Module 02: 1 Introduction to Computer Security and Information Assurance Objectives Recognize that physical security and cyber security are related Recognize.

Slides:



Advertisements
Similar presentations
1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.
Advertisements

/0403 Copyright ©2004 Business and Legal Reports, Inc. BLRs Safety Training Presentations Transportation Security TrainingPart II 49 CFR
4 Information Security.
Computer Fraud Chapter 5.
Computer Fraud Chapter 5.
Copyright 2004 Foreman Architects Engineers School Security From Common Sense to High Tech.
Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.
Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
Lecture 1: Overview modified from slides of Lawrie Brown.
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.
1 An Overview of Computer Security computer security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Stephen S. Yau CSE 465 & CSE591, Fall Physical Security for Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Information Security Principles and Practices
Lecture 11 Reliability and Security in IT infrastructure.
Factors to be taken into account when designing ICT Security Policies
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Session 3 – Information Security Policies
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Program Objective Security Basics
SEC835 Database and Web application security Information Security Architecture.
Overview Of Information Security Management By BM RAO Senior Technical Director National Informatics Centre Ministry of Communications and Information.
Physical Security By: Christian Hudson. Overview Definition and importance Components Layers Physical Security Briefs Zones Implementation.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Chapter 34 risk management Section 34.1 Business Risk Management
Prepared by: Dinesh Bajracharya Nepal Security and Control.
Security and Privacy Strategic Global Partners, LLC.
PANTHER SECURITY AND PRIVATE INVESTIGATION Security is degree of protection against danger, damage, loss and crime.
Chapter 4 McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.
7 Information Security.
Information Systems Security Operational Control for Information Security.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
1 Chpt. 12: INFORMATION SYSTEM QUALITY, SECURITY, AND CONTROL.
Note1 (Admi1) Overview of administering security.
Chapter 6 Enhancing Security Through Procedural Controls.
SECURITY OF DATA By: ADRIAN PERHAM. Issues of privacy; Threats to IT systems; Data integrity; Standard clerical procedures; Security measures taken to.
Physical (Environmental) Security
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,
Chap1: Is there a Security Problem in Computing?.
Energize Your Workflow! ©2006 Merge eMed. All Rights Reserved User Group Meeting “Energize Your Workflow” May 7-9, Security.
Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
1 PROTECTING ORGANIZATION VALUABLE ASSET CASE STUDY: PT XYZ SYSTEM INFORMATION TECHNOLOGY Group Member :  Adhitya Trisnanda  Dini Dieny  Firmando Satryo.
CONTROLLING INFORMATION SYSTEMS
BTEC NAT Unit 15 - Organisational Systems Security ORGANISATIONAL SYSTEMS SECURITY Unit 15 Lecture 3 OTHER DAMAGING THREATS.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Physical Security Ch9 Part I Security Methods and Practice CET4884 Principles of Information Security, Fourth Edition.
Welcome to the ICT Department Unit 3_5 Security Policies.
Physical Security at Data Center: A survey. Objective of the Survey  1. To identify the current physical security in data centre.  2.To analyse the.
Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.
Module 8 Risk Management. Manager, Customer Services Module 8Slide - 2 Objective The learner will be able to: –Develop an understanding of Security Responsibility.
Risk management.
ISSeG Integrated Site Security for Grids WP2 - Methodology
NETW4005 COMPUTER SECURITY A
Chapter 34 risk management Section 34.1 Business Risk Management
Managing the IT Function
Cyber Crimes Chunlian QU 9/18/2018.
INFORMATION SYSTEMS SECURITY and CONTROL
Objectives Telecommunications and Network Physical and Personnel
Physical Security.
Chapter # 3 COMPUTER AND INTERNET CRIME
Jodi Bouvin, Ben Bridges, Thomas Schaefer
Presentation transcript:

Module 02: 1 Introduction to Computer Security and Information Assurance Objectives Recognize that physical security and cyber security are related Recognize that personnel security policies and procedures are related to cyber security Explain how awareness training strengthens cyber security practices

Module 02: 2 Introduction to Computer Security and Information Assurance Physical Security Addresses the protection of the organization’s assets: –Personnel –Property –Information

