The document discusses data security and the evolution of threats over time. It covers definitions of data security, common threats like tampering, eavesdropping, and different types of attacks. The document also discusses security solutions like antivirus software, firewalls, and encryption. Emerging threats are discussed like mobile computing risks, BYOD risks, and social media privacy risks. Future directions are mentioned around managing personal data access and authentication.
Information security involves protecting information systems, hardware, and data from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction. The primary goals of information security, known as the CIA triad, are confidentiality, integrity and availability. Information is classified into different types like public, private, confidential and secret depending on who can access it and the potential damage of unauthorized access. Security also involves protecting physical items, individuals, operations, communications, networks and information assets.
The document discusses the need for information security and the threats organizations face. It describes how security performs four important functions: protecting the organization's ability to function, enabling safe application operation, protecting data, and safeguarding assets. It then outlines various threats such as viruses, worms, hacking, human error, natural disasters, and more. It emphasizes that security is a management responsibility and missing or inadequate policies and controls can increase organizations' vulnerability to threats.
Cybersecurity involves protecting individuals, businesses, and critical infrastructure from threats arising from computer and internet use. It addresses both external attacks by remote agents exploiting vulnerabilities, as well as insider threats from valid users. Cybersecurity deals with a range of technical and human factors, as vulnerabilities usually stem from a mix of these. Key concerns include malware, cyber attacks aiming to cause damage or steal data, and accidental incidents that can also lead to losses.
The document discusses various cybersecurity attack vectors and how organizations can protect themselves. It outlines common attack methods like ransomware, malicious code delivery, social engineering, and phishing. It then recommends that organizations conduct regular security audits, establish governance policies, create an incident response plan, and provide cybersecurity education to employees. The document promotes cybersecurity services from Future Point of View including vulnerability testing, forensics, and training to help organizations enhance their protections.
The document discusses the history and evolution of information security. It begins with physical security controls for early mainframe computers and the need for security on the ARPANET network. Information security expanded to include data security and limiting unauthorized access. With the growth of networks and the internet, security became more complex as many interconnected systems needed to be secured. The document outlines key information security concepts and professionals involved in information security governance.
This document discusses network security. It defines network security and outlines some key security challenges such as many networks experiencing security breaches. It then discusses why security has become more important over time due to more dangerous hacking tools and the roles of security changing. The document outlines various security issues, goals, components, data classification approaches, security controls, and addressing security breaches. It stresses the importance of a comprehensive security policy and approach.
Information Security Awareness TrainingRandy Bowman
This document provides an information security awareness training for employees of the Department of Postsecondary Education (DPE). It discusses the goals of ensuring authorized access to information and compliance with security policies. It describes potential security threats like malware, password attacks, and social engineering. It provides tips for protecting data at work through strong passwords, securing devices and data, safe email and internet use, and proper disposal of media. Mobile device and wireless security is covered. New DPE security policies are introduced and the IT director contact information is provided for questions.
Social engineering is a form of hacking that exploits human trust and helpfulness. It is done through impersonation, phone calls, email, or in-person interactions to obtain sensitive information. Anyone can be a target if the social engineer can build rapport and trust. Common techniques include pretending to need technical help, claiming to be from the same organization, or creating a sense of urgency or fear in the target. Education and strict security policies are needed to combat social engineering threats.
How To Learn The Network Security
Slide berikut merupakan slide yang berisikan dasar-dasar bagi kita dalam memahami konsep keamanan jaringan komputer, baik dari sisi inftrastruktur, teknologi dan paradigma bagi pengguna.
Materi yang diberikan sudah disusun oleh Pakar yang merupakan Trainer CEH dan memang berkompeten dibidang keamanan jaringan.
Slide ini saya dapatkan dari beliau saat mengikut training Certified Computer Security Officer (CCSO) dan Certified Computer Security Analyst (CCSA) dari beliau.
Semoga bermanfaat sebagai acuan bagi kita untuk belajar tentang keamanan jaringan komputer.
Terimakasih
In this presentation we have covered the topic Data Security from the subject of Information Security. Where Data, Data Security, Security, Security Policy, Tools to secure data, Security Overview (Availability, Integrity, Authenticity, Confidentiality), Some myths and Dimensions of System Security and Security Issues are discussed.
