information security (i.s.) - wordpress.com · information security threats •what is a threat? a...
TRANSCRIPT
![Page 1: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/1.jpg)
Information Security (I.S.)–An introduction
Failure to Secure is an Opportunity to Fail
----- Casey W. O’Brien
Univ. of Ghana | Dept. of Info. Studies | INFS213 | Mrs F. O. Entsua-Mensah 1
![Page 2: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/2.jpg)
• To understand Information Security?
• To familiarize ourselves with some of thethreats to I. S.
• Security Measures in securing informationin the digital age.
• To appreciate the importance of I.S.
Florence O. Entsua-Mensah (Mrs)2
Lesson Objectives
![Page 3: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/3.jpg)
Introduction
• Why this topic?• One key aspect of IM that has a lot of
attention is the issue of security ofinformation.
• Why do we need to keep informationsecured.
• How do we do that?
Univ. of Ghana | Dept. of Info. Studies |INFS213 | Mrs F. O. Entsua-Mensah3
![Page 4: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/4.jpg)
What is Security?
• “The quality or state of being secure—to befree from danger”
• A successful organization should have multiplelayers of security in place:
• Physical security• Personal security• Operations security• Communications security• Network security• Information security
![Page 5: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/5.jpg)
What is Information Security?
• The protection of information and its criticalelements, including systems and hardwarethat use, store, and transmit that information.
• Includes both Electronic as well as PhysicalSecurity
![Page 6: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/6.jpg)
What Is Information Security?• “Protection of information systems against
unauthorized access to or modification ofinformation, whether in storage, processing ortransit, and against the denial of service toauthorized users or the provision of service tounauthorized users, including those measuresnecessary to detect, document, and counter suchthreats.”
--United States’ National Information Assurance Glossary
Univ. of Ghana | Dept. of Info. Studies |INFS213 | Mrs F. O. Entsua-Mensah6
![Page 7: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/7.jpg)
What Is Information Security?• Three widely accepted elements of information
security are• (referred to as the “CIA Triad” / “CIA triangle”):
• Confidentiality• Integrity• Availability
• C.I.A. triangle is usually expanded into listof critical characteristics of information
Univ. of Ghana | Dept. of Info. Studies | INFS213 | Mrs F. O. Entsua-Mensah7
![Page 8: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/8.jpg)
Confidentiality• Confidentiality refers to limiting information access
and disclosure to authorized users/persons only.• Confidentiality is related to the broader concept of
data privacy -- limiting access to individuals‘ personalinformation.
• In Ghana one can make reference to the DataProtection Act as a reasons to keep data confidential.
• Authentication methods like user-IDs & passwords canbe used to uniquely identify users and control accessto data systems.
Univ. of Ghana | Dept. of Info. Studies |INFS213 | Mrs F. O. Entsua-Mensah8
![Page 9: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/9.jpg)
Integrity
• Information has integrity when it is whole,complete, and uncorrupted.
• The integrity of information is threatened whenthe information is exposed to corruption,damage, destruction, or other disruption of itsauthentic state.
• Data corruption can occur while information isbeing stored or transmitted.
Univ. of Ghana | Dept. of Info. Studies |INFS213 | Mrs F. O. Entsua-Mensah9
![Page 10: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/10.jpg)
Integrity Cont’d
• It includes, data that have not been changedinappropriately, be it by accident or on purpose.
• Integrity implies that, the data actually camefrom the person or entity you think it did, ratherthan an imposter.
Univ. of Ghana | Dept. of Info. Studies |INFS213 | Mrs F. O. Entsua-Mensah10
![Page 11: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/11.jpg)
Availability (Recoverability)• Availability enables authorized users—persons
or computer systems—to access informationwithout interference or obstruction, and toreceive it in the required format.
• E.g. research libraries that require identificationbefore entrance. Librarians protect the contentsof the library so that they are available only toauthorized patrons.
• An information system that is not availablewhen you need it is almost as bad as none at all.
Univ. of Ghana | Dept. of Info. Studies |INFS213 | Mrs F. O. Entsua-Mensah11
![Page 12: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/12.jpg)
Maintaining a Balance• It is always good to ensure the right levels of
Confidentiality, Integrity, and Availability.
• That is, confidentiality Should not hinderaccess (availability) that much when accessis paramount for business transactions.
