IT255 Introduction to Information Systems Security Unit 9 - PowerPoint PPT Presentation

slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
IT255 Introduction to Information Systems Security Unit 9 PowerPoint Presentation
Download Presentation
IT255 Introduction to Information Systems Security Unit 9

play fullscreen
1 / 13
IT255 Introduction to Information Systems Security Unit 9
218 Views
Download Presentation
moswen
Download Presentation

IT255 Introduction to Information Systems Security Unit 9

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. IT255 Introduction to Information Systems Security Unit 9 Mitigation of Risk and Threats from Attacks and Malicious Code

  2. Learning Objective Explain the means attackers use to compromise systems and networks and defenses used by organizations.

  3. Key Concepts • Impact of malicious code and malware on public- and private-sector organizations • Profiling attackers and hackers • Phases of a computer attack • Security awareness training to harden User domain and teach correct use of IT assets

  4. EXPLORE: CONCEPTS

  5. What Is Malicious Code/Malware?

  6. History of Malware • 1971: “Creeper virus” spreads to Advanced Research Projects Agency Network (ARPANET). Other experimental viruses emerge throughout the 1970s with varying exposure. • 1981: “Elk cloner” becomes the first computer virus to appear in the wild or outside of a computer lab. • 1982: The first worm is jointly developed at Xerox’s Palo Alto Research Center. Used for distributed calculations, a logic error caused uncontrollable replication that crippled computers.

  7. Forms of Malware • Viruses, worms, Trojans, backdoors, rootkits, and others • Active content and botnets aremodern examples • Phishing and pharmingattacks represent modern threats

  8. Discussion Points • Motivations for attacks • Types of attackers • Goals of attackers

  9. EXPLORE: RATIONALE

  10. Discussion Point Discuss the impact of malicious code and malware on businesses and organizations.

  11. Defending Against Network Attacks • Set up protective mechanisms at every domain and layer. • Establish checkpoints at every network layer and domain category and monitor regularly. • Use intrusion detection system/intrusion prevention system (IDS/IPS) and firewall control lists to filter network-driven attacks. • Sandbox application-level attacks and scan with antivirus or anti-malware products. • Back up data regularly.

  12. End-User Awareness Training • It helps prevent incidentsand reduce risk. • End-users areweakest link insecurity chain. • Security is a specialmindset. • Consistent applicationrequires good habits.

  13. Summary • Malware encompasses a variety of malicious code. • Methods for attack progress and new trends emerge as technology improves. • Motivations explain why criminals commit acts; motivations vary but personalities generally recur. • Computer and network attacks occur in phases. • Security awareness training can reduce incidents of attacks.