Scribd Logo
Upload

Welcome to Scribd!

  • Fundamentals of Information Systems Security: Md. Foysal Hasan Lecturer, BIBM

    Uploaded by

    Mohammad Shahnewaz Hossain
    182 views22 pages
    This document discusses information security and cyber threats. It begins by defining information security as protecting data and systems from unauthorized access, use, modification or destruction. It then outlines some common cyber threats like viruses, worms, Trojans, phishing and social engineering. The document provides examples of recent cyber attacks in Southeast Asia. It concludes by listing top tips for protecting yourself, including using antivirus software, not sharing passwords, verifying website authenticity and properly disposing of data.

    Original Description:

    Original Title

    IT Security

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses information security and cyber threats. It begins by defining information security as protecting data and systems from unauthorized access, use, modification or destruction. It then outlines some common cyber threats like viruses, worms, Trojans, phishing and social engineering. The document provides examples of recent cyber attacks in Southeast Asia. It concludes by listing top tips for protecting yourself, including using antivirus software, not sharing passwords, verifying website authenticity and properly disposing of data.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    182 views22 pages

    Fundamentals of Information Systems Security: Md. Foysal Hasan Lecturer, BIBM

    Uploaded by

    Mohammad Shahnewaz Hossain
    This document discusses information security and cyber threats. It begins by defining information security as protecting data and systems from unauthorized access, use, modification or destruction. It then outlines some common cyber threats like viruses, worms, Trojans, phishing and social engineering. The document provides examples of recent cyber attacks in Southeast Asia. It concludes by listing top tips for protecting yourself, including using antivirus software, not sharing passwords, verifying website authenticity and properly disposing of data.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 22

    FUNDAMENTALS OF

    INFORMATION SYSTEMS Md. Foysal Hasan


    Lecturer, BIBM
    SECURITY
    OUTLINE
    Concept of IT security
    Basic malware and cyber-attack concepts
    Some local and international case studies on cyber security
    incidents
     How can you protect yourself from various cyber threats? (do's
    and don'ts)
    INFORMATION SECURITY

    Information security means protecting information (data) and


    information systems from unauthorized access, use, disclosure,
    disruption, modification, or destruction.
    WHAT IS INFORMATION
    SECURITY?
    Protects the confidentiality, integrity, and availability of important
    data

    Controls can be Physical or Technical


     Locks and safes – encryption and passwords

    Technology has made our lives easier in many ways, but this
    convenience has also increased our exposure to threats
     Thieves and attackers can also work more effectively
    VULNERABILITIES,
    THREATS, AND RISKS
    SECURITY THREATS
    WHY SHOULD I CARE?
    Theft is becoming increasingly digital

    Ease of identity, account, and credential theft makes everyone an


    ideal target

    Compromise may affect customers, coworkers, friends, and family

    Financial and reputational loss may occur


    MODERN THREATS
    Viruses, Trojans, and Worms

    DoS, DDoS, and Ransomeware

    Spam, Phishing, and Spear Phishing

    Social Engineering
    VIRUSES
    Viruses are malicious programs that hide themselves on your computer

    May destroy your documents, format your hard drive, send emails from
    your computer or a variety of other nefarious actions – it just depends on
    the strain!

    Just like real viruses, computer viruses spread to others…

    Always use anti-virus protection!


    Famous viruses:
     Love Bug
     Code Red
    WORMS AND TROJANS

    Trojan appears as a legitimate program


     Possible to repackage Trojans with legitimate programs

    Worms are self-replicating


     Typically propagate through un-patched systems
    ADWARE/SPYWARE
    Some malware is designed to solicit you, or gather information
    about your computing habits
     Which websites you visit?
     When? What times?
     What are you purchasing?
     How long do spend surfing the website?
     How or what do you use your computer for?
     Example: Sony “Root Kit”
     Intended for “Marketing Purposes”
     Commonly installed with p2p or free software

    May be only an annoyance and cause no harm


    EMAIL
    Common Attacks
     Phishing
     Malicious attachments
     Hoaxes
     Spam
     Scams (offers too good to be true)

    Best Practices
     Don’t open suspicious attachments
     Don’t follow links
     Don’t attempt to “unsubscribe”
    PHISHING
    Deceptive emails to get users to click on malicious links
     Enter sensitive information
     Run applications

    Look identical to legitimate emails


     Your Bank
     PayPal
     Government
    SOCIAL ENGINEERING
    People are often the weakest links
     All the technical controls in the world are worthless if you share your password or
    hold the door open

    Attempts to gain
     Confidential information or credentials
     Access to sensitive areas or equipment

    Can take many forms


     In person
     Email
     Phone
     Postal Mail
    SOCIAL ENGINEERING
    TACTICS
    The Dumpster Dive
    The Pointed Question
    Fake IT Employee
    Changing Passwords
    The Name-Drop
    The Relaxing Conversation
    Fake Staff
    Tailgating
    New Hire
    RANSOMWARE ATTACK
    CYBER THREAT
    LANDSCAPE – ASEAN AND
    OUR NEIGHBOURS
    SIX FOREIGN CITIZENS
    DETAINED IN NEVER-SEEN-
    BEFORE ATM FRAUD
    A total of Tk 300,000 went missing from an automated teller
    machine (ATM) of Dutch-Bangla Bank booth in Dhaka's Badda on
    Saturday morning but neither any transaction was recorded in the
    bank server nor any money was deducted from any client’s account.

    Managing director of Dutch-Bangla Bank, Abul Kashem Md Shirin,


    said to Prothom Alo, "They didn't hack any client's account. We don't
    know yet how they managed to withdraw the money."
    TOP TEN TIPS
    Never write down or share your passwords

    Don’t click on links or open attachments in email

    Use antivirus, anti-spyware, and firewall and don’t disable

    Don’t send sensitive data over unencrypted channels

    Dispose of data properly


     Cross-cut shredding
     Multiple-wipe or physically destroy hard drives
    TOP TEN TIPS
    Don’t run programs from un-trusted sources

    Lock your machine if you step away

    Properly secure information


     Safes, locked drawers for physical documents
     Encryption for digital information

    Verify correct person, website, etc.

    If something seems too good to be true, it probably is

    You might also like