Introduction-to-Information-Security.pptx

SittieAmaniAlonto 38 views 44 slides Sep 14, 2024
Slide 1
Slide 1 of 44
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20
Slide 21
21
Slide 22
22
Slide 23
23
Slide 24
24
Slide 25
25
Slide 26
26
Slide 27
27
Slide 28
28
Slide 29
29
Slide 30
30
Slide 31
31
Slide 32
32
Slide 33
33
Slide 34
34
Slide 35
35
Slide 36
36
Slide 37
37
Slide 38
38
Slide 39
39
Slide 40
40
Slide 41
41
Slide 42
42
Slide 43
43
Slide 44
44

About This Presentation

Introduction to Information Security

Size: 800.29 KB
Language: en
Added: Sep 14, 2024
Slides: 44 pages

Slide Content

Introduction to Information Security

Learning Objectives Understand what information security is and how it came to mean what it does today. Comprehend the history of computer security and how it evolved into information security. Understand the key terms and critical concepts of information security as presented in the chapter. * Outline the phases of the security systems development life cycle. c Understand the rDIe professionals involved in information security in an organizational structure. Understand the business need for information security. Understand a successful information security program is the responsib1Iity of an organization s general management and I T management. ? Understand the some threats posed to information security and the more common attacks associated with those threats.

Introduction Some hundreds of years ago, we would have been making living on agriculture. Say a hundred years ago you were likely to be making a living working in a factory. Today, we live in the information age where everyone has a job somehow Connected to information stored in digital form on a network.

The History Of Information Security ‘x Computer security began immediately after the first mainframes were developed Physical controls were needed to limit access to authorized personnel to sensitive military locations &OnIy rudimentary controls were available to defend against physical theft, espionage, and sabotage

The 1960s Department of Defense's Advanced Research Project Agency (ARPA) began examining the feasibility of a redundant networked communi cations

The 1970s and 80s ARPANET grew in popularity as did its potential for misuse Fundamental problems with ARPANET security were identified No safety procedures for dial- up connections to the ARPANET User identification and authorization to the system were non- existent In the late 1970s the microprocessor expanded computing capabilities and security threats

R- 609 — The Start of the Study of Computer Security Information Security began with Rand Report R- 609 The scope of computer security grew from physical security to include: Safety of the data Limiting unauthorized access to that data Involvement of personnel from multiple levels of the organization

The 1990s Networks of computers became more common, so too did the need to interconnect the networks Resulted in the Internet, the first manifestation of a global network of networks In early Internet deployments, security was treated as a low priority

The Present The Internet has brought millions of computer networks into communication with each other - many of them unsecured Ability to secure each now influenced by the security on every computer to which it is connected

What is Security? The quality or state of being secure— to be fre e from danger A successful organization should have multipl e layers of security in place: Physical securit v Personal security Operations security Communications security Network security Information security

Critical Characteristics of Information The value of information comes from the char acteristics it possesses: Availability Accuracy Authenticity - Confidentiality Integrity Utility Possession

Components of an Information System Information system (IS) is the entire set of software, hardware, data, people, procedures, and networks necessary to use information as a resource in the organisation

Bottom Up Approach Security from a grass- roots effort - systems administrators attempt to improve the security of their systems Key advantage - technical expertise of the individual administrators Seldom works, as it lacks a number of critical features: participant support organizational staying power

Top- down Approach Initiated by upper management: issue policy, procedures, and processes dictate the goa(s and expected outcomes of the project determine who is accountable for each of the required actions This approach has strong upper management support, a dedicated champion, dedicated funding, clear planning, and the chance to influence organizational culture May also involve a formal development strategy referred to as a systems development life cycle Most successful top- down approach

The Systems Development Life Cycle Information security must be managed in a manner similar to any other major system implemented in the organization Using a methodology — ensures a rigorous process — avoids missing steps The goal is creating a comprehensive security posture/program

The Security Systems Development Life Cycle The same phases used in traditional SDLC may be adapte d to support specialized implementation of an IS project InvestigatiDn Analysis Logical design Physical design Implementation Maintenance & change Identification of specific threats and creating controls to counter them SecSDLC is a coherent program rather than a seri es of random, seemingly unconnected actions

lnvestigation Repeat Mai terance an change

Investigation Identifies process, outcomes, goals, and const raints of the project Begins with enterprise information security po IÏCy Organizational feasibility analysis is performed

Analysis Documents from investigation phase are studied Analyzes existing security policies or programs, a long with dDcumented current threats and assoc iated controls Includes analysis of relevant legal issues that co uld impact design of the security solution The risk management task begins

Logical Design Creates and develops blueprints for information secu rity Incident response actions planned: Continuity planning Incident response Disaster recovery Feasibility analysis to determine whether project sho uld continue or be outsourced

Physical Design Needed security technology is evaluated, alternatives generated, and final design selected At end of phase, feasibility study determines readiness of organization for project

