Authentication and Public major Infrastructure
Access Control, Authentication, and Public major Infrastructure
Lesson 5
Security Breaches and the Law
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page ‹#›
Access Control, Authentication, and PKI
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
1
Learning Objective and Key Concepts
Learning Objective
Assess the consequences of failed access controls and mitigate unauthorized access.
Key Concepts
U.S. federal and state laws passed to deter information theft
Costs associated with inadequate access controls
How access controls can fail
Security breaches and their implications
Page ‹#›
Access Control, Authentication, and PKI
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
2
DISCOVER: CONCEPTS
Page ‹#›
Access Control, Authentication, and PKI
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Laws and Data Breaches
Federal and state laws act as deterrents
Organizations are required to take steps to protect the sensitive data
An organization may have a legal obligation to inform all stakeholders
if a breach occurred
Page ‹#›
Access Control, Authentication, and PKI
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Federal Laws
Computer Fraud and Abuse Act (CFAA) designed to protect electronic data from theft
Digital Millennium Copyright Act (DMCA) prohibits unauthorized disclosure of data by circumventing an established technological measure
Page ‹#›
Access Control, Authentication, and PKI
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
State Laws
California Identity Theft Statute requires businesses to notify customers when personal information has been disclosed
Research specific laws that apply in your state.
You can begin by visiting your state’s
Office of Attorney General Web site.
Page ‹#›
Access Control, Authentication, and PKI
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
First-Layer Access Controls
All physical security must comply with all applicable regulations
Access to secure computing facilities granted only to individuals with a legitimate business need for access.
All secure computing facilities that allow visitors must have an access log.
Visitors must be escorted at all times
Page ‹#›
Access Control, Authentication, and PKI
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Most common and easiest form of access
To be effective: Requires the use of a secure channel through the network to transmit the encrypted password
Not very secure
WHY USE THEM??
Something you know
User friendly – People get the concept (like an ATM pin #)
Two factor authentication
– Combine passwords with a (smart card) token
– ATM card and PIN –improved protection
Easy to manage
Supported across IT platforms
7
Inadequate Access Controls
People
Technology
Page ‹#›
Access Control, Authentication, and PKI
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
People
Phishing and spear phishing attacks
Poor physical security on systems
File-sharing and social networking sites
Page ‹#›
Access Control, Authentication, and PKI
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
9
Technology
Very weak password encryption
Web browsers are a major vector for unauthorized access
Web servers and other public-facing
systems, are an entry point for unauthorized access
Page ‹#›
Access Control, Authentication, and PKI
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
10
DISCOVER: PROCESS
Page ‹#›
Access Control, Authentication, and PKI
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Security Breach Principles
Page ‹#›
Access Control, Authentication, and PKI
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
12
System exploits
Eavesdropping
Social engineering
Denial of service (DoS) attacks
Indirect attacks
Direct attacks
Consequences
Security breaches can have serious consequences for an organization.
They can rely on:
Lax physical security
Inadequate logical access controls
A combination of both
Page ‹#›
Access Control, Authentication, and PKI
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
13
Implications of Security Breaches
Page ‹#›
Access Control, Authentication, and PKI
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
14
Damages organizations’ computer systems
Financial Impact
Legal action
Loss of reputation
Costs of contacting all of the individuals
Organization’s market share
Summary
U.S. federal and state laws passed to deter information theft
Costs associated with inadequate access controls
How access controls can fail
Security breaches and their implications
Page ‹#›
Access Control, Authentication, and PKI
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Virtual Lab
Managing Group Policy Objects in Active Directory
Page ‹#›
Access Control, Authentication, and PKI
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
If your educational institution included the Jones & Bartlett labs as part of the course curriculum, use this script to introduce the lab:
“In this lesson, you learned about ways that compromised access controls can result in security breaches. You also discovered the legal implications of security incidents. One effective way to help prevent security breaches is to enforce system logon security controls.
In the lab for this lesson, you will use the Group Policy Management tool to edit the default domain policy and set up a new password policy. You will also create a new group policy object (GPO) and apply it to an organizational unit.”
3/30/2015
16
The post Authentication and Public major Infrastructure appeared first on graduatepaperhelp.
"Looking for a Similar Assignment? Get Expert Help at an Amazing Discount!"