introduction to information security
play

Introduction to Information Security CODATA School Hannah Short - PowerPoint PPT Presentation

Jan 12, 2023 •275 likes •948 views

Introduction to Information Security CODATA School Hannah Short (CERN), Sebastian Lopienski (CERN) August 12, 2018 Introduction to Information Security 2 Lecturers These slides have been compiled by members of the CERN Computer Security Team

  2. Introduction to Information Security CODATA School Hannah Short (CERN), Sebastian Lopienski (CERN) August 12, 2018 Introduction to Information Security 2

  3. Lecturers These slides have been compiled by members of the CERN Computer Security Team based at CERN, the European Organisation for Nuclear Research. Hannah Short Sebastian Lopienski August 12, 2018 Introduction to Information Security 3

  4. Why Security? Data Security Concepts Security Objectives Guidelines and Principles Data Privacy August 12, 2018 Introduction to Information Security 4

  5. Course Objectives • Understand why Security is important for you as a Data Scientist • Familiarise yourself with the basic principles of Information Security Note: If the slide title is in red, the slide is considered an advanced topic August 12, 2018 Introduction to Information Security 5

  6. Why Security? August 12, 2018 Introduction to Information Security 6

  7. Why Security? • You are constantly exposed to reputational, financial and even physical risks online • The aim is to minimise your exposure to risk through • Secure online activity • Secure software design August 12, 2018 Introduction to Information Security 7

  8. Safety vs Security Safety is about protecting from accidental risks • road safety • air travel safety Security is about mitigating risks of dangers caused by intentional, malicious actions • homeland security • airport and aircraft security • information and computer security August 12, 2018 Introduction to Information Security 8

  9. Why is security difficult? Security is as strong as the weakest link. There is no 100% security! August 12, 2018 Introduction to Information Security 9

  10. What is risk? • Probability * impact • Risks should be: Assessed, Prioritised, Mitigated, Avoided and finally Accepted August 12, 2018 Introduction to Information Security 10

  11. Typical Threats But we’re Scientists, surely we’re not a target...! August 12, 2018 Introduction to Information Security 11

  12. Typical Threats http://news.bbc.co.uk/2/hi/technology/7616622.stm August 12, 2018 Introduction to Information Security 12

  13. Typical Threats https://www.wired.com/2008/09/hackers-infiltr/ August 12, 2018 Introduction to Information Security 13

  14. Attackers August 12, 2018 Introduction to Information Security 14

  15. Hacking as a Business August 12, 2018 Introduction to Information Security 15

  16. Hacking as a Business August 12, 2018 Introduction to Information Security 16

  17. Why Security - Summary • Security = mitigating risk of malicious actions • Science is an interesting target for bad guys/girls August 12, 2018 Introduction to Information Security 17

  18. Data Security Concepts August 12, 2018 Introduction to Information Security 18

  19. Data Security Concepts At the heart of Security we have three key components: • Technology • Processes • People August 12, 2018 Introduction to Information Security 19

  20. Technology We will come back to some of this in part 2 of our lecture course :) August 12, 2018 Introduction to Information Security 20

  21. Processes “Security is a process, not a product” - Bruce Schneier August 12, 2018 Introduction to Information Security 21

  22. Processes Security Measure Requires Antivirus software Virus signature Updates Monitoring systems Checking, reacting to alarms Endpoint security OS and software patching Security policies Updating, enforcing Risk management, vulnerability management, business continuity planning, security development lifecycle etc... these are ongoing processes, not one-off exercises. August 12, 2018 Introduction to Information Security 22

  23. Processes August 12, 2018 Introduction to Information Security 23

  24. Processes Security solutions often degrade with time - they need to be verified periodically! August 12, 2018 Introduction to Information Security 24

  25. People • Have flawed risk perception • Are bad at dealing with exceptions and rare cases • Can’t take correct security decisions • Put too much trust in their computers • Easily fall for social engineering • Sometimes turn malicious • Prefer convenience and bypass security measures • Often make mistakes... August 12, 2018 Introduction to Information Security 25

  26. Risk Perception Is flying more dangerous than traveling by car? Are you more likely to be killed by a shark, a pig or a coconut? August 12, 2018 Introduction to Information Security 26

