Professional Documents
Culture Documents
Information
Security?
Outlines
• Security in practice
• Models for data security
• Attacks
• Defense in depth
Security in
practice
• In 2018, 20,373 BEC/E-mail Account Compromise (EAC) complaints with adjusted losses of over $1.2
billion (spoofed email, a spoofed phone call or a spoofed text ).
• In 2018, 100 complaints with a combined reported loss of $100M. In the Payroll Diversion scam.
• In 2018, 51,146 extortion-related complaints with adjusted losses of over $83 million which represents a
242% increase in extortion related complaints from 2017.
Department of Justice (Office of Cybercrime)
• Telecommunications
• Electrical power systems
• Water supply systems
• Gas and oil pipelines
• Transportation
• Government services
• Emergency services
• Banking and finance
Information Security
CIA or CIAAAN…
Authentication
Authorization
Non- repudiation
Need to balance CIA
• Refers to our ability to protect our data from those who are not
authorized to view it.
• Who is authorized to use data?
• “Need to know” basis for data access
• How do we know who needs what data?
Approach: access control specifies who can access what
• Confidentiality is:
• difficult to ensure
• easiest to assess in terms of success (binary in nature: Yes / No)
Integrity
• Refers to the physical disposition of the media on which the data is stored
Authenticity
• Allows us to talk about the proper attribution as to the owner or creator of the
data in question.
Utility
Threats
• Something that has the potential to cause us harm.
Vulnerabilities
Physical
• Controls that protect the physical environment in which our systems
sit, or where our data is stored.
Logical
• Technical controls, are those that protect the systems, networks, and
environments that process, transmit, and store our data.
• Include items such as passwords, encryption, logical access
controls, firewalls, and intrusion detection systems.
Administrative