ciberseguridad
play

Ciberseguridad Cyber security A-15 Dr. Ponciano Jorge Escamilla - PowerPoint PPT Presentation

Jun 28, 2023 •130 likes •471 views

INSTITUTO POLITCNICO NACIONAL CENTRO DE INVESTIGACION EN COMPUTACION Laboratorio de Ciberseguridad Cyber security A-15 Dr. Ponciano Jorge Escamilla Ambrosio pescamilla@cic.ipn.mx http://www.cic.ipn.mx/~pescamilla/ CIC Cyber Cyber Secur

  1. INSTITUTO POLITÉCNICO NACIONAL CENTRO DE INVESTIGACION EN COMPUTACION Laboratorio de Ciberseguridad Cyber security A-15 Dr. Ponciano Jorge Escamilla Ambrosio pescamilla@cic.ipn.mx http://www.cic.ipn.mx/~pescamilla/

  2. CIC Cyber Cyber Secur Security ity A-15 15  Instructor  Dr. Ponciano Jorge Escamilla Ambrosio  pescamilla@cic.ipn.mx  http://www.cic.ipn.mx/~pescamilla/  Class meetings  Tuesdays and Thursdays 14:00 – 16:00 hrs.  Classroom A3 2

  3. CIC Cyber Cyber Secur Security ity A-15 15 2. Ethics in Cyber Security & Cyber Law 2.1. Privacy 2.2. Intellectual property 2.3. Professional ethics 2.4. Freedom of speech 2.5. Fair user and ethical hacking 2.6. Internet fraud 2.7. Electronic evidence 2.8. Cybercrime 2.9. Cyberwarfare 3

  4. CIC Antecedents Antecedents  The ‘CIA’ concept 4

  5. CIC CIA CIA  Confidentiality  “Confidentiality refers to limiting information access and disclosure to authorized users -- the right people -- and preventing access by or disclosure to unauthorized ones -- the wrong p eople” (http://it.med.miami.edu/x904.xml)  The meaning of the confidentiality reflects the basic concept of security which is to protect private or secret information from obtaining by unwanted people. 5

  6. CIC CIA CIA  Integrity  Integrity can be divided in two aspects, the personality “of being honest and having strong moral principles” and for data resources it means “the state of being whole and undivided ” (http://oxforddictionaries.com/)  data integrity means maintaining and assuring the accuracy and consistency of data over its entire life-cycle 6

  7. CIC CIA CIA  Availability  Availability means “assuring information and communications services will be ready for use when needed”  Ensuring availability also involves preventing denial-of-service attacks, such as a flood of incoming messages to the target system essentially forcing it to shut down 7

  8. CIC CIANA CIANA  Non-repudiation  In law, non-repudiation implies one's intention to fulfill their obligations to a contract. It also implies that one party of a transaction cannot deny having received a transaction nor can the other party deny having sent a transaction 8

  9. CIC  Authenticity  In computing, e-Business, and information security, it is necessary to ensure that the data, transactions, communications or documents (electronic or physical) are genuine. It is also important for authenticity to validate that both parties involved are who they claim to be 9

  10. CIC 2.1. 2.1. Privacy Privacy What is Privacy? “ The claim of individuals, groups or institutions to determine for themselves when, how, and to what extent information about them is communicated to others” ( Alan Westin: Privacy & Freedom,1967 ) 10

  11. CIC Personal information Personal information  Personal information  intrinsic physical data o Name o Date of birth o Gender o Location data  Home address  Telephone number 11

  12. CIC Personal information Personal information  Personal information  intrinsic physical data o Financial data  Salary  Bank account balance  Credit card number o User-created data  Confidential correspondence  List of personal references o Data assigned by other entities  Bank account number  Social security number 12

  13. CIC Personal information Personal information  Identifying personal information  The subset of personal information that reveals the identity of the entity  Non-identifying personal information  Personal information that not reveals the identity of the entity o Information (e.g. salary) that are typically sensitive only when revealed in conjunction with identifying information 13

  14. CIC Pr Privacy ivacy as a proc as a process ess “ Each individual is continually engaged in a personal adjustment process in which he balances the desire for privacy with the desire for disclosure and communication ….” (Westin, 1967) 14

