Security Evaluation of an

Security Evaluation of an Security Evaluation of an - Start

Added : 2015-12-05 Views :43K

Download Presentation

Security Evaluation of an




Download Presentation - The PPT/PDF document "Security Evaluation of an" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.



Presentations text content in Security Evaluation of an

Slide1

Security Evaluation of an Organization

TA

Md

Morshedul

Islam

Slide2

Process of Security Evaluation

Identify the security goal

Perform a threat assessment

Do a security analysis

Slide3

Identify the security goal

It directly related with

integrity

,

confidentiality

and

availability

of the resources(

assets

)

Assents of an organization:

Hardware

: computer system, data storage, data communication devices

Software

: Operating system, application program

Data

: file, database, password file

Communication and network facility

: Local communication, global communication, router and so on

Slide4

Identify the security goal

Security goal of U of C-1. Student’s point of view:Keep result private (confidentiality)No one can alter or temper my assignment(integrity)I like to see my result from my home (availability)…………………………………………..2. TA’s point of view:-----------------------------------------3. Instructor’s point of view……………………………………………...4. In Administrator points of view-------------------------------------------

All are related with-

Confidentiality

Integrity

Availability

Slide5

Perform a threat assessment

What is

threat

?: In computer security a threat is a possible danger that might exploit a

vulnerability

to breach security and thus cause possible

harm.

Example:

Vulnerability: A weakness of system’s design, implementation or operation that could be exploited to violate the

system policy

and increase

risk

.

Example:

System Policy:

Risk:

Slide6

Perform a threat assessment

We need t find out the answer of those following question-

Whom am I trying to protect against?(

adversary

)

How they motivated?(curiosity, revenge, financial gain)

What capability and adversary have? (tool, skill, knowledge, etc.)

What threat might I face?

Slide7

Security analysis

What kind of attack is possible?

Active attack

: : Denial-of-service attack, Spoofing,

Network: Man

in the

middle, ARP poisoning, Ping flood, Ping

of

death, Smurf attack

Host:

Buffer overflow, Heap overflow ,Stack overflow ,Format string

attack

Passive attack

:

Passive

Network

:

wiretapping, Port scanner, Idle

scan

Origin of the attack

Inside attack

Outside attack

Slide8

Security, Access & Accounts of UofC

Latest Threats & Vulnerabilities

Information Security Policies

Anti-Virus Protection

Access Management

Security Awareness Program

Systems Security

Security Advisories

Vulnerability Assessment Program

SecurID

More Details

Slide9

Information Security Awareness Program of UofC

http

://www.ucalgary.ca/it/infosecurity/awareness/posters

Slide10

Some Observation…..

Select a password for your system and then justify your selection.

What can you do to protect your laptop?

How to identify a pirated software?

How can

you

avoid spam?

Give an example of identity theft.

Give some examples of Malware.

Which kind of information is highly confidential for

UofC

?

What kind of the social networking technique you can use to know the id of your classmate?

What is the most potential threat to your smart phone?

Consider, some of your resources

are in security

risk. What kind of initiative you

have to

take to protect

them?


About DocSlides
DocSlides allows users to easily upload and share presentations, PDF documents, and images.Share your documents with the world , watch,share and upload any time you want. How can you benefit from using DocSlides? DocSlides consists documents from individuals and organizations on topics ranging from technology and business to travel, health, and education. Find and search for what interests you, and learn from people and more. You can also download DocSlides to read or reference later.
Youtube