Cyber Security/Information Security Definitions

Slides:

Advertisements

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

Advertisements

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

Protection of Information Assets I. Joko Dewanto 1.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

MAINSTAY ENTERPRISES, INC. “We Support Your Security Needs” Information System Security Services In today’s competitive marketplace, facilitating electronic.

Security Controls – What Works

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

E-Commerce Security and Fraud Issues and Protections

Computer Security: Principles and Practice

Controls for Information Security

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Stephen S. Yau CSE , Fall Security Strategies.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network security policy: best practices

VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.

Introduction to Network Defense

SEC835 Database and Web application security Information Security Architecture.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

1 IS 8950 Managing Network Infrastructure and Operations.

Protective Measures at NATO Headquarters Ian Davis Head, Information Systems Service NATO Headquarters Brussels, Belgium.

Information Systems Security Computer System Life Cycle Security.

 Computer security policy ◦ Defines the goals and elements of an organization's computer systems  Definition can be ◦ Highly formal ◦ Informal  Security.

Confidentiality Integrity Accountability Communications Data Hardware Software Next.

“Assuring Reliable and Secure IT Services”. IT Redundancy: Its Value How much reliability to buy? Customer Service impacted as a result of 15 minutes.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Federal Aviation Administration Federal Aviation Administration 1 Presentation to: Name: Date: Federal Aviation Administration AMHS Security Security Sub-Group.

Chapter 6 of the Executive Guide manual Technology.

NSF and IT Security George O. Strawn NSF CIO. Outline Confessions of a CIO Otoh NSF matters IT security progress at NSF IT security progress in the Community.

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

Web Security for Network and System Administrators1 Chapter 2 Security Processes.

Sandra C Security Advisor Energy Dan B Security Advisor Water

1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.

IS Network and Telecommunications Risks Chapter Six.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,

Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.

Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Scott Charney Cybercrime and Risk Management PwC.

HO © 2012 Fluor. All rights reserved. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil.

SecSDLC Chapter 2.

Application Security in a cyber security program

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Russell Rice Senior Director, Product Management Skyport Systems

INNOVATE THROUGH MOTIVATION MSP Services Overview KEVIN KIRKPATRICK – OWNER, MSP INC LOGO.

INFORMATION SECURITY AND CONTROL. SECURITY: l Deter l Detect l Minimize l Investigate l Recover.

Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.

Information Security tools for records managers Frank Rankin.

The NIST Special Publications for Security Management By: Waylon Coulter.

© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.

Information Security KRISHNAKUMAR RAGHAVAN (KK) NASWA's Information Technology Support Center 1.

 What threat assessments are  What vulnerability assessments are  What exploit assessments are.

Firmware threat Dhaval Chauhan MIS 534.

Cyber Security Enterprise Risk Management: Key to an Organization’s Resilience Richard A. Spires CEO, Learning Tree International Former CIO, IRS and.

Security Standard: “reasonable security”

Security Risk Profiles – Tips and Tricks

Secure Software Confidentiality Integrity Data Security Authentication

Capabilities Matrix Access and Authentication

Introduction to the Federal Defense Acquisition Regulation

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

I have many checklists: how do I get started with cyber security?

IS4680 Security Auditing for Compliance

E-Commerce Security and Fraud Issues and Protections

National Cyber Security

Cyber System-Centric Approach To Cyber Security and CIP

Presentation transcript:

Cyber Security/Information Security Definitions

Cyber Security/Information Security Types General Security Term Type / Definition InfoSec Broad definition – Generally relates to the IT technical focus of security, including: firewalls, routers/switches and networking equipment security, DMZ (network demilitarization zones), network access controls, CAC (common access cards)/tokens, PKI (public key infrastructure) controls, access point security, secure data backup, NACs (network access controls), etc. Information Assurance Broad definition – Addresses a wide variety of information security disciplines (IT, physical security, personnel security, s/w development standards and security, IT outsourcing security, end-user IT security, database/host security, encryption/data security, audit/compliance, etc.) Mission Assurance Broad definition – Includes additional aspects beyond Information Assurance, focused on single outcome of the entire system to be protected (frequently includes COOP, BCP, disaster recovery) Cyber Security Narrower definition–Generally associated with the technical aspects of data protection (PKI, encryption, access control, data shredding/recovery prevention, etc.) Information Security Assessments Narrower definition – Applies to review of systems against standards or requirements (ISO 27001, ISO15408) and determines posture of system. Usually associated with remedial actions and preparation consulting for future certifications/ assessments. Certification and Accreditation (C&A) Narrow definition - Detailed technical and management assessments and deliberate assessment/acceptance of risk of IT systems, as measured against specific technical criteria (depends on client – there are many technical standards and ‘customer-specific’ criteria, such as DCIDs, DoD 8500, NIST, etc.). Vulnerability Assessments Narrow definition – Usually technical in nature and quite detailed, a system-by-system review and assessment of security settings and security protocols for IT systems. Automated tools to ‘scan’ and assess the security posture of the IT infrastructure are usually used to identify vulnerabilities (e.g, Nessus, nmap) Penetration Testing (Pen Testing) Narrow definition – Adversarial ‘attack’ on systems by a friendly player to gain access of systems/data or control entities on a network. “Red Teaming” is done by an external entity and employs a variety of techniques (technical, physical, ‘social’, etc.) to gain access, as if being done by adversaries. “Blue Teaming” is performed by internal entities, usually with partial internal access to all or a portion of the network. Many technical/legal issues must be addressed as part of pen testing to allow for adequate ‘real life’ testing without disrupting operations. Usually requires most senior management approval and ‘get out of jail free’ authority for pen testing personnel. Security Operations / Computer Incident Response Teams (CIRT) capability Narrow definition – Focused on operational/’watch center’ and real-time threat monitoring/response issues. Includes intrusion detection, virus detection/virus definition updates, software updates/patch management, IAVA (information assurance vulnerability alert)/STIG (security technical implementation guides) implementation and management, malware detection/removal, incident response and remediation.