  15. CIC Pr Providing oviding confiden confidentia tialit lity y of per of personal sonal information informat ion  Two primary techniques (non-identifying personal information)  Encryption o Personal information may be encrypted so that it may only be seen by intended recipients while it is in transit or while it is in storage  Access control o Limits who may do what with a given resource o Access control allows an entity to explicitly specify which other entities may (or may not) read this information. 15

  16. CIC Three properties to Three properties to achieve achieve privacy privacy  Solicitude  Freedom from observation or surveillance  Anonymity  Freedom from being identified in public  Reservation  Freedom to withdraw from communication 16

  17. CIC Exposure Exposure and disclosure and disclosure of of information informat ion  Exposure  Communication of identifying information to unintended parties: the identity of the entity is exposed to others  Disclosure  Communication of other types of personal information to unintended parties: this information has been disclosed to others 17

  18. CIC Exposure Exposure and disclosure and disclosure of of information informat ion  Direct exposure/disclosure  is the determination of user identity or other personal information by an observer or by another participant in the exchange from the explicit contents of a single transaction or message  Indirect exposure/disclosure  is the determination of user identity or other personal information by inference or from the correlation of the contents of several transactions or messages 18

  19. CIC Proper Properties ties for for privacy-enabled privacy enabled systems systems  Control  One must be able to control the type and extent of information revealed to others  Accountability  The act of disclosing information usually implies making its recipients accountable for actions that use that information 19

  20. CIC Proper Properties ties for for privacy-enabled privacy enabled systems systems  Plausible deniability  When being asked about something private, a person must be able to plausibly deny noticing or understanding the question instead of appearing to refuse to answer  Reciprocity  The disclosure of personal information is normally not one-sided, but mostly symmetrical: the amount of disclosure from A to B is strongly related to the amount of disclosure from B to A 20

  21. CIC Proper Properties ties for for privacy-enabled privacy enabled systems systems  Utility  On a more sociological point of view, there are important questions that must be answered, related to the utility of private data. For example, can the utility of private data be measured and traded? This is a very hard problem as the capabilities of future information systems are highly unpredictable. For example, nobody in 1981 knew that their newsgroup postings would be indexed and easily searchable at Google Groups 21

  22. CIC Privacy Privacy management management techniques techniques  Privacy policies  Applications using this technique allow the user to provide rules (privacy policies) that define to whom and to what extent is his information revealed to others  Data perturbation  This type of technique consists on transforming or partially omitting information before being delivered to the consumer, in such a way that it is impossible to reconstruct the original message while still keeping (some of) its usefulness 22

  23. CIC Privacy Privacy management management techniques techniques  Anonymization  Using this technique, the information is delivered intact to context consumers except for its author, which is removed or replaced with one that cannot be used to infer the real author  Lookup notification  This technique consists of providing the user with information of who has consumed his context information and when 23

  24. CIC Privacy Privacy management management techniques techniques 24

  25. CIC Privacy Privacy policies policies  Checklist  It presents the user with a checklist of types of information (e.g., personal bio, photos, location), asking the user to choose who is allowed to see that information  Virtual Walls  The idea is to set up user-defined policies based on the concept of walls around physical places where sensors are deployed. These walls can be configured using a GUI and feature a three-level permission scheme: transparent, translucent, and opaque 25

  26. CIC Privacy Privacy policies policies  Multiple Faces  Users predefine a small set of disclosure policies, thinking of each one as a different public “face” they might wear  Reciprocity  user A reveals as much of himself to user B as user B reveals to user A. It mimics a common (most of the times unconsciously) behavior in the real world when dealing with privacy issues 26

  27. CIC Data perturbat Data perturbation ion  Add noise  This technique perturbs data by adding noise (useless data) before sending it to the server  Encryption  This technique works by encrypting all personal information (e.g., with a symmetric key) transmitted through a secure channel to everyone that is allowed to consume the information 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Laboratorio de Ciberseguridad Probability, Random Processes and Inference Dr. Ponciano Jorge

Laboratorio de Ciberseguridad Probability, Random Processes and Inference Dr. Ponciano Jorge

