This is simply an overview of security and threat landscape in the information technology industry.
It was written by OKONKWO UZONNA, uzonnacyril@gmail.com, +2348064586915
2. Overview Of IT Security
• Security
• Concepts of Security
• Categories of Security
• Proffer solution to security lapses
• IT security (Attacks Threats & Breaches)
4. Categories Of Security
1. IT Environment
2. Political Environment
3. Monetary Environments
4. Physical Environment
5. The Concept Of Security
1. Assurance
2. Countermeasure
3. Defense in depth
4. Risk
5. Threat
6. Vulnerability
7. Exploit
6. Solution To Security Lapses
Security and System design
Detailed Security measures
a. Threat Prevention
b. Detection
c. Response
• Research on reducing vulnerabilities.
• Detailed Security Architecture.
8. INTRODUCTION TO IT SECURITY
Information technology (IT) is the application of
computers and telecommunications equipment to store,
retrieve, transmit and manipulate data in business or other
enterprise.
Security Is the degree of resistance –to or protection from-
harm.
9. INTRODUCTION TO IT SECURITY
Technology is all around us and it keeps evolving. The
‘Internet of things’ brings with it new challenges. Like
Attacks, Threats & Breaches.
10. Threat
It is a communicated intent to inflict harm or loss
11. Breaches
Are gaps in standard operating procedure or failing to
observe standard rules, written policies, guidelines and
routines, a law, agreement, or code of conduct.
12. History of Threats and Breaches
1997 – Viruses & Worms
• 2004 – Adware & Spywares
13. History of Threats and Breaches
2007 – DDOs & APTs
(Distributed Denial Of service & Advanced Persistent
Attack)
DDOs.
Its simply a malicious attempt to make a server or a
network resource(i.e., website, email, voice or a whole
network) unavailable to users, usually by interrupting or
suspending the services of a host connected to the Internet.
14. History of Threats and Breaches
APTs
is a network attack in which an unauthorized person gains access
to a network and stays there undetected for a long period of time.
The purpose of an APT attack is to steal data rather than to cause
damage.
15. History of Threats and Breaches
2010 – 2014 – Dill Date
RANSOMWARE
This is simply a type of malware which
restricts access to the computer system that
it infects, and demands a ransom paid to the
creator(s) of the malware in order for the
restriction to be removed.
16. History of Threats and Breaches
HACTIVISIM
This is the use of computers and computer networks as a
means of protest to promote personal or political ideas,
gains and ends. E.g. Anonymous & GOP.
STATE SPONSORED INDUSTRIAL ESPIONAGE
Next Gen APTS & Utilizing Web Infrastructure
Sony attack by GOP (Guardians of Peace)
17. IT SECURITY
Organization everywhere are been attacked and
breached. The list is endless.
• Large corporation
• Governments
• Non profits
• Retail companies
• Social Networks
19. How Do These Attacks Happen.
Any modern attack comprises of three (3) Parts.
a. Social Engineering.
b. Malware Injection
c. Remote Control
20. How Do These Attacks Happen
a. Social Engineering.
* Identity Target
* Gather information
* Lunch attack
21. How Do These Attacks Happen
b. Malware Injection
* Attack Arrives
* User Clicks
* Exploits Executes
22. How Do These Attacks Happen
c. Remote Control
* Malware installed
* Computer controlled
* Wait for Instruction
23. A Bots
1. Uploading data to remote servers
2. Changes local configuration systems
3. Executes hardware- software compatibility
4. Propagates malware to other machines and even
participates in coordinating attacks against the
controllers chosen target.
25. Effect of Attacks & Breaches on
Customers and Clients
Data loss
Business interruption & loss of man-hour
Hurting of the organization’s public image
Cost (billions of dollars)
26. Notable Attacks & Breaches
Lets talk specifics
1. In 2007, American Apparel and home company, TJX was a
victim of “unauthorized computer system intrusion”. The
hacker gained access to the Data store which held credit card,
debits card, cheques value and transactions.
2. Global Surveillance Disclosures in 2013.
3. Target Stores & Home Depot Breaches by Rescator
27. QUESTION
HOW DO WE MITIGATE THESE ATTACKS, THREATS
AND BREACHES……..?
For me its,
* Understanding the IT industry.
* IT security solution.