N ational I NFOSEC E ducation and T raining P rogram Educational Solutions for a Safer World http//www.nsa.gov:8080/isso/programs/nietp/index.htm.

Slides:



Advertisements
Similar presentations
Lecture 1: Overview modified from slides of Lawrie Brown.
Advertisements

Chapter 1 – Introduction
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Computer Security: Principles and Practice
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Topics in Information Security Prof. JoAnne Holliday Santa Clara University.
An Introduction to Information Assurance COEN 150 Spring 2007.
Information Assurance and Security: Overview. Information Assurance “Measures that protect and defend information and information systems by ensuring.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.
Creating a Security Architecture Kim Milford, J.D., CISSP Information Security Manager University of Wisconsin Copyright Kim.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
SEC835 Database and Web application security Information Security Architecture.
Cryptography and Network Security
1 Information System Security Assurance Architecture A Proposed IEEE Standard for Managing Enterprise Risk February 7, 2005 Dr. Ron Ross Computer Security.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,
1 A Comprehensive Framework for Information Assurance Abe Usher, CISSP.
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Overview of Key Security Concepts and Vocabulary This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service.
ECE Lecture 1 Security Services.
Dimensions of E – Commerce Security
Another perspective on Network Security Network Security Essentials: Applications and Standards, 4/E William Stallings ISBN-10: ISBN-13:
PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – NETWORK SECURITY M.C.A III Year II Sem.
OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
ACM 511 Introduction to Computer Networks. Computer Networks.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
What security is about in general? Security is about protection of assets –D. Gollmann, Computer Security, Wiley Prevention –take measures that prevent.
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?
Risk Assessment Richard Newman. Six Phases of Security Process 1. Identify assets 2. Analyze risk of attack 3. Establish security policy 4. Implement.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Quality of Information System (IS) reflecting local correctness and reliability of the operating system; the logical completeness of the hardware and software.
Enterprise Cybersecurity Strategy
T.A 2013/2014. Wake Up Call! Malware hijacks your , sends death threats. Found in Japan (Oct 2012) Standford University Recent Network Hack May Cost.
Ingredients of Security
What is “national security”?  No longer defined only by threat of arms  It really is the economy  Infrastructure not controlled by the government.
Visual 1. 1 Lesson 1 Overview and and Risk Management Terminology.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
Lecture1.1(Chapter 1) Prepared by Dr. Lamiaa M. Elshenawy 1.
E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.
The Art of Information Security: A Strategy Brief Uday Ali Pabrai, CISSP, CHSS.
UNIT-4 Computer Security Classification 2 Online Security Issues Overview Computer security – The protection of assets from unauthorized access, use,
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Information Security Principles and Practices by Mark Merkow and Jim Breithaupt Chapter 1: Why Study Information Security?
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Information Management System Ali Saeed Khan 29 th April, 2016.
Network Security Overview
Introduction to Information Security Module 1. Objectives Definitions of information technology and information security Fundamental Security Concepts.
LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.
Lecture 1 Introduction Dr. nermin hamza 1. Aim of Course Overview Cryptography Symmetric and Asymmetric Key management Researches topics 2.
 Introduction  History  What is Digital Signature  Why Digital Signature  Basic Requirements  How the Technology Works  Approaches.
CS457 Introduction to Information Security Systems
Chapter 5 Electronic Commerce | Security
CNET334 - Network Security
Information and Network Security
Chapter 5 Electronic Commerce | Security
Information Security: Terminology
Introduction to Cryptography
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

N ational I NFOSEC E ducation and T raining P rogram Educational Solutions for a Safer World http//

Introduction to Information Assurance (IA) 07 July 1999

 To introduce the student to Information Assurance,  Present the macro problem facing the global information network infrastructure and,  Define Information Assurance and what is being done to protect infrastructures. The Course Objective is -

What is Information Assurance and... why should I care?

Information Assurance is... Information Operations (IO) that protect and defend information and information systems by ensuring their  confidentiality, confidentiality,  authentication, authentication,  integrity, integrity,  availability, and availability, and  non-repudiation. non-repudiation. This includes providing for restoration of information systems by incorporating  protection, protection,  detection, and detection, and  reaction capabilities. reaction capabilities. (Definition from National Information Systems Security (INFOSEC) Glossary, NSTISSI No. 4009, Aug 1997)

National Infrastructures At Risk In the cyber era, our traditional lines of defense no longer provide a wall between citizens and those who would do harm. u Landscape is changing u PCCIP/PDD 63

INFORMATION ASSURANCE Private Citizen Business Sector Critical Public Safety State, Local Govt National Security Intel/DoD International Federal Govt Interlocking Communities Served by Interlocking Information Infrastructures FII DII Electronic Commerce Electronic Mail Electronic Data Interchange Electronic Funds Transfer File Transfer Information Search/Retrieval NII GII Requiring Basic Information Security Services * Data Integrity * Data Confidentiality * User Identification & Authentication * Transaction Non-Repudiation * System Availability Through trained system users, maintainers, & developers Validated CertificatesAssured Services PROTECTDETECTRESPONDRECONSTITUTE

You Are Here! The number of internet users will quadruple from 36.0 million in 1997 to million by the year 2002: Avg. annual growth rate = 53%

H I S T O R Y Evolution of Information Assurance In the 20th Century

In the Beginning... There was COMSEC (Communications Security ) “Measurement and controls taken to deny unauthorized persons information derived from telecommunications and to ensure the authenticity of such telecommunications. COMSEC includes: cryptosecurity, trans- mission security, emissions security, & physical security of COMSEC material.”

