Information Security Professionals in the 21st Century: Who's Protecting Your Network - PowerPoint PPT Presentation

1 / 16
About This Presentation
Title:

Information Security Professionals in the 21st Century: Who's Protecting Your Network

Description:

Those measures, procedures, or controls which provide an ... Expertise in variety of operating systems (UNIX, NT, Linux, MacIntosh, VMS, SUN Solaris) ... – PowerPoint PPT presentation

Number of Views:44
Avg rating:3.0/5.0
Slides: 17
Provided by: G407
Category:

less

Transcript and Presenter's Notes

Title: Information Security Professionals in the 21st Century: Who's Protecting Your Network


1
Information Security Professionals in the 21st
CenturyWho's Protecting Your Network?
  • James Cannady, Ph.D.
  • Assistant Professor

2
Information Security
  • Those measures, procedures, or controls which
    provide an acceptable degree of safety of
    information resources from accidental or
    unauthorized intentional disclosure,
    modification, or destruction.
  • Based on the assumption that others either want
    you data or want to prevent you from having it.
  • Insecurity is the result of flaws, improper
    configurations, errors and bad design.
  • Patches and security add-ons merely address the
    symptoms,not the cause.

3
The Changing Security Environment
  • The landscape for information security is
    changing
  • From closed systems and networks to Internet
    connectivity
  • From manual to automated processes
  • Increased emphasis of information security as
    core/critical requirement

4
Information Security Problem
  • A large, rapidly growing international issue
  • Key to growth of e-commerce
  • Critical infrastructure at risk
  • True magnitude of the problem unknown

5
The Threat Environment
  • All systems have vulnerabilities. We are more
    vulnerable today than in the past because todays
    information systems are more
  • Open
  • Distributed
  • Complex
  • Highly Dynamic
  • Attacks are becoming more sophisticated
  • Tools to exploit system vulnerabilities are
    readily available and require minimal expertise

6
Typical Threats
  • Eavesdropping and sniffing
  • System Penetration
  • Authorization Violation
  • Spoofing/Masquerading
  • Tampering
  • Repudiation
  • Trojan Horse
  • Denial of Service

7
Evidence
  • 90 businesses detected computer security
    breaches within the last twelve months
  • 70 reported a variety of serious computer
    security breaches (e.g., theft of proprietary
    information, financial fraud, system penetration
    from outsiders, denial of service attacks and
    sabotage of data or networks)
  • 74 acknowledged financial losses due to
    computer breaches
  • 19 reported ten or more incidents
  • Source Computer Security Institute 2000
    Computer Crime and Security Survey

8
Common Security Mechanisms
  • Obscurity
  • Firewalls
  • Intrusion Detection
  • Vulnerability/Security Assessment Tools
  • Virus Detection
  • Host Security
  • Authentication Systems
  • Cryptography

9
A Real World Scenario
10
Security Professionals
  • Complexity of InfoSec requires a specialist
    capable of evaluating systems and identifying
    solutions
  • Example Qualification
  • Minimum two years network and computer security
    administration.
  • Experience in a variety of programming languages
    (C, C, Java a plus)
  • Solid understanding of network security
    technology.
  • Solid understanding of software engineering
    practices and standards
  • Solid understanding of databases
  • Expertise in variety of operating systems (UNIX,
    NT, Linux, MacIntosh, VMS, SUN Solaris)
  • Ability to analyze security weaknesses and define
    corrective measures.
  • Ability to interact with team members to resolve
    system administration and security problems.
  • Good verbal and written communication skills.
  • Good organization, time management and
    problem-solving skills.
  • Extreme demand for qualified personnel
  • Job openings for network security professionals
    have increased 200 percent in the past six months

11
Security Professionals
  • Three options to satisfy need
  • Abracadabra!
  • Network Engineer
  • Database Administrator Security
    Specialist
  • Systems Analyst

12
Security Professionals
  • Just add water
  • Send IT personnel to security courses
  • Usually limited to technologies and applications
    that are popular at the time.
  • No fundamental understanding

13
(No Transcript)
14
Security Professionals
  • Jane Doe, M.S.
  • Build upon undergraduate degree with advanced
    studies in networking, software engineering,
    operating systems, systems analysis and design,
    etc.
  • Develop the ability to apply science and
    technology to information security problems,
    regardless of platform or vendor
  • You don't have to be a researcher to gain from a
    grad degree

15
In Review
  • Security is a complex and growing area of
    information technology
  • There is a critical need for information security
    professionals
  • Quick fix solves short term problems
  • Graduate education provides a foundation for the
    future

16
Questions?
Dr. James Cannady cannady_at_nova.edu (954)
262-2085 http//scis.nova.edu/cannady
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Information Security Professionals in the 21st Century: Who's Protecting Your Network" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!