17

• Used sensibly, encryption can contribute to cybersecurity improvement but is not an answer in itself

– Security of encryption keys

– Inconvenience of encryption leads to patchy utilisation and user frustration

– Risk of key loss or corruption – information is completely lost (and backups don’t help)

– Can make recovery more difficult

Page 18: Cybersecurity 5 improving cybersecurity

Making systems more secure, 2013 Slide 18

Awareness

• Educate users into the importance of cyber security and provide information that supports their secure use of computer systems

• Be open about incidents that may have occurred

Page 19: Cybersecurity 5 improving cybersecurity

Making systems more secure, 2013 Slide 19

Awareness

• Take into account how people really are rather than how you might like them to be

• People have human failings and inevitably will make mistakes

Page 20: Cybersecurity 5 improving cybersecurity

Making systems more secure, 2013 Slide 20

• Bad security advice– Many security guidelines and rules are

unrealistic and cannot be followed in practice by users

– Use a different password for every website you visit

Page 21: Cybersecurity 5 improving cybersecurity

Making systems more secure, 2013 Slide 21

• Good security advice– If you use the same password for everything,

an attacker can get access to your accounts if they find that out

– Use a different passwords for all online bank accounts and only reuse passwords when you don’t really care about the accounts

Page 22: Cybersecurity 5 improving cybersecurity

Making systems more secure, 2013 Slide 22

Procedures• Businesses should design appropriate

procedures based around the value of the assets that are being protected

• If you simply apply the most secure procedures to all information, this will disrupt work and users are more likely to try to circumvent these procedures

Page 23: Cybersecurity 5 improving cybersecurity

Making systems more secure, 2013 Slide 23

• If information is not confidential, then it often makes sense to make it public

• This reduces the need for users to authenticate to access the information

Page 24: Cybersecurity 5 improving cybersecurity

Making systems more secure, 2013 Slide 24

• Cybersecurity awareness procedures for all staff including the most senior management

• Recognise reality – people will use phones and tablets and derive procedures for their safe use

Page 25: Cybersecurity 5 improving cybersecurity

Making systems more secure, 2013 Slide 25

Monitoring and logging

• Monitoring and logging means that you record all user actions and so keep track of all accesses to the system

Page 26: Cybersecurity 5 improving cybersecurity

Making systems more secure, 2013 Slide 26

• Use tools to scan log frequently looking for anomalies

• Can be an important deterrent to insider attacks if attackers know that they have a chance of being discovered through the logging system

Page 27: Cybersecurity 5 improving cybersecurity

Making systems more secure, 2013 Slide 27

Summary

• Improving cybersecurity depends on– Deterrence

– Awareness

– Effective procedures

– Monitoring and logging