This document discusses email security and the Pretty Good Privacy (PGP) encryption software. It describes why email security is important given threats like loss of confidentiality and integrity. It then provides details on PGP, including how it uses public/private key encryption and digital signatures to encrypt messages and authenticate senders. PGP uses symmetric encryption of messages and asymmetric encryption of session keys, storing keys in a local ring. The document discusses PGP key management and its use of a web of trust model without a central authority.
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
Network security involves protecting network usability and integrity through hardware and software technologies. It addresses vulnerabilities that threats may exploit to launch attacks. Common vulnerabilities include issues with technologies, configurations, and security policies. Threats aim to take advantage of vulnerabilities and can be structured, unstructured, internal, or external. Common attacks include reconnaissance to gather information, unauthorized access attempts, denial-of-service to disrupt availability, and use of malicious code like worms, viruses, and Trojan horses.
Keyloggers and spyware are programs that can monitor users' computer activity without their consent. Keyloggers record keyboard input like passwords, while spyware tracks web browsing and transmits the collected information. There are hardware and software versions of keyloggers, with hardware versions like devices plugged into keyboards and replacement keyboards containing the monitoring programs. Spyware comes in various forms like tracking cookies, browser hijacking, and keyloggers that observe online habits for advertising or other purposes. Both keyloggers and spyware can invade users' privacy and security without their knowledge.
The CIA Triad - Assurance on Information SecurityBharath Rao
Confidentiality, Integrity and Availability of Data are the basis for providing assurance on IS Security. This document gives a small overview of the impact of confidentiality, integrity and availability on the data and the need of securing the CIA.
This document provides an introduction to information security. It defines information security as the protection of information and systems from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction. The document outlines some key threats to information security like destruction, disclosure and modification of data. It also discusses the goals of information security - confidentiality, integrity, availability and authenticity - and common threats that relate to each goal. Additionally, the document covers security aspects like data security, computer security and network security and provides basic measures to enhance security in each area.
The Data Protection Act 1998 protects people's personal information. O2 mobile customers in the UK were inadvertently sharing their phone numbers with websites they visited. This privacy breach could allow site owners to collect numbers for marketing calls and texts without consent. The Information Commissioner's Office is considering investigating further, but a phone number alone is not currently classified as personal identifying information under the Act.
The document discusses how to protect personal information online. It notes that while the internet allows many opportunities, personal data like social security numbers, bank accounts, credit cards and health information are worth protecting. The biggest risk is identity theft, where criminals use stolen information to impersonate victims. Simple steps like using strong passwords of at least 11 characters mixing letters, numbers and symbols, being careful what personal details are shared publicly, and only entering account details on secure websites can help reduce risks. Overall the document provides tips for safe internet use while avoiding living in fear online.
Data Security is an information security company with over 15 years of experience that offers various services such as incident response, risk analysis, gap analysis, penetration testing, business continuity planning, security policies, computer forensics, and courses on information security and cybercrime investigation. The company aims to protect information from threats to ensure confidentiality, integrity, and availability through adequate security measures and response to security incidents when they occur. Data Security conducts investigations of devices like computers and phones to determine the cause of incidents and identify responsible parties through forensic procedures.
Data Protection (Download for slideshow)Andrew Sharpe
This document provides a summary of UK data protection laws and principles. It discusses key definitions like personal data, sensitive personal data, and data controllers. The 8 data protection principles are outlined, including requirements for fair and lawful processing, specified purposes, accuracy, retention, security, and international transfers. New enforcement powers for the UK Information Commissioner are described, such as monetary penalties and mandatory breach notification. Future developments around issues like breach notification and data sharing are also mentioned.
The document discusses the Data Protection Act, which is designed to protect personal data by creating rights for individuals to control how their data is collected and used, making organizations responsible for securely storing and processing data in accordance with certain principles, and establishing penalties for violations. It outlines the main provisions of the Act, including what is considered personal data, the rights it provides to data subjects, and exceptions to the law.
Cloud computing provides a way for organizations to share distributed resources over a network. However, data security is a major concern in cloud computing since data is stored remotely. The document discusses several techniques used for data security in cloud computing including authentication, encryption, data masking, and data traceability. The latest technologies discussed are a cloud information gateway that can control data transmission and secure logic migration that transfers applications to an internal sandbox for secure execution.
Audience – Sales and pre-sales audience selling to large enterprises and government.
