1 / 17

The Role of People in Security

The Role of People in Security . Chapter 4. Technology?. Can technology alone provide the best security for your organization?. Biggest Threat to Security.

merry
Download Presentation

The Role of People in Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Role of People in Security Chapter 4

  2. Technology? • Can technology alone provide the best security for your organization?

  3. Biggest Threat to Security • Your organization can have the best and the latest technology to provide security. But, if that technology is not used properly or ignored, then your organization is at risk. • The biggest threat for your organization is from internal sources. • People (Employees, Custodians, Consultants etc.) are the biggest security threat to an organization’s security.

  4. Poor Security Practices • The users often pick something easy for them to remember, which means that the more you know about the user, the better your chances of discovering their passwords.

  5. Password Dilemma • Password Dilemma - The more difficult we make it for attackers to guess our passwords, and the more frequently we force password changes, the more difficult the passwords are for authorized uses to remember and the more likely they are to write them down.

  6. Piggybacking • Piggybacking – is the simple tactic of following closely behind a person who has just used their own access card or PIN to gain physical access to a room or a building.

  7. Shoulder Surfing • Shoulder Surfing –is a similar procedure in which attackers position themselves in such a way as to be able to observe the authorized user entering the correct access code.

  8. Dumpster Diving • Dumpster Diving – is the process of going through (searching) the target’s trash cans/ bins in order to find little bits of information that could be useful for a potential attack.

  9. Installing Unauthorized Hardware and Software • System administrators should restrict the normal users from installing unnecessary hardware and software. • Software’s such as communication tools (messenger's and VOIP clients) and games should not be installed on your computer without the knowledge of the system administrator.

  10. Installing Unauthorized Hardware and Software • When a normal user installs unauthorized software or hardware, he is setting up a backdoor. • Backdoor –Backdoors are avenues that can be used to access a system while circumventing normal security mechanisms.

  11. Access by Non-Employee • If any unauthorized person can gain physical access to a faculty, chances are very good that enough information has been collected to plan a potential attack, or carry out any unlawful activity. • Common method used to prevent unauthorized access is the use of identification badge/ card (id cards). • Problems with identification badge • Easy to forge • Often neglected or ignored

  12. Access by Non-Employee • How do you prevent genuine employees from planning an attack or collecting sensitive information? • Examples • Consultants • Business Partners • Janitorial and security staff

  13. Social Engineering • Social Engineering – is a technique in which the attacker uses various deceptive practices to obtain information they would normally not be privilege to, or to convince the target of the attack to do something they normally wouldn't. Attacker Target Attacker contacts the Target

  14. Reverse Social Engineering • Reverse Social Engineering – in this technique, the attacker hopes to convince the target to initiate the contact. Target Attacker Target contacts the Attacker

  15. Reverse Social Engineering • Social Engineering and Reverse Social Engineering are very common when the organization is going through some significant changes. • Deployment of new software and hardware • When two companies merge

  16. Employees as a Security Tool • Employees/ People can be the biggest threat to the organization’s security, but, they can also be the best tool in defending against social engineering, reverse social engineering and other security breaches and break-ins. • Organization can implement stringent policies and procedure that establishes the roles and responsibilities for all the employees within an organization.

  17. Security Awareness/ Training Program • Providing periodic security awareness and training programs to all the employees is the single most important step any organization can take to prevent against any attacks, especially social engineering and reverse social engineering . • Employees should know the importance of information and also, they should know what kind of information is sensitive to their organization.

More Related