On-Line Meeting 2 October 25, 2016.

Slides:



Advertisements
Similar presentations
© Ravi Sandhu Introduction to Information Security Ravi Sandhu.
Advertisements

Module 1 Evaluation Overview © Crown Copyright (2000)
Information Technology – Guidelines for the Management of IT Security
SL21 Information Security Board Mission, Goals and Guiding Principles.
Agenda COBIT 5 Product Family Information Security COBIT 5 content
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Principles of Patrolling Applying Ranger School Lessons to Information Security Patrick Tatro.
Introducing Computer and Network Security
Accounting Information Systems Chapter Outlines
April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.
First Practice - Information Security Management System Implementation and ISO Certification.
Stephen S. Yau CSE , Fall Security Strategies.
Risk Management Vs Risk avoidance William Gillette.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
SEC835 Database and Web application security Information Security Architecture.
Information Security Update CTC 18 March 2015 Julianne Tolson.
Protective Measures at NATO Headquarters Ian Davis Head, Information Systems Service NATO Headquarters Brussels, Belgium.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.
ETHICS & Information Security Issues
Security Architecture
1 Chapter Three IT Risks and Controls. 2 The Risk Management Process Identify IT Risks Assess IT Risks Identify IT Controls Document IT Controls Monitor.
Presented by : Miss Vrindah Chaundee
INFORMATION SECURITY & RISK MANAGEMENT SZABIST – Spring 2012.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
SME Security. Articulate the major security risks and legal compliance issues for an SME.Explain and justify approaches of investment on InfoSec controls,
Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.
Enterprise Risk Management Chapter One Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.
Definitions of Business, E- Business, and Risk  Business: An organization involved in trade of goods and/or services to the consumers  E-Business: Application.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Working with HIT Systems
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
IT Controls Global Technology Auditing Guide 1.
Introduction to Information Security
McGraw-Hill/Irwin © 2013 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 11 Computer Crime and Information Technology Security.
Lecture 29 Information Security
Security and Web Programming/Design. cell phones bio-facilities Sodas, junk food, and coffee Welcome to the No Smoking State.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
INFORMATION SECURITY AWARENESS Whose Job is it Anyway? Ron Freedman Ron Freedman Vice President VCampus Corporation Scott Wright Scott WrightPresident.
Risk Identification and Risk Assessment
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
Author: M.A. Álvarez & T. Arzuaga CG AutomationNovember 2013 D2-02_12 Comprehensive Cybersecurity strategy for Smartgrid equipment manufacturers SC D2.
Chapter 1: Security Governance Through Principles and Policies
Dr. Bhavani Thuraisingham Information Security and Risk Management June 5, 2015 Lecture #5 Summary of Chapter 3.
Information Security Principles and Practices by Mark Merkow and Jim Breithaupt Chapter 2: Information Security Principles of Success.
Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.
Access Control. Assignment Review  Current  Next 6/23/2016 Access Control 2.
Access Control. Assignment Review  Current –You decide what categories you want to include. Just provide the required justification.  Next  Detailed.
Security Architecture and Design Chapter 4 Part 4 Pages 377 to 416.
Information Security Principles and Practices
Security Management in Practice
CS457 Introduction to Information Security Systems
Security+ All-In-One Edition Chapter 1 – General Security Concepts
and Security Management: ISO 28000
UNIT I INTRODUCTION Growing IT Security Importance and New Career Opportunities – Becoming an Information Security Specialist – Conceptualizing.
Errors, Fraud, Risk Management, and Internal Controls
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
Information Security Board
SEC 210 Become Exceptional/ newtonhelp.com. SEC 210 Assignment Emergency Planning And Risk Assessments For more course tutorials visit
IT Vocab IT = information technology Server Client or host
Chapter 1: Introduction
Understanding Security Layers
The University of Adelaide, School of Computer Science
How to Mitigate the Consequences What are the Countermeasures?
Cybersecurity Threat Assessment
Fundamental Principles of Information Security
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

On-Line Meeting 2 October 25, 2016

ROLL CALL

Tonight’s Material

Discussion 1 Anyone have any comments they’d like to share about the ISO 27000-family of standards? For example: What “purpose” is served by these?

Discussion 1 (continued) – Does the “International” nature of the “best practices” in ISO-27001 require the “least common denominator” effect?

Discussion 2 How do the ISO 27000 standards relate to the 8 domains of the Common Body of Knowledge? … or the CIA triad?

