Information Assurance and Computer Security

1
Information AssuranceandComputer Security
2
(No Transcript)
3
OVERVIEW

• Threat defined
• Categories of threats
• Specific types of threats
• Historical turncoats
• Your responsibilities

4
What is a threat?

• Any circumstance or event with the potential to
  cause harm to an information system in the form
  of destruction, disclosure, adverse modification
  of data, and/or denial of service
• Current and perceived capability, intention, or
  attack directed to cause denial of service,
  corruption, compromise, or fraud, waste, and
  abuse to an information system

5
Categories of Threats

• Technical
• - hardware, software, or
• design deficiency
• often vulnerable right out
• of the box
• Administrative
• - inadequate or incorrect
• implementation of existing security features
• - not a design flaw but rather poor policy,
  process or procedure

6
What are the types of threats?

• Unintentional Threats
• - spilled food or liquid
• - downloaded game or software
• - disabled anti-virus software
• - unattended computer
• with no locked keyboards
• or screensavers
• - accidental deletion or modification of files

7
Types of Threatscontd

• Intentional Threats -
• - Social engineering
• - Elicitation
• - Computer network attack
• - The insider threat

Type in your Social Security Number for a free
credit report
Please enter your password to validate your
account
8
Types of Threats...contd

• Intentional Threats
• - Social engineering
• - Elicitation
• - Computer network attack
• - The insider threat

9
Types of Threats...contd

• Intentional Threats
• - Social engineering
• - Elicitation
• - Computer network attack
• How are they attacked?
• - The insider threat

10
Intentional Threats contd

• - Computer network attacks
• The Internetperhaps our largest daily threat
• --Cookies
• --Mobile code, malicious code spy-ware
• --Use of home internet service provider
• --OPSECor lack of it
• --Distributed denial of service
• --Hoaxes
• --Spam

11
(No Transcript)
12
(No Transcript)
13
Types of Threats...contd

• Intentional Threats
• - Social engineering
• - Elicitation
• - Computer network attack
• - The insider threat

14
Would insiders really steal information?
15
Famous Turncoats

• Benedict Arnold
• -Appointed by George Washington to a position in
  the Continental Congressa trusted position.
• - He was caught trying to smuggle classified
  documents to the British in 1780.

16
Famous Turncoats

• The Rosenburgs (Ethel and Julius) Controversial
  case convicted of spying for the Soviet Union
• Passed secret of the A bomb to the Soviets
  (from the Manhattan Project)
• Judge Irving Kaufman found them guilty of
  espionage and said they contributed to the
  communist aggression and 50,000 deaths of the
  Korean War.

17
Famous Turncoats

• Both were executed in 1953 for Conspiracy to
  Commit Espionage.
• In 1995 NSA released de-crypted evidence of their
  involvement.
• In his memoirs posthumously published in 1990
  Nitkita Khrushchev praised both of them for their
  very significant help in the production of the
  atomic bomb.

18
Famous Turncoats

• Aldrich AmesThe Chief of Counterintelligence in
  Eastern Europe and the Soviet Union
• CIA employee for 31 years
• Sold the names of all his co-worker spies to the
  Soviet Union for 50,000
• The most damaging spy case in the history of
  this country.NSI, 1995 NSI . org

19
Famous Turncoats

• Ultimately betrayed more than 100 operations and
  received 3 million.
• His betrayal led to the execution of 10 KGB
  (Soviet) double agents and 11 US agents.
• CIA IG report 1994

20
Famous Turncoats A little close to home.

• Brian P. Reganworked for the
• super-secret National Reconnaissance Office
  they design and operate spy satellitesTop Secret
  information
• Arrested Aug 23, 2002, with classified
  information in his possession
• Stole, copied, and buried over 20,000 pages of
  documents classified as Top Secret or higher

21
Brian Regan

• Buried documents in 19 locations
• including state parksdetailed
• information on satellites, early warning
• systems, missile site coordinates, and WMD
• Wrote letter to Saddam Husseinoffered to sell
  Top Secret information for 13 million also had
  identical letters on his computer to China, Iran,
  and Libya
• Regan was bitter over the small pension received
  for years of service..who was the service with?

22

• A little close to home
• Brian P. Regan
• Master Sergeant, USAF, Retired
• 38 year-old, father of four, deeply in debt and
  in 2003 sentenced to life in prisonlost his
  small pension

23
What can I do to help?What are my
Responsibilities?

• Fight the insider threat
• - protect your access to
• information (physical access)keys/doors,
  personnel rosters ...physical security
• -protect your electronic accessdont share
  passwords, access cards, codes, etc.
• -report shoulder surfers or suspicious activity

24
What are my Responsibilities?

• Use your virus software
• Run on start-up and weekly minimum
• Use it on your home computer too
• Scan all removable media (disks, DVDs,CDs)
  before each use
• Save and scan attachments
• (especially all high risk)

25
What Are My Responsibilities?

• Dont load software
• or programs on
• government computers
• without permission.
• -including freeware
• Dont talk about official
• business in open
• chat rooms or forums.

26
What are my Responsibilities?

• Dont post your email address in chat rooms,
  forums, or message boards.
• Report violations or suspicious activity.
• -pornography
• -loading personal software
• -revealing sensitive
• information
• -failure to take security measures

27
 
28
SUMMARY

• Threat defined
• Categories of threats
• Specific types of threats
• Historical turncoats
• Your responsibilities

29
(No Transcript)
30
(No Transcript)
31
The truth is that theres an enemy that still
lurks out there. And we must continue to work
together to protect our countrythe most solemn
duty of government is to protect American
people.George W. Bush, January 23, 2004