Share your thoughts, ideas, comments and / or questions concerning Week 4’s lecture. (attached Lecture-04-v2)
1. Share your thoughts, ideas, comments and / or questions concerning Week 4’s lecture. (attached Lecture-04-v2)
2. Go through video IT832 Lesson 13
Finding a problem…
- Look through the articles that we have read or a new article that has a problem to model
- Policy
- Business
- Government
- etc.
Find the problem and outline this in the main posting.
A few paragraphs and a diagram of any kind in Insightmaker () and share the link.
• COMMUNICATE
BUSINESS VISION
• WHAT TO EXPECT
• MODIFY THE PLANS IT
CANNOT REALISTICALLY SUPPORT
• MUST BE INVOLVED
• STARTS WITH A STRATEGY
• DEVELOP MORE SPECIFIC
GOALS
• REQUIREMENTS MUST BE DETERMINED
FOR EACH GOAL
•
• HARDWARE
• SOFTWARE
• NETWORK
• DATA
• WHAT-WHO-WHERE
Component What Who Where
Hardware What hardware does the organization have?
Who manages it?
Who uses it?
Who owns it?
Where is it
located? Where is
it used?
Software What software does the organization have?
Who manages it?
Who uses it?
Who owns it?
Where is it
located? Where is
it used?
Network What networking does the organization have?
Who manages it?
Who uses it?
Who owns it?
Where is it
located? Where is
it used?
Data What data does the organization have?
Who manages it?
Who uses it?
Who owns it?
Where is it
located? Where is
it used?
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Access Tool Ubiquity Advantages Disadvantages
Physical locks Very high • Excellent if guarded • Locks can be picked
• Physical Access is often not needed
• Keys can be lost
Passwords Very high • User acceptance &
familiarity
• Ease of use
• Mature practices
• Poor by themselves
• Sometimes forgotten
• Sometimes stolen from users using
deception or key loggers
Biometrics Medium • Can be reliable
• Never forgotten
• Cannot be stolen
• Can be inexpensive
• False positives/negatives
• Some are expensive
• Some might change (e.g., voice)
• Lost limbs
• Loopholes (e.g., photo)
Access Tool Ubiquity Advantages Disadvantages
Challenge questions
Medium (high in banking)
• Not forgotten • Multitude of questions
can be used
• Social networking might reveal some answers
• Personal knowledge of an individual might reveal the answers
• Spelling might not be consistent
Token Low • Stolen passkey is useless quickly
• Requires carrying a device
Text message Medium • Stolen passkey is useless • Mobile phone already
owned by users • Useful as a secondary
mechanism too
• Requires mobile phone ownership by all users
• Home phone option requires speech synthesis
• Requires alternative access control if mobile phone lost
Multi-factor authentication
Medium • Stolen password is useless
• Enhanced security
• Requires an additional technique if one of the two fails
• Temptation for easy password
Tool Ubiquity Advantages Disadvantages
Antivirus/
antispyware
Very high • Blocks many known threats
• Blocks some “zero-day”
threats
• Slow down operating system
• “Zero day” threats can be
missed
Firewall High • Can prevent some targeted
traffic
• Can only filter known threats
• Can have well-known “holes”
System logs Very high • Can reveal IP address of
attacker
• Can estimate the extent of
the breach
• Hackers can conceal their IP
address
• Hackers can delete logs
• Logs can be huge
• Irregular inspections
System alerts High • Can help point to logs
• Can detect an attack in
process
• High sensitivity
• Low selectivity
Tool Ubiquity Advantages Disadvantages
Encryption Very high • Difficult to access a file
without the key
• Long keys could take years
to break
• Keys are unnecessary if password
is known
• If the key is not strong, hackers
could uncover it by trial & error
WEP/WPA Very high • Same as encryption
• Most devices have the
capability
• Provides secure wifi
connection
• Same as encryption
• Some older devices have limited
protections
• WEP is not secure, yet it is still
provided
VPN Medium • Trusted connection is as if
you were connected on
site
• Hard to decrypt
• Device could be stolen while
connected
• Sometimes slows the connection
THANK YOU! (AND PLEASE DON’T FORGET TO POST QUESTIONS TO THE “I’VE GOT
A QUESTION!” DISCUSSION FORUM)