Managing Information System Security: Principles GP Dhillon Associate Professor Virginia Commonwealth University.

Slides:



Advertisements
Similar presentations
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Advertisements

What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via
Security Strategy. You will need to be able to explain:  Data Security  Data Integrity and  Data Privacy  Risks  Hacking  Denial of Service DOS.
COMPUTER BASICS METC 106. The Internet Global group of interconnected networks Originated in 1969 – Department of Defense ARPANet Only text, no graphics.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Is There a Security Problem in Computing? Network Security / G. Steffen1.
Computer security 101 computer security 101 Eric Pancer Computer Security Response Team
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.
Social Networking Systems: Education Awareness Briefing.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Stephen S. Yau CSE , Fall Security Strategies.
evidence. Safety To stay safe on the internet there are many points you need to follow. The first point is to change your password regularly, you.
Threats to I.T Internet security By Cameron Mundy.
Information Security Information Technology and Computing Services Information Technology and Computing Services
Internet Safety By Megan Wilkinson. Viruses If your computer haves a viruses on it, it will show one of them or a different one. All commuters have different.
Internet safety By Lydia Snowden.
Contents  Viruses Viruses  Computer Worms Computer Worms  Trojans Trojans  Spyware Spyware  Adware Adware  Spam Spam  Hoaxes and Scams Hoaxes and.
11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
The IS Security Problem GP Dhillon, Ph. D. Associate Professor of IS, VCU
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Defining Security Issues
National Energy Research Scientific Computing Center (NERSC) Computer Security – The New Threats Stephen Lau NERSC Center Division, LBNL June 24, 2004.
Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.
BUSINESS B1 Information Security.
Lesson 2- Protecting Yourself Online. Determine the strength of passwords Evaluate online threats Protect against malware/hacking Protect against identity.
IT security By Tilly Gerlack.
Security+ All-In-One Edition Chapter 14 – and Instant Messaging Brian E. Brzezicki.
Technology in the Bellingham School District. Bellingham School District Network §Connectivity §Communication §Research Practice Responsible Use.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
Malicious Attacks By Katya, Grace, Lachlan, Sairus and Eric!
Types of Electronic Infection
Protecting Students on the School Computer Network Enfield High School.
1 CERN’s Computer Security Challenges Denise Heagerty CERN Computer Security Officer Openlab Security Workshop, 27 Apr 2004.
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Kamran Didcote.
Small Business Security Keith Slagle April 24, 2007.
Network Security & Accounting
Security Awareness – Essential Part of Security Management Ilze Murane.
By Liam Wright Manga comic group Japan SAFETY on your computer.
Computer Security Status Update FOCUS Meeting, 28 March 2002 Denise Heagerty, CERN Computer Security Officer.
Secure  Message interception (confidentiality)  Message interception (blocked delivery)  Message interception and subsequent replay  Message.
Cyber Safety Jamie Salazar.
CHAPTER 2 Laws of Security. Introduction Laws of security enable user make the judgment about the security of a system. Some of the “laws” are not really.
Computer Security By Duncan Hall.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
CPT 123 Internet Skills Class Notes Internet Security Session B.
Joe Budzyn Jeff Goeke-Smith Jeff Utter. Risk Analysis  Match the technologies used with the security need  Spend time and resources covering the most.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Unit 1 Understanding computer systems: How legal, ethical, safety and security issues affect how computers should be used OCR Cambridge Nationals in ICT.
1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.
By: Jasmin Smith  ability to control what information one reveals about one’s self over the Internet.
1 Outline of this module By the end of this module, you will be able to: – Understand what is meant by “identity crime”; – Name the different types of.
1 Outline of this module By the end of this module you will be able to: Understand why computer security is important; Name the different threats to.
Todays’ Agenda Private vs. Personal Information Take out your notebook and copy the following information. Private information – information that can be.
Outline of this module By the end of this module, you will be able to: Understand the benefits that internet banking provides; Name the different dangers.
Primary/secondary data sources Health and safety Security of Data Data Protection Act.
LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.
Lesson 3 Safe Computing.
Compliance with hardening standards
Principles of Information System Security: Text and Cases
Lesson 2- Protecting Yourself Online
Cybersecurity Awareness
Phishing.
Lesson 2: Epic Security Considerations
Lesson 2- Protecting Yourself Online
Privacy, Security, and Ethics
Presentation transcript:

