1 A Comprehensive Framework for Information Assurance Abe Usher, CISSP.

Slides:



Advertisements
Similar presentations
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Advertisements

System integrity The term system integrity has the following meanings: That condition of a system where in its specified operational and technical parameters.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Lecture 1: Overview modified from slides of Lawrie Brown.
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
Chapter 1 – Introduction
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Chapter 12 Network Security.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Cloud Usability Framework
Topics in Information Security Prof. JoAnne Holliday Santa Clara University.
Information Assurance Education Today LTC Clifton H. Poole, CISSP, CISM, IAM Information Resources Management College National Defense University Policy2004.
Information Assurance and Security: Overview. Information Assurance “Measures that protect and defend information and information systems by ensuring.
Computer System System Software. Learning Objective Students should understand the different types of systems software and their functions. Students should.
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
SEC835 Database and Web application security Information Security Architecture.
Storage Security and Management: Security Framework
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”.
N ational I NFOSEC E ducation and T raining P rogram Educational Solutions for a Safer World http//
Confidentiality Integrity Accountability Communications Data Hardware Software Next.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Defining Computer Security cybertechnology security can be thought of in terms of various counter measures: (i) unauthorized access to systems (ii) alteration.
HQ Expectations of DOE Site IRBs Reporting Unanticipated Problems and Review/Approval of Projects that Use Personally Identifiable Information Libby White.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
John Trinidad Senior Systems Engineer Harris Corporation Rochester, NY (585) The Challenge in Developing an SCA Compliant.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Overview of Key Security Concepts and Vocabulary This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
System Security Basics. Information System Security The protection of information systems against unauthorized access to or modification of information,
Another perspective on Network Security Network Security Essentials: Applications and Standards, 4/E William Stallings ISBN-10: ISBN-13:
Network Security Jiuqin Wang June, 2000 Security & Operating system To protect the system, we must take security measures at two levels: Physical level:
Chapter 01: Introduction to Network Security. Network  A Network is the inter-connection of communications media, connectivity equipment, and electronic.
Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture b This material (Comp7_Unit7b) was developed by.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
Quality of Information System (IS) reflecting local correctness and reliability of the operating system; the logical completeness of the hardware and software.
06/02/06 Workshop on knowledge sharing using the new WWW tools May 30 – June 2, 2006 GROUP Presentation Group 5 Group Members Ambrose Ruyooka Emmanuel.
Ingredients of Security
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Lecture1.1(Chapter 1) Prepared by Dr. Lamiaa M. Elshenawy 1.
CST 312 Pablo Breuer. measures to deter, prevent, detect, and correct security violations that involve the transmission of information.
IS3220 Information Technology Infrastructure Security
The NIST Special Publications for Security Management By: Waylon Coulter.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Information Security Principles and Practices by Mark Merkow and Jim Breithaupt Chapter 1: Why Study Information Security?
Information Management System Ali Saeed Khan 29 th April, 2016.
“Enterprise Network Design and Implementation for Airports” Master’s Thesis - Ashraf Ali Department of Computing and Information Sciences This project.
Information Security and Privacy By: Mike Battestilli.
Dr. Ir. Yeffry Handoko Putra
CS457 Introduction to Information Security Systems
Service Organization Control (SOC)
I have many checklists: how do I get started with cyber security?
Computer and Network Security
IS4680 Security Auditing for Compliance
Lecture 1: Foundation of Network Security
HQ Expectations of DOE Site IRBs
An Overview of Security Issues in Sensor Network
Presentation transcript:

1 A Comprehensive Framework for Information Assurance Abe Usher, CISSP

2 Agenda  Introduction  Information Assurance defined  What you need to know  A comprehensive (lightweight) framework  Demonstrations  IATAC resources  Questions

3 Introduction: whoami  Deputy Director of the Information Assurance Technology Analysis Center (IATAC)Information Assurance Technology Analysis Center  Certified Information Systems Security Professional (CISSP)  M.S. in Information Systems  Creator of the INFOSEC ZeitgeistINFOSEC Zeitgeist  Former infantry officer  Geek

