Thursday, April 3, 2008 Presenters: Dr. Tom Cupples, EdD, CISSP, MCSE Dr. Craig Klimczak, DVM, MS.
-
Upload
kimberly-gilbert -
Category
Documents
-
view
215 -
download
0
Transcript of Thursday, April 3, 2008 Presenters: Dr. Tom Cupples, EdD, CISSP, MCSE Dr. Craig Klimczak, DVM, MS.
Top 10 Security Risks For Educational
InstitutionsThursday, April 3, 2008
Presenters:Dr. Tom Cupples, EdD, CISSP, MCSE
Dr. Craig Klimczak, DVM, MS
Security Terms 101The Security Forecast ◦Technology Risks◦Personnel Risks
The Threat to Higher Education
Tools for Coping
Agenda
Thursday, April 3, 2008
Threat – potential cause of an unwanted event which could cause damage to an asset
Vulnerability – weakness of an asset that can be exploited by a threat
Impact – a measure of the effect of an event Risk – the combination of the likelihood of an
event and its potential impact Control – means of managing risk – can be
administrative, technical, managerial, or legal in nature
Security Terms 101
Reference - http://www.iso27001security.com/Top_information_security_risks_for_2008.pdf
Thursday, April 3, 2008
VoIP Professional Attack Toolkits Virtualization Online gaming Vista Storm Worms Pump and Dump Social Networking Sites Online applications Phishing
The Security Forecast CRN
Reference - http://www.crn.com/security/203600054?queryText=top+10+risks+2008
Thursday, April 3, 2008
Browser vulnerabilities Botnets Targeted Phishing VoIP/Mobile Devices Insider Attacks Persistent Bots Spyware Web Applications Blended Phishing with VoIP & Event Phishing Supply chain attacks
The Security Forecast SANS
Reference - http://www.sans.org/top20/
Thursday, April 3, 2008
Web 2.0 Botnets Instant Malware Online Gaming Vista Adware Targeted Phishing Parasitic Malware Virtualization VoIP
The Security Forecast McAfee
Reference - http://www.mcafee.com/us/local_content/white_papers/threat_center/wp_avert_predictions_2008.pdf
Thursday, April 3, 2008
Botnets Malware Online Gaming Social Networking Sites Key Dates of Opportunity Web 2.0 Vista Mobile Devices
The Security Forecast Computer Associates
Reference - http://www.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97702
Thursday, April 3, 2008
Bot Evolution Election Campaigns Mobile Platforms Spam Evolution Virtual Worlds
The Security Forecast Symantec
Reference - http://www.symantec.com/about/news/resources/press_kits/detail.jsp?pkid=endofyear
Thursday, April 3, 2008
VoIP/Mobile Devices & Platforms Professional Attack Toolkits Virtualization & Vista Online & Web-based Applications Browser Vulnerabilities Botnets & Persistent Bots & Bot Evolution Spyware Supply Chain Attacks Web 2.0 Instant Malware, Parasitic Malware & Adware
Technology Risks
Thursday, April 3, 2008
Online Gaming Storm Worms Pump and Dump Social Networking Sites Event, Targeted, & Blended Phishing Insider Attacks Key Dates of Opportunity & Election Campaigns Virtual Worlds
Personnel Risks
Thursday, April 3, 2008
Web Applications Social Engineering Cyber Terrorism Communications Human Error/Lack of Training Crisis Management Strong Passwords/ID Protection Networks (Physical-Wireless, Logical-Social) Identity Life Cycle Management PCI Standard for Payment Acceptance
The Threat to Higher Education
Thursday, April 3, 2008
Microsoft (http://www.microsoft.com/downloads/details.aspx?familyid=E9C4BFAA-AF88-4AA5-88D4-0DEA898C31B9&displaylang=en)
Sun Microsystems (http://www.javapassion.com/j2ee/WebSecurityThreats.pdf)
Tools for Coping with Web Application Threats
Thursday, April 3, 2008
Education Policy Development Procedure Development & Personnel
Training Monitoring
Thursday, April 3, 2008
Tools for Coping with Social Engineering Threats
Federal Bureau of Investigation (http://www.fbi.gov/)
Law Enforcement Training Site (http://www.counterterrorismtraining.gov/pubs/02.html)
Department of Homeland Security (http://www.dhs.gov/index.shtm)
Thursday, April 3, 2008
Tools for Coping with Cyber Terrorism Threats
International Telecommunications Union (http://www.itu.int/net/home/index.aspx)
Federal Communications Commission (http://www.fcc.gov/pshs/)
National Institute of Standards and Technology (http://csrc.nist.gov/)
Thursday, April 3, 2008
Tools for Coping with Communications Threats
Education Policy Development Procedure Development & Personnel
Training Monitoring
Thursday, April 3, 2008
Tools for Coping with Human Error & Lack of
Training
Missouri Department of Homeland Security (http://www.dps.mo.gov/HomelandSecurity/)
Missouri Campus Security Task Force (http://www.dps.mo.gov/CampusSafety/index.htm)
FEMA (http://www.fema.gov) Local Law Enforcement
Thursday, April 3, 2008
Tools for Coping with Crisis Management
Microsoft “How-to” (http://www.microsoft.com/protect/yourself/password/create.mspx)
Microsoft ‘Password Checker” (http://www.microsoft.com/protect/yourself/password/checker.mspx)
Microsoft - What is a Strong Password? (http://technet2.microsoft.com/windowsserver/en/library/d406b824-857c-4c2a-8de2-9b7ecbfa6e511033.mspx?mfr=true)
SANS Tutorial (http://www.sans.org/reading_room/whitepapers/authentication/1636.php)
Thursday, April 3, 2008
Tools for Coping with Strong Passwords & ID Protection Threats
Use Encryption for ◦ Storing Usernames and Passwords◦ Transmitting Usernames and Passwords◦ Storing Files◦ Transmitting files on a
Local Area Network Virtual Private Network Intranet/Extranet
Use two factor authentication when possible Enforce Strong Passwords Use Password Policies that require timely
changes in passwords
Thursday, April 3, 2008
Tools for Coping with Networks
◦ Microsoft (http://www.microsoft.com/windowsserver2003/technologies/idm/ilm.mspx)
◦ Sun Microsystems (http://www.sun.com/storagetek/white-papers/identity_enabled_ilm.pdf)
Thursday, April 3, 2008
Tools for Identity Life Cycle
Management
PCI Standard Website (http://www.pcistandard.com/home.html)
PCI Standard White Paper (https://www.pcisecuritystandards.org/pdfs/pci_dss_v1-1.pdf)
PCI Forum (http://www.pciforum.us/pci/)
Thursday, April 3, 2008
Tools for PCI Standard for Payment Acceptance
There is no guarantee of total security. The best that can be accomplished is
managing the threats Know your enemy!
Conclusion
Thursday, April 3, 2008
Dr. Tom Cupples [email protected]
Dr. Craig [email protected]
http://www.stlcc.edu
Thursday, April 3, 2008
Questions?