Occasion – Annual channel partners of Thales – April 2010
Presenter – Tony Lock, Programme Director, Freeform Dynamics
This document discusses information privacy and its technical, organizational, and social implications. It begins by defining information privacy and the relationship between data collection, technology, public expectations of privacy, and legal issues. It then covers topics like personally identifiable information, the types of data collected online, and technical tools and devices related to privacy. The document also addresses the costs of information privacy for governments, companies, and consumers. It discusses perspectives on privacy from different generations and countries. Finally, it covers organizational privacy policies and standards, as well as some high-profile data breach cases and the importance of information security.
The document provides an overview of the UK Data Protection Act of 1998. It was introduced due to public concerns about privacy with advancing computer technology. The Act gives individuals rights over their personal data and requires organizations to be open about how data is collected and used. It established 8 principles of good practice that require data to be fairly and lawfully processed, stored securely, and not transferred without adequate protections.
The document provides tips for keeping a network secure, including always keeping virus software and Windows updates enabled, using firewalls, backing up data regularly, and using strong passwords. It warns about common password risks like using obvious words or writing passwords down. The document also covers securing laptops, email, wireless networks, and avoiding risks from open networks. Proper authentication, surge protection, and password protecting are emphasized as important security best practices.
1. Formulate a testing plan with the client to identify systems to evaluate and the scope of testing allowed.
2. Remotely or locally access the target systems to find vulnerabilities by simulating common attacks.
3. Report any found vulnerabilities to the client along with recommendations on how to remedy security issues.
Database security aims to protect data from unauthorized access through various security controls. This includes restricting access (secrecy), ensuring data integrity, and maintaining data availability. Common threats include accidental issues like hardware/software errors and natural disasters, as well as deliberate actions by authorized or unauthorized users. Microsoft Access provides security features like user accounts, permissions, and database passwords to control access and protect data.
This document discusses privacy concerns related to revealing personal information online. It outlines many ways personal data can be disclosed, such as through internet service providers, email, browsers, search engines, social media and marketing. The document also presents some technical and legal solutions to better protect online privacy, such as cookie controls, encryption, and the Platform for Privacy Preferences framework. However, it notes the difficulty in regulating privacy given priorities around free speech and data sharing. Overall, the document provides context around online privacy issues and risks of personal data being revealed without consent through various internet activities.
Dokumen tersebut memberikan pengenalan dasar tentang jaringan komputer (network) meliputi konsep-konsep fundamental seperti tipe jaringan, topologi jaringan, protokol jaringan, model protokol OSI dan TCP/IP, struktur paket data TCP/IP, serta penjelasan mengenai layer-layer pada model protokol TCP/IP seperti internet layer, transport layer, protokol-protokol pada masing-masing layer seperti IP, TCP, UDP beserta contoh-contoh aplikasi dan header m
cookie is a small amount of data generated by a website and saved by your web browser. Its purpose is to remember information about you, similar to a preference file created by a software application.
This document provides information about computer information systems technology programs at Moultrie Technical College. It describes three programs: Networking Specialist, Internet Specialist - Web Site Design, and Computer Support Specialist. For each it provides expected program outcomes, course timelines, and information on admission requirements, costs, and faculty. The document aims to help potential students determine if these programs are a good fit for their career goals in information technology fields.
Yesterday Pierluigi Paganini, CISO Bit4Id and founder Security Affairs, presented at the ISACA Roma & OWASP Italy conference the state of the art for the Internet of Things paradigm. The presentation highlights the security and privacy issues for the Internet of Things, a technology that is changing user’s perception of the technology.
IoT Devices Expanding Your Digital FootprintSurfWatch Labs
This document discusses the expanding risks associated with the growing number of internet of things (IoT) devices. It notes that buildings now have numerous networked devices that are often not properly secured, expanding organizations' digital footprints. These devices fall into categories like home automation, energy, security, and IT/mobile. The interconnectivity of these devices in smart buildings captures detailed data. While only half of sensitive data is currently protected, the number of unsecured IoT devices provides opportunities for cybercriminals to launch distributed denial of service attacks and create botnets like Mirai. The document recommends that organizations clearly define ownership of IoT devices, establish policies for managing them, inventory all software and devices, use security solutions to monitor for
Cyber Security: A Hands on review on what is cyber security and how to prevent your devices from hacking and data breach. In today's era almost all devices are connected to internet are available for hackers to breach into and do their work. The data breach can be very dangerous and sometimes even more that it can demolish a company or a person.
In this presentation we will discuss about the ways and short description on Cyber Securty and Techniques.
