Information Security KRISHNAKUMAR RAGHAVAN (KK) NASWA's Information Technology Support Center 1.

Slides:

Advertisements

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Advertisements

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Public Key Infrastructure (PKI) Hosting Services.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.

NETWORK SECURITY.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Securing Information Systems

Information Security Technological Security Implementation and Privacy Protection.

Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.

SEC835 Database and Web application security Information Security Architecture.

Shared success Outline What is network security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures. How to secure.

Information Security Update CTC 18 March 2015 Julianne Tolson.

Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.

HIPAA COMPLIANCE WITH DELL

Federal Aviation Administration Federal Aviation Administration 1 Presentation to: Name: Date: Federal Aviation Administration AMHS Security Security Sub-Group.

General Key Management Guidance. Key Management Policy  Governs the lifecycle for the keying material  Hope to minimize additional required documentation.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Figures – Chapter 14. Figure 14.1 System layers where security may be compromised.

Chapter 21 Distributed System Security Copyright © 2008.

Module 9: Fundamentals of Securing Network Communication.

Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.

1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.

Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.

Csci5233 computer security & integrity 1 Cryptography: an overview.

Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.

DIGITAL SIGNATURE.

Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.

Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.

Security Patterns for Web Services 02/03/05 Nelly A. Delessy.

Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

Lecture1.1(Chapter 1) Prepared by Dr. Lamiaa M. Elshenawy 1.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

Chapter 13 Network Security Auditing Antivirus Firewalls Authentication Authorization Encryption.

TAG Presentation 18th May 2004 Paul Butler

Security Issues in Information Technology

Cryptography: an overview

Cryptography: an overview

Network Security (the Internet Security)

Design for Security Pepper.

Secure Software Confidentiality Integrity Data Security Authentication

Capabilities Matrix Access and Authentication

Internet Security CS457 Seminar Zhao Cheng

TAG Presentation 18th May 2004 Paul Butler

Module 8: Securing Network Traffic by Using IPSec and Certificates

I have many checklists: how do I get started with cyber security?

CompTIA Security+ Study Guide (SY0-401)

CompTIA Security+ Study Guide (SY0-501)

Security in ebXML Messaging

NAAS 2.0 Features and Enhancements

Goals Introduce the Windows Server 2003 family of operating systems

Identity & Access Management

Cryptography: an overview

EDUCAUSE Security Professionals Conference 2018 Jason Pufahl, CISO

Module 8: Securing Network Traffic by Using IPSec and Certificates

Security in SDR & cognitive radio

Designing IIS Security (IIS – Internet Information Service)

Electronic Payment Security Technologies

Instructor Materials Chapter 5: Ensuring Integrity

Chapter 8 roadmap 8.1 What is network security?

Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham

National Trust Platform

Presentation transcript:

Information Security KRISHNAKUMAR RAGHAVAN (KK) NASWA's Information Technology Support Center 1

■ Confidentiality o Ability to hide information from unauthorized access. ■ Integrity o Maintaining consistency, accuracy and trustworthiness of data over its entire lifecycle. ■ Availability o Information requested is readily available to authorized entity NASWA's Information Technology Support Center 2 CIA TRIAD CIA triad no longer adequately address security of changing technology environment

 Identity & Access Management o An enterprise access management system with the capability of identity provisioning, identifying and authorizing users and systems  Intrusion Prevention System Confidentiality NASWA's Information Technology Support Center 3 Security ControlIRS 1075 GuidanceNIST Reference IA-7: Cryptographic Module Authentication The information system uses mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. NIST Recommended Security Controls for Federal Information Systems. FIPS – Security Requirements for Cryptographic Modules

 Public Key Infrastructure o An enterprise PKI infrastructure to assure cryptography during data acquisition, transit and rest. o Non Repudiation – digital signature, encryption and checksum using hash o Transport Layer Security (TLS)/Secured Socket Layer (SSL)  Nonce o Avoid replay attacks  Auditing o Logging,  Social Engineering NASWA's Information Technology Support Center 4 Integrity

Security ControlIRS 1075 GuidanceNIST Reference SC-8: Transmission IntegrityThe information system protects the integrity of transmitted information. NIST – guidance on the use of Transport Layer Security (TLS) NIST – guidance on the use of Ipsec SC-9: Transmission ConfidentialityThe information system protects the confidentiality of transmitted information. NIST – guidance on the use of Transport Layer Security (TLS) NIST – guidance on the use of IPsec NIST – guidance on the use of Ipsec SC-12: Cryptographic Key Establishment and Management When cryptography is required and employed within the information system, the organization establishes and manages cryptographic keys using automated mechanisms with supporting procedures or manual procedures. NIST – guidance on cryptographic key establishment NIST – guidance on cryptographic key management NIST – guidance on the use of Ipsec SC-13: Use of CryptographyValidation certificates issued by the NIST Cryptographic Module Validation Program (including FIPS 140-1, FIPS 140-2, and future amendments) remain in effect and the modules remain available for continued use and purchase until a validation certificate is specifically revoked. FIPS – Security Requirements for Cryptographic Modules NIST – guidance on the use of Ipsec SC-17: Public Key Infrastructure Certificates User certificates, each agency either establishes an agency certification authority cross-certified with the Federal Bridge Certification Authority at medium assurance or higher or uses certificates from an approved, shared service provider, as required by OMB Memorandum NIST – guidance on public key technology NASWA's Information Technology Support Center 5 Integrity Security Controls

 Enterprise Monitoring systems o Intrusion Detection System – NIST o Vulnerability assessment tools – NIST o Malicious software detection systems – NIST  Risk Management – NIST o Enterprise patch management NIST o Enterprise Firewall management NIST o Configuration management NIST NASWA's Information Technology Support Center 6 Availability

 Tools o CA Site minder o Oracle Access Manager o IBM o Dell o Sail Point o ForgeRock (Open Source) NASWA's Information Technology Support Center 7 Identity and Access Management

 OpenSSL  NetBeans NASWA's Information Technology Support Center 8 Public Key Infrastructure

NASWA's Information Technology Support Center 9 Non Repudiation

NASWA's Information Technology Support Center 10 Intrusion detection and prevention systems

NASWA's Information Technology Support Center 11 Capabilities of IDS

NASWA's Information Technology Support Center 12 Questions