1 / 13

IT255 Introduction to Information Systems Security Unit 9

IT255 Introduction to Information Systems Security Unit 9 Mitigation of Risk and Threats from Attacks and Malicious Code. Learning Objective. Explain the means attackers use to compromise systems and networks and defenses used by organizations. Key Concepts.

moswen
Télécharger la présentation

IT255 Introduction to Information Systems Security Unit 9

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IT255 Introduction to Information Systems Security Unit 9 Mitigation of Risk and Threats from Attacks and Malicious Code

  2. Learning Objective Explain the means attackers use to compromise systems and networks and defenses used by organizations.

  3. Key Concepts • Impact of malicious code and malware on public- and private-sector organizations • Profiling attackers and hackers • Phases of a computer attack • Security awareness training to harden User domain and teach correct use of IT assets

  4. EXPLORE: CONCEPTS

  5. What Is Malicious Code/Malware?

  6. History of Malware • 1971: “Creeper virus” spreads to Advanced Research Projects Agency Network (ARPANET). Other experimental viruses emerge throughout the 1970s with varying exposure. • 1981: “Elk cloner” becomes the first computer virus to appear in the wild or outside of a computer lab. • 1982: The first worm is jointly developed at Xerox’s Palo Alto Research Center. Used for distributed calculations, a logic error caused uncontrollable replication that crippled computers.

  7. Forms of Malware • Viruses, worms, Trojans, backdoors, rootkits, and others • Active content and botnets aremodern examples • Phishing and pharmingattacks represent modern threats

  8. Discussion Points • Motivations for attacks • Types of attackers • Goals of attackers

  9. EXPLORE: RATIONALE

  10. Discussion Point Discuss the impact of malicious code and malware on businesses and organizations.

  11. Defending Against Network Attacks • Set up protective mechanisms at every domain and layer. • Establish checkpoints at every network layer and domain category and monitor regularly. • Use intrusion detection system/intrusion prevention system (IDS/IPS) and firewall control lists to filter network-driven attacks. • Sandbox application-level attacks and scan with antivirus or anti-malware products. • Back up data regularly.

  12. End-User Awareness Training • It helps prevent incidentsand reduce risk. • End-users areweakest link insecurity chain. • Security is a specialmindset. • Consistent applicationrequires good habits.

  13. Summary • Malware encompasses a variety of malicious code. • Methods for attack progress and new trends emerge as technology improves. • Motivations explain why criminals commit acts; motivations vary but personalities generally recur. • Computer and network attacks occur in phases. • Security awareness training can reduce incidents of attacks.

More Related