chp1- Information Security Overview.pptx

azlina1656 13 views 23 slides Jun 04, 2024
Slide 1
Slide 1 of 23
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20
Slide 21
21
Slide 22
22
Slide 23
23

About This Presentation

Information Security Overview

Size: 1.39 MB
Language: en
Added: Jun 04, 2024
Slides: 23 pages

Slide Content

DFP40263 Secure Mobile Computing Topic 1 Information Security Overview

1.1 THE NEED FOR INFORMATION SECURITY What Is Information Security? The protection of information and its critical elements, including the systems and hardware that use, store and transmit that information. the entire set of software, hardware, database, people, and procedures necessary to use information as a resource in the organization

WHY NEED INFORMATION SECURITY? Prevent unauthorized access to the network that is potential threat to the network and its resources. Ensure that the authentic users can effectively access the network and its services. Applications that can protect the network from unauthorized access are in place. ( eg : Antivirus)

Characteristics of Information Security Making sure that those who should not see information Making sure that the information has not been changed from its original Making sure that the information is available for use when you need it The C.I.A. triangle was the standard based on confidentiality, integrity, and availability CIA TRIAD

1.1.2 Characteristics of IS – CIA TRIAD a. Confidentiality (C) Confidentiality is the protection of personal information. It maintain the privacy of data. It means keeping a client’s information between you and the client, and not telling others including co-workers, friends, family, etc. Eg: ATM (Auto Teller Machine) pin number stolen by someone else.

b. Integrity (I) protecting information from being modified by unauthorized parties. trustworthiness of information resources. assurance that data is genuine Information needs to be changed constantly. Integrity means that changes need to be done only by authorized entities and through authorized mechanisms.

c. Availability (A) the information must be available when it is needed. system still functions efficiently after security provisions are in place The information created and stored by an organization needs to be available to authorized entities 24x7. Information needs to be constantly changed, which means it must be accessible to authorized entities.

1.1.3 APPLY THE CHARACTERISTICS OF CIA IN REAL ENVIRONMENT

1.1.4 SECURITY MODELS Open Security Models - terbuka Restrictive Security Models - terhad Closed Security Models - tertutup

a. OPEN SECURITY MODELS The easiest to implement. Simple password and server security becomes the foundation of this model. This model assumes that the protected assets are minimal , user are trusted , and threats are minimal. LAN are NOT connected to the Internet. If security breaches occurs, the result will be in great damage or loss.

a. OPEN SECURITY MODELS

b. RESTRICTIVE SECURITY MODELS More difficult to implement. Firewalls and identity servers become the foundation of this model. This model assumes that the protected assets are substantial ( utama ) , some users are NOT trustworthy, and that threats are likely. Suitable for LANs/public WANs that connect to the Internet. Ease of use for users diminishes ( berkurangan ) as security tightens.

CON’T… b. RESTRICTIVE SECURITY MODELS

c. CLOSED SECURITY MODELS Most difficult to implement. All available security measures are implement in this design. This model assumes that the protected assets are premium, all users are NOT trustworthy, and that threats are frequent. User access is difficult and cumbersome ( rumit ) . Need many train network administrator to maintain the tight security applied.

CON’T… c. CLOSED SECURITY MODELS

Categories of Risks Sec 1.2 Potential risk to Information urity Physical damage - Fire, water, vandalism, power loss, and natural disasters. Human interaction - Accidental or intentional action or inaction that can disrupt productivity. Equipment malfunction - Failure of systems and peripheral devices. Inside and outside attacks - Hacking, cracking, and attacking Misuse of data- Sharing trade secrets, fraud, espionage, and theft. Loss of data - Intentional or unintentional loss of information through destructive means. Application error - Computation errors, input errors, and buffer overflows. Social Status - Loss of Customer base and reputation.

1.2.1 THREATS TERMINOLOGY Information Theft Unauthorized Disclosure Information Warfare Accidental Data Loss Data Disclosure Data Modification Data Availability

Information Theft ( Kecurian maklumat) Get the private information (ID number/pin number/password) without any permission It is a form of stealing someone’s identity in which someone pretends to be someone else by assuming that person’s identity. Unauthorized Disclosure An event involving the exposure of information to entities not authorized access to the information That an organization suspects some of its employees leaking out the confidential information to its competitor. It is also usually believed that its competitor actually planted spies within the organization in order to target and steal new product plan.

c. Information Warfare May involve collection of tactical information to demoralize the enemy and the public d. Accidental Data Loss An error condition in information systems in which information is destroyed by failures or neglect in storage, transmission, or processing. Delete files unfortunately

e. Data Disclosure :- Pendedahan Data Voluntary sharing of any and all information that is considered relevant to a given situation. Eg: Data or information is opened to unauthorized persons, processes, or devices. Make data available without permission or authority. Data is stolen but owner still has it.

f. Data modification – Pengubahan Data Modify information that an attacker is not authorized to modify. Data is altered without authorization. Data can be modified in store or in transmission. Information source Information destination MODIFICATION Middle man

g. Data Availability - Ketersediaan Data Products and services that ensure that data continue to be available at a required level of performance in situations ranging from normal through “disastrous”. 24x7 available. Information source Information destination INTERRUPTION

END OF Chapter 1 Thank You
Tags
security
Categories
General
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 13
  • Slides 23
  • Age 546 days
Related Slideshows
Pray For The Peace Of Jerusalem and You Will Prosper 22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
Don_t_Waste_Your_Life_God.....powerpoint 26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf 31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
Fertility awareness methods for women in the society 14
Fertility awareness methods for women in the society
Isaiah47
29 views
Chapter 5 Arithmetic Functions Computer Organisation and Architecture 35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
syakira bhasa inggris (1) (1).pptx....... 5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views
View More in This Category