Authentication and Public major Infrastructure

Access Control, Authentication, and Public major Infrastructure

Lesson 5

Security Breaches and the Law

www.jblearning.com

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

Learning Objective and Key Concepts

Learning Objective

Assess the consequences of failed access controls and mitigate unauthorized access.

Key Concepts

U.S. federal and state laws passed to deter information theft

Costs associated with inadequate access controls

How access controls can fail

Security breaches and their implications

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

DISCOVER: CONCEPTS

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

Laws and Data Breaches

Federal and state laws act as deterrents

Organizations are required to take steps to protect the sensitive data

An organization may have a legal obligation to inform all stakeholders

if a breach occurred

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

Federal Laws

Computer Fraud and Abuse Act (CFAA) designed to protect electronic data from theft

Digital Millennium Copyright Act (DMCA) prohibits unauthorized disclosure of data by circumventing an established technological measure

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

State Laws

California Identity Theft Statute requires businesses to notify customers when personal information has been disclosed

Research specific laws that apply in your state.

You can begin by visiting your state’s

Office of Attorney General Web site.

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

First-Layer Access Controls

All physical security must comply with all applicable regulations

Access to secure computing facilities granted only to individuals with a legitimate business need for access.

All secure computing facilities that allow visitors must have an access log.

Visitors must be escorted at all times

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

Most common and easiest form of access

To be effective: Requires the use of a secure channel through the network to transmit the encrypted password

Not very secure

WHY USE THEM??

Something you know

User friendly – People get the concept (like an ATM pin #)

Two factor authentication

– Combine passwords with a (smart card) token

– ATM card and PIN –improved protection

Easy to manage

Supported across IT platforms

Inadequate Access Controls

People

Technology

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

People

Phishing and spear phishing attacks

Poor physical security on systems

File-sharing and social networking sites

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

Technology

Very weak password encryption

Web browsers are a major vector for unauthorized access

Web servers and other public-facing

systems, are an entry point for unauthorized access

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

DISCOVER: PROCESS

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

Security Breach Principles

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

System exploits

Eavesdropping

Social engineering

Denial of service (DoS) attacks

Indirect attacks

Direct attacks

Consequences

Security breaches can have serious consequences for an organization.

They can rely on:

Lax physical security

Inadequate logical access controls

A combination of both

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

Implications of Security Breaches

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

Damages organizations’ computer systems

Financial Impact

Legal action

Loss of reputation

Costs of contacting all of the individuals

Organization’s market share

Summary

U.S. federal and state laws passed to deter information theft

Costs associated with inadequate access controls

How access controls can fail

Security breaches and their implications

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

Virtual Lab

Managing Group Policy Objects in Active Directory

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

If your educational institution included the Jones & Bartlett labs as part of the course curriculum, use this script to introduce the lab:

“In this lesson, you learned about ways that compromised access controls can result in security breaches. You also discovered the legal implications of security incidents. One effective way to help prevent security breaches is to enforce system logon security controls.

In the lab for this lesson, you will use the Group Policy Management tool to edit the default domain policy and set up a new password policy. You will also create a new group policy object (GPO) and apply it to an organizational unit.”

3/30/2015

The post Authentication and Public major Infrastructure appeared first on Lion Essays.

“Looking for a Similar Assignment? Get Expert Help at an Amazing Discount!”

Authentication and Public major Infrastructure was first posted on February 5, 2019 at 1:12 am.
©2019 "Lion Essays". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at support@Lion Essays.com

Authentication and Public major Infrastructure

“Looking for a Similar Assignment? Get Expert Help at an Amazing Discount!”

About Us

Guarantees

Papers

Services

“Looking for a Similar Assignment? Get Expert Help at an Amazing Discount!”

"Get 15% discount on your first 3 orders with us" Use the following coupon FIRST15

About Us

Guarantees

Papers

Services

"Get 15% discount on your first 3 orders with us"
Use the following coupon
FIRST15