Security Evaluation of an PowerPoint Presentation, PPT - DocSlides

Security Evaluation of an Organization

TA

Md

Morshedul

Islam

Process of Security Evaluation

Identify the security goal

Perform a threat assessment

Do a security analysis

Identify the security goal

It directly related with

integrity

,

confidentiality

and

availability

of the resources(

assets

)

Assents of an organization:

Hardware

: computer system, data storage, data communication devices

Software

: Operating system, application program

Data

: file, database, password file

Communication and network facility

: Local communication, global communication, router and so on

Identify the security goal

Security goal of U of C-1. Student’s point of view:Keep result private (confidentiality)No one can alter or temper my assignment(integrity)I like to see my result from my home (availability)…………………………………………..2. TA’s point of view:-----------------------------------------3. Instructor’s point of view……………………………………………...4. In Administrator points of view-------------------------------------------

All are related with-

Confidentiality

Integrity

Availability

Perform a threat assessment

What is

threat

?: In computer security a threat is a possible danger that might exploit a

vulnerability

to breach security and thus cause possible

harm.

Example:

Vulnerability: A weakness of system’s design, implementation or operation that could be exploited to violate the

system policy

and increase

risk

.

Example:

System Policy:

Risk:

Perform a threat assessment

We need t find out the answer of those following question-

Whom am I trying to protect against?(

adversary

)

How they motivated?(curiosity, revenge, financial gain)

What capability and adversary have? (tool, skill, knowledge, etc.)

What threat might I face?

Security analysis

What kind of attack is possible?

Active attack

: : Denial-of-service attack, Spoofing,

Network: Man

in the

middle, ARP poisoning, Ping flood, Ping

of

death, Smurf attack

Host:

Buffer overflow, Heap overflow ,Stack overflow ,Format string

attack

Passive attack

:

Passive

Network

:

wiretapping, Port scanner, Idle

scan

Origin of the attack

Inside attack

Outside attack

Security, Access & Accounts of UofC

Latest Threats & Vulnerabilities

Information Security Policies

Anti-Virus Protection

Access Management

Security Awareness Program

Systems Security

Security Advisories

Vulnerability Assessment Program

SecurID

More Details

Information Security Awareness Program of UofC

http

://www.ucalgary.ca/it/infosecurity/awareness/posters

Some Observation…..

Select a password for your system and then justify your selection.

What can you do to protect your laptop?

How to identify a pirated software?

How can

you

avoid spam?

Give an example of identity theft.

Give some examples of Malware.

Which kind of information is highly confidential for

UofC

?

What kind of the social networking technique you can use to know the id of your classmate?

What is the most potential threat to your smart phone?

Consider, some of your resources

are in security

risk. What kind of initiative you

have to

take to protect

them?