Information Security

Sangeeta Shah Bharadwaj

Case:Fannie May

 What should have been done to avoid this situation?

Cases
 Snapchat fell prey to a whaling attack back in late February 2016. According to the
Washington Post, a social engineer with criminal intent posed as CEO Evan Spiegel and sent
an email to someone in the social network's payroll department. As a result, the personal
protected info (PPI) of some 700 employees was released. Snapchat published a company
blog post stating they were "just impossibly sorry" for the breach and taking appropriate
action with the FBI and other investigative bodies.
 An employee of the city of Calgary, Alberta, accidentally leaked the personal information of
3,700 employees in June 2016, according to the Winnipeg Free Press. It was noted that the
breached information was revealed when an employee sent the information via email in the
process of asking for technical assistance.
 A network engineer at West Virginia's energy company EnerVest committed data sabotage
after learning he was going to be terminated. CIO wrote in 2014 that Mitchell reset all network
servers to factory default settings and disconnected remote backups. The news story further
states that Mitchell faced criminal prosecution for the attack, which resulted in EnerVest being
unable to conduct operations for 30 days and cost in excess of $1 million.
THREATS TO INFORMATION SECURITY
4

 Human Errors In Data Entry & Handling

 Damage By Employee
 Disgruntled & Ill-informed Employees: Critical Role Of HR
 Misuse Of Computer Systems:
 Unauthorized Access To Or Use Of Information
 Viruses, Worms & Trojans: Cyber Terrorism
 Hackers
 Natural Disasters
Careless Employees (Steady Threat)

insiders can be broken down into 3 categories

 careless & untrained employees
 employees that are duped or fall prey to social engineering type
attacks
 malicious employees.
Remote and mobile workers

 Remote workers also represent a threat to organizations

 the various forms of mobile media usage is also a threat
 The recent trend of BYOD (Bring Your Own Device) is also a
threat
 COVID time WFM has also been threat to information security
7 Information Security threat

 Threat of Information Security to an organization is

 From outside the organization
 From employees
 Intentional
 Unintentional
 Threats to the Organization form
8
outside
 Malware – various kinds of malicious software.

 Viruses – infiltrate and spread in organisational networks, infecting PCs and

destroying files and data.

 Worms – Much like a virus, but does not harm data, other than infiltrate and choke
the network.

 Trojans – Infiltrates computers and secretly allows external software and people to
invade the computer and use its resources.

 Denial-of-service Attack
 9 Denial-of-Service Attack

 The requesting server sends a request for service, the responding server sends a response; but
the requesting server does not respond, thus, allowing the connection to time out.
 10 Distributed Denial-of-Service
Attack

 Many requesting servers send service requests to the responding server, which responds, but
requesting servers allow the connection request to time out.
 11 Threats to the Organization

 Cracking and Espionage – The act of breaking into networks and computers illegally, usually
with intent to create mischief. It is also used for industrial and political espionage – to steal
information.
 Ethical Hacking – same as Cracking but the motivation is benign - not to harm but expose weaknesses.
 Phishing and Identity Theft – use of fake websites to lure unsuspecting users to reveal their
private information.
12 Technologies for handling
Security
 Encryption

 Public-key Cryptography

 Firewall

 Virtual Private Network

 13 Encryption
 Transformation of a message from plain text to a coded form (cipher text) that is not easily
readable.
 Symmetric Key – A key used to decrypt an encrypted message that is sent to the receiver.
 Private/public key Cryptography
14
15 Firewall

 Firewalls are filtering and protection devices -usually a combination of

hardware and software
 Packet-level filtering
 Application-level filtering
 Firewalls slow down traffic at the perimeter – to overcome this firewalls are
built into hardware.
 Deep Packet Inspection
16 Virtual Private Network (VPN)
 A technology that enables clients or employees of an organisation, who are
outside the network, to connect securely to the organisation on the public
Internet.
 It creates a 'tunnel' relying on authentication and encryption.
17 Managing Security
 Securing the Network

 Perimeter Security
 Two Factor Authentication, AAA Authentication
 Securing the Client

 Desktop Firewalls
 Password Policy
 Creating a Secure Environment

 Security Audit and Risk Assessment

 Regular Back ups

 Disaster Recovery Planning

18 Managing Security
The four features that need to be managed to enable a secure IS infrastructure
in an organisation -
 Confidentiality
 Authentication
 Message Integrity
 Access and Availability
 19 Securing the Network
 Demilitarised Zone
 20 Securing the Network
 Perimeter Security – Demilitarised Zone (A demilitarized zone (DMZ) is a perimeter network
that protects an organization’s internal local-area network (LAN) from untrusted traffic)
 Two-factor Authentication – Authentication by two independent methods
Typical layout for a demilitarised zone (DMZ)
21 Managing Internal Security
threats
 Training and awareness
 Information Security policy
 Observing employee behaviour and counselling
 Job rotation
 Security audits
22

 What is AAA (Authentication, Authorization, and Accounting)?

Authentication, Authorization, and Accounting (AAA) is an
architectural framework to gain access to computer resources,
enforcing policies, auditing usage, to provide essential
information required for billing of services and other processes
essential for network management and security
23 Questions?