  27. Social Engineering https://www.smbc-comics.com August 12, 2018 Introduction to Information Security 27

  28. Social Engineering • First the Social Engineer gathers information: • Public and semi public information; names, hierarchy, who’s on holiday, project names etc • Armed with the information they: • Use influence, persuasion or threat • Abuse people’s compassion, fear or greed • Exploit tendency to trust and help • In order to gain unauthorised access to systems or information August 12, 2018 Introduction to Information Security 28

  29. Taking security decisions Users typically make poor security choices despite systems trying to protect them! August 12, 2018 Introduction to Information Security 29

  30. And sometimes it’s just plain difficult August 12, 2018 Introduction to Information Security 30

  31. Data Security Concepts - Summary • Processes must be ongoing, security degrades with time • People often provide the easiest way for an attacker to compromise the system • Security is only as strong as the weakest link - don’t lock the front door but leave the back door open! August 12, 2018 Introduction to Information Security 31

  32. Security Objectives August 12, 2018 Introduction to Information Security 32

  33. Security Objectives Computer Security aims to meet these objectives: • Confidentiality • Integrity • Availability We will start with a quick look at Identity, as this is essential for meeting security objectives! August 12, 2018 Introduction to Information Security 33

  34. Identity Online Identity is really no different from your real life Identity! Your Identity is the answer to the question: “who are you?” • It could be a username for a website • It could be a government ID • It could be a digital certificate August 12, 2018 Introduction to Information Security 34

  35. Authentication and Authorisation August 12, 2018 Introduction to Information Security 35

  36. Authentication and Authorisation Authentication = How can I prove my Identity? August 12, 2018 Introduction to Information Security 36

  37. Authentication and Authorisation Authorisation = What am I able to do? August 12, 2018 Introduction to Information Security 37

  38. Multifactor Authentication Factor Description Example 1 Something you know Password, pin 2 Something you have Phone, Yubikey 3 Something you are Fingerprint, iris scan Which is most secure? August 12, 2018 Introduction to Information Security 38

  39. Security Objectives • Confidentiality • Integrity • Availability Can the correct people access the data at the correct time? Security Tip: Pay attention to where your data is stored and how it is shared! August 12, 2018 Introduction to Information Security 39

  40. Confidentiality • Your online identity is as valuable as your passport • Your authorisation may be misused if it falls into the wrong hands Security Tip: Store your secrets safely, not in the public domain, e.g. github August 12, 2018 Introduction to Information Security 40

  41. August 12, 2018 Introduction to Information Security 41

  42. How bad can it be? • 5 minutes exposure • $2,375 • Plus it could have been avoided, Amazon has a service (IAM) to manage keys securely... https://www.theregister.co.uk/2015/01/06/dev_blunder_ shows_github_crawling_with_keyslurping_bots/ August 12, 2018 Introduction to Information Security 42

  43. Security Objectives • Confidentiality • Integrity • Availability Can we be sure that the data is reliable and hasn’t been altered? Security Tip: Reduce the risk of impersonation, enable multi-factor authentication wherever possible! August 12, 2018 Introduction to Information Security 43

  44. Security Objectives • Confidentiality • Integrity • Availability Is the data available? Are our systems reliable? Security Tip: Keep backups! August 12, 2018 Introduction to Information Security 44

  45. Security Objectives - Summary • Key objectives: Confidentiality, Integrity and Availability • Consider disaster scenarios and plan for them • Authentication and Authorisation are critical to meeting security objectives August 12, 2018 Introduction to Information Security 45

  46. Guidelines and Principles August 12, 2018 Introduction to Information Security 46

  47. Security Measures Is this a good security measure? August 12, 2018 Introduction to Information Security 47

  48. Security Measures • What problem is it trying to solve? • Does it help? • Does it introduce new problems? • What are the costs? August 12, 2018 Introduction to Information Security 48

  49. Security Measures How much security? It’s a balance of risk, usability and cost August 12, 2018 Introduction to Information Security 49

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction to information security Lecture #1 Security in Organizations 2011 Eric Verheul 1

Introduction to information security Lecture #1 Security in Organizations 2011 Eric Verheul 1

Introduction to information security Lecture #1 Security in Organizations 2011 Eric Verheul 1 Outline The lectures I will give Information Security events in the media What is Information Security? Recap Study for next

749 views • 45 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
System Security I: Introduction TDDD17 Information Security, Second Course Ulf Kargn

System Security I: Introduction TDDD17 Information Security, Second Course Ulf Kargn