Module 02: 3 Introduction to Computer Security and Information Assurance Physical And Cyber Security Disciplines merging Physical access can lead to compromise

Module 02: 4 Introduction to Computer Security and Information Assurance Physical Security Threats Most threats in this area are ‘physical’ –Fire –Flood –Natural disasters The Human factor is an exception to this rule

Module 02: 5 Introduction to Computer Security and Information Assurance Major Sources Of Physical Loss Temperature extremes Gases Liquids Living organisms Excessive movement Energy anomalies Source: “Fighting Computer Crime” by Donn B. Parker

Module 02: 6 Introduction to Computer Security and Information Assurance Physical Security Threat Categories Natural and Environmental Man-made

Module 02: 7 Introduction to Computer Security and Information Assurance Natural And Environmental Threats Hurricanes Tornadoes Earthquakes Floods Lightning Mudslides Fire Electrical

Module 02: 8 Introduction to Computer Security and Information Assurance Man-Made Threats Hackers Theft Human error

Module 02: 9 Introduction to Computer Security and Information Assurance Physical Security Countermeasures Property protection Structural hardening Physical access control Intrusion detection Physical security procedures Contingency plans Physical security awareness training

Module 02: 10 Introduction to Computer Security and Information Assurance Property Protection Fences Gates Doors Locks and keys Lighting Fire detection and suppression systems

Module 02: 11 Introduction to Computer Security and Information Assurance Structural Hardening Robust construction Minimal penetration Building complexity

Module 02: 12 Introduction to Computer Security and Information Assurance Physical Access Control Ensures only authorized individuals are allowed into certain areas –Who –What –When –Where –How

Module 02: 13 Introduction to Computer Security and Information Assurance Intrusion Detection Guards Dogs Electronic monitoring systems

Module 02: 14 Introduction to Computer Security and Information Assurance Physical Security Procedures Impose consequences for physical security violations Examples: –Log personnel access to restricted areas –Escort visitors, delivery, terminated personnel

Module 02: 15 Introduction to Computer Security and Information Assurance Contingency Plans Considerations include –Generators –Fire suppression and detection systems –Water sensors –Alternate facility –Offsite storage facility

Module 02: 16 Introduction to Computer Security and Information Assurance Physical Security Awareness Training Train personnel what to do about –Suspicious activities –Unrecognized persons

Module 02: 17 Introduction to Computer Security and Information Assurance Personnel Security Practices established to ensure the safety and security of personnel and other organizational assets

Module 02: 18 Introduction to Computer Security and Information Assurance Personnel Security It’s all about the people People are the weakest link An avenue to mold and define personnel behavior

Module 02: 19 Introduction to Computer Security and Information Assurance Personnel Security Threat Categories Insider threats Social engineering

Module 02: 20 Introduction to Computer Security and Information Assurance Insider Threats One of the most common threats to any organization More difficult to recognize Include –Sabotage –Unauthorized disclosure of information

Module 02: 21 Introduction to Computer Security and Information Assurance Social Engineering Threats Multiple techniques are used to gain information from authorized employees and using that information in conjunction with an attack –Protect your password (even from the help desk) –Protect personnel rosters

Module 02: 22 Introduction to Computer Security and Information Assurance Dumpster Diving Rummaging through a company’s or individual’s garbage for discarded documents, information, and other precious items that could be used in an attack against that person or company

Module 02: 23 Introduction to Computer Security and Information Assurance Phishing Usually takes place through fraudulent e- mails requesting users to disclose personal or financial information appears to come from a legitimate organization

Module 02: 24 Introduction to Computer Security and Information Assurance

Module 02: 25 Introduction to Computer Security and Information Assurance Security Awareness Recognizing what types of security issues might arise Knowing your responsibilities and what actions to take in case of a breach

Module 02: 26 Introduction to Computer Security and Information Assurance Policies And Procedures Acceptable use policy Personnel controls Hiring and termination practices

Module 02: 27 Introduction to Computer Security and Information Assurance People And Places: What You Need To Know Physical security Physical security threats and countermeasures Personnel security Personnel security threats and countermeasures

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.