introduction to information security
play

Introduction to Information Security CODATA School Hannah Short - PowerPoint PPT Presentation

Jan 12, 2023 •275 likes •948 views

Introduction to Information Security CODATA School Hannah Short (CERN), Sebastian Lopienski (CERN) August 12, 2018 Introduction to Information Security 2 Lecturers These slides have been compiled by members of the CERN Computer Security Team

  2. Introduction to Information Security CODATA School Hannah Short (CERN), Sebastian Lopienski (CERN) August 12, 2018 Introduction to Information Security 2

  3. Lecturers These slides have been compiled by members of the CERN Computer Security Team based at CERN, the European Organisation for Nuclear Research. Hannah Short Sebastian Lopienski August 12, 2018 Introduction to Information Security 3

  4. Why Security? Data Security Concepts Security Objectives Guidelines and Principles Data Privacy August 12, 2018 Introduction to Information Security 4

  5. Course Objectives • Understand why Security is important for you as a Data Scientist • Familiarise yourself with the basic principles of Information Security Note: If the slide title is in red, the slide is considered an advanced topic August 12, 2018 Introduction to Information Security 5

  6. Why Security? August 12, 2018 Introduction to Information Security 6

  7. Why Security? • You are constantly exposed to reputational, financial and even physical risks online • The aim is to minimise your exposure to risk through • Secure online activity • Secure software design August 12, 2018 Introduction to Information Security 7

  8. Safety vs Security Safety is about protecting from accidental risks • road safety • air travel safety Security is about mitigating risks of dangers caused by intentional, malicious actions • homeland security • airport and aircraft security • information and computer security August 12, 2018 Introduction to Information Security 8

  9. Why is security difficult? Security is as strong as the weakest link. There is no 100% security! August 12, 2018 Introduction to Information Security 9

  10. What is risk? • Probability * impact • Risks should be: Assessed, Prioritised, Mitigated, Avoided and finally Accepted August 12, 2018 Introduction to Information Security 10

  11. Typical Threats But we’re Scientists, surely we’re not a target...! August 12, 2018 Introduction to Information Security 11

  12. Typical Threats http://news.bbc.co.uk/2/hi/technology/7616622.stm August 12, 2018 Introduction to Information Security 12

  13. Typical Threats https://www.wired.com/2008/09/hackers-infiltr/ August 12, 2018 Introduction to Information Security 13

  14. Attackers August 12, 2018 Introduction to Information Security 14

  15. Hacking as a Business August 12, 2018 Introduction to Information Security 15

  16. Hacking as a Business August 12, 2018 Introduction to Information Security 16

  17. Why Security - Summary • Security = mitigating risk of malicious actions • Science is an interesting target for bad guys/girls August 12, 2018 Introduction to Information Security 17

  18. Data Security Concepts August 12, 2018 Introduction to Information Security 18

  19. Data Security Concepts At the heart of Security we have three key components: • Technology • Processes • People August 12, 2018 Introduction to Information Security 19

  20. Technology We will come back to some of this in part 2 of our lecture course :) August 12, 2018 Introduction to Information Security 20

  21. Processes “Security is a process, not a product” - Bruce Schneier August 12, 2018 Introduction to Information Security 21

  22. Processes Security Measure Requires Antivirus software Virus signature Updates Monitoring systems Checking, reacting to alarms Endpoint security OS and software patching Security policies Updating, enforcing Risk management, vulnerability management, business continuity planning, security development lifecycle etc... these are ongoing processes, not one-off exercises. August 12, 2018 Introduction to Information Security 22

  23. Processes August 12, 2018 Introduction to Information Security 23

  24. Processes Security solutions often degrade with time - they need to be verified periodically! August 12, 2018 Introduction to Information Security 24

  25. People • Have flawed risk perception • Are bad at dealing with exceptions and rare cases • Can’t take correct security decisions • Put too much trust in their computers • Easily fall for social engineering • Sometimes turn malicious • Prefer convenience and bypass security measures • Often make mistakes... August 12, 2018 Introduction to Information Security 25