System Security I: Introduction TDDD17 Information Security, Second Course Ulf Kargn Department of Computer and Information Science Linkping University System Security 2 Security in computer systems Hardware (System)

838 views • 56 slides
Information Technology Security Presentation to Joint Legislative Committee on Information

Information Technology Security Presentation to Joint Legislative Committee on Information

Information Technology Security Presentation to Joint Legislative Committee on Information Technology Oversight Chip Moore State Chief Information Security Officer Office of Information Technology Services December 13, 2012 Introduction

353 views • 12 slides
HOW TO WRITE AN INFORMATION SECURITY POLICY INTRODUCTION This section is intended to help you

HOW TO WRITE AN INFORMATION SECURITY POLICY INTRODUCTION This section is intended to help you

HOW TO WRITE AN INFORMATION SECURITY POLICY INTRODUCTION This section is intended to help you produce an information security policy. Some of the information contained here is of a particularly detailed and complex nature and may not, therefore,

469 views • 8 slides
Introduction to the course Information Security Daniel Bosk Department of Information Systems

Introduction to the course Information Security Daniel Bosk Department of Information Systems

Scope and aims Course structure and content overview Course content Assessment Introduction to the course Information Security Daniel Bosk Department of Information Systems and Technology Mid Sweden University, Sundsvall School of

801 views • 29 slides
A brief introduction to information security Part II Tyler Moore Computer Science &

A brief introduction to information security Part II Tyler Moore Computer Science &

Notes A brief introduction to information security Part II Tyler Moore Computer Science & Engineering Department, SMU, Dallas, TX August 28 & 30, 2012 Engineered defenses to achieve protection goals Security threats Countering

369 views • 14 slides
Introduction to Security Prof. Tom Austin San Jos State University Why should we learn about

Introduction to Security Prof. Tom Austin San Jos State University Why should we learn about

CS 166: Information Security Introduction to Security Prof. Tom Austin San Jos State University Why should we learn about information security? Computer Security in the News Computer Crime for Fun & Profit Attackers have gone from

942 views • 48 slides
So You Want to Be an Information Security Officer? Presented by: Art Bakke Information Security

So You Want to Be an Information Security Officer? Presented by: Art Bakke Information Security

So You Want to Be an Information Security Officer? Presented by: Art Bakke Information Security Officer Background Personal Starion Bank Arts Goals Highlight the typical responsibilities of an Information Security Officer from

778 views • 22 slides
17Nov19 Information Security Essentials Recognizing Threats in Your Daily Routine This

17Nov19 Information Security Essentials Recognizing Threats in Your Daily Routine This

17Nov19 Information Security Essentials Recognizing Threats in Your Daily Routine This module will teach you what is information security, how to identify and avoid potential security risks in the workplace and beyond. 1 Introduction

406 views • 7 slides
DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security

DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security

DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security Information Assessment Brand Operation Consultancy & Security Protection Penetration Awareness Centre Testing External Networks

474 views • 44 slides
INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

Leading a Secured Digital Life. INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC Hyderabad keeping yourself and your family safe in a tech driven world Ministry of Electronics & Information

510 views • 11 slides
11/15/2012 Storage of Classified Information DoD Information Security Program 1 Information

11/15/2012 Storage of Classified Information DoD Information Security Program 1 Information

11/15/2012 Storage of Classified Information DoD Information Security Program 1 Information Security Webinar Storage of Classified Information Host: Treva Alexander, SAPPC Information Security Course Manager, DSS - CDSE Gained experience in

329 views • 14 slides
Information System Security Chapter 1:Introduction Dr. Loai Tawalbeh Faculty of Information

Information System Security Chapter 1:Introduction Dr. Loai Tawalbeh Faculty of Information

Information System Security Chapter 1:Introduction Dr. Loai Tawalbeh Faculty of Information system and Technology, The Arab Academy for Banking and Financial Sciences. Jordan Dr. Loai Tawalbeh summer 2006 Chapter 1 Introduction

253 views • 10 slides
Introduction to Web Application Security Professor Larry Heimann Web Application Security

Introduction to Web Application Security Professor Larry Heimann Web Application Security

Introduction to Web Application Security Professor Larry Heimann Web Application Security Information Systems Course Business Course site: http://67327.cmuis.net Schedule Reading Assignments in-class labs -- laptops w/ 272

