SlideShare a Scribd company logo
1 of 28
Download to read offline
INTRODUCTION TO IT SECURITY
OKONKWO UZONNA
Overview Of IT Security
• Security
• Concepts of Security
• Categories of Security
• Proffer solution to security lapses
• IT security (Attacks Threats & Breaches)
Definition
 Security
Is the degree of resistance –to or protection from-harm.
Categories Of Security
1. IT Environment
2. Political Environment
3. Monetary Environments
4. Physical Environment
The Concept Of Security
1. Assurance
2. Countermeasure
3. Defense in depth
4. Risk
5. Threat
6. Vulnerability
7. Exploit
Solution To Security Lapses
 Security and System design
 Detailed Security measures
a. Threat Prevention
b. Detection
c. Response
• Research on reducing vulnerabilities.
• Detailed Security Architecture.
Presentation 1 security
INTRODUCTION TO IT SECURITY
 Information technology (IT) is the application of
computers and telecommunications equipment to store,
retrieve, transmit and manipulate data in business or other
enterprise.
 Security Is the degree of resistance –to or protection from-
harm.
INTRODUCTION TO IT SECURITY
 Technology is all around us and it keeps evolving. The
‘Internet of things’ brings with it new challenges. Like
Attacks, Threats & Breaches.
Threat
 It is a communicated intent to inflict harm or loss
Breaches
Are gaps in standard operating procedure or failing to
observe standard rules, written policies, guidelines and
routines, a law, agreement, or code of conduct.
History of Threats and Breaches
 1997 – Viruses & Worms
• 2004 – Adware & Spywares
History of Threats and Breaches
 2007 – DDOs & APTs
(Distributed Denial Of service & Advanced Persistent
Attack)
DDOs.
Its simply a malicious attempt to make a server or a
network resource(i.e., website, email, voice or a whole
network) unavailable to users, usually by interrupting or
suspending the services of a host connected to the Internet.
History of Threats and Breaches
APTs
is a network attack in which an unauthorized person gains access
to a network and stays there undetected for a long period of time.
The purpose of an APT attack is to steal data rather than to cause
damage.
History of Threats and Breaches
 2010 – 2014 – Dill Date
RANSOMWARE
This is simply a type of malware which
restricts access to the computer system that
it infects, and demands a ransom paid to the
creator(s) of the malware in order for the
restriction to be removed.
History of Threats and Breaches
HACTIVISIM
This is the use of computers and computer networks as a
means of protest to promote personal or political ideas,
gains and ends. E.g. Anonymous & GOP.
STATE SPONSORED INDUSTRIAL ESPIONAGE
Next Gen APTS & Utilizing Web Infrastructure
Sony attack by GOP (Guardians of Peace)
IT SECURITY
Organization everywhere are been attacked and
breached. The list is endless.
• Large corporation
• Governments
• Non profits
• Retail companies
• Social Networks
Presentation 1 security
How Do These Attacks Happen.
Any modern attack comprises of three (3) Parts.
a. Social Engineering.
b. Malware Injection
c. Remote Control
How Do These Attacks Happen
a. Social Engineering.
* Identity Target
* Gather information
* Lunch attack
How Do These Attacks Happen
b. Malware Injection
* Attack Arrives
* User Clicks
* Exploits Executes
How Do These Attacks Happen
c. Remote Control
* Malware installed
* Computer controlled
* Wait for Instruction
A Bots
1. Uploading data to remote servers
2. Changes local configuration systems
3. Executes hardware- software compatibility
4. Propagates malware to other machines and even
participates in coordinating attacks against the
controllers chosen target.
Summary
Effect of Attacks & Breaches on
Customers and Clients
 Data loss
 Business interruption & loss of man-hour
 Hurting of the organization’s public image
 Cost (billions of dollars)
Notable Attacks & Breaches
Lets talk specifics
1. In 2007, American Apparel and home company, TJX was a
victim of “unauthorized computer system intrusion”. The
hacker gained access to the Data store which held credit card,
debits card, cheques value and transactions.
2. Global Surveillance Disclosures in 2013.
3. Target Stores & Home Depot Breaches by Rescator
QUESTION
HOW DO WE MITIGATE THESE ATTACKS, THREATS
AND BREACHES……..?
For me its,
* Understanding the IT industry.
* IT security solution.
THANK YOU