INSTITUTO POLITCNICO NACIONAL CENTRO DE INVESTIGACION EN COMPUTACION Laboratorio de Ciberseguridad Probability, Random Processes and Inference Dr. Ponciano Jorge Escamilla Ambrosio pescamilla@cic.ipn.mx http://www.cic.ipn.mx/~pescamilla/

260 views • 25 slides
Laboratorio de Ciberseguridad Probability, Random Processes and Inference Dr. Ponciano Jorge

Laboratorio de Ciberseguridad Probability, Random Processes and Inference Dr. Ponciano Jorge

INSTITUTO POLITCNICO NACIONAL CENTRO DE INVESTIGACION EN COMPUTACION Laboratorio de Ciberseguridad Probability, Random Processes and Inference Dr. Ponciano Jorge Escamilla Ambrosio pescamilla@cic.ipn.mx http://www.cic.ipn.mx/~pescamilla/

1.68k views • 130 slides
Ciberseguridad Fusin de Sensores Dr. Ponciano Jorge Escamilla Ambrosio pescamilla@cic.ipn.mx

Ciberseguridad Fusin de Sensores Dr. Ponciano Jorge Escamilla Ambrosio pescamilla@cic.ipn.mx

INSTITUTO POLITCNICO NACIONAL CENTRO DE INVESTIGACION EN COMPUTACION Laboratorio de Ciberseguridad Fusin de Sensores Dr. Ponciano Jorge Escamilla Ambrosio pescamilla@cic.ipn.mx http://www.cic.ipn.mx/~pescamilla/ CIC Sensor Fu Sensor

788 views • 62 slides
Ciberseguridad Probability, Random Processes and Inference Dr. Ponciano Jorge Escamilla Ambrosio

Ciberseguridad Probability, Random Processes and Inference Dr. Ponciano Jorge Escamilla Ambrosio

INSTITUTO POLITCNICO NACIONAL CENTRO DE INVESTIGACION EN COMPUTACION Laboratorio de Ciberseguridad Probability, Random Processes and Inference Dr. Ponciano Jorge Escamilla Ambrosio pescamilla@cic.ipn.mx http://www.cic.ipn.mx/~pescamilla/

1.17k views • 77 slides
Ciberseguridad Probability, Random Processes and Inference Dr. Ponciano Jorge Escamilla Ambrosio

Ciberseguridad Probability, Random Processes and Inference Dr. Ponciano Jorge Escamilla Ambrosio

INSTITUTO POLITCNICO NACIONAL CENTRO DE INVESTIGACION EN COMPUTACION Laboratorio de Ciberseguridad Probability, Random Processes and Inference Dr. Ponciano Jorge Escamilla Ambrosio pescamilla@cic.ipn.mx http://www.cic.ipn.mx/~pescamilla/

1.7k views • 138 slides
Ciberseguridad Cyber security A-15 Dr. Ponciano Jorge Escamilla Ambrosio pescamilla@cic.ipn.mx

Ciberseguridad Cyber security A-15 Dr. Ponciano Jorge Escamilla Ambrosio pescamilla@cic.ipn.mx

INSTITUTO POLITCNICO NACIONAL CENTRO DE INVESTIGACION EN COMPUTACION Laboratorio de Ciberseguridad Cyber security A-15 Dr. Ponciano Jorge Escamilla Ambrosio pescamilla@cic.ipn.mx http://www.cic.ipn.mx/~pescamilla/ CIC Cyber Cyber

1.42k views • 53 slides
Ciberseguridad Cyber security A-15 Dr. Ponciano Jorge Escamilla Ambrosio pescamilla@cic.ipn.mx

Ciberseguridad Cyber security A-15 Dr. Ponciano Jorge Escamilla Ambrosio pescamilla@cic.ipn.mx

INSTITUTO POLITCNICO NACIONAL CENTRO DE INVESTIGACION EN COMPUTACION Laboratorio de Ciberseguridad Cyber security A-15 Dr. Ponciano Jorge Escamilla Ambrosio pescamilla@cic.ipn.mx http://www.cic.ipn.mx/~pescamilla/ CIC Cyber Cyber