981 views • 10 slides
Introduction to Web Application Security Professor Larry Heimann Web Application Security

Introduction to Web Application Security Professor Larry Heimann Web Application Security

Introduction to Web Application Security Professor Larry Heimann Web Application Security Information Systems Course Business Course site: https://67327.cmuis.net Schedule Reading Assignments in-class labs -- laptops w/ 272

1.31k views • 11 slides
EHEALTH COMMISSION MEETING JULY 10, 2019 JULY AGENDA Call to Order Roll Call and Introductions

EHEALTH COMMISSION MEETING JULY 10, 2019 JULY AGENDA Call to Order Roll Call and Introductions

EHEALTH COMMISSION MEETING JULY 10, 2019 JULY AGENDA Call to Order Roll Call and Introductions Approval of June Minutes 12:00 July Agenda and Objectives Michelle Mills, Chair Announcements OeHI Announcements and Updates

800 views • 64 slides
outside the Gospels Sayings of Jesus outside the Gospels Sayings of Jesus outside the Gospels

outside the Gospels Sayings of Jesus outside the Gospels Sayings of Jesus outside the Gospels

Sayings of Jesus outside the Gospels Sayings of Jesus outside the Gospels Sayings of Jesus outside the Gospels Fear Sayings of Jesus outside the Gospels Fear Jesus Sayings of Jesus outside the Gospels Fear Jesus Heart When I saw him,

527 views • 50 slides
How to Lie with Statistics March 3, 2020 Data Science CSCI 1951A Brown University Instructor:

How to Lie with Statistics March 3, 2020 Data Science CSCI 1951A Brown University Instructor:

How to Lie with Statistics March 3, 2020 Data Science CSCI 1951A Brown University Instructor: Ellie Pavlick HTAs: Josh Levin, Diane Mutako, Sol Zitter Announcements Today Linear Regression Recap/Follow up P-Hacking, Researcher

1.05k views • 75 slides
Baumgartner, POLI 203 Spring 2016 Just Mercy, continued February 1, 2016 George Stinney

Baumgartner, POLI 203 Spring 2016 Just Mercy, continued February 1, 2016 George Stinney

Baumgartner, POLI 203 Spring 2016 Just Mercy, continued February 1, 2016 George Stinney Young boy in Georgia executed in 1944 After attention to the case rose, he became, I believe, the only person in US history to be exonerated

373 views • 9 slides
MITOCW | watch?v=yrmqYNvvIzs The following content is provided under a Creative Commons license.

MITOCW | watch?v=yrmqYNvvIzs The following content is provided under a Creative Commons license.

MITOCW | watch?v=yrmqYNvvIzs The following content is provided under a Creative Commons license. Your support will help MIT OpenCourseWare continue to offer high quality educational resources for free. To make a donation or to view additional

765 views • 30 slides
By: Philip H. Weiss, CFA, CPA http://www.apprisewealth.com philweiss@apprisewealth.com The

By: Philip H. Weiss, CFA, CPA http://www.apprisewealth.com philweiss@apprisewealth.com The

By: Philip H. Weiss, CFA, CPA http://www.apprisewealth.com philweiss@apprisewealth.com The Pathway to an Informed Retirement How often Maintain What if I have How do I stay should we B questions? on course? talk? Plan Updates Open Door

1.18k views • 94 slides
Yann Martel s Life of Pi An Introduction... "A story to make you believe in the

Yann Martel s Life of Pi An Introduction... "A story to make you believe in the

Yann Martel s Life of Pi An Introduction... "A story to make you believe in the soul-sustaining power of fiction and its human creators, and in the original power of storytellers like Martel." Los Angeles Times Book Review Yann

325 views • 11 slides
Proceedings of the 2017 Winter Simulation Conference W. K. V. Chan, A. D'Ambrogio, G. Zacharewicz,

Proceedings of the 2017 Winter Simulation Conference W. K. V. Chan, A. D'Ambrogio, G. Zacharewicz,

Proceedings of the 2017 Winter Simulation Conference W. K. V. Chan, A. D'Ambrogio, G. Zacharewicz, N. Mustafee, G. Wainer, and E. Page, eds. PARALLEL DISCRETE EVENT SIMULATION: THE MAKING OF A FIELD Richard M. Fujimoto Rajive Bagrodia School of

434 views • 30 slides

More recommend