1 / 36

Jessica Cassano

Jessica Cassano. 497-00-6092. www.umsl.edu/~lacity/int480a.htm. The CYBER GANG. www.umsl.edu/~lacity/int480a.htm. A Comprehensive Approach to Managing Cyber-Security (including Privacy Considerations). Darin Hancock LaWanda Jones (2007 PMBA UMSL Cohorts) 11/2005. Prepared for :

giona
Télécharger la présentation

Jessica Cassano

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Jessica Cassano 497-00-6092 www.umsl.edu/~lacity/int480a.htm

  2. The CYBER GANG www.umsl.edu/~lacity/int480a.htm

  3. A Comprehensive Approach to Managing Cyber-Security (including Privacy Considerations) Darin Hancock LaWanda Jones (2007 PMBA UMSL Cohorts) 11/2005 Preparedfor: IS6800

  4. Common Types of Potential Cyber Threats VIRUS WORM TROJAN DoS (Denial of Service) SPAM SALAMI PHISHING PHREAKING ONLINE FRAUD, IDENTITY & DATA THEFT DUMPSTER DIVING SOCIAL ENGINEERING NATURAL DISASTER www.thefreedictionary.com viewed 10/05

  5. Definitions An infectious program that reproduces itself, destroying data along the way. VIRUS The practice of sifting refuse from an office or technical installation to extract confidential data. DUMPSTER DIVING An infectious program that reproduces itself over & over using up memory. WORM A network assault that floods the system with multiple requests. DENIAL OF SERVICE (DoS) A program that appears legitimate, but performs some illicit activity when it is run. TROJAN An anonymous or disguised, unsolicited email sent in mass delivery. SPAM A scam to steal info thru the use of “official” looking emails or websites. PHISHING A series of minor computer crimes that together result in a larger crime. SALAMI ATTACK The art and science of cracking the telephone network.. PHREAKING An emergency situation posing significant danger to life and property that results from a natural cause. NATURAL DISASTER Intentional deception resulting in injury to another person . ONLINE FRAUD, IDENTITY & DATA THEFT To trick people into revealing passwords or other sensitive information. SOCIAL ENGINEERING www.thefreedictionary.com viewed 10/05

  6. The Melissa Virus • Date of Attack – March 26, 1999 • Attacker – 30 year old David Smith • Victims – thousands of Microsoft Word 97 and Word 2000 email users • Damage - $80 million http://www.usdoj.gov/criminal/cybercrime/melissa.htm viewed 10/05 www.viruslist.com viewed 10/05

  7. The WANK Worm • Date of Attack – October 16, 1989; 2 days prior to a scheduled space shuttle take off mission • Attacker – 2 teenagers, Electron & Phoenix, from Melbourne, Australia • Victim - NASA • Damage – initial network infection at the Kennedy Space Station in Florida, then weeks later to other sites around the globe, including other agencies: US Dept. of Energy’s Fermi National Accelerator Lab (IL, US) European Center for Nuclear Research (Switzerland) Riken Accelerator Facility (Japan) www.theage.com.au/articles/2003/05/24viewed 11/05

  8. SPAM • Date of Attack – 1997 to present • Attacker – Commercial Advertisers • Victim – All email users • Damage –Valuable time expended to sort thru mail that penetrated anti-spam filtration Case: James Burdis, Smurfit Stone Sr. VP & CIO, estimates that of the 1.2 million emails received monthly, 80% is spam; and approx. 82% of the 80% penetrates their anti-spam blocks. www.viruslist.comviewed10/05

  9. Cisco Systems Data Theft • Date of Attack – April 2001 • Attacker – 2 Cisco employees • Victim - Cisco • Damage – approx. $6.3 million of stolen stock shares www.depts.washington.edu viewed 10/05

  10. Losses(quantified & unquantified) • Productivity Disruption • Time Delays • Redirection of Staff Tasks • Down & Damaged Networks • Data Corruption • Profit Loss • Disclosure of Sensitive Data • Damage to Interdependent Companies • Loss of Customers MISQ Dark Screen: An Exercise in Cyber Security. Vol. 4 No.2/June 2005

  11. RED ALERT!!!

  12. You Have Been Hacked • Hacking first began as a positive execution of computer improvements • Although not widely used, “Cracking” is the term for abusive hacking • Ill intent hacking occurred as early as the 1970s case: in 1991 Cap N Crunch hacker, John Draper used a toy whistle from a cereal box to obtain free phone usage • Occurrences increase each year • New terms: cyberterrorism, information warfare, economic espionage, data pirating www.cert.org viewed 10/05 www.viruslist.com/en/hackers viewed 10/05

  13. Parties Involved in the Cyber-Security World Hackers Computer Researchers Companies Individuals

  14. www.cnn.com/2005/TECH/internet viewed 10/05 www.businessweek.com viewed 10/05 www.viruslist.com viewed 10/05

  15. Key PointsComputer Researcher OOPs it was an Accident Case: Nov. 1988, the Morris Worm erroneously launched by Robert Morris infected several thousand systems around the country www.viruslist.com/en/hackers viewed 10/05

  16. Key PointsCompanies – the Victims • High profile companies are hacker targets “I’d begun targeting specific systems I saw as high profile or high challenge.” Electron – NASA break • Hesitant to disclose attacks to public • On the average, companies have meager security standards • Security & Privacy is ranked the top 3rd management concern • Although, companies are the shepards of massive amounts of sensitive information, information mismanagement is frequent www.theage.com.au/articles/2003/05/24 viewed 11/05 MISQ Dark Screen: An Exercise in Cyber Security. Vol. 4 No.2/June 2005

  17. Invasion of the Privacy Snatchers

  18. Information Mismanagement MISQ Information Privacy and its Management Vol. 3 No.4/December 2004

  19. Key PointsIndividuals – the Indirect Victims • Rarely targeted directly “There are attacks that can be done, but its unlikely that I’ll be targeted as an individual.” Kevin Mitnick, hacker poster boy • Indirect Victims primarily due to lax company security measures & practices • Privacy concerns raised because of frequent company information mis-management www.cnn.com/2005/TECH/internet viewed 10/05

  20. www.cert.org viewed 10/05

  21. The Future • Continued Hacking at an increased pace with more sophistication, thought: potential for large grids of electricity to be damaged thereby crippling thousands of people, businesses, & emergency services • Enhanced cyber-security technology, • Additional privacy concerns with new wireless technology (RFIDs), • Increased company spending expected for cyber-security defenses, • Stronger alliances, • Additional regulations/laws expected, and • Better international collaboration anticipated.

  22. Best Practices

  23. Best Practices www.cleanlink.com/sm/article viewed 10/05

  24. Best Practices www.cleanlink.com/sm/article viewed 10/05 www.toptechnews.com/story viewed 10/05

  25. Best Practices www.toptechnews.com/story viewed 10/05 www.cleanlink.com/sm/article viewed 10/05 MISQ Dark Screen: An Exercise in Cyber Security. Vol. 4 No.2/June 2005

  26. SUMMARY • Sensitive transactions call for increased security. • More sophisticated hacking calls for increased security. • Awareness: Know what’s going on in the cyber-security community. • Emerging policies logical for companies to interact to provide their input vs being strictly mandated to. • Create a company specific comprehensive security plan. • Plan align with business strategy. • Plan to indicate proper management of information to help eliminate privacy concerns. • Understand that security plan should concentrate on the process not the technological applications. • And that this process is ongoing. • “You have to continue to train and implement new security. It needs to be something you do everyday.” Steve Epner of Brown Smith Wallace, a St. Louis technology consulting firm www.cleanlink.com/sm/article viewed 10/05

More Related