Cyber security is important to protect computers, networks, programs, and data from threats such as theft, damage, and unauthorized access or disclosure. As technology has advanced and more devices are connected, the threats have also increased and become more sophisticated. Cyber security involves various elements like data security, network security, cloud security, and disaster recovery plans. Common cyber threats include phishing, malware, SQL injection, and denial of service attacks. It is important for individuals and organizations to implement cyber security best practices such as strong passwords, updates, backups, access control, and employee training to protect against cybercrime and attacks.
Cyberattacks are malicious actions taken by individuals, groups, or organizations against computer systems, networks, and digital devices with the intent to damage, steal or manipulate data, or disrupt normal operations. These attacks can target anyone, from individuals to governments and large corporations, and can cause severe damage to both personal and professional lives.
This document discusses cyber security. It begins by introducing the group members and providing background on the growth of computer usage and corresponding security risks since the 1970s. It then defines cyber security as a system to protect computers and networks from threats like theft, damage, or information disclosure. The document outlines several key elements of cyber security including data, application, mobile, network, endpoint, cloud, database/infrastructure, and business continuity. It stresses the importance of cyber security to prevent damages, data abuse, and protect sensitive information. Finally, it discusses common cyber threats such as phishing, malware, and denial of service attacks, and provides tips for building strong cyber security practices.
The document discusses cyber security. It begins by explaining how computer usage has grown significantly since the 1970s but also made computers prone to various threats. Cyber security aims to protect computers and networks from issues like theft, damage, disruption or unauthorized access. While the definition of cyber security seems simple, protecting various modern technologies like smartphones, websites and IoT devices requires complex systems. The document then outlines different elements of cyber security like data, application, mobile, network, endpoint, cloud, database and infrastructure security. It stresses that cyber security is important to prevent damages, data abuse, and protect sensitive information. The document concludes by describing common cyber threats like phishing, malware and denial of service attacks and providing tips to build strong cyber security
This document discusses cyber security and provides information on various cyber security domains and threats. It begins with an introduction to cyber security and defines what cyber security is. It then outlines five main cyber security domains: 1) critical infrastructure security, 2) network security, 3) application security and cloud security & information security, 4) storage security & mobile security, and 5) information security. For each domain, it provides details on what they involve and examples. The document also discusses common cyber threats, dangerous cyber security myths, and provides dos and don'ts for cyber security.
Prafful Rajendrasingh Patil discusses security issues in internet of things (IoT) device update management in his course. He outlines how IoT devices are connected to central command and control hubs for software updates and management, but this structure introduces vulnerabilities if devices are using outdated software or weak authentication. Common security threats to IoT devices include man-in-the-middle attacks targeting application programming interfaces, theft of user data from unsecured devices, and use of infected devices in large botnets for distributed denial-of-service attacks. Addressing these issues requires improving software and communication security as well as access controls on IoT devices.
The document discusses cyber security. It begins by explaining how computer usage has grown significantly since the 1970s and how cyber security systems aim to protect computers and networks from threats like theft, damage, disruption and information disclosure. It then describes several key elements of cyber security including data security, application security, mobile security, network security, endpoint security, cloud security, database/infrastructure security and business continuity/disaster recovery. The document emphasizes that cyber threats can cause damages and data issues, so cyber security is important to implement. It provides examples of common cyber threats like phishing, malware attacks and backdoors. Finally, it offers tips for building effective cyber security systems and strategies.
Cyber security is important to protect computers, networks, and data from theft, damage, or unauthorized access. It covers various types of security like data security, application security, mobile security, network security, endpoint security, cloud security, database security, and disaster recovery plans. Cyber threats can take the form of cybercrime, cyber-attacks, or cyber-terrorism, and may use methods like phishing, malware, SQL injection, backdoors, denial-of-service attacks, and spoofing. It is important for individuals and organizations to implement strong passwords, updates, backups, employee training, authentication, and security technologies to protect against cyber threats.
This document discusses cyber security and provides an overview of its key elements. It begins by explaining how computer usage has grown significantly since the 1970s and how cyber security systems aim to protect computers and networks from threats like theft, damage, and information disclosure. It then outlines several types of cyber security that cover areas like data security, application security, mobile security, network security, and more. The document also discusses common cyber threat methods such as phishing, malware, and backdoors. It concludes by providing tips for building an effective cyber security system, including using strong passwords, multi-factor authentication, backup systems, and cyber security software.
