Information Security

What is Information
'Information is an asset which, like other important business assets, has value to an organization and consequently needs to be suitably protected

Information can be
         Created Stored Destroyed Processed Transmitted Used (For proper & improper purposes) Corrupted Lost Stolen

Whatever form the information takes, or means by which it is shared or stored, it should always be appropriately protected.

What is Information Security

Information security means protecting information and information systems from unauthorized access, use or modification. The information may be about employees, customers, research, products or financial operations. The protection of information and its critical elements, including systems and hardware that use, store, and transmit that information An organizations can implement information security lines of defense through people first, process second and technology third.

3 Lines of Defense
People Process Technology

PEOPLE

PROCESSES

TECHNOLOGY

Pe

le re T e First Li e f efe se

M st security breac es are results f e le fr m wit i t e rga izati misusi g i f rmati accide tally r ur sely. S cial e gi eeri g is a t er way i f rmati is breac ed. um ster divi g is a way t at acker get i f rmati .

What

ee f r the Pe s ccessf l?

le t

The first li e f efe se a rga izati shoul follow to hel com at i si er issues is to evelop i formation security policies and an information security plan. Information security policies identify the rules required to maintain information security. An information security plan details how an organization will implement the information security policies.

Information Security Plan

y Is a plan for implementing an organizational information security policy. y This is to guard against people losing valuable information. y There are 5 steps to create an information security

plan:
1. Develop the information security policies 2. Communicate the information security policies. 3. Identify critical information assets and risks 4. Test and reevaluate risks 5. Obtain stakeholder support

Process is The Second Line of efense

Planning for Security Prevention Detection Reaction

Technology is the Third Line of Defense

Without some type of defense technology is vulnerable to breaches There are many different types of technologies available to keep information safe

Information Security as the preservation of:

Ensuring that information is accessible only to those authorized to have access

Confidentiality

Integrity

Safeguarding the accuracy and completeness of information and processing methods

Availability

Ensuring that authorized users have access to information and associated assets when required

Security breaches leads to

Reputation loss Financial loss Intellectual property loss Legislative Breaches leading to legal actions (Cyber Law) Loss of customer confidence Business interruption costs

LOSS OF GOODWILL

Threats To Information Security

Threat- something that can potentially cause

damage to the organization, IT Systems or network.
Elements of Threat The catalyst that performs the threat. Something that causes the agent to act. The outcome of the applied threat. The results normally lead to the loss of CIA Human Machine Nature Accidental Intentional

Agent

Motive

Results

Confidentiality Integrity Availability

Security threats to e-business include:

Elevation of privilege Malicious code Spyware Packet tampering Hoaxes Spoofing Sniffer

Threat Sources
Source Motivation Challenge Ego Game Playing Deadline Financial problems Disenchantment Threat System hacking Social engineering Dumpster diving Backdoors Fraud Poor documentation System attacks Social engineering Letter bombs Viruses Denial of service Corruption of data Malicious code introduction System bugs Unauthorized access

External Hackers

Internal Hackers

Terrorist

Revenge Political Unintentional errors Programming errors Data entry errors

Poorly trained employees

DETECTION AND RESPONSE

If prevention and resistance strategies fail and there is a security breach, an organization can use detection and response technologies to mitigate the damage. Antivirus software is the most common type of detection and response technology.

DETECTION AND RESPONSE

Hacker - people very knowledgeable about computers who use their knowledge to invade other people s computers. White-hat hacker Black-hat hacker Hactivist Script kiddies or script bunnies Cracker Cyberterrorist

DETECTION AND RESPONSE

Virus - A computer virus is a small software
program that spreads from one computer to another computer and that interferes with computer operation. A computer virus may corrupt or delete data on a computer, use an e-mail program to spread the virus to other computers, or even delete everything on the hard disk.

Worm Denial-of-service attack (DoS) Distributed denial-of-service attack (DDoS) Trojan-horse virus Backdoor program Polymorphic virus and worm

 WORM Worms more commonly affect computer networks than individual machines. Networks are the big complicated groups of technology consisting of servers, routers and client machines. The internet is basically a large network of computer networks, it is very much susceptible to worm attacks.

BOTNETThe term bot is short for robot. Criminals distribute malicious software (also known as malware) that can turn your computer into a bot (also known as a zombie). When this occurs, your computer can perform automated tasks over the Internet, without you knowing it.

Few Famous Virus

 Melissa (1999):
The Melissa virus swamped corporate networks with a tidal wave of e-mail messages. When a user opened an e-mail containing an infected word attachment , the virus was sent to the first 50 names in the user's address book. The e-mail flooding increased so much that it blocked the Internet Mail System of the corporates.