Managing Information System Security: Principles GP Dhillon Associate Professor Virginia Commonwealth University

Shocking news 25% of the organizations did not have an internal audit 50% of the organizations did not have computer audit skills 60% of the organizations had no security awareness 80% of the organizations did not conduct a risk analysis

General Statistics CERT/CC: Incidents Reported 1991 – – 1, – 2, – 2, – 9, – 52, – 137,529

Common Myths  “Why should I care, I have nothing to hide.”  “Why does anyone care about my computer?”  “It’s too difficult to get access to my computer or personal information…”  “If someone tries to [insert malicious activity here], I will notice!”  “Ignorance is bliss!”

Are you at risk? Using the following puts you at risk: Computers Computers Credit Cards Credit Cards Banks Banks Airlines Airlines Automobiles Automobiles …many more… …many more…

CIA – the building blocks Confidentiality AvailabilityIntegrity

Confidentiality  Ensures privacy.  Applies to both data on disks and network communication.  Accomplished through encryption:   s/mime  pgp  ssh and ipsec Confidentiality

Integrity  Develops trust of the network and computer systems.  Applies to both data on disks and network communication.  Integrity is increased by proper data and system management. Integrity

Availability  Another catalyst for trust.  Required for data on disk and network  Prevents Denial o Service attacks, etc. Availability

Defending with technology

Start with the basics  Basic computer security is through technology is easy; use…  A firewall,  Anti-Virus Software,  Patch your computer quickly, when required,  Strong passwords!

Firewalls  The most useful tool in your bag of defenses.  Prevents intruders from accessing services on your computer.  Validates/normalizes network traffic.  May provide reports and trend analysis.  Available for all major operating systems – usually for free!

Anti-virus software  Stops viruses and worms sent by , attachments, downloads, etc.  Detects malicious software through intelligent heuristics.  Available for all major desktop and server operating systems.  A requirement; not an option.

Patches  (Usually) free updates to your computer; can be downloaded from the Internet.  Available before most exploits surface.  Automated, usually.  Critical to overall security.  Chant: “We Must Patch, We Must Patch…”

Strong passwords  Keeps you on-target with best practices.  Is composed of 8 or more characters and includes letters, numbers and 2 special characters, including  Not based on any dictionary word from any language.  Changes regularly; not shared.

Behavioral changes

What technology doesn’t solve  Security technologies adapt as threats appear. They are not able to (easily) combat:  Threats,  Hoaxes,  Scams,  The behavior of others.

The clue factor

Education and awareness  Education and awareness are key to increasing the security posture of the University, and global Internet.  Dispells the FUD (fear, uncertainty, doubt).  Addresses problems before they exist.  Extends the radius of clue.  Creates inclusion in the entire infosecurity effort.

Self-education  You can increase your own awareness of security related issues.  Subscribe to mailing lists for security notifications.  Visit security related websites.  Voice your concern on security related issues, helping raise awareness in others.

Test your efforts  Remember: security is about sharing knowledge and contacts, not technology.

The ‘RITE’ principles Responsibility (and knowledge of Roles) Integrity (as requirement of Membership) Trust (as distinct from Control) Ethicality (as opposed to Rules)

“Total” security CIA + RITE

Conceptualizing controls Pragmatic controls Formal controls Technical controls

Principle #1 Principle 1: Education, training and awareness, although important, are not sufficient conditions for managing information security. A focus on developing a security culture goes a long way in developing and sustaining a secure environment.

Principle #2 Principle 2: Responsibility, integrity, trust and ethicality are the cornerstones for maintaining a secure environment.

Principle #3 Principle 3: Establishing a boundary between what can be formalized and what should be norm based is the basis for establishing appropriate control measures.

Principle #4 Principle 4: Rules for managing information security have little relevance unless they are contextualized.

Principle #5 Principle 5: In managing the security of technical systems a rationally planned grandiose strategy will fall short of achieving the purpose.

Principle #6 Principle 6: Formal models for maintaining the confidentiality, integrity and availability (CIA) of information cannot be applied to commercial organizations on a grand scale. Micro-management for achieving CIA is the way forward.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.