Considerazioni su ITC Security e sui Cyber Attacks seeweb
This document discusses considerations around information and communication technology (ICT) security and cyber attacks. It notes that ICT security is a key element for ensuring business continuity and compliance with various standards, and that information resources should be protected as important business assets. The document also summarizes reports on the state of cyber attacks worldwide in 2013, including the growing threats from malware, social engineering, and targeted attacks, as well as trends involving mobile devices, cloud services, and the Internet of Things.
The document discusses the main cybersecurity challenges faced in social computing. It identifies several key challenges: (1) big data breaches as more personal data is collected and stored; (2) the expansion of AI which could help detect cyberattacks but also poses risks; and (3) limited IT resources making it difficult for organizations to adequately monitor and secure expanding networks and devices. Additional challenges discussed include threats posed by the growing number of internet-connected devices and vulnerabilities in serverless applications. Real-world examples are provided to illustrate incidents and the potential damage from successful cyberattacks.
This document discusses cyber security. It begins by introducing the team members working on a cyber security presentation. The presentation will cover an introduction to cyber security, key elements of cyber security including data, application, mobile, network, endpoint, cloud, database and infrastructure security. It will also discuss why cyber security is important and common cyber threats such as phishing, malware, and SQL injection. The document concludes by providing tips for building cyber security such as using strong and unique passwords, multi-factor authentication, and cyber security software.
Top 5 Cybersecurity Threats in Retail IndustrySeqrite
The document discusses cybersecurity threats facing the retail industry. It notes that the retail industry suffered 215 data breaches in 2016, with an average cost of $172 per compromised record. Common cyber attacks on retail companies include malware, data theft, distributed denial of service (DDoS) attacks, phishing, and vulnerabilities from internet of things devices. Seqrite provides cybersecurity solutions like endpoint security, unified threat management, mobile device management, and data loss prevention to help mitigate these threats.
The document discusses security challenges posed by increased use of mobile and wireless devices, including risks of malware, hacking, and data theft. It covers types of mobile devices and attacks like viruses, smishing, and vishing. It also provides recommendations for securing mobile devices like using passwords, encryption, and anti-theft tracking software.
Internet and Global Connectivity – Security ConcernsAkshay Jain
The world is becoming more interconnected with the internet and new networking technology.
Network security has become more important to personal computer users, organization and military.
(T.L.E.) Agriculture: Essentials of GardeningMJDuyan
(𝐓𝐋𝐄 𝟏𝟎𝟎) (𝐋𝐞𝐬𝐬𝐨𝐧 𝟏.𝟎)-𝐅𝐢𝐧𝐚𝐥𝐬
Lesson Outcome:
-Students will understand the basics of gardening, including the importance of soil, water, and sunlight for plant growth. They will learn to identify and use essential gardening tools, plant seeds, and seedlings properly, and manage common garden pests using eco-friendly methods.
Split Shifts From Gantt View in the Odoo 17Celine George
Odoo allows users to split long shifts into multiple segments directly from the Gantt view.Each segment retains details of the original shift, such as employee assignment, start time, end time, and specific tasks or descriptions.
Understanding and Interpreting Teachers’ TPACK for Teaching Multimodalities i...Neny Isharyanti
Presented as a plenary session in iTELL 2024 in Salatiga on 4 July 2024.
The plenary focuses on understanding and intepreting relevant TPACK competence for teachers to be adept in teaching multimodality in the digital age. It juxtaposes the results of research on multimodality with its contextual implementation in the teaching of English subject in the Indonesian Emancipated Curriculum.
The Jewish Trinity : Sabbath,Shekinah and Sanctuary 4.pdfJackieSparrow3
we may assume that God created the cosmos to be his great temple, in which he rested after his creative work. Nevertheless, his special revelatory presence did not fill the entire earth yet, since it was his intention that his human vice-regent, whom he installed in the garden sanctuary, would extend worldwide the boundaries of that sanctuary and of God’s presence. Adam, of course, disobeyed this mandate, so that humanity no longer enjoyed God’s presence in the little localized garden. Consequently, the entire earth became infected with sin and idolatry in a way it had not been previously before the fall, while yet in its still imperfect newly created state. Therefore, the various expressions about God being unable to inhabit earthly structures are best understood, at least in part, by realizing that the old order and sanctuary have been tainted with sin and must be cleansed and recreated before God’s Shekinah presence, formerly limited to heaven and the holy of holies, can dwell universally throughout creation
Join educators from the US and worldwide at this year’s conference, themed “Strategies for Proficiency & Acquisition,” to learn from top experts in world language teaching.
