Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security What is Information Security?

Published byNathaniel Barrett Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Security What is Information Security?"— Presentation transcript:

1 Information Security What is Information Security?

2 Information Security Information Security preventative steps informationcapabilities Information Security is the name given to the preventative steps we take to guard our information and our capabilities. Measures adopted to prevent the unauthorized use, misuse, modification, or denial of use of knowledge, facts,data or capabilities.

3 Critical Characteristics of Information Availability Accuracy Authenticity Confidentiality Integrity

4 Availability access interference requiredformat. Enables users who need to access information to do so without interference and receive it in required format. available authorized The information is available only to the authorized users.

5 Accuracy free from mistakes Information is accurate when it is free from mistakes or errors and it has the value that the end user expects.

6 Authenticity genuine or original, Authenticity of information is the quality or state of being genuine or original, rather than a reproduction or fabrication. Email Spoofing e.g. Email Spoofing The unauthorized use of a third-party domain name as the sender's name in an e- mail message The unauthorized use of a third-party domain name as the sender's name in an e- mail message http://blockstatus.com/anonymous-mailer

7 Confidentiality rightful access. Information is available only to people with rightful access. rights privilegesaccess Ensuring that only those with the rights and privileges to access a particular set of information are able to do so. privacy It is closely related with the privacy of information.

8 Integrity changed authorized Information can only be changed by authorized personnel. whole, complete uncorrupted The quality or state of being whole, complete and uncorrupted is the integrity of information. Integrity check can be done through: File size File hashing Hashing is the transformation of a string of character s into a usually shorter fixed-length value or key that represents the original string

9 Components of an Information System Software Hardware Data People Procedures

10 Software OS,Applicationscommand utilities Comprises of OS,Applications and command utilities. BugsWeaknessesHoles Bugs,Weaknesses and Holes. An error or defect in software or hardware that causes a program to malfunctionsoftwarehardwareprogram Security Hole( something you need to fix now) Security Warning( something you need to fix soon) Security Note (something you need to fix when you get around to it, or just some information that you should consider) Service PacksPatchesHot fixes Service Packs,Patches and Hot fixes. least Priority Security is least Priority in Software development

11 Hardware HousesExecutes Houses and Executes a software. Stores and carries the data. Interfaces Provides Interfaces for the entry and removal of information from the system. Physical security policies deal with the H/W Physical security policies deal with the H/W.

12 Data Mainintentional Main object of intentional attacks

13 People Main threat Main threat to information security. Overlooked Often Overlooked

14 Procedures written instructions accomplishingtask Procedures are written instructions for accomplishing a specific task. overlooked Another frequently overlooked component

15 What is Network Security? secure computingplatform cannot perform actions  Effort to create a secure computing platform, so users or programs cannot perform actions that they are not allowed to do. protection networking componentsconnections contents  Network Security is the protection of networking components, connections and contents.

16 Network Security as a Continuous Process continuous process Network security is a continuous process built around a security policy. Step 1: Secure Step 2: Monitor Step 3: Test Step 4: Improve

17 Step 1: Secure the Network prevent unauthorized accessprotect information. Implement security solutions to prevent unauthorized access and to protect information. Authentication Encryption Firewalls Vulnerability Patching

18 Step 2: Monitor Security Detects violations Detects violations to the security policy system auditingintrusion detection Involves system auditing and real-time intrusion detection Validatessecurity Validates the security implementation in Step 1

19 Step 3: Test Security Validates effectiveness network scanning Validates effectiveness of the security policy through system auditing and network scanning

20 Step 4: Improve Security improvements Use information from the monitor and test phases to make improvements to the security implementation. security holes risks Adjust the security policy as security holes and risks are identified.

21 Terms related to Security  Assets Threats Attack Vulnerability Risk Analysis Countermeasures Hacking

22 Asset organizational resource An asset is the organizational resource that is being protected. logical It can be logical like website, information, data. physical It can be physical like computer system or other tangible object.

23 Threats, Vulnerability and Controls Threat a person, thing, event or idea which poses some danger to an asset (in terms of confidentiality, integrity, availability). a possible means by which a security policy may be breached. An attack is a realisation of a threat. Vulnerability A weakness in the system that can be exploited to cause loss or harm Control, Countermeasure, safeguard An action, device, procedure or technique that removes or reduces a vulnerability.

24 Risk = Threat + Vulnerability Threats without vulnerabilities pose no risk. Likewise, vulnerabilities without threats pose no risk. Risk is the probability that something can happen. Risk analysis can be quantitative or qualitative.

25 Cont… Risk can be qualitatively defined in three levels: Low Low- Action to remove the vulnerability should be taken if possible Medium Medium- Action to remove the vulnerability is advisable High- High- Action should be taken immediately to remove this vulnerability

26 Hacking Can be defined positively and negatively: To write computer programs for enjoyment. To gain access to a computer illegally.

27 Summary What is Information Security? What is Network Security? Assets, Threats and Countermeasures

Download ppt "Information Security What is Information Security?"

Similar presentations

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Overview of IS Controls, Auditing, and Security Fall 2005.

Overview of IS Controls, Auditing, and Security Fall 2005.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
CSA 223 network and web security Chapter one

CSA 223 network and web security Chapter one
Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.

Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Introducing Computer and Network Security

Introducing Computer and Network Security
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Lesson 1-What Is Information Security?. Overview History of security. Security as a process.

Lesson 1-What Is Information Security?. Overview History of security. Security as a process.
Information Assurance and Security: Overview. Information Assurance “Measures that protect and defend information and information systems by ensuring.

Information Assurance and Security: Overview. Information Assurance “Measures that protect and defend information and information systems by ensuring.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Introduction to Network Defense

Introduction to Network Defense
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Storage Security and Management: Security Framework

Storage Security and Management: Security Framework
Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj

Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj
HIPAA COMPLIANCE WITH DELL

HIPAA COMPLIANCE WITH DELL
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Similar presentations

Ads by Google