Presentation is loading. Please wait.

Presentation is loading. Please wait.

INFORMATION SECURITY AND CONTROL. SECURITY: l Deter l Detect l Minimize l Investigate l Recover.

Published bySamson Miles Modified over 8 years ago

Similar presentations

Presentation on theme: "INFORMATION SECURITY AND CONTROL. SECURITY: l Deter l Detect l Minimize l Investigate l Recover."— Presentation transcript:

1 INFORMATION SECURITY AND CONTROL

2 SECURITY: l Deter l Detect l Minimize l Investigate l Recover

3 Security Risks Internal External

4 Threats l Disaster and breakdowns l Access and disclosure l Alteration or destruction l Improper use

5 RISK ASSESSMENT l P1Probability of attack l P2Probability of success l LCost of Loss Expected Loss = P1 * P2 * L Minimize Threat Categories

6 Administrative Controls Standards, rules, procedures and discipline to assure that personnel abide by established policies. Includes segregation of functions.

7 Security Policy Security is always a cost to efficiency. It must be promoted to be effective. l From the top l Before installing hardware l Politically charged

8 Writing a Security Policy l Assess the types of risks l Identify vulnerabilities l Analyze user needs l Write the policy l Develop change procedures l Plan implementation l Implement

9 Vulnerabilities l Servers Operating systems and applications l Networks Snooping, attacks, spoofing l Clients and modems PCAnywhere etc. l Viruses

10 Operating Systems l UNIX l Novell Netware l Windows and Windows NT

11 Administrative Controls l Security organization l Audits l Risk assessment l Administrative standards and procedures

12 Disaster Management l Redundancy and fault tolerant systems l Backups and off site storage l Hot and cold sites l Planning and procedures

13 Architectural Controls l Software controls Prevent unauthorized changes l Hardware controls Control access and use

14 Tools l Firewalls l Network partitioning and routers l Encryption l Testing tools l Consultants

15 Encryption l Keys and key length l Public key/private key l Processing problems l Location »Application »Network »Firewall »Link

16 Authentication l Passwords l Biometrics l Isolation l Remote location verification

17 SECURITY: l Deter l Detect l Minimize l Investigate l Recover

Download ppt "INFORMATION SECURITY AND CONTROL. SECURITY: l Deter l Detect l Minimize l Investigate l Recover."

Similar presentations

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
4/15: Security & Controls in IS Systems Vulnerabilities Controls: what to use to guard against vulnerabilities –General controls –Application controls.

4/15: Security & Controls in IS Systems Vulnerabilities Controls: what to use to guard against vulnerabilities –General controls –Application controls.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
Lecture 10 Security and Control.

Lecture 10 Security and Control.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Lecture 10 Security and Control.

Lecture 10 Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Similar presentations

Ads by Google