Beginner's Guide to Bypassing Falco Container Runtime Security in Kubernetes ...anjaliinfosec
This presentation, crafted for the Kubernetes Village at BSides Bangalore 2024, delves into the essentials of bypassing Falco, a leading container runtime security solution in Kubernetes. Tailored for beginners, it covers fundamental concepts, practical techniques, and real-world examples to help you understand and navigate Falco's security mechanisms effectively. Ideal for developers, security professionals, and tech enthusiasts eager to enhance their expertise in Kubernetes security and container runtime defenses.
How to Install Theme in the Odoo 17 ERPCeline George
With Odoo, we can select from a wide selection of attractive themes. Many excellent ones are free to use, while some require payment. Putting an Odoo theme in the Odoo module directory on our server, downloading the theme, and then installing it is a simple process.
Credit limit improvement system in odoo 17Celine George
In Odoo 17, confirmed and uninvoiced sales orders are now factored into a partner's total receivables. As a result, the credit limit warning system now considers this updated calculation, leading to more accurate and effective credit management.
Integrated Marketing Communications (IMC)- Concept, Features, Elements, Role of advertising in IMC
Advertising: Concept, Features, Evolution of Advertising, Active Participants, Benefits of advertising to Business firms and consumers.
Classification of advertising: Geographic, Media, Target audience and Functions.
The membership Module in the Odoo 17 ERPCeline George
Some business organizations give membership to their customers to ensure the long term relationship with those customers. If the customer is a member of the business then they get special offers and other benefits. The membership module in odoo 17 is helpful to manage everything related to the membership of multiple customers.
Principles of Roods Approach!!!!!!!.pptxibtesaam huma
Principles of Rood’s Approach
Treatment technique used in physiotherapy for neurological patients which aids them to recover and improve quality of life
Facilitatory techniques
Inhibitory techniques
How to Show Sample Data in Tree and Kanban View in Odoo 17Celine George
In Odoo 17, sample data serves as a valuable resource for users seeking to familiarize themselves with the functionalities and capabilities of the software prior to integrating their own information. In this slide we are going to discuss about how to show sample data to a tree view and a kanban view.
How to Configure Time Off Types in Odoo 17Celine George
Now we can take look into how to configure time off types in odoo 17 through this slide. Time-off types are used to grant or request different types of leave. Only then the authorities will have a clear view or a clear understanding of what kind of leave the employee is taking.
Ardra Nakshatra (आर्द्रा): Understanding its Effects and RemediesAstro Pathshala
Ardra Nakshatra, the sixth Nakshatra in Vedic astrology, spans from 6°40' to 20° in the Gemini zodiac sign. Governed by Rahu, the north lunar node, Ardra translates to "the moist one" or "the star of sorrow." Symbolized by a teardrop, it represents the transformational power of storms, bringing both destruction and renewal.
About Astro Pathshala
Astro Pathshala is a renowned astrology institute offering comprehensive astrology courses and personalized astrological consultations for over 20 years. Founded by Gurudev Sunil Vashist ji, Astro Pathshala has been a beacon of knowledge and guidance in the field of Vedic astrology. With a team of experienced astrologers, the institute provides in-depth courses that cover various aspects of astrology, including Nakshatras, planetary influences, and remedies. Whether you are a beginner seeking to learn astrology or someone looking for expert astrological advice, Astro Pathshala is dedicated to helping you navigate life's challenges and unlock your full potential through the ancient wisdom of Vedic astrology.
For more information about their courses and consultations, visit Astro Pathshala.
Delegation Inheritance in Odoo 17 and Its Use CasesCeline George
There are 3 types of inheritance in odoo Classical, Extension, and Delegation. Delegation inheritance is used to sink other models to our custom model. And there is no change in the views. This slide will discuss delegation inheritance and its use cases in odoo 17.
2. What is Data Security
• Some Definitions – the protecting of a database from destructive forces
and unwanted actions of unauthorized users.
• Some Problems associated with Data Security
-Data Tampering
-Eavesdropping and Data Theft
-Falsifying User Identities
-Password-Related Threats
-Unauthorized Access to tables and Columns
-Unauthorized Access to Data Rows
-Lack of Accountability
IS6120 Data Security 2
4. • Open reel magnetic tape was introduced in the 1950’s, These tapes
could store 5MB to 150MB of data and marked an evolutionary step in
data storage and data protection.