 I Love You (2000):

This virus started spreading when a user received an e-mail with the subject "ILOVEYOU" & an attachment "LOVE-LETTER-FOR-YOU.TXT.vbs". As soon as the file was opened, the virus managed to send its copy to every user in the address book. It modified the IE start page & changed Registry keys.

 TROJAN :
The classic definition of a Trojan is a program that poses as legitimate software but when launched will do something harmful. Trojans can't spread by themselves, which is what distinguishes them from viruses and worms. Today, Trojans are typically installed secretly and deliver their malicious payload without your knowledge. Much of today s crimeware is comprised of different types of Trojans.

Software Bombs
Time Bomb - As the name suggests, a piece of hidden program code designed to run at some time in the future, causing damage to, or loss of, the computer system. Time bombs are less sophisticated than Logic Bombs, being concerned only with the system date, rather than some specific event. Unless the date is changed, or the code removed, the Bomb will go off on a specific date, come what may. Logic Bomb - A logic bomb is a portion of a computer program intended to execute a malicious function when certain conditions are met.

PHISHING
There may be no fish or rod in sight, but there is often a catch of the day for criminals. Using this technique, they steal by tricking internet and email users into disclosing their personal details. Phishing is a very specific type of cybercrime designed to trick you into disclosing personal financial details. Cybercriminals create a fake website that looks just like a bank s website (or any other web site where online financial transactions are conducted e.g. eBay). They then try to trick you into visiting this site and typing in your confidential data, such as your login, password or PIN. Typically, cybercriminals send out a large numbers of e-mails containing a hyperlink to the fake site.

Twitter Hit With Phishing Attack

Twitter users were receiving direct messages (DMs) saying, hey! check out this funny blog about you along with a link to blogspot.com. This simply a ploy to get information of Twitter user name and password. Twitter users are directed to click on the bogus link and when they do, they see a screen that looks like the Twitter site, but is actually a fake Once the user name and password are entered, the phishing program is able to access the user s account and send the same phony message to all of users on the victim s friend list.

SPAM
Spam is anonymous, unsolicited bulk email it is effectively the email equivalent of physical junk mail delivered through the post. It is sent out in mass quantities by spammers who make money from the small percentage of recipients that actually respond. Spam is also used for phishing and to spread malicious code.

RESPONSE TIME

PREVENTION AND RESISTANCE

Downtime can cost an organization anywhere from $100 to $1 million per Hour. Technologies available to help prevent and build resistance to attacks include: 1. Content filtering 2. Encryption 3. Firewalls

Content Filtering
Organizations can use content filtering technologies to filter e-mail and prevent e-mails containing sensitive information from transmitting and stop spam and viruses from spreading Content filtering occurs when organizations use software that filters content to prevent the transmission of unauthorized information . Spam a form of unsolicited e-mail

ENCRYPTION
If there is an information security breach and the information was encrypted, the person stealing the information would be unable to read it Encryption scrambles information into an alternative form that requires a key or password to decrypt the information Public key encryption uses two keys: a public key that everyone can have and a private key for only the recipient

FIREWALLS
One of the most common defenses for preventing a security breach is a firewall Firewall hardware and/or software that guards a private network by analyzing the information leaving and entering the network

Thank You
SEC_RITY is incomplete without U.

TROJAN
TROJAN - The classic definition of a Trojan is a program that poses as legitimate software but when launched will do something harmful. Trojans can't spread by themselves, which is what distinguishes them from viruses and worms. Today, Trojans are typically installed secretly and deliver their malicious payload without your knowledge. Much of today s crimeware is comprised of different types of Trojans.

5 steps to create an information security plan: Step 1 Develop Create an information security policy Step 2 - Communicate Set up a training plan for employees to learn the plan. Define guidelines for punishment if policy is not followed. Step 3 Identify What information is an asset What information is at risk What are the risks Set guidelines for accessing information such as passwords. Step 4 Test system Periodically test system for security Reevaluate risks Conduct background checks periodically Audit system regularly Step 5 Support Periodically test system for security Reevaluate risks Conduct background checks periodically Audit system regularly

Critical Characteristics of Information

y The value of information comes from the

characteristics it possesses:
y Availability y Accuracy y Authenticity y Confidentiality y Integrity y Utility y Possession

Some facts of Information Security

Information Security is Organizational Problem
rather than IT Problem More than 70% of Threats are Internal More than 60% culprits are First Time fraudsters Biggest Risk : People Biggest Asset : People Social Engineering is major threat More than 2/3rd express their inability to determine
Whether my systems are currently compromised?