1 / 14

Computer Security

Computer Security. Mike Asoodeh & Ray Dejean Office of Technology Southeastern Louisiana University. Security is a critical area of any information system, and the question is not ‘is the information system vulnerable?’ but ‘how vulnerable is it?’. Security Realities.

ekeech
Download Presentation

Computer Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Security Mike Asoodeh & Ray Dejean Office of Technology Southeastern Louisiana University

  2. Security is a critical area of any information system, and the question is not ‘is the information system vulnerable?’ but ‘how vulnerable is it?’.

  3. Security Realities • Impenetrable security doesn’t exist • Too many facts, not enough information • Human-made environment

  4. Facts • Recent attacks on seemingly "secure" sites such as The White House, DOD, FBI and Microsoft.com have proven that despite massive public and private investment in cyber defense technology and methodology, hackers continue to pose a serious threat to the "information infrastructure."

  5. Facts • These days invasions are experienced directly (perhaps for the first time) by the growing masses of casual web surfers. Personal protection techniques available: • What you know • What you have • What you are

  6. Facts • Computer related attacks double annually Viruses, Hoax and inviting emails, Chain letters (spam) • 68% acknowledge financial loss • 90% not reported • 74% used internet connection as POA

  7. Classical Security Model • Isolated islands behind protective barriers • Security management was mainly access control administration of limited numbers of system users (a.k.a. Employees)

  8. Traditional Access Points

  9. eBusiness Model • Open to partners • Open to customers • Open to hackers, thieves, malicious code

  10. New Access Points

  11. A Systemic Approach to Security • Identification of the risks to the environment and business • Development of a security policy that is consistent with business objectives and requirements • Translation of policy into practice through technology and operational Best Practices • Business continuity Plan • Properly trained and trustworthy staff

  12. New Security Considerations Internet / Intranet Attacks • Vandalism/hacktivism • Denial of service • Virus and other malicious code infection • Information theft • Intrusion • Exploitation of assets

  13. New Security Considerations Trust • Identity of partners • Identity of customers • Identity of employees

  14. New Security Considerations Privacy and protection of identity • prevent data interception and data spoofing with a Policy Based Access Control • Who can access data? • Who can invoke service? • Who can impact system? • Are our Assets protected?

More Related