  26. Risk Perception Is flying more dangerous than traveling by car? Are you more likely to be killed by a shark, a pig or a coconut? August 12, 2018 Introduction to Information Security 26

  27. Social Engineering https://www.smbc-comics.com August 12, 2018 Introduction to Information Security 27

  28. Social Engineering • First the Social Engineer gathers information: • Public and semi public information; names, hierarchy, who’s on holiday, project names etc • Armed with the information they: • Use influence, persuasion or threat • Abuse people’s compassion, fear or greed • Exploit tendency to trust and help • In order to gain unauthorised access to systems or information August 12, 2018 Introduction to Information Security 28

  29. Taking security decisions Users typically make poor security choices despite systems trying to protect them! August 12, 2018 Introduction to Information Security 29

  30. And sometimes it’s just plain difficult August 12, 2018 Introduction to Information Security 30

  31. Data Security Concepts - Summary • Processes must be ongoing, security degrades with time • People often provide the easiest way for an attacker to compromise the system • Security is only as strong as the weakest link - don’t lock the front door but leave the back door open! August 12, 2018 Introduction to Information Security 31

  32. Security Objectives August 12, 2018 Introduction to Information Security 32

  33. Security Objectives Computer Security aims to meet these objectives: • Confidentiality • Integrity • Availability We will start with a quick look at Identity, as this is essential for meeting security objectives! August 12, 2018 Introduction to Information Security 33

  34. Identity Online Identity is really no different from your real life Identity! Your Identity is the answer to the question: “who are you?” • It could be a username for a website • It could be a government ID • It could be a digital certificate August 12, 2018 Introduction to Information Security 34

  35. Authentication and Authorisation August 12, 2018 Introduction to Information Security 35

  36. Authentication and Authorisation Authentication = How can I prove my Identity? August 12, 2018 Introduction to Information Security 36

  37. Authentication and Authorisation Authorisation = What am I able to do? August 12, 2018 Introduction to Information Security 37

  38. Multifactor Authentication Factor Description Example 1 Something you know Password, pin 2 Something you have Phone, Yubikey 3 Something you are Fingerprint, iris scan Which is most secure? August 12, 2018 Introduction to Information Security 38

  39. Security Objectives • Confidentiality • Integrity • Availability Can the correct people access the data at the correct time? Security Tip: Pay attention to where your data is stored and how it is shared! August 12, 2018 Introduction to Information Security 39

  40. Confidentiality • Your online identity is as valuable as your passport • Your authorisation may be misused if it falls into the wrong hands Security Tip: Store your secrets safely, not in the public domain, e.g. github August 12, 2018 Introduction to Information Security 40

  41. August 12, 2018 Introduction to Information Security 41

  42. How bad can it be? • 5 minutes exposure • $2,375 • Plus it could have been avoided, Amazon has a service (IAM) to manage keys securely... https://www.theregister.co.uk/2015/01/06/dev_blunder_ shows_github_crawling_with_keyslurping_bots/ August 12, 2018 Introduction to Information Security 42

  43. Security Objectives • Confidentiality • Integrity • Availability Can we be sure that the data is reliable and hasn’t been altered? Security Tip: Reduce the risk of impersonation, enable multi-factor authentication wherever possible! August 12, 2018 Introduction to Information Security 43

  44. Security Objectives • Confidentiality • Integrity • Availability Is the data available? Are our systems reliable? Security Tip: Keep backups! August 12, 2018 Introduction to Information Security 44

  45. Security Objectives - Summary • Key objectives: Confidentiality, Integrity and Availability • Consider disaster scenarios and plan for them • Authentication and Authorisation are critical to meeting security objectives August 12, 2018 Introduction to Information Security 45