More Related Content

What's hot

Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks ShellyAdeel Khurram
 
Computer security overview
Computer security overviewComputer security overview
Computer security overviewCAS
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of ComputerFaizan Janjua
 
Computer security risks
Computer security risksComputer security risks
Computer security risksAasim Mushtaq
 
System vulnerability and abuse
System vulnerability and abuseSystem vulnerability and abuse
System vulnerability and abusePrakash Raval
 
Threats to information security
Threats to information securityThreats to information security
Threats to information securityarun alfie
 
Intro to cybersecurity concepts 20210813
Intro to cybersecurity concepts 20210813Intro to cybersecurity concepts 20210813
Intro to cybersecurity concepts 20210813Kinetic Potential
 
Cyber Domain Security
Cyber Domain SecurityCyber Domain Security
Cyber Domain SecurityICSA, LLC
 
Network security
Network securityNetwork security
Network securitymena kaheel
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2MLG College of Learning, Inc
 
06. security concept
06. security concept06. security concept
06. security conceptMuhammad Ahad
 
4.2.1 computer security risks
4.2.1 computer security risks4.2.1 computer security risks
4.2.1 computer security riskshazirma
 
System Vulnerability and Abuse
System Vulnerability and AbuseSystem Vulnerability and Abuse
System Vulnerability and AbuseAlbrecht Jones
 
CH. 5 Computer Security and Safety, Ethics and Privacy
CH. 5 Computer Security and Safety, Ethics and PrivacyCH. 5 Computer Security and Safety, Ethics and Privacy
CH. 5 Computer Security and Safety, Ethics and Privacymalik1972
 
Basic Security Computere
Basic Security ComputereBasic Security Computere
Basic Security Computererashmi1234
 

What's hot (20)

Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks Shelly
 
Honey Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemHoney Pot Intrusion Detection System
Honey Pot Intrusion Detection System
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of Computer
 
Computer security risks
Computer security risksComputer security risks
Computer security risks
 
System vulnerability and abuse
System vulnerability and abuseSystem vulnerability and abuse
System vulnerability and abuse
 
Viruses (Lecture) IT Slides # 3
Viruses (Lecture) IT Slides # 3Viruses (Lecture) IT Slides # 3
Viruses (Lecture) IT Slides # 3
 
Threats to information security
Threats to information securityThreats to information security
Threats to information security
 
cyber_security
cyber_securitycyber_security
cyber_security
 
Intro to cybersecurity concepts 20210813
Intro to cybersecurity concepts 20210813Intro to cybersecurity concepts 20210813
Intro to cybersecurity concepts 20210813
 
Computer security
Computer securityComputer security
Computer security
 
Cyber Domain Security
Cyber Domain SecurityCyber Domain Security
Cyber Domain Security
 
Network security
Network securityNetwork security
Network security
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2
 
06. security concept
06. security concept06. security concept
06. security concept
 
4.2.1 computer security risks
4.2.1 computer security risks4.2.1 computer security risks
4.2.1 computer security risks
 
System Vulnerability and Abuse
System Vulnerability and AbuseSystem Vulnerability and Abuse
System Vulnerability and Abuse
 
Chapter 11
Chapter 11Chapter 11
Chapter 11
 
CH. 5 Computer Security and Safety, Ethics and Privacy
CH. 5 Computer Security and Safety, Ethics and PrivacyCH. 5 Computer Security and Safety, Ethics and Privacy
CH. 5 Computer Security and Safety, Ethics and Privacy
 
Basic Security Computere
Basic Security ComputereBasic Security Computere
Basic Security Computere
 

