1 / 22

Unit 7 - Organisational Systems Security

Lesson 4 – Information security. Unit 7 - Organisational Systems Security. Last Session. Counterfeit Goods Information security: confidentiality integrity and completeness of data availability of data as needed. This Session. Complete assignment 1 Physical security Lock and key CCTV

teddy
Download Presentation

Unit 7 - Organisational Systems Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lesson 4 – Information security Unit 7 - Organisational Systems Security

  2. Last Session • Counterfeit Goods • Information security: confidentiality • integrity and completeness of data • availability of data as needed

  3. This Session • Complete assignment 1 • Physical security • Lock and key • CCTV • Intrusion detection • Port lockdown • Biometrics

  4. Physical Security • Lock and Key • Equipment identification • CCTV • Intrusion detection systems • Staff and visitor identification • Access control [sign in/sign out] systems • Security personnel • Shielding network cables and wireless communication systems • Port Lockdown

  5. Lock and Key • Secure mobile devices • Master keys for whole building • Submaster for group of rooms eg server rooms • Log of who keys are issued to • Uncuttable keys • Digital keypads/ card entry Observation of code Tail-gating Passing code on to others Building weaknesses: plasterboard partitions, ceiling spaces, unsecured doors.

  6. Equipment identification • Deterrent • Aids recovery • Assists prosecution of offenders • Indelible ink • Ultra-violet sensitive ink • Marking with ‘DNA’ compound created for your organisation.

  7. CCTV • ‘no official (or even unofficial) statistics on how many CCTV cameras there are. The information commissioner doesn't know, the government has repeatedly told parliament that figures are not collected’ Channel 4 Factcheck, 2008 • Estimates vary: 4.2 million (2002, Michael McCahill and Clive Norris), 1.2 million 2007 Edexcel • One camera for every 14 people (David Davies, 2008) • invasion of privacy?

  8. CCTV • Monitor remote locations • Comprehensive record 24/7 of events • Visible cameras modify behaviour and can be a deterrent • Admissible as evidence • Technology and image quality continually improving, most can tilt, zoom and pan • Can include directional microphone • Covert surveillance

  9. Intrusion detection systems • Detect human presence • Passive infrared detects body heat • Microphones detect movement and enable listening • Circuit breakers for doors, windows, hatches • Pressure sensitive pads for floors • Low-power lasers

  10. Staff and visitor identification • Identity badges for staff and visitors • Used in combination with automated access • Personnel database • Can signify role, department, level of access etc • Visitor cards will have an ’expiry’ date

  11. Access control [sign in/sign out] systems • Swipe cards • Dongles • System logs entry and exit • Can be programmed to allow access door by door or at certain times only • Keys can be disabled if not returned when employee leaves • Can be reprogrammed when roles change • May not contain info other than identifier can be used by wrong person

  12. Security personnel • Know most people in organisation (if not all) • Can identify suspicious or unusual behaviour • Monitor buildings out-of-hours

  13. Shielding network cables and wireless communication systems • Signal travelling along copper cable emits electromagnetic field, can be analysed to discover the data • Fibre optics requires considerable effort and possible damage • Shielded cables – dampen ‘noise’ from the cable and prevent external magnetic interference from power sources etc. • Wireless systems less secure; WEP encryption. • Total trust – preconfigure devices so that not just any device can join.

  14. Port Lockdown • Eg wall socket which ethernet cable plugged into; if port is inactive should be ‘locked down’ in central communications room. • Achieved by remote access to switch and disabling port, or unplug the cable. • Prevents additional devices joining system

  15. Biometrics • Fingerprint recognition • Retinal scans • Iris scans • Voice recognition • Other biometric technologies

  16. Fingerprint recognition • Used for over 100 years, 1 in 75 million identical • Can be reproduced using super-glue and Vaseline • Fine watery solution allows detection and scanners to operate. • Some scanners may use rapid laser to detect ridges. • Or electro-static sensitive pad detects current in the small quantities of water • Often used with another system e.g. International travel combines fingerprints with passport/visa in some countries

  17. Retinal scans Retina is the back of the eye Biologically unique configuration Very difficult to change without considerable damage – Fingerprints can be cut or burnt Remains same from birth Takes about two seconds to complete Requires close proximity of subject

  18. Iris scans Which film? Minority report • Another unique feature of the eye • Remember Madeline McCann? • Can be carried out while subject wearing glasses or contact lenses (unlike retinal scan) • Unlikely to change at all during lifetime A public iris scanning device has been proposed in a patent from Samoff Labs in New Jersey. The device is able to scan the iris of the eye without the knowledge or consent of the person being scanned. http://www.technovelgy.com/ct/Science-Fiction-News.asp?NewsNum=930 "false match" less than one time per one hundred billion.

  19. Voice recognition • Considerable limitations • Voices change according to circumstance: • Stress, excitement, tiredness, illness, age! • Use of other devices to circumvent eg mobile phones • Used together with other systems eg CCTV • Recent improvements used in games consoles, important for people with disability e.g. For speech to text systems

  20. Other biometric technologies • Facial recognition systems (with CCTV) • Identifying suspicious behaviour through analysing posture/behaviour • What could be next?

  21. Automated Human Body Odor Recognition System

  22. Assignment 1 • Know your threats • P1 - Explain the impact of different types of threat on an organisation. • M1 - Discuss information security.

More Related