Presentation is loading. Please wait.

Presentation is loading. Please wait.

Understand Core Security Principles

Published byDina Rice Modified over 6 years ago

Similar presentations

Presentation on theme: "Understand Core Security Principles"— Presentation transcript:

1 Understand Core Security Principles
LESSON 1.1 Security Fundamentals Understand Core Security Principles

2 Lesson Overview In this lesson, you will learn:
To identify the difference between computer security and information security To define information security To outline the phases of the security systems development cycle

3 IT Infrastructure Threat Model
Identify threats that could affect their organizations’ IT infrastructures. Discover and mitigate design and implementation issues that could put IT infrastructures at risk. Prioritize budget and planning efforts to address the most significant threats. Conduct security efforts for both new and existing IT infrastructure components in a more proactive and cost-effective manner. On a sheet of paper, list as many “network attacks and threats” that you can think of. Separate into two columns.   

4 Terms and Concepts to Know
CIA triangle (confidentiality, integrity, availability) Principle of least privilege Social engineering Threat and risk principles

5

6 Confidentiality The prevention of unauthorized disclosure of information. This can be the result of poor security measures or information leaks by personnel. An example of poor security measures would be to allow anonymous access to sensitive information. .

7 Integrity The prevention of erroneous modification of information. Authorized users are probably the biggest cause of errors and omissions and the alteration of data. Storing incorrect data within the system can be as bad as losing data. Malicious attackers also can modify, delete, or corrupt information that is vital to the correct operation of business functions.

8 Availability The prevention of unauthorized withholding of information or resources. This does not apply just to personnel withholding information. Information should be as freely available as possible to authorized users. Examples of ways to target the availability include: -Distributed Denial Of Service (DDOS) attacks. -Abusing user lockout policies to prevent legitimate users from accessing the system.

9 Principle of Least Privilege
Anyone who has been a victim of viruses, worms, and other malicious software (malware) will appreciate the security principle of “least privilege.” If all processes ran with the smallest set of privileges needed to perform the user's tasks, it would be more difficult for malicious and annoying software to infect a machine and propagate to other machines.

10 IT Infrastructure Threat Model

11 How to Protect Insiders from Social Engineering Threats
To attack your organization, social engineering hackers exploit the credulity, laziness, good manners, or even enthusiasm of your staff. Therefore it is difficult to defend against a socially engineered attack, because the targets may not realize that they have been duped, or may prefer not to admit it to other people. The goals of a social engineering hacker—someone who tries to gain unauthorized access to your computer systems—are similar to those of any other hacker: they want your company’s money, information, or IT resources.

12 Class Activity Create a timeline/flowchart explaining the history of computer security and how it evolved into information security Make sure to include important information security developments during each decade beginning with the 1960s through today Download Timeline from

13 Lesson Review What do you think is the most important date in information security and why? Have you, or family or friends, ever been a victim of social engineering? Explain to the class how it happened. This is the last slide of the presentation. Explain the business need for information security. Conclude that a successful IS program is the responsibility of an organization's management and IT staff. It may be helpful to think of examples of software security programs the students are familiar with, and use those to point out differences between them. Find examples that your students can recognize and associate with.

Download ppt "Understand Core Security Principles"

Similar presentations

Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.

Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.
Chapter 1 We’ve Got Problems…. Four Horsemen  … of the electronic apocalypse  Spam --- unsolicited bulk email o Over 70% of email traffic  Bugs ---

Chapter 1 We’ve Got Problems…. Four Horsemen  … of the electronic apocalypse  Spam --- unsolicited bulk o Over 70% of traffic  Bugs ---
OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.

OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.

Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Introducing Computer and Network Security

Introducing Computer and Network Security
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.
Computer Crime and Information Technology Security

Computer Crime and Information Technology Security
Chapter 4.  Can technology alone provide the best security for your organization?

Chapter 4.  Can technology alone provide the best security for your organization?
CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.

CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.
Information Security Rabie A. Ramadan GUC, Cairo Room C7 -310 Lecture 2.

Information Security Rabie A. Ramadan GUC, Cairo Room C Lecture 2.
Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.

Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.

Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.
Security Architecture

Security Architecture

Similar presentations

Ads by Google