4 Introduction: purpose  To provide an information briefing on a simple, yet comprehensive framework for thinking about Information Assurance (IA) issues

5 IA defined: old perspective  Information Security:  “Protection of information systems against unauthorized access to or modification of information, whether in storage, processing, or transit and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats.[1]”  John McCumber, 1991

6 IA defined: contemporary perspective  Information Assurance:  “Information Operations that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This includes providing for the restoration of information systems by incorporating protection, detection, and reaction capabilities.[2]”  confidentiality- assurance that information is not disclosed to unauthorized individuals, processes, or devices.  integrity- quality of an IS reflecting the logical correctness and reliability of the operating system; the logical completeness of the hardware and software implementing the protection mechanisms; and the consistency of the data structures and occurrence of the stored data.  availability- timely, reliable access to data and information services for authorized users.  NSTISSI No. 4009, "National IA Glossary," May 2003

7 What you “need to know”  Technologist perspective –TCP/IP stack details –Firewalls –Intrusion detection –Anti-virus –INFOSEC Research Council hard problems list  Policy perspective: –DoD 8500 series documents –DoD 5200 series documents –DoD 8100 series documents –NIST 800 series documents –National Strategy to Secure Cyberspace –DoD IA Strategy –DITSCAP / NIACAP  Operator perspective: –IS Alliance: Common Sense Guide for Home and Individual Users –IS Alliance: Common Sense Guide for Senior Managers

8 Common criteria

9 What you “need to know”  Do we lose the forest while looking at the trees?

10 Thoughts on classification  “The beginning of all understanding is classification.” Hayden White

11 A comprehensive, yet “lightweight” framework

12 Thoughts on classification “Classification is, in fact, a general method used by us all for dealing with information… So by classification we can organize our knowledge of the [plant kingdom] into a system which stores and summarizes our information for us in a convenient manner… Clearly, some systems by which we can organize this knowledge, make generalizations and predictions, and simply reduce the sheer bulk of data with which we have to deal, is not only desirable but essential.”  Charles Jefferies An Introduction to Plant Taxonomy

13 A comprehensive, yet lightweight framework

14 A comprehensive, yet lightweight framework

15 A comprehensive, yet lightweight framework

16 A comprehensive, yet lightweight framework

17 Case study: confidentiality of information in transmission  Alice views an information resource belonging to Bob using a plain text protocol  Information state: transmission  Security service: confidentiality  Security countermeasure: encryption [3], secure transmission medium, frequency hopping, obscure system interface, access controls

18 Case study: confidentiality of information in transmission

19 Interactive Web based version

20 Case study: availability of net based resources  Bob wants to view a Web resource belonging to Alice  Information state: storage, transmission  Security service: availability  Security countermeasure: traffic filtering/blocking [4], rate limiting, functional redundancy, data redundancy, load balancing, acceptable use policy, business continuity of operations plan

21 Case study: availability of net based resources

22 A comprehensive, yet lightweight framework

23 IATAC Resources  IAnewsletter  IA Digest  Technical inquiries  Technical repository  On the Web at: – –

24 Questions

25 Backup slides

26 References [1] McCumber, John. "Information Systems Security: A Comprehensive Model". Proceedings 14th National Computer Security Conference. National Institute of Standards and Technology. Baltimore, MD. October [2] NSTISSI No. 4009, "National INFOSEC Glossary," January [3] OpenSSH protocol. Designed through the OpenBSD project at Latest release September [4] Linux Planet. Traffic filtering by IP Address. February [5] Maconachy, Victor, Corey Schou, Daniel Ragsdale, and Don Welch. "A Model for Information Assurance: An Integrated Approach". Proceedings of the 2001 IEEE Workshop on Information Assurance and Security. U.S. Military Academy. West Point, NY. June 2001.

27 Information Security Zeitgeist  Provides a graphical depiction of the emergence and disappearance of hot topics in information security over time  Inspired by the Google Zeitgeist report  On the Web:  

28 Information Security Zeitgeist

29 Information Security Zeitgeist

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.