Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lesson 1-What Is Information Security?. Overview History of security. Security as a process.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Lesson 1-What Is Information Security?. Overview History of security. Security as a process."— Presentation transcript:

1 Lesson 1-What Is Information Security?

2 Overview History of security. Security as a process.

3 History of Security Information Security can be defined as the measures adopted to prevent the unauthorized use, misuse, denial of use, or modification of knowledge, facts, data, or capabilities. Earlier, information was physical, and physical security was used to protect it. Communication security involved encrypting information in codes or ciphers.

4 History of Security In the early 1950s, it was learned that messages could be accessed by looking at the electronic signals coming over phone lines. The United States created a program called TEMPEST to reduce the emission of electronic signals that could be used to gather information.

5 History of Security In the 1970s, David Bell and Leonard La Padula developed a model for secure computer operations. The model was based on various levels of classified information and levels of clearances. The Trusted Computing System Evaluating Criteria (TCSEC or the Orange Book) defined scales of computer security.

6 History of Security To achieve a particular level of certification, a system had to meet the defined functional and assurance requirements. The Federal or Common Criteria was developed in 1992. The main idea is that protection profiles should be defined to cover various environments that the system may be placed into.

7 History of Security The Trusted Network Interpretation of the TCSEC (TNI or the Red Book) was developed in 1987 to address a networked environment of computers. Good security is a mix of physical, communication, emission, computer, and network securities.

8 Security as a Process A single product cannot provide complete security for an organization. Anti-virus software is a necessary part of a good program. It will not protect the system from an intruder, who misuses a legitimate program to gain access to a system. Every computer system should be capable of restricting access to files based on the ID of the user.

9 Security as a Process File access controls cannot prevent someone from using a system vulnerability to gain access to the system as an administrator and see restricted files. Firewalls are access control devices for a network. They exist between the internal and external networks. They will not prevent an attacker, using an allowed connection, from attacking a system.

10 Security as a Process Smartcards can be used for authentication, but cannot prevent misuse if lost or stolen. Biometric systems can be used to reduce the risk of someone guessing a password. There are biometric scanners for verifying fingerprints, retina/iris, palm prints, hand geometry, facial geometry, and voice.

11 Security as a Process If an attacker finds a way to circumvent biometric systems, they will not assist in the system security. Intrusion detection systems could identify when someone is doing something wrong and stop them. They will not detect legitimate users who may have access to inappropriate information.

12 Security as a Process Intrusion detection systems with automatic protection features may be used to generate additional security problems. With a policy management system, an organization can be made aware of any system that does not conform to policy. Policy management may not consider vulnerabilities in systems or misconfigurations of application software.

13 Security as a Process Scanning can help identify potential entry points of intruders. It will not detect legitimate users with inappropriate access or intruders already in the system. Encryption will protect information in storage and in transit.

14 Security as a Process Encryption systems will not differentiate between legitimate and illegitimate users, if both present the same keys to the encryption algorithm. Physical security will not protect the system from attacks by those using legitimate access or attacks through the network.

15 Summary Information security is the preventive steps taken to guard information and capabilities. Physical security, Communications security (COMSEC), Emission security (EMSEC), Computer security (COMPUSEC), and Network security (NETSEC) together provide Information Security (INFOSEC). A single type of security cannot provide security to an organization’s information.

Download ppt "Lesson 1-What Is Information Security?. Overview History of security. Security as a process."

Similar presentations

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Security Controls – What Works

Security Controls – What Works
CSA 223 network and web security Chapter one

CSA 223 network and web security Chapter one
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.

© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Controls for Information Security

Controls for Information Security
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Prepared by:Nahed AlSalah Data Security 2 Unit 19.

Prepared by:Nahed AlSalah Data Security 2 Unit 19.
Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) =.00625 * 5,349.44 = $33.434 What happens to the.004?.004+.004+.004=.012.004.

Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =
The Impact of Physical Security on Network Security

The Impact of Physical Security on Network Security

Similar presentations

Ads by Google