You're about to create your best presentation ever

Security Engineering Background Presentation

Create your presentation by reusing one of our great community templates.

Software Engineering security

Transcript: The security of software is threatened at various points throughout its life cycle, both by inadvertent and intentional choices and actions taken by “insiders”—individuals closely affiliated with the organization that is producing, deploying, operating, or maintaining the software, and thus trusted by that organization—and by “outsiders” who have no affiliation with the organization. The goal of software security engineering is to build better, defect-free software. Software-intensive systems that are constructed using more securely developed software are better able to continue operating correctly in the presence of most attacks by either resisting the exploitation of weaknesses in the software by attackers or tolerating the failures that result from such exploits The objective of secure software development is to design, implement, configure, and sustain software systems in which security is a necessary property from the beginning of the system’s life cycle to its end . Experience has taught that the most effective way to achieve secure software is for its development life cycle processes to rigorously conform to secure development, deployment, and sustainment principles and practices. Organizations that have adopted a secure software development life cycle (SDLC) process have found almost immediately upon doing so that they have begun finding many more and weaknesses in their software early enough in the SDLC that they are able to eradicate those problems at an acceptable cost. Moreover, as such secure practices become second nature over time, these same developers start to notice that they seldom introduce such vulnerabilities and weaknesses into their software in the first place. 1) Finding Vulnerabilities .. 6W4 .. REFERENCE that mean Resilient software is software that is resilient enough to: (1) either resist (i.e., protect itself against) or tolerate (i.e., continue operating dependably in spite of) most known attacks plus as many novel attacks as possible (2) recover as quickly as possible, and with as little damage as possible, from those attacks that it can neither resist nor tolerate. Trustworthiness it's when can I say the software is secure , secure software is software that is engineered “so that it continues to function correctly under malicious attack” and is able to recognize, resist, tolerate, and recover from events that intentionally threaten its dependability. Resilience Dependability The problem of non-secure software when we compared between the good goal and bad goal we find the goal is good if goals when are “SMART” that is Specific, Measurable, Attainable, Realistic, Traceable and Appropriate, and we find the goal is bad if the goals justify the means to obtain the goals Approaches To Application Security Software Engineering security (cc) photo by Franco Folini on Flickr 1)Software Security Engineering: A Guide for Project Manag ‪Julia H. Allen,Sean Barnum,Robert J. Ellison 2)Introduction to Software Security. Karen Mercedes Goertzel, Updated 2009-01-09 https://buildsecurityin.us-cert.gov/bsi/547-BSI.html 3) http://www.slideshare.net/marco_morana/rochester-security-summit-presentation The software security threatened that mean Trustworthy software contains few if any weaknesses that can be intentionally exploited to subvert or sabotage the software’s dependability. In addition, to be considered trustworthy, the software must contain no malicious logic that causes it to behave in a malicious manner the development process by and large is not controlled to minimize the vulnerabilities that attackers exploit. vulnerable software can be invaded and modified to cause damage to previously healthy software, and infected software can replicate itself and be carried across networks to cause damage in other systems. these damaging processes may be invisible to the lay person even though experts recognize that their threat is growing. And as in cancer, both preventive actions and research are critical, the former to minimize damage today and the latter to establish a foundation of knowledge and capabilities that will assist the cyber security professionals of tomorrow reduce risk and minimize damage for the long term. 3 important properties to know software is secure or not 2) Manage Software Risks that mean Dependable software executes predictably and operates correctly under all conditions, including hostile conditions, including when the software comes under attack or runs on a malicious host The Goal of Software Security Engineering software security metrics goals (cc) photo by Metro Centric on Flickr The objective of secure software development Asma Alswayed Aljawharah alkhnini Bayan al rubaie Nora Alslamah defines secure software

Social Engineering(Security)