Implementation Security solutions are acquired, tested, implemented, and tested again Personnel issues evaluated; specific training and education programs conducted Entire tested package is presented to management for final approval

Maintenance and Change Perhaps the most important phase, given the ever- changing threat environment Often, reparation and restoration of information is a constant duel with an unseen adversary Information security profile of an organization requires constant adaptation as new threats emerge and old threats evolve

Professionals involved in information security within an organization Senior Management Chief Information Officer (CIO) Senior technology officer Primarily responsible for advising senior executives on strategic planning Chief Information Security Officer (CISO) Primarily responsible for assessment, management, an d implementation of IS in the organization Usually reports directly to the CIO

Information Security Project Team A number of individuals who are experienced in one or more facets of required technical an d nontechnical areas: Champion Team leader Security policy developers Risk assessment specialists Security professionals Systems administrators End users

Data Ownership Data owner: responsible for the security and u se of a particular set of information Data custodian: responsible for storage, maint enance, and protection of information Data users: end users who work with informat ion to perform their daily jobs supporting the mission of the organization

What is Information Security? “The concepts, techniques, technical measures, and adminis trative measures used to protect information assets from deli berate or inadvertent unauthorised acquisition, damage, discl osure, manipulation, modification, loss, or use is information security." or means protecting information and information systems from unauthorised access, use, disclosure, modification or destructi OFI. Implementing suitable controls - policies, practices, procedur es, organisational structures, software, etc, to secure informa tion for any information user.

The protection of information and its critical e lements, including systems and hardware that use, store, and transmit that information Necessary tools: policy, awareness, training, e ducation, technology C.I.A. triangle was standard based on confiden tiality, integrity, and availability C.I.A. triangle now expanded into list of critica I characteristics of information

How Can Information Security Be Achieved Information Security |s achieved by imp\emenling a suitable set of controls, which could be: These controls need to be established in order to ensura that the specific security objectives of the organization are met. one non- alpha and n‹›l f‹›und

Information Security Goals Confidentiality making sure that those who should not see the information can not see it. Integrity - making sure the information has not been changed from how it was intended to be. Availability — making sure the information is available for use when needed.

Securing Components Computer can be subject of an attack and/or the obj ect of an attack — When the subject of an attack, computer is used as an active tool to conduct attack When the object of an attack, computer is the entity b eing attacked

Ha¢\er usfng a computer as ihe suo)”eu of anack Stolen information Harker request Remote system that is \Le abye‹t ol as a«a‹? Cc›mputer as the Subject and Object of an Attack

Balancing Information Security and Access Impossible to obtain perfect security— it is a p rocess, not an absolute Security should be considered balance betwee n protection and availability To achieve balance, level of security must alto w reasonable access, yet protect against threa tS

Balancing security and access

The Need for Information Security Business Needs First Technology Needs Last Information security performs three important functions for an organization: Protects the organization ’s ability to function Communities of interest must argue for information security in ter ms of impact and cost Enables the safe operation Df applicatiD0S implemented on the organization s IT systems Organizations must create integrated, efficient, and capable applic ations Organization need environments that safeguard applications

Protects the data the organization collects and uses One of the most valuable assets is data Without data, an organization loses its record of trans actions and/or its ability to deliver value to its custom ers An effective information security program is essential to the protection of the integrity and value of the orga nization s data Technology Needs Safeguards the technological assets in use at the organi zation Organizations must have secure infrastructure services b ased on the size and scope of the enterprise

Areas of Information System Security Data security Computer security LAN or Network security Internet security

Major Threats & Issues Basic Threats Theft of password E- mail based threats E- mail based extortion Launch of malicious codes (trojans)

Corporate threats Web defacement Corporate espionage Website based launch of malicious code cheating and fraud Exchange of criminal ideas and tools Cyber harassment Forge websites Online threats E- mail spamming Theft of software and electronic records Cyber stalking E- mail bombing Denial of service attacks

Protecting your computer and network Physical security Securing desktop computers Securing laptops/notebooks/handheld computers Securing network security Software security Protect against internet intruders with firewall s and IDS Protect against viruses and other malware PrDtect against spyware and adware Protect against unwanted email

General spam protection practices Do not give out your email address indiscriminately Leave your email signature line blank if you post to a newsgroup Do not reply to junk messages Do not open obvious spam mails Report to appropriate person — systems administrator
Tags
Categories
General
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 38
  • Slides 44
  • Age 443 days
Related Slideshows
Pray For The Peace Of Jerusalem and You Will Prosper 22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
Don_t_Waste_Your_Life_God.....powerpoint 26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf 31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
Fertility awareness methods for women in the society 14
Fertility awareness methods for women in the society
Isaiah47
29 views
Chapter 5 Arithmetic Functions Computer Organisation and Architecture 35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
syakira bhasa inggris (1) (1).pptx....... 5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views
View More in This Category