• Sometimes the security measures to ensureconfidentiality makes access to thatinformation time consuming.
Univ. of Ghana | Dept. of Info. Studies |INFS213 | Mrs F. O. Entsua-Mensah12
![Page 13: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/13.jpg)
Information Security Threats• What is a threat?A situation or an activity that could cause harmor danger (Macmillan English Dictionary, 2007).
• What then is an information security threat?/What does it mean to consider something asa threat to information security?
Macmillan English Dictionary for Advanced Learners CD-ROM 2nd Edition. CD-ROM ©Macmillan Publishers Limited 2007. Text © A&C Black Publishers Ltd 2007.
Univ. of Ghana | Dept. of Info. Studies |INFS213 | Mrs F. O. Entsua-Mensah13
![Page 14: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/14.jpg)
Threats to Information Security (1)• A threat is an object, person, or other entity
that represents a constant danger to an asset.• Some Security threats in the Digital age
• Malware (a malicious software that createsinconvenience for the user. They includecomputer viruses, worms, trojan horses,bots, spyware, adware, etc)
Univ. of Ghana | Dept. of Info. Studies |INFS213 | Mrs F. O. Entsua-Mensah14
![Page 15: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/15.jpg)
• Spam (unsolicited and mostly irrelevantmessages sent on the internet to a largenumber of users)
• Phishing (occurs when an attackerattempts to obtain personal or financialinformation using fraudulent means, mostoften by posing as another individual ororganization.)
Florence O. Entsua-Mensah (Mrs)15
Threats to Information Security (2)
![Page 16: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/16.jpg)
• Spyware: A computer Software thatenables a user to obtain covertinformation about another userscomputer activities.
Florence O. Entsua-Mensah (Mrs)16
Threats to Information Security (3)
![Page 17: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/17.jpg)
How dangerous are these threats?
• Spyware– limits our ability to protect theconfidentiality of the data as it grantsunauthorized access.
• Spams - can flood a users inbox and couldmake access to information difficult. Either byhaving to sift through a tall list for relevantmails or preventing incoming messagesbecause the inbox has reached its limit.
• Phishing: affects confidentiality
Univ. of Ghana | Dept. of Info. Studies |INFS213 | Mrs F. O. Entsua-Mensah17
![Page 18: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/18.jpg)
Other Information Security Threats
Other forms of attacks include:
• Social Engineering• Password Attacks• Threats to Privacy
Florence O. Entsua-Mensah (Mrs)18
![Page 19: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/19.jpg)
Social Engineering (1)• Manipulating a person or persons into divulging
confidential information.• But, I am not dumb!!!• so does this really apply to me?
• YES! Attackers are ALSO not dumb.• Social Engineers are coming up with much better
and much more elaborate schemes to attack users.• – Even corporate executives can be tricked into
revealing VERY secret info
Florence O. Entsua-Mensah (Mrs)19
![Page 20: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/20.jpg)
Social Engineering (2)
What can I do to protect myself?• NEVER give out your password to ANYBODY.
– Any system administrator should have theability to change your password without havingto know an old password
Florence O. Entsua-Mensah (Mrs)20
![Page 21: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/21.jpg)
Social Engineering (3)
Florence O. Entsua-Mensah (Mrs)21
![Page 22: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/22.jpg)
Social Engineering (4)
• Any observations or submissions fromthe afore-presented conversation orchat?
• Lets discuss your opinions.
Florence O. Entsua-Mensah (Mrs)22
![Page 23: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/23.jpg)
Password Attacks• Password Guessing
– Ineffective except in targeted cases• Dictionary Attacks
– Password are stored in computers ashashes, and these hashes.– These can sometimes get exposed.– Check all known words with the stored hashes
Florence O. Entsua-Mensah (Mrs)23
![Page 24: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/24.jpg)
Password Security
• Many Web sites require a username andpassword to access the information storedon it.
• To prevent anyone from guessing yourpasswords, you should always create anduse strong passwords.
• A strong password consists of at least eightcharacters of upper- and lowercase lettersand numbers.