Discussion 3 Any comments on the 7 Domains (Reading 1)? User Domain Workstation Domain LAN Domain LAN-to-WAN Domain WAN Domain Remote Access Domain System/Application Domain

Discussion 4 Any comments on the presentation of the concepts from Reading 1? Roles and Tasks Responsibilities Accountability Behind-the-Scenes Risks, Threats, Vulnerabilities

Discussion 5 Comments on the InfoSec Areas (Reading 2)? Acceptable Use Security Awareness and Training Asset Classification Protection and Access Protocols Asset Management and Operation Identification, Assessment, and Management of Vulnerabilities Identification, Assessment, and Management of Threats

Discussion 6 Comments on the Information Systems Model?

Discussion 7 – Reading 4 Are these 12 principles “widely accepted”? There is no such thing as Absolute Security. The three Security Goals are Confidentiality, Integrity, and Availability Defense in Depth should be the fundamental strategy When left on their own, most people tend to make the worst security decisions. Security depends on two types of requirements: Functional and Assurance Security Through Obscurity is not Security Security = Risk Management The three types of Security Controls are Preventive, Detective, and Responsive Complexity is the Enemy of Security Fear, Uncertainty and Doubt do not work when selling security People, Process, and Technology are ALL needed to adequately secure a system or facility. Open disclosure of Vulnerabilities is good for security

Discussion 8 – Reading 4 There is no such thing as Absolute Security. The three Security Goals are Confidentiality, Integrity, and Availability Defense in Depth should be the fundamental strategy When left on their own, most people tend to make the worst security decisions. Security depends on two types of requirements: Functional and Assurance Security Through Obscurity is not Security Security = Risk Management The three types of Security Controls are Preventive, Detective, and Responsive Complexity is the Enemy of Security Fear, Uncertainty and Doubt do not work when selling security People, Process, and Technology are ALL needed to adequately secure a system or facility. Open disclosure of Vulnerabilities is good for security

Discussion 8 – Reading 4 There is no such thing as Absolute Security. The three Security Goals are Confidentiality, Integrity, and Availability Defense in Depth should be the fundamental strategy When left on their own, most people tend to make the worst security decisions. Security depends on two types of requirements: Functional and Assurance Security Through Obscurity is not Security Security = Risk Management The three types of Security Controls are Preventive, Detective, and Responsive Complexity is the Enemy of Security Fear, Uncertainty and Doubt do not work when selling security People, Process, and Technology are ALL needed to adequately secure a system or facility. Open disclosure of Vulnerabilities is good for security

Discussion 9 – Reading 4 Security Through Obscurity is not Security There is no such thing as Absolute Security. The three Security Goals are Confidentiality, Integrity, and Availability Defense in Depth should be the fundamental strategy When left on their own, most people tend to make the worst security decisions. Security depends on two types of requirements: Functional and Assurance Security Through Obscurity is not Security Security = Risk Management The three types of Security Controls are Preventive, Detective, and Responsive Complexity is the Enemy of Security Fear, Uncertainty and Doubt do not work when selling security People, Process, and Technology are ALL needed to adequately secure a system or facility. Open disclosure of Vulnerabilities is good for security

Discussion 10 – Reading 4 Complexity is the Enemy of Security There is no such thing as Absolute Security. The three Security Goals are Confidentiality, Integrity, and Availability Defense in Depth should be the fundamental strategy When left on their own, most people tend to make the worst security decisions. Security depends on two types of requirements: Functional and Assurance Security Through Obscurity is not Security Security = Risk Management The three types of Security Controls are Preventive, Detective, and Responsive Complexity is the Enemy of Security Fear, Uncertainty and Doubt do not work when selling security People, Process, and Technology are ALL needed to adequately secure a system or facility. Open disclosure of Vulnerabilities is good for security

Discussion 11 – Reading 4 There is no such thing as Absolute Security. The three Security Goals are Confidentiality, Integrity, and Availability Defense in Depth should be the fundamental strategy When left on their own, most people tend to make the worst security decisions. Security depends on two types of requirements: Functional and Assurance Security Through Obscurity is not Security Security = Risk Management The three types of Security Controls are Preventive, Detective, and Responsive Complexity is the Enemy of Security Fear, Uncertainty and Doubt do not work when selling security People, Process, and Technology are ALL needed to adequately secure a system or facility. Open disclosure of Vulnerabilities is good for security

Theme of Tonight’s Class?

MENTAL MODEL

Notes from an Information Security Lecture Prepare for Next Week Reading 6 Notes from an Information Security Lecture

Prepare for Next Week Notes from an Information Security Lecture Reading 6 Notes from an Information Security Lecture Deep Thought, Pondering, Considering Supplemental Discussion Questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.