Embed Size (px)
Citation preview
Data and Informa-tion Security Issues
Da Seul Kim, Sang Min Lee, Joe Lyngdoh, Jung-Hyun Kim
Group No. 2
Harmony presentation www.yourwebsite.-com
ContentsIntroduction about Data se-curity
Types of data attack
Data security issue : NH Bank
Data security issue : Hacking Yacht
Introduction about Data
Security
Protecting data from unauthorized access to computer, databases and websites.
What is Data Secu-rity?
(= Information Security, Computer Security)
Data security itself is a very wide concept. It could be related with Mobile de-vices, Computer, or any electronic devices which contains the data.
Harmony presentation www.yourwebsite.-com
ProtectPrivacy
To ensure data integrity
Why do we need data secu-rity?
PreventData Viola-
tion - According to IBM, the cost of data vio-lation on sensitive data is about $5.4million per inci-dent.
-We have to be sure that the specific data, what we want use need to be truthful.
- Data for the en-terprise is the crucial asset.
Harmony presentation www.yourwebsite.-com
Basic Data security tech-nology
*Data encryptionmaking code to protect the data (this is the basic way of data security)
*Data masking is the process of
masking(covering) specific data within a database table
or cell to ensure that data security is maintained and sensitive information is not
exposed to unauthorized person.
*Data era-surecompletely destroying data all electronic data on hard drive or in other digi-tal media to ensure that no sensitive data is leaked.
For better Data secu-rity
Technology
Ethical (ex. KHNP)
Good policy
Company view
Click less
Unique password
Multiple e-mail account
Personal view
Using protecting application or software to the data is important but the most important thing is to prevent before the unauthorized access happen.
Types of Data attacks
Types of Network attacks
Eavesdropping
Data Modification
Identify Spoofing (IP address Spoofing)
Password-Based at-tack
Denial-of-Service At-tackMan-in-the-Middle Attack
Sniffer Attack
Application-Layer Attack
Spoofing
A technique used to gain unauthorized access to com-puters
* An examples of spoofing :
man-in-the-middlerouting redirectsource routingblind spoofingflooding
DDOS(Distributed Denial of Service)
DOS attack where multiple compromised systems are used to target a single system
causing a Denial of Service (DoS) attack
A Distributed Denial of Service (DDoS) at-tack is an attempt to make an online ser-vice unavailable by overwhelming it with
traffic from multiple sources
Keystroke capturing / log-ging
A keylogger, sometimes called a keystroke logger, key logger, or sys-tem monitor, is a hardware device or small program that monitors each keystroke a user types on a specific computer's keyboard
Exists as a hard ware and a soft-ware version
Data security issue : NH Bank
Network system disorder by hacking
2011. 4. 12
How was it processed and How were they dam-aged?
NH IT headquarters sensed situa-tion which is implemented system file delete order by uncertain things.
All system trans-action was halted at 17:10.
NH implemented rebooting to secure 553 server’s security and it occurred long time de-lay
Partial data in 275 server was being deleted for 5 minutes.
Why is this incident happened?
DDOS attack01.
About
- IBM(subcontractor)
server disorder- 2009. 7.7ddos, 2010. 3.4 ddos
Why did the incident happen?
Slack Network02.
About
- Very easy pass-word
- “1” or “0000” password
What is solution after the problem?
FDS System
- a simplified form of fraud detection system.
launching ‘NH high-security card’
- 2014. 12. NH bank launched it for protection customer’s financial asset.
FDS system collects and analyze the access information of electronic finance, transactional information and etc. to de-tect and block the fraud financial transactions.
What is solution after the problem?
Suspicious account monitoring system
- This system constantly monitor the account which used frequently for fi-nancial fraud.
Recruiting IT experts
White hackers
NH Bank put a lot of efforts to data security to not have sameproblem as before
$80 million Yacht at sea “Spoofing”
Data security issue : Hacking Yacht
Video clip about the case
What exactly happened?
Planed route
Changed route
"The ship actually turned and we could all feel it, but the chart display and the crew saw only a straight line," Humphreys said.
If this was not experiment, but a real situation, it could be an disaster to the people who are in the yacht. And result is dangerous situation.
How could be dangerous?
Wide gap
Spoofing de-vices
the transportation in-dustry's technology
By investing much more in securing our trans-potation
What is the solution for this prob-lem?
Recognition improve-ment
We may be free from threats but don’t know why
it is
We should es-tablish a sys-
tem of informa-tion security preparedness
What is the solution for this prob-lem?
Group Solu-tion
Thank you for listening to our presen-tationGroup no.2 : Joe Lyndogh, Sang Min Lee, Da Seul Kim, Jung-Hyun Kim