Similar to Presentation 1 security

Cyber Crime and Security Ch 1 .ppt
Cyber Crime and Security Ch 1 .pptCyber Crime and Security Ch 1 .ppt
Cyber Crime and Security Ch 1 .pptwaleejhaider1
 
cyber security guidelines.pdf
cyber security guidelines.pdfcyber security guidelines.pdf
cyber security guidelines.pdfVarinSingh1
 
Prevention Of Service Attacks And Remedies
Prevention Of Service Attacks And RemediesPrevention Of Service Attacks And Remedies
Prevention Of Service Attacks And RemediesConnie Ripp
 
Presentation 10 (1).pdf
Presentation 10 (1).pdfPresentation 10 (1).pdf
Presentation 10 (1).pdfKARANSINGHD
 
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber  types.pptxChap 1 Fundamentals of Cyber Security _ Intr to Cyber  types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptxSharmilaMore5
 
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...cyberprosocial
 
Denial Of Service Attacks
Denial Of Service AttacksDenial Of Service Attacks
Denial Of Service AttacksTracy Dolittle
 
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONSE-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONSrausdeen anfas
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityDiegoMtzS
 
Type of Security Threats and its Prevention
Type of Security Threats and its PreventionType of Security Threats and its Prevention
Type of Security Threats and its Preventionijsrd.com
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsBilalMehmood44
 
Cybersecurity and Risk Management Technology
Cybersecurity and Risk Management TechnologyCybersecurity and Risk Management Technology
Cybersecurity and Risk Management TechnologyMohammad Febri
 

Similar to Presentation 1 security (20)

Cyber.pptx
Cyber.pptxCyber.pptx
Cyber.pptx
 
Cyber Crime and Security Ch 1 .ppt
Cyber Crime and Security Ch 1 .pptCyber Crime and Security Ch 1 .ppt
Cyber Crime and Security Ch 1 .ppt
 
cyber security guidelines.pdf
cyber security guidelines.pdfcyber security guidelines.pdf
cyber security guidelines.pdf
 
E04 05 2841
E04 05 2841E04 05 2841
E04 05 2841
 
Prevention Of Service Attacks And Remedies
Prevention Of Service Attacks And RemediesPrevention Of Service Attacks And Remedies
Prevention Of Service Attacks And Remedies
 
Module 1.pdf
Module 1.pdfModule 1.pdf
Module 1.pdf
 
module 1 Cyber Security Concepts
module 1 Cyber Security Conceptsmodule 1 Cyber Security Concepts
module 1 Cyber Security Concepts
 
Presentation 10 (1).pdf
Presentation 10 (1).pdfPresentation 10 (1).pdf
Presentation 10 (1).pdf
 
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber  types.pptxChap 1 Fundamentals of Cyber Security _ Intr to Cyber  types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
 
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...
 
cscnapd.ppt
cscnapd.pptcscnapd.ppt
cscnapd.ppt
 
Denial Of Service Attacks
Denial Of Service AttacksDenial Of Service Attacks
Denial Of Service Attacks
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONSE-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
 
Business Intelligence Plan
Business Intelligence PlanBusiness Intelligence Plan
Business Intelligence Plan
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Type of Security Threats and its Prevention
Type of Security Threats and its PreventionType of Security Threats and its Prevention
Type of Security Threats and its Prevention
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
 
Insecurity vssut
Insecurity vssutInsecurity vssut
Insecurity vssut
 
Cybersecurity and Risk Management Technology
Cybersecurity and Risk Management TechnologyCybersecurity and Risk Management Technology
Cybersecurity and Risk Management Technology
 

Recently uploaded

Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxYounusS2
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum ComputingGDSC PJATK
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?SANGHEE SHIN
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 

Recently uploaded (20)

Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptx
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum Computing
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 

