1. Information Systems Security IS 460 Notes by Thomas Hilton

2. Overview What is an Information System Personnel Security Procedural Security Facilities Security Technical Security Security Implementation

3. Security Perspective: What is an Information System The General Systems View… Intended Output Unintended Output Main Input Spurious Input Transformation Processes Output Interface Input Interface Control Processes

4. Security Perspective: What is an Information System Intended Output: High Quality Information Unintended Output: Mis-, Dis-, Untimely, Irrelevant, Unknown Origin Main Input: High Quality Data Spurious Input: Mis-, Dis-, Untimely, Irrelevant, Unknown Origin Transformation Processes: Hardware, Software, Procedures, People Output Interface: Video/Print/Audio/Tactile-Kinesthetic/Olfactory, Email/IM/Website/Telnet/Disks/Cable/Wireless, Conversations/Phone/Notes/Memos/Terminations/Departures Input Interface: Tactile-Kinesthetic/Audio/Video/Print/Olfactory, Email/IM/Web/Telnet/Disks/Cable/Wireless, Conversations/Phone/Notes/Memos/Hires/Arrivals Control Processes: …?

5. Scope of Security Subsystem a lá U.S. Department of Defense… Personnel Procedural Facilities Technical

6. Personnel Security Security Organization Steering Committee CSO Other security personnel Security responsibilities of all personnel Human Resources Hiring and Remuneration Vacation Termination

7. Procedural Security Risk Assessment Security Audit Security Policy Business Continuity Plan Training Plan

8. Facilities Security Proximity(Each other, Users, Threats) Perimeters(Boundaries, Access) Power(Electricity Availability, Quality) Etc. (Cooling, Hardening, …)

9. Technical Security Information C.I.A. Confidentiality Integrity Availability Event Management Deter Detect Mitigate Recover Debrief

10. Security Implementation IndividualWorkstation WorkgroupLAN EnterpriseWAN / Intranet E-CommerceInternet

11. Security Implementation Individual / Workstation Operating Systems and Applications User Account Management Data File Management Anti-Virus Software Personal Firewall Other Utilities

12. Security Implementation Workgroup / LAN All of the above Server security Eaves-dropping Topologies

13. Security Implementation Enterprise / WAN All of the above DMZs (multiple firewalls) Routers Cold/Hot Site synchronization VPNs

14. Security Implementation E-Commerce / Internet All of the above Internet visible systems HTML FTP SMTP Etc.