Protection of Information Assets I. Joko Dewanto 1.

Slides:



Advertisements
Similar presentations
3. Protection of Information Assets (25%)
Advertisements

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
1 Telstra in Confidence Managing Security for our Mobile Technology.
Security Controls – What Works
Information Security Policies and Standards
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Lecture 10 Security and Control.
10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Business Data Communications, Fourth Edition Chapter 10: Network Security.
E-Commerce Security and Fraud Issues and Protections
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Security Guide for Interconnecting Information Technology Systems
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.
Chapter 8 Security and Control.
10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.
Chapter 2 Information Security Overview The Executive Guide to Information Security manual.
Securing Information Systems
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj
7.1 © 2007 by Prentice Hall 7 Chapter Securing Information Systems.
Confidentiality Integrity Accountability Communications Data Hardware Software Next.
BUSINESS B1 Information Security.
Internet Security for Small & Medium Business Week 6
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
C8- Securing Information Systems
8.1 © 2007 by Prentice Hall Minggu ke 6 Chapter 8 Securing Information Systems Chapter 8 Securing Information Systems.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Chapter 6 of the Executive Guide manual Technology.
Security Mark A. Magumba. Definitions Security implies the minimization of threats and vulnerabilities A security threat is a harmful event or object.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.
Information Systems Ethics (Cyberethics) Dr. Robert Chi Department of Information Systems California State University, Long Beach.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
IS Network and Telecommunications Risks Chapter Six.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.
Chapter 30 - Electronic Commerce and Business Introduction E-Commerce is Big Business –all commercial transactions conducted over the Internet shopping,
IEC TC57 WG15 - Security Status & Roadmap, TC57 Plenary, May 2007
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.
Scott Charney Cybercrime and Risk Management PwC.
06/02/06 Workshop on knowledge sharing using the new WWW tools May 30 – June 2, 2006 GROUP Presentation Group 5 Group Members Ambrose Ruyooka Emmanuel.
In Depth Security Review Martin Rogers Computer Horizons Corp. © Copyright eB Networks All rights reserved. No part of this presentation may be reproduced,
SecSDLC Chapter 2.
Chapter 7 1Artificial Intelligent. OBJECTIVES Explain why information systems need special protection from destruction, error, and abuse Assess the business.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
Security and Ethics Safeguards and Codes of Conduct.
IS3220 Information Technology Infrastructure Security
Information Management System Ali Saeed Khan 29 th April, 2016.
10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.
Chapter 13 Network Security Auditing Antivirus Firewalls Authentication Authorization Encryption.
Securing Information Systems
Securing Information Systems
ISSeG Integrated Site Security for Grids WP2 - Methodology
Chapter 17 Risks, Security and Disaster Recovery
Securing Information Systems
IS4680 Security Auditing for Compliance
E-Commerce Security and Fraud Issues and Protections
Operating System Security
Presentation transcript:

Protection of Information Assets I. Joko Dewanto 1

Tujuan Pembelajaran  Pendahuluan perkuliahan  Silabus, SAP, GBPP, Perencanaan Perkuliahan

Protection of Information Assets Effective information security arrangement is the foundation for protecting assets and privacy. The security objective of information assets could be enlisted as under:  Information integrity (Integritas informasi)  Confidentiality of sensitive data. (kerahasiaan data yang sensitif)  Adherence to piracy or copy right arrangement. (kebutuhan terhadap pembajak dan hak cipta)  Continued availability of data. (lanjutan ketersediaan data)  Conformity to applicable laws. (konfirmasi terhadap hukum yang berlaku)

Chapter  Establishing Information Security Policy  Identifying Critical Assets and Conducting A Vulnerability Assessment  Tools and Practices for Critical Information Asset Protection  Protection Information Assets Security Management (ISO/IEC 17799:2000) & Certified Risk Analysis Methodology Management (CRAMM )

Chapter Continuous  Importance of Information Security Management  Legal Access  Network Infrastructure Security  Auditing Information Security Management  Auditing Network Security  Environmental Exposures and Controls  Physical Access Exposures and Controls  Mobile Computing

Key concepts you will need to understand  The processes of design, implementation, and monitoring of security (gap analysis baseline, tool selection)  Encryption techniques (DES, RSA)  Public key infrastructure (PKI) components (certification authorities, registration authorities)  Digital signature techniques  Physical security practices  Techniques to identify, authenticate, and restrict users to authorized functions and data (dynamic passwords, challenge/response, menus, profiles)  Security software (single sign-on, intrusion-detection systems [IDS], automated permission, network address translation)  Security testing and assessment tools (penetration testing, vulnerability scanning)

Key concepts you will need to understand  Network and Internet security (SSL, SET, VPN, tunneling)  Voice communications security  Attack/fraud methods and techniques (hacking, spoofing, Trojan horses, denial of service, spamming)  Sources of information regarding threats, standards, evaluation criteria, and practices in regard to information security  Security monitoring, detection, and escalation processes and techniques (audit trails, intrusion detection, computer emergency response team)  Viruses and detection  Environmental protection practices and devices (fire suppression, cooling syste