Cyber Security Export and ITAR Brief - Awareness, Challenges, and Threats

Cyber Security Export and ITAR Brief - Awareness, Challenges, and Threats
Slide Note
Embed
Share

This brief covers key aspects of cyber security, including security awareness, challenges in higher education, threats from nation states and criminals, types of vulnerabilities, and more. It emphasizes the importance of protecting data and systems in an increasingly interconnected world.

  • Cyber Security
  • Threats
  • Challenges
  • Awareness
  • ITAR
abel_en
abel_en Follow

Uploaded on Mar 22, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Cyber Security Export and ITAR Brief 4 April 2018

  2. Agenda Cyber Security Security Awareness Threats and Risks Protecting You

  3. Security Vision 1: resources for students, faculty, and staff 2: Develop and implement university cyber security vulnerability and risk management system 3: Develop and deploy a sustainable process to enable secure research 4: Lead a statewide/regional perspective on cyber security 5: Lead cyber security digital transformation at the University of Arkansas Secure and protect university systems data

  4. Challenges in Higher Education We have lots of data Network is very open to any device Budget Limited Staffing Limited We have very trusting People

  5. Quote from Abraham Lincoln Everything you see on the Internet is True and Safe

  6. UA Network 27,000 + Students 5,000 + Faculty and Staff 1,000+ contractors 65,000 + IP Addresses Multiple Third Party Vendors Different Technologies Security Awareness is very low Infrequent Patching Must meet Compliance/Regulatory areas such as: HIPAA, PII, PCI, GLBA, FISMA, FERPA, ITAR

  7. UA Network- What do We see 900 million a month 20% suspicious 20% overseas 80-90% blocked 1%-10% of students infected every day Lots of Phishing Lots of Malware

  8. Threats Nation States - commercial / military gains of their government Terrorists - political or ideological objective Criminals - monitory gains Crackers & Hackers - technical challenge of defeating the system Competitors - establish / protect market share and profitability Script Kiddies people who hack for fun

  9. Types of Vulnerabilities Human Hardware/Software Physical Natural tornado s, fire, flood, etc Greater complexity Wireless Connectivity We connect everything

  10. Multiple Attack Methods Scanning Brute Force Attacks Visits from Far Away Places Phishing Scripted and Anonymous Attack Over 5,000 On-Line Scripts Exploits within hours of public release of patches Active Web Site Attacks Human-to-Human Interaction is the biggest threat

  11. Wireless Access Threat Computers Games - Xbox, Play Stations Smart meters Smart appliances Smart Phones Smart TVs Smart Watches Cars Cameras Image result for internet of things 11

  12. Theres An App For That Get mobile access to your anything control system via an iPhone, iPad, Android and other smartphones and tablet devices. Apps now will give you instant access to anything Beware of the Fake Game App 12

  13. Social Engineering Social engineering is an attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures Examples: IT Department requests your information over the phone A New Customer Representative from a company Image result for phishing

  14. Ransomware A form of malware that when executed, encrypts user data and/or denies use of workstation. Demands a ransom payment in exchange for decryption keys Targets small, medium, large business, hospitals, police, govt s, individuals Delivery channels: Websites, Malvertising, Email Dark web offers Ransomware-as-a-Service First payment low -Use of crypto currency such as BitCoin that enhances anonymity City of Atlanta just got hit

  15. Top Ten UA System Phishing Attacks 1) The message contains a mismatched Address 2) URLs contain a misleading domain name (Arkansaw instead of Arkansas 3) The message contains spelling and grammar mistakes (examples-Piza, Koupon, cuestion) 4) The message asks you to send personal information 5) The free offer seems too good to be true 6) You didn't initiate the action 7) You are asked to send money to cover expenses or you get a check in the mail 8) The message makes unrealistic threats 9) The message appears to be from a government agency like the FBI or IRS 10) The Legal or IT department send a strange message requesting reviews of information at a link in the message

  16. Typical Attack Cycle 2 - PCs are controlled by attackers Steal user IDs and passwords Establish bases on servers (passwords, backdoors) Steal Administrator Privileges 1 - PCs are infected E-mail attachments with malware E-mail with links to bad Web sites Users stumble on bad Web sites 3 - Servers are controlled by attackers Gather data from poorly protected systems (patching, insiders) Send out data through forward web proxy Gather more credentials & plant back doors Grab control of more machines Expand Access 2 @ 3 1 Attacker

  17. What Does this Mean for Cyber Security

  18. New Paradigm for Security Holistic Transparent Resilient Flexible/Adaptable Ease to Use Proactive Highly Skilled Team Unified Approach Understand Culture Security Upfront Good Security Policies Good Security Processes Embed Security in the Contract Process Protect Critical Data

  19. Security Projects Security Operations Center Student Staffed Research LANS Identity Access Management Data Encryption Email Encryption New PW System Endpoint Protect Data Exfiltration-prevent an Experian Web Site Protection

  20. ITAR and Export Must Haves: Overall Plan Physical Security Access Equip Security Access Control Data Inventory Data Labelling Encryption Email Data At Rest FIPS 140-2 (AES 256) Key Management Designated Lead

  21. ITAR and Export Must Haves: PW System Multi-Factor Authentication Logging/Logs Monitoring Network Monitoring Incident Response Periodic Risk Assessments Security Awareness Training

  22. ITAR and Export and The Cloud Must Haves: No Data Replication No Overseas Cloud Cannot Store Overseas Cannot transit data overseas Security Defined What the Cloud Provider does What you do Access Control Be careful with Compliance Data in the Cloud

