Presentation is loading. Please wait.

Presentation is loading. Please wait.

On-Line Meeting 2 October 25, 2016.

Published byLynne Horton Modified over 6 years ago

Similar presentations

Presentation on theme: "On-Line Meeting 2 October 25, 2016."— Presentation transcript:

1 On-Line Meeting 2 October 25, 2016

2 ROLL CALL

3 Tonight’s Material

4 Discussion 1 Anyone have any comments they’d like to share about the ISO family of standards? For example: What “purpose” is served by these?

5 Discussion 1 (continued) – Does the “International” nature of the “best practices” in ISO require the “least common denominator” effect?

6 Discussion 2 How do the ISO standards relate to the 8 domains of the Common Body of Knowledge? … or the CIA triad?

7 Discussion 3 Any comments on the 7 Domains (Reading 1)? User Domain
Workstation Domain LAN Domain LAN-to-WAN Domain WAN Domain Remote Access Domain System/Application Domain

8 Discussion 4 Any comments on the presentation of the concepts from Reading 1? Roles and Tasks Responsibilities Accountability Behind-the-Scenes Risks, Threats, Vulnerabilities

9 Discussion 5 Comments on the InfoSec Areas (Reading 2)? Acceptable Use
Security Awareness and Training Asset Classification Protection and Access Protocols Asset Management and Operation Identification, Assessment, and Management of Vulnerabilities Identification, Assessment, and Management of Threats

10 Discussion 6 Comments on the Information Systems Model?

11 Discussion 7 – Reading 4 Are these 12 principles “widely accepted”?
There is no such thing as Absolute Security. The three Security Goals are Confidentiality, Integrity, and Availability Defense in Depth should be the fundamental strategy When left on their own, most people tend to make the worst security decisions. Security depends on two types of requirements: Functional and Assurance Security Through Obscurity is not Security Security = Risk Management The three types of Security Controls are Preventive, Detective, and Responsive Complexity is the Enemy of Security Fear, Uncertainty and Doubt do not work when selling security People, Process, and Technology are ALL needed to adequately secure a system or facility. Open disclosure of Vulnerabilities is good for security

12 Discussion 8 – Reading 4 There is no such thing as Absolute Security. The three Security Goals are Confidentiality, Integrity, and Availability Defense in Depth should be the fundamental strategy When left on their own, most people tend to make the worst security decisions. Security depends on two types of requirements: Functional and Assurance Security Through Obscurity is not Security Security = Risk Management The three types of Security Controls are Preventive, Detective, and Responsive Complexity is the Enemy of Security Fear, Uncertainty and Doubt do not work when selling security People, Process, and Technology are ALL needed to adequately secure a system or facility. Open disclosure of Vulnerabilities is good for security

13 Discussion 8 – Reading 4 There is no such thing as Absolute Security. The three Security Goals are Confidentiality, Integrity, and Availability Defense in Depth should be the fundamental strategy When left on their own, most people tend to make the worst security decisions. Security depends on two types of requirements: Functional and Assurance Security Through Obscurity is not Security Security = Risk Management The three types of Security Controls are Preventive, Detective, and Responsive Complexity is the Enemy of Security Fear, Uncertainty and Doubt do not work when selling security People, Process, and Technology are ALL needed to adequately secure a system or facility. Open disclosure of Vulnerabilities is good for security

14 Discussion 9 – Reading 4 Security Through Obscurity is not Security
There is no such thing as Absolute Security. The three Security Goals are Confidentiality, Integrity, and Availability Defense in Depth should be the fundamental strategy When left on their own, most people tend to make the worst security decisions. Security depends on two types of requirements: Functional and Assurance Security Through Obscurity is not Security Security = Risk Management The three types of Security Controls are Preventive, Detective, and Responsive Complexity is the Enemy of Security Fear, Uncertainty and Doubt do not work when selling security People, Process, and Technology are ALL needed to adequately secure a system or facility. Open disclosure of Vulnerabilities is good for security

15 Discussion 10 – Reading 4 Complexity is the Enemy of Security
There is no such thing as Absolute Security. The three Security Goals are Confidentiality, Integrity, and Availability Defense in Depth should be the fundamental strategy When left on their own, most people tend to make the worst security decisions. Security depends on two types of requirements: Functional and Assurance Security Through Obscurity is not Security Security = Risk Management The three types of Security Controls are Preventive, Detective, and Responsive Complexity is the Enemy of Security Fear, Uncertainty and Doubt do not work when selling security People, Process, and Technology are ALL needed to adequately secure a system or facility. Open disclosure of Vulnerabilities is good for security

16 Discussion 11 – Reading 4 There is no such thing as Absolute Security. The three Security Goals are Confidentiality, Integrity, and Availability Defense in Depth should be the fundamental strategy When left on their own, most people tend to make the worst security decisions. Security depends on two types of requirements: Functional and Assurance Security Through Obscurity is not Security Security = Risk Management The three types of Security Controls are Preventive, Detective, and Responsive Complexity is the Enemy of Security Fear, Uncertainty and Doubt do not work when selling security People, Process, and Technology are ALL needed to adequately secure a system or facility. Open disclosure of Vulnerabilities is good for security

17

18

19 Theme of Tonight’s Class?

20 MENTAL MODEL

21 Notes from an Information Security Lecture
Prepare for Next Week Reading 6 Notes from an Information Security Lecture

22 Prepare for Next Week Notes from an Information Security Lecture
Reading 6 Notes from an Information Security Lecture Deep Thought, Pondering, Considering Supplemental Discussion Questions

Download ppt "On-Line Meeting 2 October 25, 2016."

Similar presentations

© Ravi Sandhu www.list.gmu.edu Introduction to Information Security Ravi Sandhu.

© Ravi Sandhu Introduction to Information Security Ravi Sandhu.
Module 1 Evaluation Overview © Crown Copyright (2000)

Module 1 Evaluation Overview © Crown Copyright (2000)
Information Technology – Guidelines for the Management of IT Security

Information Technology – Guidelines for the Management of IT Security
SL21 Information Security Board Mission, Goals and Guiding Principles.

SL21 Information Security Board Mission, Goals and Guiding Principles.
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Principles of Patrolling Applying Ranger School Lessons to Information Security Patrick Tatro.

Principles of Patrolling Applying Ranger School Lessons to Information Security Patrick Tatro.
Introducing Computer and Network Security

Introducing Computer and Network Security
Accounting Information Systems Chapter Outlines

Accounting Information Systems Chapter Outlines
April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.

April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Risk Management Vs Risk avoidance William Gillette.

Risk Management Vs Risk avoidance William Gillette.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Information Security Update CTC 18 March 2015 Julianne Tolson.

Information Security Update CTC 18 March 2015 Julianne Tolson.
Protective Measures at NATO Headquarters Ian Davis Head, Information Systems Service NATO Headquarters Brussels, Belgium.

Protective Measures at NATO Headquarters Ian Davis Head, Information Systems Service NATO Headquarters Brussels, Belgium.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.
ETHICS & Information Security Issues

ETHICS & Information Security Issues

Similar presentations

Ads by Google