  46. Guidelines and Principles August 12, 2018 Introduction to Information Security 46

  47. Security Measures Is this a good security measure? August 12, 2018 Introduction to Information Security 47

  48. Security Measures • What problem is it trying to solve? • Does it help? • Does it introduce new problems? • What are the costs? August 12, 2018 Introduction to Information Security 48

  49. Security Measures How much security? It’s a balance of risk, usability and cost August 12, 2018 Introduction to Information Security 49

Recommend

Introduction to information security Lecture #1 Security in Organizations 2011 Eric Verheul 1

Introduction to information security Lecture #1 Security in Organizations 2011 Eric Verheul 1

Introduction to information security Lecture #1 Security in Organizations 2011 Eric Verheul 1 Outline The lectures I will give Information Security events in the media What is Information Security? Recap Study for next

749 views • 45 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
System Security I: Introduction TDDD17 Information Security, Second Course Ulf Kargn

System Security I: Introduction TDDD17 Information Security, Second Course Ulf Kargn

System Security I: Introduction TDDD17 Information Security, Second Course Ulf Kargn Department of Computer and Information Science Linkping University System Security 2 Security in computer systems Hardware (System)

838 views • 56 slides
Information Technology Security Presentation to Joint Legislative Committee on Information

Information Technology Security Presentation to Joint Legislative Committee on Information

Information Technology Security Presentation to Joint Legislative Committee on Information Technology Oversight Chip Moore State Chief Information Security Officer Office of Information Technology Services December 13, 2012 Introduction

353 views • 12 slides
HOW TO WRITE AN INFORMATION SECURITY POLICY INTRODUCTION This section is intended to help you

HOW TO WRITE AN INFORMATION SECURITY POLICY INTRODUCTION This section is intended to help you

HOW TO WRITE AN INFORMATION SECURITY POLICY INTRODUCTION This section is intended to help you produce an information security policy. Some of the information contained here is of a particularly detailed and complex nature and may not, therefore,

469 views • 8 slides
Introduction to the course Information Security Daniel Bosk Department of Information Systems

Introduction to the course Information Security Daniel Bosk Department of Information Systems

Scope and aims Course structure and content overview Course content Assessment Introduction to the course Information Security Daniel Bosk Department of Information Systems and Technology Mid Sweden University, Sundsvall School of

801 views • 29 slides
A brief introduction to information security Part II Tyler Moore Computer Science &

A brief introduction to information security Part II Tyler Moore Computer Science &

Notes A brief introduction to information security Part II Tyler Moore Computer Science & Engineering Department, SMU, Dallas, TX August 28 & 30, 2012 Engineered defenses to achieve protection goals Security threats Countering

369 views • 14 slides
Introduction to Security Prof. Tom Austin San Jos State University Why should we learn about

Introduction to Security Prof. Tom Austin San Jos State University Why should we learn about

CS 166: Information Security Introduction to Security Prof. Tom Austin San Jos State University Why should we learn about information security? Computer Security in the News Computer Crime for Fun & Profit Attackers have gone from

942 views • 48 slides
So You Want to Be an Information Security Officer? Presented by: Art Bakke Information Security

So You Want to Be an Information Security Officer? Presented by: Art Bakke Information Security

So You Want to Be an Information Security Officer? Presented by: Art Bakke Information Security Officer Background Personal Starion Bank Arts Goals Highlight the typical responsibilities of an Information Security Officer from

778 views • 22 slides
17Nov19 Information Security Essentials Recognizing Threats in Your Daily Routine This

17Nov19 Information Security Essentials Recognizing Threats in Your Daily Routine This

17Nov19 Information Security Essentials Recognizing Threats in Your Daily Routine This module will teach you what is information security, how to identify and avoid potential security risks in the workplace and beyond. 1 Introduction

406 views • 7 slides
DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security

DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security

DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security Information Assessment Brand Operation Consultancy & Security Protection Penetration Awareness Centre Testing External Networks

