Information Security in the Digital A ge

1. Information Security in the Digital Age SaliKaceli Director, Educational Technology and Distance Learning, Cairn University Email: skaceli@cairn.edu | Tel. (215) 702-4555

2. Agenda

3. Current Headlines

4. I am OK, why worry?

5. 2012 Sentinel Network: Fraud & Complaints 369,132 Source: ftc.gov http://www.ftc.gov/sentinel/reports/sentinel-annual-reports/sentinel-cy2012.pdf

6. How bad is it really? The “cyber threat is one of the most serious economic and national security challenges we face as a nation” and that “America's economic prosperity in the 21st century will depend on cybersecurity.” -http://www.whitehouse.gov/cybersecurity

7. Other Key Findings • In recent 5 years, 650% increase in attacks* • 2/3 of U.S. firms victim of cyber attacks* * http://www.infosecisland.com/documentview/21249-DHS-National-Preparedness-Report-and-Cybersecurity.html

8. Top causes of data breaches in 2012How is it possible? Source: http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v18_2012_21291018.en-us.pdf

10. What is information security? CIA of data To ensure that information and systems are available as needed To ensure accuracy & consistency of data over its entire lifecycle Data & Services To ensure protection against unauthorized access to or use of confidential information

11. The data is under attack from a variety of sources Industrial espionage DDoS attacks Social Networking Mobile and cloud computing Hactivism Phishing Water hole attacks Data & Services Cyberwarfare Malware/Viruses Vulnerabilities Exploits Tookits

12. Three Approaches to System Security

13. What can we do organizationally • Top-down approach with leadership as champions • Resource allocation: expensive • Security starts at inception and design • Data ownership • Data custodian • Data users • Policies and awareness

14. A comprehensive approach to data security Image courtesy of: http://resources.arcgis.com/en/communities/enterprise-gis/01n200000030000000.htm

15. Technical Solutions to Info. Security

16. What can we do individually? • Security Basics • Update your Operating System • Update Common Applications • Think before you click • General Security • Safeguard your password • Lock your computer (Win + L) • Use secure sites (https://) • Shred data you are disposing • Do not store sensitive data on removable media

17. http://www.microsoft.com/security/resources/videos.aspx#topofpagehttp://www.microsoft.com/security/resources/videos.aspx#topofpage

18. Sample PDF Reader Exploit

19. Sample phishing email

20. End user solutions cont. • Free means you do not have much control • Choose your friends wisely • Do not fall for phishing • Use two factor authentication whenever possible

21. Deter Threats: while on the Road

22. Deter Threats: Identity Theft

23. Detect: Phishing Attempts and Fraud

24. Detect: Malware and Spyware Picture credit: http://empireonline.com

25. Detect: Intrusions

26. Defend: Malware or Viruses

27. Detect: Identity Theft

28. Defend: Identity Theft

29. Conclusion • Assume you are a target: Think before you click • You can make a difference • It takes a comprehensive multi-layered approach Information security is the responsibility of everyone. It is going to get worse before getting any better!!!

30. Additional Resources You can make a difference. Think before you click. Contact Information: Sali Kaceli | Email: skaceli@cairn.edu | Tel. (215) 702-4555

31. Questions? Comments?