780 views • 37 slides
Ciberseguridad Cyber security A-15 Dr. Ponciano Jorge Escamilla Ambrosio pescamilla@cic.ipn.mx

Ciberseguridad Cyber security A-15 Dr. Ponciano Jorge Escamilla Ambrosio pescamilla@cic.ipn.mx

INSTITUTO POLITCNICO NACIONAL CENTRO DE INVESTIGACION EN COMPUTACION Laboratorio de Ciberseguridad Cyber security A-15 Dr. Ponciano Jorge Escamilla Ambrosio pescamilla@cic.ipn.mx http://www.cic.ipn.mx/~pescamilla/ CIC Cyber Cyber

647 views • 44 slides
OSINT is the next Internet goldmine: Spain as an unexplored territory Javier Pastor Galindo

OSINT is the next Internet goldmine: Spain as an unexplored territory Javier Pastor Galindo

OSINT is the next Internet goldmine: Spain as an unexplored territory Javier Pastor Galindo Pantaleone Nespoli Flix Gmez Mrmol Gregorio Martnez Prez V Jornadas Nacionales de Investigacin en Ciberseguridad Contents Open Source

912 views • 13 slides
UN NC CT TA AD D E EE EC C R Re eg gi io on na al l W Wo or rk ks sh ho op

UN NC CT TA AD D E EE EC C R Re eg gi io on na al l W Wo or rk ks sh ho op

UN NC CT TA AD D E EE EC C R Re eg gi io on na al l W Wo or rk ks sh ho op p U St tr re en ng gt th he en ni in ng g t th he e S St ta at ti is st ti ic ca al l C Ca ap pa ac ci it ty y o

902 views • 26 slides
Existing Legislations on Data Privacy: A Change to Data Sharing? National Statistics Conference 2

Existing Legislations on Data Privacy: A Change to Data Sharing? National Statistics Conference 2

Existing Legislations on Data Privacy: A Change to Data Sharing? National Statistics Conference 2 0 1 2 Professor Abu Bakar Munir Faculty of Law , University of Malaya 7 Novem ber 2 0 1 2 1 Some of my books on ICT Law In Print Privacy and

721 views • 24 slides
Middlebox Discovery Jamshid Mahdavi Andrew Knutsen March 23, 2010 Talk Outline Middlebox

Middlebox Discovery Jamshid Mahdavi Andrew Knutsen March 23, 2010 Talk Outline Middlebox

Middlebox Discovery Jamshid Mahdavi Andrew Knutsen March 23, 2010 Talk Outline Middlebox Discovery ID Summary and Status Discussion of Middlebox Needs Other Common Middlebox Issues of Potential Interest to IETF References ID

474 views • 12 slides
Technology Area Technology Area 31 st APAN Meeting in Hong Kong Sureswaran Ramadass 24 February

Technology Area Technology Area 31 st APAN Meeting in Hong Kong Sureswaran Ramadass 24 February

Technology Area Technology Area 31 st APAN Meeting in Hong Kong Sureswaran Ramadass 24 February 2011 Technology Area IPv6 Working Group (Active) IPv6 Working Group (Active) Network Security Working Group (Active) SIP H323 Working Group

871 views • 44 slides
Censor-free Publishing Topics in Computer Security philipp.winter@kau.se Apr 26, 2012

Censor-free Publishing Topics in Computer Security philipp.winter@kau.se Apr 26, 2012

Censor-free Publishing Topics in Computer Security philipp.winter@kau.se Apr 26, 2012 Introduction to Censorship Freedom of Opinion and Expression The Universal Declaration of Human Rights states in Article 19 : Everyone has the right to

814 views • 33 slides
Law and the software development life cycle November 25, 2017 Cesare Bartolini, Gabriele Lenzini

Law and the software development life cycle November 25, 2017 Cesare Bartolini, Gabriele Lenzini

Law and the software development life cycle November 25, 2017 Cesare Bartolini, Gabriele Lenzini Interdisciplinary Centre for Security, Reliability and Trust (SnT), University of Luxembourg Outline 1 Legal requirements 2 The Software