Florence O. Entsua-Mensah (Mrs)24
![Page 25: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/25.jpg)
Strong PasswordCharacteristics of Strong Passwords;• Should have eight or more characters• Does not contain your user name, real name, or company
name• Does not contain a complete dictionary word in any
language• Is different from previous passwords you have used• Contains both upper- and lowercase letters, numbers, and
special characters (such as ~ ! @; # $ % ^; &; * ( ) _ +; – =; {} | [ ] \ : “ ; ’ <; >;? , . /)
Florence O. Entsua-Mensah (Mrs)25
![Page 26: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/26.jpg)
Class Activity• Create a Strong PasswordWhat would you make of this as a password?• “I was born in Accra, before 1990.”• substituting the character < for the word before
= IwbiA,<1990COMPARE WITH THE PASSWORD YOU CREATED
What of this: “I was born at 3:00 A.M. in Accra” =“Iwb@3:00AMiA”
Florence O. Entsua-Mensah (Mrs)26
![Page 27: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/27.jpg)
PRIVACY
• The digital age has raised a lot of issuesabout privacy.
• Especially with devices that makes datacapturing easy and difficult to detect. E.g.Mobile phone cameras
Florence O. Entsua-Mensah (Mrs)27
![Page 28: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/28.jpg)
What is Privacy• Freedom from observation, intrusion, or
attention of others• Society’s needs sometimes trump individual
privacy• Privacy rights are not absolute• Balance needed
– Individual rights– Society’s need
• Privacy and “due process”Florence O. Entsua-Mensah (Mrs)28
![Page 29: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/29.jpg)
• Filling forms for loans, insurance claims, etc.• Placing online orders• Subscription for magazines, newsletters, etc.• Application for schools, jobs, etc.• Registrations
Florence O. Entsua-Mensah (Mrs)29
How Did They Get My Data?
![Page 30: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/30.jpg)
Collecting Personal Information• Often voluntary
– Filling out a form– Registering for a prize– Supermarket “Rewards” cards
• Legal, involuntary sources– Demographics– Change of address– Various directories– Government records
Florence O. Entsua-Mensah (Mrs)30
![Page 31: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/31.jpg)
Amazon’s Privacy Policy (a snapshot)
Florence O. Entsua-Mensah (Mrs)31
![Page 32: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/32.jpg)
Privacy policies
• You might have observed thatorganizations with CCTV* cameras attheir premises warn users of theirfacilities that they are being watched onthe cameras.
Why?
*Closed-Circuit Television
Florence O. Entsua-Mensah (Mrs)32
![Page 33: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/33.jpg)
Beware!
Florence O. Entsua-Mensah (Mrs) 33
![Page 34: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/34.jpg)
Univ. of Ghana | Dept. of Info. Studies |INFS213 | Mrs F. O. Entsua-Mensah36
![Page 35: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/35.jpg)
Why is Information Security.important?
• Protects the organization’s ability to function.NB: Organizations cannot function well withuntrue information. – i.e. information with lowintegrity.
• Enables the safe operation of computer applications that run on theorganization’s IT network.
• Prevents data theft
• Protects the data the organization collects anduses. NB: the law requires organizations thatcollect data on their customers to keep it safeand protected. E.g. medical records.
• Avoids legal consequences of not securing information
Univ. of Ghana | Dept. of Info. Studies |INFS213 | Mrs F. O. Entsua-Mensah37
![Page 36: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/36.jpg)
How do we keep informationsecured?• At the personal level• At Organizational level
• Suggestions• Passwords• ID Cards• CCTV
• Necessary tools for IS:• policy, awareness, training, education, technology
Univ. of Ghana | Dept. of Info. Studies |INFS213 | Mrs F. O. Entsua-Mensah38
![Page 37: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/37.jpg)
In Summary…• Some specialist in the field have theorized
that information can not be 100% secured.• Even sometimes the bearer of the
information needs protection.• Some specialist in the field have argued that
the CIA triad is no longer sufficient to ensuresecurity. They usually propose an extendedversion of the CIA triad.
• NB: Information security is not just aboutcomputer security. Who can tell me why?
Univ. of Ghana | Dept. of Info. Studies |INFS213 | Mrs F. O. Entsua-Mensah39
![Page 38: Information Security (I.S.) - WordPress.com · Information Security Threats •What is a threat? A situation or an activity that could cause harm or danger (Macmillan English Dictionary,](https://reader030.vdocuments.site/reader030/viewer/2022011901/5f087da87e708231d4224581/html5/thumbnails/38.jpg)
Thank you …. Any Questions?
Univ. of Ghana | Dept. of Info. Studies |INFS213 | Mrs F. O. Entsua-Mensah40