Share your thoughts, ideas, comments and / or questions concerning Week 4’s lecture.  (attached Lecture-04-v2)

• COMMUNICATE

BUSINESS VISION

• WHAT TO EXPECT

• MODIFY THE PLANS IT

CANNOT REALISTICALLY SUPPORT

• MUST BE INVOLVED

• STARTS WITH A STRATEGY

• DEVELOP MORE SPECIFIC

GOALS

• REQUIREMENTS MUST BE DETERMINED

FOR EACH GOAL

•

• HARDWARE

• SOFTWARE

• NETWORK

• DATA

• WHAT-WHO-WHERE

Component What Who Where

Hardware What hardware does the organization have?

Who manages it?

Who uses it?

Who owns it?

Where is it

located? Where is

it used?

Software What software does the organization have?

Who manages it?

Who uses it?

Who owns it?

Where is it

located? Where is

it used?

Network What networking does the organization have?

Who manages it?

Who uses it?

Who owns it?

Where is it

located? Where is

it used?

Data What data does the organization have?

Who manages it?

Who uses it?

Who owns it?

Where is it

located? Where is

it used?

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

Access Tool Ubiquity Advantages Disadvantages

Physical locks Very high • Excellent if guarded • Locks can be picked

• Physical Access is often not needed

• Keys can be lost

Passwords Very high • User acceptance &

familiarity

• Ease of use

• Mature practices

• Poor by themselves

• Sometimes forgotten

• Sometimes stolen from users using

deception or key loggers

Biometrics Medium • Can be reliable

• Never forgotten

• Cannot be stolen

• Can be inexpensive

• False positives/negatives

• Some are expensive

• Some might change (e.g., voice)

• Lost limbs

• Loopholes (e.g., photo)

Access Tool Ubiquity Advantages Disadvantages

Challenge questions

Medium (high in banking)

• Not forgotten • Multitude of questions

can be used

• Social networking might reveal some answers

• Personal knowledge of an individual might reveal the answers

• Spelling might not be consistent

Token Low • Stolen passkey is useless quickly

• Requires carrying a device

Text message Medium • Stolen passkey is useless • Mobile phone already

owned by users • Useful as a secondary

mechanism too

• Requires mobile phone ownership by all users

• Home phone option requires speech synthesis

• Requires alternative access control if mobile phone lost

Multi-factor authentication

Medium • Stolen password is useless

• Enhanced security

• Requires an additional technique if one of the two fails

• Temptation for easy password

Tool Ubiquity Advantages Disadvantages

Antivirus/

antispyware

Very high • Blocks many known threats

• Blocks some “zero-day”

threats

• Slow down operating system

• “Zero day” threats can be

missed

Firewall High • Can prevent some targeted

traffic

• Can only filter known threats

• Can have well-known “holes”

System logs Very high • Can reveal IP address of

attacker

• Can estimate the extent of

the breach

• Hackers can conceal their IP

address

• Hackers can delete logs

• Logs can be huge

• Irregular inspections

System alerts High • Can help point to logs

• Can detect an attack in

process

• High sensitivity

• Low selectivity

Tool Ubiquity Advantages Disadvantages

Encryption Very high • Difficult to access a file

without the key

• Long keys could take years

to break

• Keys are unnecessary if password

is known

• If the key is not strong, hackers

could uncover it by trial & error

WEP/WPA Very high • Same as encryption

• Most devices have the

capability

• Provides secure wifi

connection

• Same as encryption

• Some older devices have limited

protections

• WEP is not secure, yet it is still

provided

VPN Medium • Trusted connection is as if

you were connected on

site

• Hard to decrypt

• Device could be stolen while

connected

• Sometimes slows the connection

THANK YOU! (AND PLEASE DON’T FORGET TO POST QUESTIONS TO THE “I’VE GOT

A QUESTION!” DISCUSSION FORUM)