Transcript: What is Impersonation? Target What makes this tool different Manipulation of targets Common Roles Warning Signs of an Attack Suggestions 80% attribute human error to the lack of security knowledge, a lack of training or a failure to follow security procedures Citations Violation of Security Summary of our Presentation Preventative Measures Skimmers Personal Thought Software Piracy Social Engineering(Security) Phishing Lawrence, Anne T. Weber, James. Business and Society. 14th ed. New York: McGraw-Hill, 1963. Print. "Leran How To Avoid Fraud and Stay Safe Online." Learn How To Avoid Fraud and Stay Safe Online. N.P.,2013. WEb. 20 Nov. 2013 <http://mysecurityawareness.com/>. "Phishing & Social Engineering." Phishing & Social Engineering. Stanford University, 17 Jan. 2011. Web. 20 Nov. 2013. <http://www.stanford.edu/grup/security/securecomputing/phishing.html> "RReal World Social Engineering Example: Phishing." The Official Social Engineering Framework-, N.p., 20 June 2011. Web. 20 Nov. 2013. <http://www.social-engineer.org/framework/Real_World_Social_Engineering_Examples:_Phishing>. Key Points Impersonation Phishing Cyber-Security and Threats Software Piracy Conclusion Software Piracy Raven Salazar Theresa Yeager Khaewta Santirulepong Kiana Vigil Introduction Impersonation What is phishing? Protection Types of phishing Examples UPS Call Spoofing Email 419 scam Digital Millennium Copyright -1998 3 Strike System- French Government U.S. Motion Pictures Zombie Virus Trojan Virus Hacktivist Business Response to Security Breaching Statistics Software Piracy- The illegal copying of copyrighted software Different areas of piracy: Computer based software Musical Recordings Video movie productions & lately electronic versions Raven Salazar Kristin Anderson

Security Engineering Minor: Knowledge Presentation

Transcript: Importance of Security Policies Security policies serve as a foundation for an organization's cybersecurity strategy, ensuring that resources are safeguarded against threats. They establish a clear framework for incident response, compliance, and accountability, ultimately mitigating risks associated with data breaches and cyber attacks. Introduction to Security Engineering Monitoring Tools The importance of security policies in organizations cannot be overstated, especially in a rapidly evolving cybersecurity landscape. This chapter delves into the key aspects and rationale behind developing security policies for Aalberts Hydronic Flow Control. Monitoring tools are crucial for ongoing threat detection and alerting organizations to unusual activities. They enable real-time visibility into system performance and security events, facilitating a proactive security posture. Tools and Technologies Project Overview Utilizing advanced tools and technologies is essential for developing effective security policies. These resources enhance the ability to assess vulnerabilities, establish security benchmarks, and monitor systems continuously for potential threats. The project focuses on developing security policies for Aalberts Hydronic Flow Control, emphasizing enhancements in access control, system monitoring, and incident response strategies. The implementation is guided by the CIS Controls framework to ensure policies are robust and comprehensive. Security Assessment Tools CIS Benchmarks Security assessment tools are essential for detecting vulnerabilities within systems. These tools analyze networks, applications, and systems to ensure compliance with security protocols and identify potential weaknesses before they can be exploited. CIS Benchmarks provide a set of best practices for securely configuring systems. They offer guidance for various platforms and help organizations evaluate system configurations against recognized standards to mitigate vulnerabilities. Security Engineering Minor: Knowledge Presentation Alignment with CIS Framework Referencing CIS Controls ensured that security policies are aligned with recognized best practices. This structured alignment helps prioritize security initiatives based on the organization’s risk profile and operational context. Analysis of Security Measures Iterative Feedback An iterative feedback loop was established to continuously refine security policies. Engaging stakeholders at various stages ensured that evolving security needs were addressed promptly, and feedback was acted upon systematically. A thorough analysis of existing security measures identified gaps and areas for improvement. The evaluation focused on current practices, enabling a clear understanding of vulnerabilities and a foundation for effective policy development. Aalberts Hydronic Flow Control – Security Policy Development Stakeholder Interviews Comprehensive Approach Purpose and Benefits of CIS Controls Interviews with key stakeholders provided insights into specific security requirements and concerns. Engaging with personnel in various roles ensured that policies were relevant and tailored to operational needs, reflecting real-world challenges and perspectives. Combining stakeholder insights with strategic analysis led to a comprehensive policy development approach. The methodologies employed emphasize the importance of collaboration and data-driven decision-making in security engineering projects. The primary purpose of CIS Controls is to provide actionable guidance that organizations can implement to safeguard their information systems. Benefits include improved threat detection, enhanced incident response capabilities, and a prioritized focus on critical security needs, allowing organizations to allocate resources efficiently. Methodology This section outlines the key methodologies used to develop security policies, focusing on stakeholder engagement and analysis of existing measures. The structured approach ensures alignment with industry best practices through the CIS Controls framework. What are CIS Controls? CIS (Center for Internet Security) Controls are a set of best practices aimed at improving cybersecurity across organizations. They outline the key actions to mitigate security risks effectively and help secure systems and data from evolving threats. Understanding CIS Controls CIS Controls provide a structured framework for organizations to enhance their cybersecurity posture. By prioritizing essential security measures, organizations can identify vulnerabilities and implement robust defenses against cyber threats. Proposed Solutions To address system alignment issues, a gradual integration plan should be developed, focusing initially on enhancing access control measures. For employee engagement, tailored training programs and clear documentation can foster understanding and promote compliance with new security measures. Final Thoughts on Policy Development Key Challenges Identified

