Professional Documents
Culture Documents
CYBERATTACKS AND
CYBERSECURITY
George W. Reynolds
LEARNING OBJECTIVES
© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
WHY MANAGERS AND
IT USERS MUST
UNDERSTAND ITS
SECURITY
20XX
© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
Dilemmas Faced by Business
Managers Regarding IT Security
Amount to be spent to
safeguard against
computer crime
© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
Why Computer Incidents are so prevalent
© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
TYPES OF EXPLOITS
© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
TYPES OF EXPLOITS
© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
TYPES OF EXPLOITS
© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
TYPES OF EXPLOITS
CYBERTERRORISM
Intimidation of a government or a
civilian by using information
technology to disable critical
national infrastructure – done to
achieve political, religious, or
ideological goals
© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
CREDIT CARD FRAUD PREVENTION
ENCRYPTION TECHNOLOGY
CARD VERIFICATION VALUE (CVV)
TRANSACTION-
RISK SCORING
SOFTWARE
© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
TRUSTWORTHY COMPUTING (CONTINUED)
© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
RISK ASSESSMENT
© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
Establishing a Security Policy
© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
Educating Employees and contract workers
Applying strict
Reporting unusual
access controls
policy
to protect data
© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
Preventive Measures
Software
© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
Preventive Measures
© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
United States Computer Emergency Readiness Team US-CERT
Serves as a
Partnership between
clearinghouse for
the Department of Protect the nation’s
information on new
Homeland Security internet infrastructure
viruses, worms and
and the public and against cyberattacks
other computer
private sectors
security topics
© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
NIST Incident Response Life Cycle
© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
RESPONSE PLANNING
Business
Otherwise, may
operations may
never recover
cease
© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
INCIDENT RESPONSE ACTIONS
© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
DETECTION TO REACTION
Assignment of tasks
Documentation of the incident
© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
Computer/Digital Forensics
© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
Digital Forensics
Digital
Forensics
Forensics
Coherent The preservation,
application of identification,
methodical extraction,
investigatory documentation,
techniques to and interpretation
present evidence of of digital media for
crimes in a court or evidentiary and/or
court-like setting root cause analysis
© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
DIGITAL FORENSICS
• To investigate allegations of
PURPOSES digital malfeasance
• To perform root cause analysis
© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
Digital forensics Methodology
© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
SUMMARY
Securing the organization has become more difficult as the sheer amount of technology has
increased and there has been more reliance on cloud computing and virtualization.
Common computer exploits include viruses and worms, Trojan Horses, DDOS, spam
and phishing