701 views • 51 slides
Computing Research Association Snowbird 2004 The State of Computing Research The State of CRA

Computing Research Association Snowbird 2004 The State of Computing Research The State of CRA

Computing Research Association Snowbird 2004 The State of Computing Research The State of CRA Snowbird 2004 Jim Foley, CRA Chair Andy Bernat, CRA Executive Director Good News we Have a Great Story to Tell Computing maps directly

998 views • 58 slides
The Next Wave of Cyber Regulation Sponsored By: The Next Wave of Cyber Regulation Visit

The Next Wave of Cyber Regulation Sponsored By: The Next Wave of Cyber Regulation Visit

The Next Wave of Cyber Regulation Sponsored By: The Next Wave of Cyber Regulation Visit www.advisenltd.com at the end of this webinar to download: Copy of these slides Recording of todays webinar Corresponding whitepaper

463 views • 18 slides
Monthly growth rates for the quantity bought in total retail sales 20% November December 18%

Monthly growth rates for the quantity bought in total retail sales 20% November December 18%

Monthly growth rates for the quantity bought in total retail sales 20% November December 18% 16% 14% 12% 10% 8% 6% 4% 2% 0% 2012 2013 2014 2015 2016 2017 Source: M&G, BBC, Office for National Statistics, 21 November 2018 B

212 views • 4 slides
Filesystems for Cloud Services Amazon Holiday Traf fi c

Filesystems for Cloud Services Amazon Holiday Traf fi c

Filesystems for Cloud Services Amazon Holiday Traf fi c https://www.mediapost.com/publications/article/312409/from-cyber-monday-to-cyber-month-the-broadening-o.html Amazon Holiday Traf fi c This is only a 12-day outlook! The peak is likely much

695 views • 38 slides
Meeting 97 // Fall 2019 Briefing // If Youre New! Join our Slack: cyberatuc.slack.com

Meeting 97 // Fall 2019 Briefing // If Youre New! Join our Slack: cyberatuc.slack.com

Meeting 97 // Fall 2019 Briefing // If Youre New! Join our Slack: cyberatuc.slack.com SIGN IN! (Slackbot will post the link in slack) Feel free to get involved with one of our committees: Content Finance Public Affairs Outreach

1.02k views • 28 slides
PARCEL ALERT Presented by Property Solutions PARCEL ALERT Maximizing Logistics Industry Facts

PARCEL ALERT Presented by Property Solutions PARCEL ALERT Maximizing Logistics Industry Facts

PARCEL ALERT Presented by Property Solutions PARCEL ALERT Maximizing Logistics Industry Facts What are we dealing with? Parcel Alert Solution to your package management troubles Lobby Display Common area notifications Site Tablet Mobile

731 views • 50 slides
Resilience (When Bad Things Happen to Good Communities) the Cybersecurity risks Jeffrey Thomas,

Resilience (When Bad Things Happen to Good Communities) the Cybersecurity risks Jeffrey Thomas,

Resilience (When Bad Things Happen to Good Communities) the Cybersecurity risks Jeffrey Thomas, CISA, CISSP-ISSMP Chief Information Officer Public Service Commission of Wisconsin You are a target! Ongoing campaigns targeting local

74 views • 4 slides
Originally presented at SXSW 2018 on Monday, 12-Mar-2018 17% U.S. GDP

Originally presented at SXSW 2018 on Monday, 12-Mar-2018 17% U.S. GDP

Originally presented at SXSW 2018 on Monday, 12-Mar-2018 17% U.S. GDP

993 views • 97 slides
Handling Flash Deals with Soft Guarantee in Hybrid Cloud Yipei Niu 1 , Fangming Liu 1 , Xincai Fei

Handling Flash Deals with Soft Guarantee in Hybrid Cloud Yipei Niu 1 , Fangming Liu 1 , Xincai Fei

Handling Flash Deals with Soft Guarantee in Hybrid Cloud Yipei Niu 1 , Fangming Liu 1 , Xincai Fei 1 , Bo Li 2 Email: fmliu@hust.edu.cn 1 Huazhong University of Science & Technology 2 The Hong Kong University of Science & Technology 1

229 views • 22 slides

More recommend