Background Presentation

Transcript: 14th Week Consulting interns can be expensive Time and Money Personal Experience Preliminary Design Stage NFPA 101 and NFPA 13 New and Existing Education, Business, and Mercantile Definition of Project This app would be used to provide interns and recent graduates with an outline of guidelines for how to design and review designs of specific occupancies. With the given time frame, I will be writing the information that will go into the app Begin parametric study: Speak with my mentor and Jason to understand more about what critical variables I could concentrate on for this app. Choose those parameters and begin my study Gather information from NFPA 101 and NFPA 13 for new and existing education, business, and mercantile occupancies. By: Breanne Thompson Next Steps (Continued) Finish preparing for Draft of Analysis Pull together and discuss results of project Draw my conclusions and state future work needed Turn in Final Paper! 10th and 11th Week Turn in my parametric study Begin draft of analysis Map out the process of the app for the key elements 15th Week References Next Steps 7th Week Prepare for Final Presentation Summarize my draft of analysis into presentation Work on how to incorporate a live demonstration for my presentation App Development Background Information 8th-9th Week Continuous Process Objective-C for Apple products Java for Android products 6 months of studying Places to Learn: Codecademy, iOS Dev Center, Android Developers Training Hire App Developer will cost thousands Prepare Final Paper Dive into Shark Tank! 1. http://lifehacker.com/5401954/programmer-101-teach-yourself-how-to-code 2. http://www.bluecloudsolutions.com/blog/cost-develop-app/ 6th Week Background Presentation 12th-13th Week

Background Presentation

Transcript: Real action and accountability Amnesty International Non-state actors/ Rebel Groups?? ...and what about men?? ignoring male rape victims? would rape exist without a man? Weapons of War: Rape UN as an Arena - NGO's - Discussion and dialogue Arena Instrument Actor Critical Thinking Weapons of War: Rape UN as an instrument UNSC Resolution 1820 (2008) UN as an Actor - UN Action Against Sexual Violence in Conflict Weapons of War: Rape Problems with 1820 "Roles and Functions of International Organizations" "Sexual violence, when used as a tactic of war in order to deliberately target civilians or as a part of a widespread or systematic attack against civilian populations, can significantly exacerbate situations of armed conflict and may impede the restoration of international peace and security… effective steps to prevent and respond to such acts of sexual violence can significantly contribute to the maintenance of international peace and security" (UNSC Resolution 1820, p. 2)" http://www.stoprapenow.org/uploads/advocacyresources/1282164625.pdf Background Presentation- Kristin Mann Weapons of War: Rape Brief Insight - used to manipulate social control - destabilize communities - weaken ethnic groups and identities Examples: - Sudanese Militia - Rwanda Genocide - DRC Critical Thinking http://www.womenundersiegeproject.org/blog/entry/the-need-for-numbers-on-rape-in-warand-why-theyre-nearly-impossible-to-get Critical Thinking Increased Data Collection by international organizations - determine humanitarian responses - ensures justice and reparation - provides recognition and dignity

