1

Computer security: Understanding the threats and risks

• Introduction: general framework, what is meant by IT security (threats, risks, protection)?
• How can negligence create a disaster? Some examples. Responsibility.
• The components of an IS and their vulnerabilities. Client and server operating systems.
• Corporate networks (local, site-to-site, Internet access).
• Wireless networks and mobility. Applications at risk: Web, email, etc.
• Database and file system. Threats and risks.
• Sociology of hackers. Underground networks. Motivations.
• Types of risks. Cybercrime in France. Vocabulary (sniffing, spoofing, smurfing, hijacking, etc.).

2

Information protection and workstation security

• Vocabulary. Confidentiality, signature and integrity. Constraints of encryption.
• General overview of cryptographic elements. Windows, Linux or MAC OS: Which is the most secure?
• Management of sensitive data. The problem of laptops.
• What is the threat on the client workstation? What malicious code is.
• How do you deal with security breaches? The USB port. The role of the client firewall.

3

User authentication and access from outside

• Access controls: authentication and authorization.
• Why is authentication important?
• The traditional password.
• Authentication by certificates and tokens.
• Remote access via the Internet. Understanding VPNs.
• The value of strong authentication.

4

How can you get involved in IS security?

• Risk, vulnerability and threat analysis.
• Regulatory and legal constraints.
• Why does my organization need to meet these security requirements?
• Key people in security: understanding the role of the CISO and the Risk Manager.
• Acting for better security: social and legal aspects. The CNIL and legislation.
• Cyber-surveillance and privacy protection.
• The charter for the use of computer resources.
• Everyday security. The right reflexes. Execution.