474 views • 44 slides
INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

Leading a Secured Digital Life. INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC Hyderabad keeping yourself and your family safe in a tech driven world Ministry of Electronics & Information

510 views • 11 slides
11/15/2012 Storage of Classified Information DoD Information Security Program 1 Information

11/15/2012 Storage of Classified Information DoD Information Security Program 1 Information

11/15/2012 Storage of Classified Information DoD Information Security Program 1 Information Security Webinar Storage of Classified Information Host: Treva Alexander, SAPPC Information Security Course Manager, DSS - CDSE Gained experience in

329 views • 14 slides
Information System Security Chapter 1:Introduction Dr. Loai Tawalbeh Faculty of Information

Information System Security Chapter 1:Introduction Dr. Loai Tawalbeh Faculty of Information

Information System Security Chapter 1:Introduction Dr. Loai Tawalbeh Faculty of Information system and Technology, The Arab Academy for Banking and Financial Sciences. Jordan Dr. Loai Tawalbeh summer 2006 Chapter 1 Introduction

253 views • 10 slides
Introduction to Web Application Security Professor Larry Heimann Web Application Security

Introduction to Web Application Security Professor Larry Heimann Web Application Security

Introduction to Web Application Security Professor Larry Heimann Web Application Security Information Systems Course Business Course site: http://67327.cmuis.net Schedule Reading Assignments in-class labs -- laptops w/ 272

981 views • 10 slides
Introduction to Web Application Security Professor Larry Heimann Web Application Security

Introduction to Web Application Security Professor Larry Heimann Web Application Security

Introduction to Web Application Security Professor Larry Heimann Web Application Security Information Systems Course Business Course site: https://67327.cmuis.net Schedule Reading Assignments in-class labs -- laptops w/ 272

1.31k views • 11 slides
The Zen of Information Security Joshua Hill March 1 st , 1999 The Goals of Information Security

The Zen of Information Security Joshua Hill March 1 st , 1999 The Goals of Information Security

The Zen of Information Security Joshua Hill March 1 st , 1999 The Goals of Information Security Aside from Fame, Fortune and the Pursuit of Members of the Appropriate Sex What is Information Security? 1. Information Integrity Persistence

543 views • 11 slides
Introduction to Symbolic Verification Methods David Basin Institute of Information Security ETH

Introduction to Symbolic Verification Methods David Basin Institute of Information Security ETH

Introduction to Symbolic Verification Methods David Basin Institute of Information Security ETH Zurich Road map Motivation Basic notions Problems Symbolic models 1 Security protocols Omnipresent Authentication:

827 views • 37 slides
INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

Leading a Secured Digital Life. INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC Hyderabad keeping yourself and your family safe in a tech driven world Toll Free No : 1800 425 6235 Ministry of

460 views • 8 slides
INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

Leading a Secured Digital Life. INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC Hyderabad keeping yourself and your family safe in a tech driven world Toll Free No : 1800 425 6235 Ministry of

291 views • 10 slides
A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security Introducing Spring Security View layer security Whats coming in Spring Security 3 E-mail: craig@habuma.com Blog: http://www.springloaded.info

452 views • 19 slides
INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

Leading a Secured Digital Life. INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC Hyderabad keeping yourself and your family safe in a tech driven world Free No : 1 1800 0 425 6 6235 Toll F

357 views • 12 slides
INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

Leading a Secured Digital Life. INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC Hyderabad keeping yourself and your family safe in a tech driven world Free No : 1 1800 0 425 6 6235 Toll F

264 views • 24 slides
Cryptography & Network Security Introduction Introduction Chester Rebeiro IIT Madras CR

Cryptography & Network Security Introduction Introduction Chester Rebeiro IIT Madras CR

Cryptography & Network Security Introduction Introduction Chester Rebeiro IIT Madras CR The Connected World CR 2 Information Storage CR 3 Increased Security Breaches 81% more in 2015 CR

1.46k views • 29 slides

More recommend