Download presentation
Presentation is loading. Please wait.
Published byAileen Casey Modified over 8 years ago
1
By: Mark Reed
2
Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
3
Confidentiality Integrity Availability
4
Confidentiality means that confidential information must only be accessed, used, copied, or disclosed by persons who have been authorized to do so
5
Integrity means that data cannot be created, changed, or deleted without authorization Data that is stored in a system must be in agreement with other related data that is stored on the same system
6
Availability means that the information, the computing systems used to process the information, and the security controls used to protect the information are all available and functioning when the information is needed
7
Risk – the likelihood that something bad will happen that causes harm to an information asset Vulnerability – a weakness that could be used to endanger or cause harm to an informational asset Threat – anything that has the potential to cause harm
8
Identify all assets and estimate their value Assets include people, buildings, hardware, software, data, and supplies.
9
Conduct a threat assessment Threat assessment must include acts of nature, acts of ware, accidents, and malicious acts originating from inside or outside the organization.
10
Conduct a vulnerability assessment and for each vulnerability that is found, calculate the probability that it will be exploited Evaluate all policies, procedures, standards, training, physical security, quality control, and technical security.
11
Calculate the impact that each threat would have on each asset Qualitative analysis can be used such as informed opinion or quantitative analysis can be used such as dollar amounts and historical information
12
Identify, select and implement the appropriate controls to provide a proportional response Consider productivity, cost effectiveness, and value of the asset
13
Evaluate the effectiveness of the control measures Ensure that the controls provide the required cost effective protection without loss of productivity
14
Administrative – consist of approved written policies, procedures, standards, and guidelines Logical – use software and data to monitor and control access to information and computing systems (passwords, firewalls, IDS, etc.) Physical – monitor and control the environment of the work place and computing facilities
15
Information security must protect information throughout the life span of the information Information security must be evaluated and updated and more threats arise
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.