IS6120 Data Security 4
5. • Physical attacks on data can also be known as tampering
• Tampering is a physical action type defined as unauthorized altering or interfering
with the normal state or operation of an asset rather than, for instance, altering
software or system settings. (Verizon 2011)
• Still a Security Threat today due to:
• Sensitive Data Left in Plain View
Unlocked Accessible Computer Systems Data Loss
• Data Cabling Accessible from Public Areas
IS6120 Data Security 5
6. New Avenues to steal data
• Network
• E-mails
• Applications
• Thirty years ago, the first computer virus appeared. Since then, cybercriminals
have created millions of viruses and other malware—email
viruses, Trojans, Internet worms, spyware, keystroke loggers—some spreading
worldwide and making headlines.
• Internet is providing more opportunities for hackers to steal data –
Increasing Data theft.
IS6120 Data Security 6
7. Data Theft
• Data theft is the deliberate theft of information, rather than its accidental
loss. Data theft can take place both inside an organization (e.g., by a
disgruntled employee), or by criminals outside the organization.
• Examples
• 2012- Belgian credit provider, Dexia, where demanded to make payment
(blackmail) of €150,000 (US$197,000) to prevent hackers from publishing
confidential information.
• 2011- Sony Corp suffers breaches that place 100M customer accounts at
risk, costing the company up to $2 billion.
IS6120 Data Security 7
8. What types of threats exist?
• A lot of viruses and other malware exist and can be seen here.
• More than 403 million unique variants of malware detected by Symantec in 2011
• Malware
• A drive-by download
• Denial-of-service (DoS) attack
• Trojan
• Email hoax's – “Good Times”
• Phishing
• Spear-phishing
• SQL Injection
IS6120 Data Security 8
9. Definitions of Threats
• A drive-by download is the infection of a computer with malware when a user
visits a malicious website. Drive-by downloads occur without the knowledge of the
user. Simply visiting an infected website may be sufficient for the malware to be
downloaded and run on a computer.
• SQL Injection is an attack technique used to exploit how web pages communicate
with back-end databases. An attacker can issue commands (in the form of specially
crafted SQL statements) to a database using input fields on a website.
• Spearphishing is targeted phishing using spoof emails to persuade people within a
company to reveal sensitive information or credentials. Unlike phishing, which
involves mass-emailing, spearphishing is small-scale and well-targeted.
IS6120 Data Security 9
10. Security software and hardware
• Antivirus software
• Firewalls
• Device control
• Network access control
• Application control
IS6120 Data Security 10
11. Threat prevention
• Firewall acts as a barrier between networks or parts of a network, blocking
malicious traffic or preventing hacking attempts.
• Anti-malware software can defend you against viruses and other malware threats
including Trojans, worms and, depending on the product, spyware.
• Anti-spam programs can detect unwanted email and prevent it from reaching user
inboxes.
• Appliances are a combination of hardware and software security elements in one
solution. This lets you plug appliances in rather than installing the software
separately.
• Intrusion prevention systems (IPS) monitor network and systems for malicious
activity.
• Network access control (NAC) A NAC solution protects your network and the
information on it from the threats posed by users or devices accessing your
network.
IS6120 Data Security 11
12. Ensure data protection
• Encrypt your computers, emails and other devices and use firewall
• Use device and application control
• Only allow compliant computers to access your network.
• Implement outbound content controls
• Disable AutoRun functionality- In February 2011 Microsoft automatically
disabled AutoRun, preventing malware from copying itself to host
computers and shared network drives from devices such as USB drives.
• With more than 403 million unique variants of malware detected by
Symantec in 2011, enterprises should be updating security virus and
intrusion prevention definitions at least daily, if not multiple times a day.
