Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Management System Ali Saeed Khan 29 th April, 2016.

Published byPatrick Wilkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Information Management System Ali Saeed Khan 29 th April, 2016."— Presentation transcript:

1 Information Management System Ali Saeed Khan 29 th April, 2016

2 Lecture Layout Introduction ISF (Information Security Forum) https://www.securityforum.org/ https://www.securityforum.org/ Cyber Security Cyber Attacks/Threats Cyber Defenses/Protective Measures Conclusion

3 Information Security

4 Information Security Management

5 Information Security Management System (ISMS)

6

7 ISMS Examples …… Some nations publish and use their own ISMS standards, – e.g. the DoD Information Technology Security Certification and Accreditation Process (DITSCAP) of USA – the German IT baseline protection – ISMS of Japan – ISMS of Korea

8 CYBER SECURITY ISMS

9 Cyber Security All feasible measures to protect, – Integrity – Availability – Confidentiality Of – Information – Information system resources (hardware, software, firmware, data and telecommunications)

10 Three key objectives (the CIA triad) Confidentiality – Data confidentiality: Assures that confidential information is not disclosed to unauthorized individuals – Privacy: Assures that individual control or influence what information may be collected and stored Integrity – Data integrity: assures that information and programs are changed only in a specified and authorized manner – System integrity: Assures that a system performs its operations in unimpaired manner Availability: assure that systems works promptly and service is not denied to authorized users

11 Cyber Security Authenticity: the property of being genuine and being able to be verified and trusted; confident in the validity of a transmission, or a message, or its originator Accountability: generates the requirement for actions of an entity to be traced uniquely to that individual to support non-repudiation, deference, fault isolation, forensics etc

12 Global Impact of Cyber Security It’s Personal – Cyber Security issues now impact every individual who uses a computer. It’s no longer science fiction – millions of people worldwide are the victims of cyber-crimes. It’s Business – Every business today is dependent on information and vulnerable to one or more type of Cyber attacks (even those w/o online sites). It’s War – In fact it is already becoming the next Cold War. Cyber operations are also becoming increasing integrated into active conflicts.

13 Global Impact of Cyber Security

14 Threats to business include the following: – Financial loss – Legal repercussions – Loss of credibility or competitive edge – Blackmail/industrial espionage – Disclosure of confidential, sensitive or embarrassing information – Sabotage – Corporate espionage – Data theft and ransoming

15 CYBER ATTACKS ISMS

16 Virus, Worm, Trojan Can you tell the difference ?

17 Cyber Attacks https://www.cpni.gov.uk/advice/cyber/Cyber-Attack-Types/ https://www.cpni.gov.uk/advice/cyber/Cyber-Attack-Types/ ? Types: – Application Layer Attack – Brute Force Attack – DDoS Attack – Network Protocol Attack – Known Vulnerability Attack – Zero day Exploitation – Phishing for credentials – Phishing with malware – Rogue Update Attack – Watering Hole Attack

18 CYBER DEFENSES ISMS

19 Cyber Defense Information Security Policy Physical Safe Custody of Assets Access Control Systems Identification Authentication Authorization Single Sign on(SSO) Best Password Practices Antivirus

20 Cyber Defense Security by design Secure operating systems Secure Databases Firewall (computing) Intrusion detection system Intrusion prevention system Honey Pots & Honey Nets

21 Cyber Defense Encryption Digital Signature Digital Envelope Activity Logging & Audit Trail Unified Threat Management Products Biometric Devices Penetration Testing

22 Conclusion Lack of knowledge about the Information security (Cyber security) Lack of use of good practices Shortage of resources

23 Thank you

Download ppt "Information Management System Ali Saeed Khan 29 th April, 2016."

Similar presentations

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Cryptography and Network Security Sixth Edition by William Stallings.

Cryptography and Network Security Sixth Edition by William Stallings.
Cryptography and Network Security Chapter 1

Cryptography and Network Security Chapter 1
Chapter 1 This book focuses on two broad areas: cryptographic algorithms and protocols, which have a broad range of applications; and network and Internet.

Chapter 1 This book focuses on two broad areas: cryptographic algorithms and protocols, which have a broad range of applications; and network and Internet.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Chapter 9: Privacy, Crime, and Security

Chapter 9: Privacy, Crime, and Security
Chapter 8 Chapter 8 Digital Defense: Securing Your Data and Privacy

Chapter 8 Chapter 8 Digital Defense: Securing Your Data and Privacy
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 1: Overview.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 1: Overview.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
Chapter 1 – Introduction

Chapter 1 – Introduction
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Discovering Computers 2010

Discovering Computers 2010

Similar presentations

Ads by Google