Presentation 1 security

  • 1. INTRODUCTION TO IT SECURITY OKONKWO UZONNA
  • 2. Overview Of IT Security • Security • Concepts of Security • Categories of Security • Proffer solution to security lapses • IT security (Attacks Threats & Breaches)
  • 3. Definition  Security Is the degree of resistance –to or protection from-harm.
  • 4. Categories Of Security 1. IT Environment 2. Political Environment 3. Monetary Environments 4. Physical Environment
  • 5. The Concept Of Security 1. Assurance 2. Countermeasure 3. Defense in depth 4. Risk 5. Threat 6. Vulnerability 7. Exploit
  • 6. Solution To Security Lapses  Security and System design  Detailed Security measures a. Threat Prevention b. Detection c. Response • Research on reducing vulnerabilities. • Detailed Security Architecture.
  • 8. INTRODUCTION TO IT SECURITY  Information technology (IT) is the application of computers and telecommunications equipment to store, retrieve, transmit and manipulate data in business or other enterprise.  Security Is the degree of resistance –to or protection from- harm.
  • 9. INTRODUCTION TO IT SECURITY  Technology is all around us and it keeps evolving. The ‘Internet of things’ brings with it new challenges. Like Attacks, Threats & Breaches.
  • 10. Threat  It is a communicated intent to inflict harm or loss
  • 11. Breaches Are gaps in standard operating procedure or failing to observe standard rules, written policies, guidelines and routines, a law, agreement, or code of conduct.
  • 12. History of Threats and Breaches  1997 – Viruses & Worms • 2004 – Adware & Spywares
  • 13. History of Threats and Breaches  2007 – DDOs & APTs (Distributed Denial Of service & Advanced Persistent Attack) DDOs. Its simply a malicious attempt to make a server or a network resource(i.e., website, email, voice or a whole network) unavailable to users, usually by interrupting or suspending the services of a host connected to the Internet.
  • 14. History of Threats and Breaches APTs is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. The purpose of an APT attack is to steal data rather than to cause damage.
  • 15. History of Threats and Breaches  2010 – 2014 – Dill Date RANSOMWARE This is simply a type of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed.
  • 16. History of Threats and Breaches HACTIVISIM This is the use of computers and computer networks as a means of protest to promote personal or political ideas, gains and ends. E.g. Anonymous & GOP. STATE SPONSORED INDUSTRIAL ESPIONAGE Next Gen APTS & Utilizing Web Infrastructure Sony attack by GOP (Guardians of Peace)
  • 17. IT SECURITY Organization everywhere are been attacked and breached. The list is endless. • Large corporation • Governments • Non profits • Retail companies • Social Networks
  • 19. How Do These Attacks Happen. Any modern attack comprises of three (3) Parts. a. Social Engineering. b. Malware Injection c. Remote Control
  • 20. How Do These Attacks Happen a. Social Engineering. * Identity Target * Gather information * Lunch attack
  • 21. How Do These Attacks Happen b. Malware Injection * Attack Arrives * User Clicks * Exploits Executes
  • 22. How Do These Attacks Happen c. Remote Control * Malware installed * Computer controlled * Wait for Instruction
  • 23. A Bots 1. Uploading data to remote servers 2. Changes local configuration systems 3. Executes hardware- software compatibility 4. Propagates malware to other machines and even participates in coordinating attacks against the controllers chosen target.
  • 25. Effect of Attacks & Breaches on Customers and Clients  Data loss  Business interruption & loss of man-hour  Hurting of the organization’s public image  Cost (billions of dollars)
  • 26. Notable Attacks & Breaches Lets talk specifics 1. In 2007, American Apparel and home company, TJX was a victim of “unauthorized computer system intrusion”. The hacker gained access to the Data store which held credit card, debits card, cheques value and transactions. 2. Global Surveillance Disclosures in 2013. 3. Target Stores & Home Depot Breaches by Rescator
  • 27. QUESTION HOW DO WE MITIGATE THESE ATTACKS, THREATS AND BREACHES……..? For me its, * Understanding the IT industry. * IT security solution.