Confidentiality - Assurance that information is not disclosed to unauthorized persons, processes, or devices. * In condensed form... Protection from unauthorized disclosure or No one but you and the sender knows *(Definition from National Information Systems Security (INFOSEC) Glossary, NSTISSI No. 4009, Aug 1997)

Authentication - Security measure designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual’s authorization to receive specific categories of information. * In condensed form... Verification of originator or Knowing for sure who sent the message *(Definition from National Information Systems Security (INFOSEC) Glossary, NSTISSI No. 4009, Aug 1997)

The Threat/Concern Was listening in on private communications Sender Receiver

Then there was... COMPUSEC (80/90’s) “ Measures and controls that ensure confidentiality, integrity, and availability of information system assets including hardware, software, firmware, and information being processed, stored, and communicated.” (Computer Security)

Integrity - Quality of an Information System (IS) reflecting the local correctness and reliability of the operating system; the logical completeness of the hardware and software implementing the protection mechanisms; and the consistency of the data structures and occurrence of the stored data.* In condensed form... Protection from unauthorized change or Person hearing/receiving exactly what you said/sent *(Definition from National Information Systems Security (INFOSEC) Glossary, NSTISSI No. 4009, Aug 1997)

Availability - Timely, reliable access to data and information services for authorized users.* In condensed form... Assured access by authorized users or Having a dial tone when you want one *(Definition from National Information Systems Security (INFOSEC) Glossary, NSTISSI No. 4009, Aug 1997)

This COMPUSEC Threat/Concern expanded to... Access Malicious Logic Hacker User Private communications Security Breach (password)

The Concern later increased to include both... COMSEC... and... COMPUSEC

This COMSEC/COMPUSEC merger formed... INFOSEC (90’s) “Protection of information systems against unauthorized access to or modification of information, whether in storage, processing, or transit, and against the denial of services to authorized users, including those measures necessary to detect, document, and counter such threats.” (Information Systems Security)

Non-Repudiation - Assurance the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so neither can later deny having processed the data.* In condensed form... Undeniable proof of participation or Like receipt-requested mail - each knows the other got it *(Definition from National Information Systems Security (INFOSEC) Glossary, NSTISSI No. 4009, Aug 1997)

Today... we speak “Information Assurance” (Now/Future) “Information Operations that protect and defend information and information systems by ensuring their confidentiality, authentication, integrity, availability, and non-repudiation. This includes providing for restoration of information systems by incorporating protection, detection and reaction capabilities.”

The Concern NOW is... Protect, Defend... Integrity Confidentiality Non-Repudiation Availability... & Restoration of Info Authentication

New Direction Information Assurance (IA) Leadership for the Nation Provide - - solutions, products and services, and conduct defensive information operations, to achieve - - IA for U.S. Critical Information Infrastructures operating in a global network environment New Challenges

Get Engaged... Move from INFOSEC... to... Information Assurance ProtectDetect RestoreReact IA

Why is Information Assurance important?

OUR CONCERN IS... Our ability to NETWORK... has exceeded.. Growth Rate = 79%

Our ability to protect u Between 1996 & 2006 the U.S. will require more than 1.3 million new highly skilled IT workers: (90% growth rate) 137,800/yr. to fill new jobs /yr. to replace workers leaving IT fields The Digital Work Force. U.S. Dept. of Commerce, Office of Technology Policy, June 1999

Current Capacity to Produce In 1994 only 24,553 U.S. students earned bachelor’s degrees in computer and information sciences You do the math: 95,000 IT workers needed/yr. -24,553 IT degrees earned/yr. Deficit / Yr. 70,447 ALL requiring I A education and training

President’s Commission (October 1997 ) President’s Commission on Critical Information Infrastructure Protection (PCCIIP) National Goal Achieve & maintain ability to protect critical infrastructure...

Critical Infrastructures Telecommunications Electric Power Banking & Finance Oil & Gas Delivery & Storage Water Emergency Services Government Services

What’s being done? Presidential Decision Directive 63 (1998) “It has long been the Policy of the United States to assure the continuity and viability of critical infrastructures. I intend that the United States will take all necessary measures to swiftly eliminate any significant vulnerability to both physical and cyber attacks on our critical infrastructures, including especially our cyber systems.”

P A R T N E R I N G ACADEMIAINDUSTRY GOVERNMENT

Partners - Provide IA through Cyber Defense by moving from the... Protect mode of securing Networks Servers Workstations,... to the... Detect & Report modes Improve attack sensing & warning Data fusion & analysis Determine source, intent, impact, then report it, and...finally to the... Respond mode Restore - damage, recover, and verify operations Pursue - contact appropriate legal authorities

The Bottom Line Be aware of the complexity of and the threats to business and government infrastructures and understand the security procedures designed to protect networks from information attacks

For more information on IA... PDD-63 and the Presidential Commission Report on Critical Infrastructure Protection: Defense Information Systems Agency (DISA) Awareness and Training Facility: National Security Telecommunications and Information Systems Security Training Standards: National INFOSEC Education Colloquium: National Institute for Standards and Technology (NIST) Computer Security Clearing House: National Security Agency INFOSEC Page - National INFOSEC Education and Training Program:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.