Information Assurance and Security: Overview. Information Assurance “Measures that protect and defend information and information systems by ensuring.

Slides:



Advertisements
Similar presentations
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Advertisements

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Lecture 1: Overview modified from slides of Lawrie Brown.
CSA 223 network and web security Chapter one
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
1 An Overview of Computer Security computer security.
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Controls for Information Security
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.
SEC835 Database and Web application security Information Security Architecture.
Storage Security and Management: Security Framework
Information Security Update CTC 18 March 2015 Julianne Tolson.
N ational I NFOSEC E ducation and T raining P rogram Educational Solutions for a Safer World http//
Information Systems Security Computer System Life Cycle Security.
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.
1 Figure 1-17: Security Management Security is a Primarily a Management Issue, not a Technology Issue Top-to-Bottom Commitment  Top-management commitment.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Security Architecture
A Survivability Validation Framework for OASIS Program Technologies.
1 A Comprehensive Framework for Information Assurance Abe Usher, CISSP.
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
Information Security What is Information Security?
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Security Engineering Assurance & Control Objectives Priyanka Vanjani ASU Id #
Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.
DIGITAL SIGNATURE.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
Chap1: Is there a Security Problem in Computing?.
Energize Your Workflow! ©2006 Merge eMed. All Rights Reserved User Group Meeting “Energize Your Workflow” May 7-9, Security.
Enterprise Cybersecurity Strategy
Csci5233 computer security & integrity 1 An Overview of Computer Security.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Assuring Reliable and Secure IT Services Chapter 6.
Latest Strategies for IT Security Margaret Myers Principal Director, Deputy CIO United States Department of Defense North American Day 2006.
UNIT-4 Computer Security Classification 2 Online Security Issues Overview Computer security – The protection of assets from unauthorized access, use,
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Network Security SUBMITTED BY:- HARENDRA KUMAR IT-3 RD YR. 1.
Security Issues in Information Technology
Information Security, Theory and Practice.
ISSeG Integrated Site Security for Grids WP2 - Methodology
Issues and Protections
Design for Security Pepper.
COMPUTER SECURITY CONCEPTS
Chapter Three Objectives
A Thread Relevant to all Levels of the EA Cube
SECURITY MECHANISM & E-COMMERCE
CONFIDENTIALITY, INTEGRITY, LEGAL INTERCEPTION
Security Protection Goals
Chapter 9 E-Commerce Security and Fraud Protection
INFORMATION SYSTEMS SECURITY and CONTROL
Security in SDR & cognitive radio
Mohammad Alauthman Computer Security Mohammad Alauthman
Definition Of Computer Security
Presentation transcript:

Information Assurance and Security: Overview

Information Assurance “Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non- repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.” National Information Assurance (IA) Glossary

Maconachy, Schou, Ragsdale (MSR) Cube Maconachy, Schou, Ragsdale and Welch, A Model for Information Assurance: An Integrated Approach, Proceedings of the 2001 IEEE Workshop on IAS, USMA, West Point, NY 5-6 June 2001.

Security Services: What types of problems can occur?  Confidentiality  Integrity  Availability  Authentication  Non Repudiation

Confidentiality “the assurance that information is not disclosed to unauthorized persons, processes or devices.” Maconachy, Schou, Ragsdale and Welch, A Model for Information Assurance: An Integrated Approach, Proceedings of the 2001 IEEE Workshop on IAS, USMA, West Point, NY 5-6 June 2001.

Integrity “the assurance that data can not be created, changed, or deleted without proper authorization” Wikipedia: Information Assurance

Availability: “Timely, reliable access to data and information services for authorized users.” Maconachy, Schou, Ragsdale and Welch, A Model for Information Assurance: An Integrated Approach, Proceedings of the 2001 IEEE Workshop on IAS, USMA, West Point, NY 5-6 June 2001.

Authentication Security service “designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual’s authorizations to receive specific categories of information” National Information Assurance (IA) Glossary

Non-Repudiation “The assurance the sender of the data is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so neither can later deny having processed the data” Maconachy, Schou, Ragsdale and Welch, A Model for Information Assurance: An Integrated Approach, Proceedings of the 2001 IEEE Workshop on IAS, USMA, West Point, NY 5-6 June 2001.

Maconachy, Schou, Ragsdale (MSR) Cube Maconachy, Schou, Ragsdale and Welch, A Model for Information Assurance: An Integrated Approach, Proceedings of the 2001 IEEE Workshop on IAS, USMA, West Point, NY 5-6 June 2001.

Information States: Where is the data?  Transmission  Storage  Processing

Transmission Time in which the data is in transit between processing/process steps.

Storage Time during which data is on a persistent medium such as a hard drive or tape.

Processing Time during which the data is actually in the control of a processing step.

Security Countermeasures: Who can enforce/check security?  People  Policy and Practice  Technology

People  The heart and soul of secure systems.  Awareness, literacy, training, education in sound practice.  Must follow policy and practice or the systems will be compromised no matter how good the design!  Both strength and vulnerability.

Policy and Practice (operations)  System users  System administrators  Software conventions  Trust validation Also a countermeasure and a vulnerability.

Technology  Evolves rapidly  Crypto systems  Hardware  Software  Network Firewalls Routers Intrusion detection Other….  Platform Operating systems Transaction monitoring Other….  Especially vulnerable to misconfiguration and other “people” errors. (Does what we tell it to!)

Time  Relationships between all parts change over time…

The attack model.  Threat: Something that might happen  Vulnerability: point in the system where a Threat could compromise the system.  Risk: The combination of the probability of an event and its consequences  Attack: Application of a threat to a system.  Exploit: A successful attack  Remediation: security team tries to figure out what happened and come up with a fix to restore things and a countermeasure.  Countermeasure: What you do to fix a vulnerability so the threat can’t be exploited.

Security Mindset:  Managed Paranoia They are out to get me.. How could they get me? Do I care? What is the real risk? What countermeasures can I apply to mitigate the risks (threats)? Where am I vulnerable? What will it cost to fix it? Is it worth it? Apply countermeasure… Attacks teach you many things. It is important to know you’ve been attacked! You must design and build security into a system, bolting it on after just doesn’t work. Patches suck, but you have to fix known vulnerabilities or your insurance company won’t pay damages and you might get thrown in jail… especially if you work with medical or personnel records. Still want to be an IT major? That’s why they pay us the big bucks…

Summary  We discussed a model for understanding how one thinks about assuring that one can trust information.  There are information states, security services, and coutermeasures.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.