IS6120 Data Security 12
13. What is Mobile Computing?
• A generic term used to refer to a variety of devices that allow
people to access data and information from where ever they are
• Mobile Computing embraces a host of portable technologies that
makes internet access on the go not only possible, but integral to
every day life
• A recent Gartner report claimed that “Mobile Computing is the
future”
• Report also suggests that mobile phones will overtake PCs as the
most common web access device worldwide
IS6120 Data Security 13
14. Security Risks of Mobile Computing
• Fishnet Security survey
found that Mobile
Computing is the top
security concern for 18%
organizations 35% Mobile Computing
Social Networks
• Of the professionals 20% Other
surveyed: Cloud Computing
35% Mobile Computing 27%
27% Social Networks
20% Other
18% Cloud Computing
IS6120 Data Security 14
15. Security Risks of Mobile Computing
• The popularity of mobile computing is accelerating, as their sales
reach a critical mass smartphones and tablets will become prime
targets of malware attacks
• There’s now more than 1 billion active Smartphones, that’s one for
every seven people on the planet
• As with any computing solution, tablet PC’s and Smartphones are
exposed to software threats
• However, Mobile brings additional risks like theft or accidental loss
where sensitive data can be lost
IS6120 Data Security 15
16. Bring Your Own Device (BYOD)
• The idea behind BYOD is that users can use a personal device such as a
Tablet or Smartphone for both personal and business use
• This scenario of users bringing in their own devices to connect to a
corporate network could result in malware spreading through the
corporate network
• BYOD multiplies the number of networks, applications, and end-points
through which data is accessed
• Moving data across different devices and networks is increasing security
risks by opening sensitive corporate data to leaks and attacks
• This has led to some people dubbing BYOD as “Bring Your Own Disaster”
IS6120 Data Security 16
17. The Issue With Mobile Browsers
• On Mobile Browsers, even experts have trouble
determining the legitimacy of a website due to a lack of an
icon that shows the browser is using Secure Sockets Layer
(SSL)
• These icons, which are present on almost all desktop
browsers, quickly tells users if the site is secure and
legitimate eg. The padlock icon
• Once developers figure out a smart and consistent way to
implement SSL, everyone will be more secure and better
served
IS6120 Data Security 17
18. Mobile Payments
• Despite convenient and futuristic qualities, the
mobile platform not designed as a secure
application environment
• Lots of sensitive data stored or entered in your
Smartphone and because it is connected to the
internet at all times, Smartphone at great risk for
malware designed to grab sensitive information
IS6120 Data Security 18
19. Example: NASA Data Security Breach
• Last year, data breaches occurred in the space agency NASA as a
result of the theft of 48 portable electronic devices
• Among the data compromised were International Space Station
command-and-control codes and employees’ personal information
• As a result NASA has enacted new policies including mandatory full-
disk encryption for NASA-issued computers that go off the premises
• In addition, NASA will forbid employees from storing sensitive
information on mobile devices such as Smartphones and Tablets
IS6120 Data Security 19
20. Possible Steps to Minimise Security
Risks
• You’ll never eliminate all of the potential risks, but you
can minimise the threats
1) Know your hardware and operating systems
2) Think before you store
3) Shop for Apps securely
4) Install updates
IS6120 Data Security 20
21. Social Networks – Problems with Security &
Data Privacy
• Use of the internet is changing
• Huge growth in the volume of personal
information being shared on the web
• Huge opportunities for businesses
IS6120 Data Security 21
22. Issues with Social Networks
• Personal Information
• National incentives are ineffective
IS6120 Data Security 22
23. Security Issues in the Future of Social
Networking
1. Storage of personal data
2. Tools for managing personal data and how it
is viewed
3. Access control to personal data based on
credentials
4. Tools for finding out who has accessed
personal data
IS6120 Data Security 23
25. Examples of Social Networking Sites
• “Just received a job offer. Hooray!”
• “I’m tired of all the rain.”
• “Looking forward to the family vacation next
week at Disney World.”
IS6120 Data Security 25
27. • “The boss just laid off 32 employees. I hear there
may be more coming on Wednesday.”
• “Rumor has it that the Acme Widgets acquisition fell
through.”
• “Working to troubleshoot a major software bug we
just found.”
• “I just posted a funny video of myself frying a rodent
at the restaurant where I work.”
IS6120 Data Security 27
29. How much will providers actually allow the
export and open transfer of their data stores?
• Social Networking is becoming the preferred
way to manage personal data
• Identity Theft & Authentication
• Web of Trust Techniques
IS6120 Data Security 29
31. Possible Steps
1. Each user is issued a token
2. Every time user A is accepted as a friend by a
user, token given positive/negative trust
training
3. User A suspects User B is not who they say
they are
4. User A knows user B personally
5. Scores aggregated
IS6120 Data Security 31
32. ..continued
6. Tokens are visible
7. Tokens are transferable
8. Key can be extended
Source:
http://www.gfi.com/whitepapers/Social_Networking_and_Security_Risks.pdf
IS6120 Data Security 32
33. Password Protection
• Video explaining password protection:
http://www.youtube.com/watch?v=FtqwXzNebeU
• Thanks for listening
IS6120 Data Security 33