Background Presentation

Transcript: Death rate 2012: 12.84 deaths/1,000 population (World ranking: 22) Infant (Child Mortality) Total: 79.02 deaths/1,000 live births (world ranking: 10) HIV/AIDS (2) Appropriate Technology Landlocked country Great African Rift Valley system: East – Lake Malawi South – mountains, tropical palm-lined beaches Mainly a large plateau, with some hills Lake Malawi (Lake Nyasa) Almost 1 million people have AIDS 60% of these are female Declining in urban areas, Rising in rural areas Leading cause of death amongst adults Contributes to the low life expectancy: 54.2 years 209th ranking (One of the lowest) 500,000 children have been orphaned due to AIDs Micro-finance Policy Framework and Strategies (Health SWAp) increasing the availability and accessibility of antenatal services; utilization of skilled health personnel during pregnancy, childbirth and postnatal period at all levels of the health system; strengthening the capacity of individuals and institutions to improve maternal and neonatal health; increasing the number of skilled health personnel; constructing and upgrading health facilities to offer essential health services particularly focusing on rural and underserved areas; and provision of ARVs and micronutrients during pregnancy. Geography of Malawi CCST 9004 Appropriate Technology for the Developing World Indicator 3: Literacy Rate of 15 – 24 year-olds According to the World Bank, microfinance is defined as: Microfinance is the provision of financial services to the entrepreneurial poor.This definition has two important features:it emphasizes a range of financial services—not just credit— and it emphasizes the entrepreneurial poor. Goal 2: Achieve Universal Primary Education Appropriate Technology: SIRDAMAIZE 113 Population: 16,777,547 (estimated in July 2013) Population growth rate: 2.758% (2012 est.) (World ranking: 18) Age structure Children: 50% of total population HIV/AIDS Human Resources Education Poverty Food Insecurity Erratic Rainfall Patterns/Droughts Corruption Lack of Foreign Investment Languages Indicator 5: Proportion of seats held by women in National Parliaments Central Region: 1-9 (Yellow) *Capital: Lilongwe Northern Region: 10-15 (Red) Southern Region: 16-27 (Green) Lake Malawi (Blue) Land surface area 45,747 square miles Challenges: · shortage of qualified primary school teachers; · inadequate physical infrastructure; · poor retention of girls mainly from standard five to eight; · high disease burden due to HIV and AIDS consequently leadinto absenteeism, especially among girls who take care of the sick · Poverty levels are high in rural areas. Malawi – Climate/Agriculture Trading partners: South Africa, Zambia, China, US Challenges: · shortage of qualified primary school teachers; · inadequate physical infrastructure; · poor retention of girls mainly from standard five to eight; · high disease burden due to HIV and AIDS consequently leading to absenteeism especially among girls who take care of the sick; and · poor participation of school committees and their communities in school management. · Poverty levels are high in rural areas. 1 Doctor per 50,000 people Hinders the ability to deliver medical services to people in need Reason: Emigration Lack of access to education Aggravated by AIDS > 4 nurses are lost each month This also affects other sectors: Government Business Farmers Human Resources HIV/AIDS - Contemporary GDP: US $14.58 billion (2012 est.) (World ranking: 142) Labor force: agriculture: 90%; industry and services: 10% (2003 est.) Countries main income Agriculture Main crops: maize, tobacco, tea, sugar cane, groundnuts, cotton, wheat, coffee, and rice Industry: tobacco, tea, sugar, sawmill products, cement, consumer goods Challenges: limited capacity in terms of human and material resources to facilitate adult literacy and continuing education; early marriages perpetuated by socioeconomic factors; socio–cultural factors that make people believe that men should be leaders while women are followers; and, poor learning environment which affects girls in primary and secondary schools e.g. sanitary facilities, long distances to education facilities, extra burden from domestic chores especially for adolescent girls resulting into high dropout rate. 1964: Independent from Britain Indicator 1: Maternal Mortality Ratio Malawi Demographics Problems - Outline Indicator 4: Share of Women in Wage Employment in the Non- Agriculture Sector measure of employment opportunities ( i.e equal proportions of men and women in formal employment) Yet, more women participate in the agriculture sector than in the formal wage employment especially in jobs that require professional qualifications. Due to: literacy levels, gender disparity and cultural values. Facts About the Product: Drought tolerant maize variant Able to mature under limited rainfall Suitable for marginal rainfall areas 136 days to mature Normally: 150 – 180 days Able to mature under limited rainfall Suitable for marginal rainfall areas

Now you can make any subject more engaging and memorable