Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.

Slides:



Advertisements
Similar presentations
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Advertisements

VM: Chapter 5 Guiding Principles for Software Security.
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
Security Controls – What Works
Chapter 1 – Introduction
Security+ Guide to Network Security Fundamentals
Building a Successful Security Infrastructure
Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.
1 An Overview of Computer Security computer security.
Risks, Controls and Security Measures
Applied Cryptography for Network Security
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Pertemuan 02 Aspek dasar keamanan Jaringan dan ketentuan baku OSI
Protection and Security CSCI 444/544 Operating Systems Fall 2008.
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.
Securing Information Systems
SEC835 Database and Web application security Information Security Architecture.
Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Storage Security and Management: Security Framework
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.
Computer Security: Principles and Practice
Copyright 2004 Integrity Incorporated Carolyn Burke, MA, CISSP, CISM CEO, Integrity Incorporated Mitigate Risk March 23, 2004, 2pm.
INFORMATION SECURITY & RISK MANAGEMENT SZABIST – Spring 2012.
VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.
Engineering Secure Software. A Ubiquitous Concern  You can make a security mistake at every step of the development lifecycle  Requirements that allow.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Information Systems Security Operations Security Domain #9.
COMPUTER SECURITY MIDTERM REVIEW CS161 University of California BerkeleyApril 4, 2012.
Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.
Engineering Essential Characteristics Security Engineering Process Overview.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
Kia Manoochehri.  Background  Threat Classification ◦ Traditional Threats ◦ Availability of cloud services ◦ Third-Party Control  The “Notorious Nine”
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Introduction.
Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
Sarvajanik college of engineering and technology. Created by:- Keshvi Khambhati (co-m) Ria Bhatia (co-m) Meghavi Gandhi (co-m) Jarul Mehta(co-m) Topic.
IT-Secrurity Cookbook Enter your login: Enter your password:
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
1 Network Security: Introduction Behzad Akbari Fall 2009 In the Name of the Most High.
Lecture1.1(Chapter 1) Prepared by Dr. Lamiaa M. Elshenawy 1.
SECURITY REQUIREMENTS AND MANAGEMENT: Presentation By: Guillermo Dijk.
INFORMATION SECURITY AND CONTROL. SECURITY: l Deter l Detect l Minimize l Investigate l Recover.
Engineering Secure Software. A Ubiquitous Concern  You can make a security mistake at every step of the development lifecycle  Requirements that allow.
Network Security Overview
Welcome to the ICT Department Unit 3_5 Security Policies.
Security Issues in Information Technology
CS457 Introduction to Information Security Systems
Information Security, Theory and Practice.
Network Security (the Internet Security)
Design for Security Pepper.
Chapter 17 Risks, Security and Disaster Recovery
Understanding Security Layers
برنامج أمن أنظمة الحاسب
Systems Design Chapter 6.
INFORMATION SYSTEMS SECURITY and CONTROL
How to Mitigate the Consequences What are the Countermeasures?
Mohammad Alauthman Computer Security Mohammad Alauthman
Cryptography and Network Security
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

Thomas Levy

Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security 7.Security Architecture & Design

Agenda Continued 7.Business Continuity & Disaster Recovery Planning 8.Telecommunications & Network Security 9.Application Security 10.Operations Security 11.Legal, Regulations, Compliance & Investigations 12.Summary

Aims: CIAN To be able to protect information assets ensuring: Confidentiality Integrity Availability Non – repudiation

Common Business Attacks DNS BGP XSS XSRF DoS Injection

Information Security & Risk Management Security Baselines Audit Frameworks Reporting Risk Management

Access Control Information & User Classification Access Control Categories and Types Threats to Access Control Access Control Assurance

Cryptography Confidentiality, Integrity & Authenticity Data Storage Data Transmission Symmetric vs Asymmetric Digital Signatures & Envelopes End to End Encryption

Physical Security Additional layers of security which work in conjunction with the technical layers to provide a greater defence in depth

Security Architecture & Design Software Hardware

Business Continuity & Disaster Recovery Planning Failure to prepare is preparing to fail Revenue Loss Additional Expenses Damaged Reputation

Telecommunications & Network Security OSI model TCP / IP model

Application Security Buffer Overflows Malicious Software Social Engineering Trapdoors

Operations Security Misuse prevention Continuity of operations Fault tolerance Data protection Configuration management Patch management

Legal, Regulations, Compliance & Investigations Privacy Liability Computer Crime Incident Handling & Response Capability

Summary 1.Secure the weakest link 2.Practise defence in depth 3.Fail securely 4.Follow the principle of least privilege 5.Compartmentalise 6.Keep it simple 7.Promote privacy 8.Remember that hiding secrets is hard 9.Be reluctant to trust 10.Use your community resources