  23. ITAR-Rules ITAR 126.1 ( e) (2) 120.56 EAR Export Admin Reg 734.18 DOE 810 Reg DoD 800-171

  24. What Can You Do? Control Access Think before you click Protect Data Monitor Backup: Maintain offline backups (if possible) and test your backup strategy to ensure it is working. Watch for Abnormal Activities Bring in IT Security for upfront for an assessment and for ongoing assistance

  25. What Can You Do? Email Protection Use Email Privacy Settings Watch Email Return Address Do not send Sensitive Information in an unprotected email Remember the Research Compliance Office Call IT Security

  26. Incident response If you click on a link or something bad happens security@uark.edu Contact the ITS Security Team

  27. Security Vision 1: resources for students, faculty, and staff 2: Develop and implement university cyber security vulnerability and risk management system 3: Develop and deploy a sustainable process to enable secure research 4: Lead a statewide/regional perspective on cyber security 5: Lead cyber security digital transformation at the University of Arkansas Secure and protect university systems data

  28. Questions

  29. Reference Material

  30. Ransomware Example JiggSaw

  31. Ransomware Example Lock screen

  32. What is a bitcoin? A decentralized, global digital currency Peer to Peer Purchased or traded at Bitcoin Exchanges Commonly used as ransom payment in Ransomware attacks All transactions can be traced back to an anonymous address * See Bitcoin Wallet Slide*

  33. What is the Bitcoin network Infrastructure that supports Bitcoin transactions Network secured by individuals: Miners Miners verify all Bitcoin transactions trust model After a transaction is verified it is recorded in a public ledger (Block Chain)

  34. What is the Bitcoin Wallet Bitcoins are stored in a digital wallet Digital wallet is comprised of: Bitcoin Address and private key Bitcoin address similar to an email address Unique address where you will receive bitcoins 26-35 alphanumeric characters or QR code Private key: Similar to a password Allows access to your bitcoins Send bitcoins as payment Keep it safe!

  35. How to obtain bitcoins Bitcoin Exchanges May have to link an existing bank account to wallet account to transfer funds between wallet and exchange Some exchanges are peer to peer Exchanges are unregulated. No guarantees Different payment methods (Credit, Debit, PayPal) PayPal is usually the preferred method due to its trusted relationship * Verification speeds can vary Purchasing limits differ from exchange Service charge

  36. Password Protection Password protection is a form of authentication in order to open or edit a document When sending a password protected document it is important to send the document and password in separate emails.

  37. How to Password Protect a Microsoft Word Document Key Points - In the File tab select Protect document and then Encrypt with Password - Type in a password (that you define) twice and remember the password used - Remember to Save the document after the password protection has been assigned to the document - Test the document once it has been saved to ensure it prompts for a password.

  38. How to Password Protect a Microsoft Power Point Presentations Key Points - In the File tab select Protect Presentation and then Encrypt with Password - Type in a password (that you define) twice and remember the password used - Remember to Save the presentation after the password protection has been assigned to the presentation - Test the document once it has been saved to ensure it prompts for a password.

Related


Cyber Security Toolkit for Boards: Comprehensive Briefings and Key Questions

Cyber Security Toolkit for Boards: Comprehensive Briefings and Key Questions

adalwolf
Artificial Intelligence in Cyber Security: Enhancing Threat Detection and Response

Artificial Intelligence in Cyber Security: Enhancing Threat Detection and Response

annabelle
Top Cyber MSP Services in Dallas for Ultimate Security

Top Cyber MSP Services in Dallas for Ultimate Security

Black
Enhance Your Protection with MDR Cyber Security Services in Dallas

Enhance Your Protection with MDR Cyber Security Services in Dallas

Black
Guide to Cyber Essentials Plus and IASME Gold Certification

Guide to Cyber Essentials Plus and IASME Gold Certification

eros
Cyber Threats and Security Controls Analysis for Urban Air Mobility Environments

Cyber Threats and Security Controls Analysis for Urban Air Mobility Environments

adelheide
Managing Covid-19 Cyber and Data Protection Risks

Managing Covid-19 Cyber and Data Protection Risks

kaisen
U.S. Export Control Regulations

U.S. Export Control Regulations

melinda
Cyber Security and Risks

Cyber Security and Risks

kathryn
Overview of Cyber Operations and Security Threats

Overview of Cyber Operations and Security Threats

joan
Cyber Threat Assessment and DBT Methodologies

Cyber Threat Assessment and DBT Methodologies

jgra
Export Controls at UW-Madison

Export Controls at UW-Madison

hrng930
Export Controls and Regulations in the United States

Export Controls and Regulations in the United States

mak_ha
Enhancing SWIFT Security Measures for ReBIT: March 2018 Update

Enhancing SWIFT Security Measures for ReBIT: March 2018 Update

grajales_i
Export Control Basics for an FSO

Export Control Basics for an FSO

savi_4
Export Marketing and Promotion Organizations in India

Export Marketing and Promotion Organizations in India

khiarac
Mobile Issues and Cyber Threats in Nigeria - Presentation by Dr. J.O. Atoyebi, NCC

Mobile Issues and Cyber Threats in Nigeria - Presentation by Dr. J.O. Atoyebi, NCC

skyl_6
Cyber Survivability Test & Evaluation Overview

Cyber Survivability Test & Evaluation Overview

gwe_pyb
Cyber Security: Trends, Challenges, and Solutions

Cyber Security: Trends, Challenges, and Solutions

clay_tor
Cyber Insurance - Emerging Risks and Threats in Today's Digital Landscape

Cyber Insurance - Emerging Risks and Threats in Today's Digital Landscape

paolucci_k
Understanding Cyber Threats in Today's Digital Landscape

Understanding Cyber Threats in Today's Digital Landscape

geto159
The Evolution of Cyber Conflict: A Brief History and Threat Analysis

The Evolution of Cyber Conflict: A Brief History and Threat Analysis

cayetano_a

More Related Content